ORGANISATION, MANAGEMENT AND CONTROL MODEL UNDER LEGISLATIVE DECREE 231/2001

Legislative Decree no. 231 of 8 June 2001

TABLE OF CONTENTS

Chapter 1 – The Administrative Liability of Entities

1.1 The administrative liability system laid down by Legislative Decree no. 231/2001 in relation to legal persons, companies and associations

1.1.1      The regulatory framework

1.1.2      The sanctioning system

1.1.3      Applicability abroad

1.1.4      Objective and subjective conditions for the determination of "liability under Decree 231"

1.2 Unlawful conduct and offences that give rise to administrative liability

1.3 The adoption of the Organisation and Management Model for administrative liability exemption purposes

1.3.1      The requirements of the "231 Model": efficiency and effectiveness

1.4 Sources of the Model: Confindustria guidelines for the adoption of organisation models on administrative liability

Chapter 2 - The Company’s Organisational Structure

2.1         The corporate structure and the Governance Model

2.1.1      General data of the Company and Registered Office

2.1.2      Company object

2.2.1      The Single Director

2.2.2 Statutory Auditors, members of Audit Bodies

2.3         The system of powers and delegated powers

Chapter 3 - Adoption of the Model

3.1         Recipients

3.2         Function and purpose of the Model

3.2         Structure of the Model and conditions

3.3  Method used to define and update the Model

3.3.1      Phase 1: Initial Control Self-Assessment, collection and analysis of all essential documents

3.3.2      Phase 2: Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and Mapping of Areas Exposed to the Risk of Crime

3.3.2      Phase 3: Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas and Documented map of the potential methods of offence perpetration in these areas

3.3.2.1       Risk Assessment Formula

3.3.2.2  L Factor, Likelihood of occurrence of the Offence

3.3.2.3       D Factor, Damage resulting from the Offence

3.3.2.4       C Factor, Controls suited to reduce the Risk

3.3.2.5       Risk Assessment Matrix

3.4 Supervisory Body

3.4.1      Structure and composition of the Supervisory Body

3.4.1.1       Requirements

3.4.1.1.1     Subjective eligibility requirements

3.4.1.1.2     Autonomy and independence

3.4.1.1.3     Professionalism

3.4.1.1.4     Continuity of action

3.4.1.2       Revocation

3.4.1.3 Reasons for suspension

3.4.1.4       Temporary impediment

3.4.1.5       Definition of the duties and powers of the Supervisory Body

3.4.1.6       Reporting by the Supervisory Body

3.4.1.7       Information flows to the Supervisory Body

3.4.1.7.1     Information flows to the Supervisory Body: mandatory information

3.5 DISCIPLINARY SYSTEM

3.5.1      General principles

3.5.2      Sanctions

3.5.2.1       Measures against subordinates

3.5.2.2       Measures against business partners, Consultants, business procurers, external collaborators

3.7 Information and Staff Training

3.7.1      Model distribution

3.7.2      Staff Training

3.6 Model Updating

Chapter 4 - The Code of Ethics

4.1 Foreword

4.2 The Code of Ethics

Section 1: Legislative Decree no. 231 of 8 June 2001

Chapter 1 – The Administrative Liability of Entities

1.1 The administrative liability system laid down by Legislative Decree no. 231/2001 in relation to legal persons, companies and associations

1.1.1    The regulatory framework

Legislative Decree no. 231 of 8 June 2001 (hereinafter, Legislative Decree 231/2001), implementing Government Act no. 300 of 29 September 2000, regulates the administrative liability of legal persons, companies and associations even with no legal personality (entities), introducing it into the domestic legal system for the first time.

This Government Act ratifies, inter alia, the Convention on the Protection of the European Communities' Financial Interests of 26 July 1995, the EU Convention of 26 May 1997 on the fight against corruption and the OECD Convention of 17 September 1997 on combating bribery of foreign public officials in international business transactions, and meets the obligations established by the said international regulations and, specifically, the European conventions that require the establishment of liability paradigms for legal persons and a corresponding sanctioning system to tackle corporate crime.

Legislative Decree 231/2001 is thus part of the country’s fulfilment of its international obligations and - being aligned with the legal systems of many European Countries - it establishes the liability of the societas, which is viewed “as an autonomous centre of interests and legal relationships, a reference point for various types of precepts, and the matrix of decisions and activities pursued by subjects who operate in the name, on behalf or otherwise in the interest of the entity”.

The establishment of companies’ administrative liability arises from the empirical finding that illegal conduct within enterprises, far from resulting from the private initiative of single persons, often falls within the scope of a widespread corporate policy and results from decisions taken by senior management.

It is a sui generis “administrative” liability since, albeit it leads to administrative sanctions, it results from an offence and presents the guarantees that are typical of the criminal process.

1.1.2    The sanctioning system

Specifically, Article 9 of Legislative Decree establishes a number of sanctions that can be divided into four types:

• pecuniary sanctions;
• disqualification sanctions:
• ban from doing business;
• suspension/revocation of a licence or concession or authorisation that was functional to the offence;
• prohibition to enter into contracts with the Public Administration;
• exclusion from allowances, grants, loans, subsidies and revocation of any aid already granted;
• prohibition to advertise goods or services;
• confiscation;
• publication of the conviction.

Administrative sanctions may be applied to companies only by criminal courts and only if all the objective and subjective conditions laid down by law are met, namely: the perpetration of a given offence, in the company’ interest or to its advantage, by qualified subjects (senior management positions or persons under them).

1.1.3    Applicability abroad

The liability of entities extends also to offences committed abroad, as long as the State of the place where the fact was committed does not take action against them and provided the special conditions required by Legislative Decree no. 231/2001 are met.

According to Article 4 of Legislative Decree 231/2001, the entity may be liable in Italy for offences - regulated by the same Legislative Decree 231/2001 - committed abroad. The Explanatory Report on Legislative Decree 231/2001 underlines the need not to leave unpunished a frequent criminal situation, also to avoid easy circumventions of the entire legal system in question.

The conditions (established by the rules or inferable from the framework of Legislative Decree 231/2001) on which the liability of entities for offences committed abroad is based, are:

1. the offence must be committed abroad by a subject who is functionally linked to the entity, within the meaning of Article 5, paragraph 1, of Legislative Decree 231/2001;
2. the entity’s head office must be in Italy;
3. the entity is liable only in the cases and at the conditions laid down by Articles 7, 8, 9, 10 of the Italian Criminal Code (in the cases where the law provides for the offender (natural person) to be punished at the request of the Minister of Justice, an action is taken against the entity only if the request is made also against the entity itself).

The reference to Articles 7-10 of the Italian Criminal Code is to be coordinated with Articles 24 to 25-octies of Legislative Decree 231/2001; therefore, also in in accordance with the principle of lawfulness referred to in Article 2 of Legislative Decree 231/2001, the company can be liable only for offences, among those mentioned by Articles 7-10 of the Italian Criminal Code, for which its liability is laid down by an ad hoc legislative provision;

1. in the cases and at the conditions referred to in the aforesaid articles of the Italian Criminal Code, the State of the place in which the offence was committed does not take action against the entity.

1.1.4    Objective and subjective conditions for the determination of "liability under Decree 231"

Administrative liability arises, first of all, from an offence committed in the entity’s interest or to its advantage.

If the offence is to the exclusive advantage of the perpetrator (or of a third party external to the entity), the entity’s liability is excluded, this being a situation of absolute and manifest extraneousness of the entity to the crime.

As for the subjects, Article 5 of Legislative Decree No. 231/2001 establishes the liability of the entity where the crime is committed:

1. “by persons who hold a representation, administrative or management role within the entity or an organisational unit thereof that is financially and functional independent, and by persons who exercise, de facto or otherwise, the management and control thereof” (so-called “senior management”);
2. “by persons under the direction or supervision of any of the subjects indicated in letter a)” (so-called “subordinates”).

The entity’s liability is additional to that of the natural person who physically committed the offence, and is autonomous thereof, since it exists also when the offender has not been identified or cannot be charged or if the criminal charge is dismissed for reasons other than an amnesty.

For the purpose of establishing the entity’s liability and in addition to the fulfilment of the aforesaid conditions that allow for the crime to be objectively linked to the entity, the law requires the ascertainment of the entity’s culpable liability. This condition is identified with an organisational liability, this meaning the violation of adequate diligence rules self-imposed by the entity itself and aimed at preventing the specific risk of crime.

Specific provisions are laid down for corporate transformations, mergers, demergers and transfers; for further details, please refer to Articles 28-33 of Legislative Decree 231/2001.

1.2 Unlawful conduct and offences that give rise to administrative liability

Although the entity’s liability was originally established for offences against the Public Administration or against the latter’s assets, it has now been extended - pursuant to regulations enacted after Legislative Decree 231/2001 - to many other administrative offences and unlawful conduct.

Specifically, the administrative liability of entities can result from the offences/unlawful conduct listed by Legislative Decree 321/2001, as reported below:

1. Offences against the Public Administration (Articles 24 and 25)
2. Cybercrimes and unlawful data processing (Article 24-bis)
3. Organised crime (Article 24-ter)
4. Forgery of money, public credit cards and revenue stamps (Article 25-bis)
5. Offences against industry and trade (Article 25-bis.1)
6. Corporate offences (Article 25-ter)
7. Crimes with the purpose of terrorism or subversion of the democratic order (Article 25-quater)
8. Female genital mutilation (Article 25-quater. 1).
9. Crimes against individuals (Article 25-quinquies)
10. Market abuse (Article 25-sexies)
11. Manslaughter or serious or very serious culpable personal injury committed through violation of the rules on health and safety at work (Article 25-septies)
12. Receiving, laundering and using money, goods or assets of illicit origin and self-laundering (Article 25-octies)
13. Copyright infringements (Article 25-novies)
14. Induction not to make statements or to make false statements before the judicial authority (Article 25-decies)
15. Environmental crimes (art. 25 – undecies)
16. Employment of illegally staying third-country nationals (Art. 25 duodecies)
17. Racism and Xenophobia (art. 25 terdecies)

The aforementioned list refers to the current list as of the date of writing of this document.  

1.3 The adoption of the Organisation and Management Model for administrative liability exemption purposes

Article 6 of Legislative Decree 231/2001 establishes that, if the crime is committed by a subject listed in the Decree, the Entity is not liable where it proves that:

1. before the offence was committed, the entity’s management adopted and effectively implemented organisation and management models capable of preventing offences like the one that was actually committed;
2. the task of overseeing Model implementation and compliance has been entrusted to a corporate body that has independent powers of initiative and control;
3. the offenders committed the crime by fraudulently circumventing the organisation and management models;
4. there was no omitted or insufficient control by the body referred to in letter b).

Article 7 of Legislative Decree 231/01 also establishes that if the offence is committed by persons under the supervision of a senior position, the entity is liable if perpetration of the offence was made possible by non-compliance with management and supervision duties.

However, such non-compliance is ruled out, and thus the entity is not liable, where the latter, before the offence was committed, adopted and effectively implemented an appropriate Organisation, Management and Control Model to prevent offences like the one that was actually committed.

It should also be noted that, in the case outlined by Article 6 (offence committed by senior management), the burden of proving the existence of the exempting situation lies with the Entity; whereas in the case regulated by Article 7 (offence committed by persons subject to the supervision of others), the burden of proving non-compliance or the absence of the models or their inappropriateness lies with the accuser.

1.3.1    The requirements of the "231 Model": efficiency and effectiveness

The mere adoption of the organisation and management model (hereinafter also "Model") by the entity’s management - to be identified with the body that has management powers - the Single Director - is not enough to exempt the entity from liability; rather, the model needs to be effective and efficient.

As for the efficiency of the Model, Article 6 paragraph 2 of Legislative Decree 231/2001, establishes that the Model must:

1. identify the activities which may give rise to offences (so-called “mapping” or risk activities);
2. define specific protocols designed to plan training and the implementation of the entity’s decisions relating to the offences to be prevented;
3. identify procedures for managing financial resources to prevent offences;
4. establish reporting obligations toward the body appointed to oversee Model implementation and compliance;
5. introduce an effective disciplinary system to punish non-compliance with the measures indicated in the Model.

The effectiveness of the Model is related, instead, to its effective implementation which requires, pursuant to Article 7 paragraph 4 of Legislative Decree 231/2001:

1. a periodic assessment and possible modification of the same in case of significant violations of its provisions or in case of changes within the organisation, its activities or further regulatory changes (Model updating);
2. an effective disciplinary system to punish non-compliance with the measures indicated in the Model.

1.4 Sources of the Model: Confindustria guidelines for the adoption of organisation models on administrative liability

The law expressly establishes (Article 6 paragraph 3 of Legislative Decree No. 231/2001) that organisation and management models can be adopted on the basis of codes of conduct drawn up by associations representing the entities, communicated to the Ministry of Justice.

Implementing the said provision, Confindustria has drawn up and subsequently updated its "Guidelines for the drawing up of organisation, management and control models under Legislative Decree no. 231 of 2001".

To draw up this Organisation and Control Model, the Company has expressly taken into account both the regulatory provisions[1] and the said Confindustria guidelines which will be referred to herein.

SECTION 2: THE COMPANY’S GOVERNANCE MODEL AND ORGANISATIONAL STRUCTURE

Chapter 2 - The Company’s Organisational Structure

2.1      The corporate structure and the Governance Model

2.1.1    General data of the Company and Registered Office

LEHVOSS Italia S.r.l., a limited liability company, whose single member is LEHVOSS BETEILIGUNGSGESELLSCHAFT MBH, has its registered office in Milan (MI), Via Borgogna 2, zip code 20121, Tax Code and VAT 10011260154, REA (Administrative and Economic Dossier) no. MI-1334553.

The Company has its Administrative, Commercial and Warehouse offices in Origgio, Viale Italia 2, zip code 21040.

The Company declares it is subject to the direction and coordination of another entity within the meaning of Article 2497 bis of the Italian Civil Code.

2.1.2    Company object

The Company is active, directly and/or indirectly, in the following activities:

• research, study, design, production, buying and selling, also on a distance basis, import and export of chemical products and other products used in the chemical industry, and machinery and equipment for chemical companies, either on its own account or on behalf of third parties. The Company may acquire, use and transfer patents, knowhow and other intellectual property rights, carry out market research and data processing on its own account and on behalf of third parties, grant and obtain marketing licences. It may also engage in any commercial, industrial, security-based and real estate operations, including financial operations (the latter only on a secondary basis and not toward the public) which are deemed necessary solely to achieve its purposes, including the granting of sureties and guarantees, even on real estate, to any party, for any obligations, including third party obligations. Lastly, the Company may participate in any way in associations, also under participation agreements within the meaning of Article 2549 et seq. of the Italian Civil Code, acquire any interests and stakes in other undertakings and companies and consortia having similar, complementary and related purposes, and in any case as a stable investment and not for placement purposes. The Company may accept national and international representation assignments.    

2.2          The institutional structure: Corporate Bodies

2.2.1    The Single Director

The Company is run by a Single Director.

The Company’s Single Director is Mr. Maurizio Rosso, appointed with deed dated 10 October 2012 until his revocation.

2.2.2 Statutory Auditors, members of Audit Bodies

The Company is controlled by a 5-member Board of Statutory Auditors lasting in office for 3 years.

The members of the Board of Statutory Auditors are:

• Chairman of the Board of Statutory Auditors: SARA PUGLIA MUELLER, appointed with deed dated 28 April 2017
• Standing Auditor: BEATRICE LOMBARDINI, appointed with deed dated 28 April 2017
• Standing Auditor: ALBERTO CANOVA, appointed with deed dated 28 April 2017
• Alternate Auditor: GIANCARLO PUGLIA, appointed with deed dated 28 April 2017
• Alternate Auditor: ANGELA ANGLANI, appointed with deed dated 28 April 2017

2.2.3    Supervisory Body

•  LEHVOSS Italia S.r.l. Supervisory Body is made up of the members of Board of Auditors  Mrs. Sara Puglia Mueller Mrs Beatrice Lombardini and Mr. Alberto Canova.
• emailOrganismodivigilanza(at)lehvoss.it
• Office: Via Mazzini n. 20, 20123 Milan

2.3      The system of powers and delegated powers

Powers associated with the SINGLE DIRECTOR:

“The Single Director has all ordinary and extraordinary management powers. However, limits to such powers may be specified at the time of his appointment. The Single Director represents the Company."

The legal representation of the Company is entrusted to the Single Director.

SECTION 3: THE CONTENT OF THE ORGANISATION AND MANAGEMENT MODEL

Chapter 3 - Adoption of the Model

3.1      Recipients

The principles and content of the Model are intended for the members of the Company’s bodies, executives, employees, these meaning subordinates, interns, collaborators under fixed-term contracts, project-based collaborators.

The Model also applies, within the limits of their existing relationship with the Company, to those parties who, albeit not belonging to the Company, operate according to a mandate or on behalf thereof or are otherwise connected to the Company by relevant legal relationships for the purpose of crime prevention (hereinafter Recipients).

3.2      Function and purpose of the Model

The Company’s decision to draw up an Organisation and Management Model is part of its broader business policy that takes the shape of initiatives and actions designed to make all the Company's staff members (from its managers to its subordinates), its external collaborators and trade partners more aware of the need to act transparently and fairly, in accordance with the current regulations and the fundamental principles of business ethics, in the pursuit of the Company’s object.

Specifically, by adopting the Model the Company intends to pursue the following objectives:

1. to make all its staff and anyone collaborating or having business dealings therewith aware that the Company absolutely condemns any conduct that is contrary to statutory provisions, supervisory provisions, internal regulations and the principles of good and transparent governance which the Company grounds its operations on;
2. to inform its staff, collaborators and external partners of the serious administrative sanctions that may be applied to the Company in case an offence is committed;
3. to prevent any unlawful conduct, including criminal conduct, within the Company through the continuous control of all the areas involving activities at risk and to train staff on the correct performance of their duties.

3.2      Structure of the Model and conditions

This Model includes:

1. a First section designed to illustrate the purposes and content of Legislative Decree 231/2001;
2. a Second section that describes the Governance Model and the Company’s organisational structure;
3. a Third section that represents the heart of the Model and deals with its content:
   • method used to define and update the Model,
   • definition of processes,
   • characteristics and operation of the Supervisory Body and information flows,
   • disciplinary system,
   • training and information activities,
   • Model updating;
4. a Fourth section containing the principles of conduct, i.e. the essential rules of conduct that must be complied with by all those who carry out activities on the Company’s behalf and in its interest, so that their conduct is always in accordance with the principles of fairness, collaboration, loyalty, transparency and mutual respect, as well as to prevent conduct that falls within the list of offences and unlawful conduct provided for by Legislative Decree 231/2001.

The Model is completed by the following Attachments, which are an integral part thereof:

1. Attachment 1 - Mapping of areas exposed to the risk of Crime
2. Attachment 2 - Analysis of the Risks of Crime;
3. Attachment 3 - Code of Ethics
4. Attachment 4 - Preventive Security Protocols; specifically:

• Operative Finance,
• Purchases of Goods and Services,
• Drafting of Financial Statements,
• Dealings with Institutions,
• Court Proceedings and Arbitration Proceedings,
• Staff Selection,
• Health and Safety at Work,
• Copyright Protection,
• Gift Management
• Sponsorship Management;

1. Attachment 4bis - Preventive Security Protocols - Control Check-list for quarterly reports to the Supervisory Body
2. Attachment 5 - Internal Sanctioning/Disciplinary System;
3. Attachment 4 - Documentation for staff and third parties.

3.3  Method used to define and update the Model

In the light also of the Confindustria guidelines, the Company has defined a Model responding to actual situations that can potentially arise in the operations of its organisational structures, having regard to the specific features of each business sector and to each offence regulated by Legislative Decree 231/2001.

The Planning of the Management System was developed through different Operating Phases, specifically:

1. Phase 1 - Initial Control Self-Assessment, collection and analysis of all essential documents;
2. Phase 2 - Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and "Mapping of Areas Exposed to the Risk of Crime";
3. Phase 3 - "Analysis of Potential Risks" with regard to the possible methods of offence perpetration in the different corporate areas and "Documented map of the potential methods of offence perpetration in these areas";

Please find below a summary of the various phases of the methodology used to create and update the Model.

3.3.1    Phase 1: Initial Control Self-Assessment, collection and analysis of all essential documents

An initial Control Self-Assessment check-up was carried out and all the official documents available within the Company were collected so as to gather information on its organisational structure and business (e.g. organisational chart, duties, powers of attorney, delegated powers, operating procedures, etc...).

The check-up was carried out by filling in the document "Initial Control Self-Assessment Check-up pursuant to Legislative Decree 231/2001", kept in the Company’s records.

The results of this initial check-up were then described in the "Preliminary Report on the need for an Organisation and Control Model within the meaning of Legislative Decree 231/2001", kept in the Company’s records, so as to provide relevant information on the opportunity to adopt an Organisation, Management and Control Model under Legislative Decree 231/2001.

3.3.2    Phase 2: Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and Mapping of Areas Exposed to the Risk of Crime

The Company’s businesses/processes were thoroughly examined and, by analysing the activities carried out by the organisational structure, we identified the areas deemed to be “sensitive”, i.e. relevant areas for the liability established by Legislative Decree 231/2001.

In operating terms, the Company examined the areas, activities and subjects (who, in relation to intentional offences, in special and exceptional cases, might include also those who are connected to the Company by mere quasi self-employment relationships, such as agents, or other forms of collaboration such as business partners and the latter’s employees and collaborators) potentially involved in the perpetration of "predicate offences" within the meaning of Legislative Decree 231/2001.

The identification of corporate activities and processes/activities at risk was made by previously examining corporate documents (organisational charts, main processes, powers of attorney, organisational provisions, etc.) and carrying out a number of interviews with key subjects within the Company’s structure.

The results of this review were formalised and described in the "Map of Areas Exposed to the Risk of Crime under Legislative Decree 231/2001", kept in the Company’s records.

The document formalises - in a schematic and descriptive way - the summary results of this analysis and shows, using easily identifiable and readable matrices, the corporate areas/functions that can be potentially involved in the offences listed by Legislative Decree 231/2001.

3.3.3    Phase 3: Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas and Documented map of the potential methods of offence perpetration in these areas

The Managers of single functions were asked to illustrate the operating methods and the concrete controls in place to monitor the identified risk in relation to “sensitive” activities.

In operating terms, after identifying the areas/processes potentially exposed to the risk of crime in the “Map of Areas exposed to the Risk of Crime”, we assessed the factors that affected their impact, namely the potential ensuing damage related to the likelihood of their occurrence.

The results of the Risk Analysis were formalised - in a graphic, schematic and descriptive way - in the document "Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas under Legislative Decree 231/2001", kept in the Company’s records.

In methodological and operating terms, as established by the most advanced risk analysis and prevention management systems, the Risk Analysis was carried out by determining the applicable risks using an internationally renowned algorithm that is used in risk analysis processes (e.g. it is generally used to identify and estimate risks in relation to the protection and safety of personal data (Legislative Decree 196/2003) and for risk assessments concerning health and safety at work (Legislative Decree 81/2008)).

The Risk Analysis was structured according to the following operating phases:

1. Listing of offences;
2. Listing of sensitive processes
3. Analysis of existing Controls;
4. Analysis of the Likelihood of occurrence of the Offence;
5. Analysis of impacts and Damage;
6. Measurement of risk.

The Paragraphs below report the descriptive methodological details of this analysis.

3.3.3.1 Risk Assessment Formula

To assess the Risk of offences being committed, we used the following risk analysis Formula:

R ( Risk ) = LxD/C

Where:

L = LIKELIHOOD of the crime being committed:

D = POTENTIAL DAMAGE resulting from the offence;

C = CONTROLS already in place and suited to reduce the Risk R, considered as a whole.

In order to use this formula correctly, a numerical scale was defined on 4 levels ranging from 0 to 3, both to assess Likelihood ( L ), Damage ( D ) and existing Controls ( C ), in accordance with the criteria reported below.

3.3.3.2  L Factor, Likelihood of occurrence of the Offence

L = Likelihood Factor for the Company, namely the possibility that the offence may be perpetrated, according to the following numerical scale:

0= N.A: IRRELEVANT (N.A. NOT APPLICABLE - NOT PRESENT)

1= HIGHLY UNLIKELY: possibility only in case of a combination of several unlikely, independent and hardly predictable and/or controllable events

2= POSSIBLE OR LIKELY: concrete possibility of occurrence of the offence as the direct consequence of a specific, clearly identifiable cause.

3= HIGHLY POSSIBLE OR LIKELY: high possibility of occurrence of the offence as the direct consequence of a specific, clearly identifiable cause.

3.3.3.3 D Factor, Damage resulting from the Offence

D = Damage Factor for the Company, namely the legal impact deriving from the offence, according to the following numerical scale:

0= N.A. (NOT APPLICABLE - NOT PRESENT)

1= LOW RISK: situation that determines a slight legal risk for the Company (minor administrative sanctions)

2= MEDIUM RISK: situation that determines a medium/high legal risk for the Company (medium/high administrative sanctions)

3= HIGH RISK: situation that determines a high legal risk for the Company (heavy criminal, administrative sanctions, disqualification sanctions).

3.3.3.4 C Factor, Controls suited to reduce the Risk

C = Controls, namely an element that is suited to reduce the Risk R, assessed as a whole, according to the following numerical scale:

0= N.A. (NOT APPLICABLE)

1= CONTROL NOT APPLIED;

2= DE FACTO CONTROL, NOT FORMALISED

3= DE FACTO CONTROL FORMALISED WITH INTERNAL PROCEDURES AND REGULATIONS.

The assessment of the controls in place was made:

1. By analysing the controls applied to internal operating processes.
2. By analysing the controls applied in relation the single Offences regulated by Legislative Decree 231/2001.

The C final value used in the Formula R=LxD/C consists of the AVERAGE value of the C factors referred to in paragraphs 1 and 2 above.

3.3.3.5 Risk Assessment Matrix

The use of a 4-level numerical scale ranging from 0 to 3 allows for the level of risk to be assessed (1 to 9) according to an overall matrix based on the formula R (Risk) = LxD/C.

In this mathematical Formula, the C factor (Controls) is crucial in order to establish the final Risk assessment.

In fact, Risk assessment can be viewed as consisting of two different operating Phases: the first in which the Risk is assessed in theory, without considering the C Factor, and a second Phase in which the Control element, represented by the C Factor, is taken into account.

In summary, Phase 1 leads to the ex-ante assessment of the INITIAL THEORETICAL RISK without considering the C Factor (hence R=LxD) while Phase 2 leads to the ex-post assessment of the FINAL ACTUAL RISK, after considering the controls in place (hence R=LxD/C).

The results of the Control analysis (C Factor) were firstly applied:

• to the Company’s internal operating Processes
• to the single Offences regulated by Legislative Decree 231/2001

We then reported the final Risk Assessment Matrix, which shows the Analysis of the Likelihood of occurrence of an Offence (L Factor) and the analysis of Damage having an impact on the Company in case of the perpetration of an Offence.

The Matrix, as specified above, reports the ex-ante assessment of the INITIAL THEORETICAL RISK without considering the C Factor (hence R=LxD) while Phase 2 leads to the ex-post assessment of the FINAL ACTUAL RISK, after considering the controls in place (hence R=LxD/C).

Finally, for an easier understanding and visualisation of the results of the risk analysis, the same results were reported in a graphical representation.

3.4 Supervisory Body

3.4.1    Structure and composition of the Supervisory Body

Legislative Decree 231/2001 provides for the establishment of a supervisory body within the Entity, endowed with autonomous powers of initiative and control, which is specifically given the task of overseeing Model implementation and compliance and of taking care of its update. The existence of the Supervisory Body (hereinafter also "SB") is required in order for the Model to be deemed suitable.

The SB has three members: Mrs. Sara Puglia Mueller, Mrs. Beatrice Lombardini and Mr. Alberto Canova.

The Supervisory Body is established pursuant to a resolution by the Single Director who, at the time of its appointment, acknowledges fulfilment of the requirements of independence, autonomy, integrity and professionalism of its members, referred to in the paragraph below.

The Supervisory Body lasts in office for one year and the renewal of its term may be formalised from year to year.

The members of the Supervisory Body may resign at any time, giving written notice to the Company’s Management and specifying the reasons therefor.

3.4.1.1 Requirements

3.4.1.1.1              Subjective eligibility requirements

The appointment as a member of the SB is conditional upon fulfilment of subjective eligibility requirements.

The following facts are reasons for the SB members’ ineligibility and/or revocation:

• if the member is temporarily banned or suspended from holding management positions within legal persons and undertakings;
• if the member is in any condition of ineligibility or revocation laid down in Article 2382 of the Italian Civil Code;
• if the member holds, whether directly or indirectly, a number of shares with which he can exert considerable influence on the Company.
• if the member has been convicted or involved in plea bargaining, even if not yet final, and even if the punishment is conditionally suspended, subject to the effects of rehabilitation:
• for one of the offences regulated by Royal Decree no. 267 of 16 March 1942 (bankruptcy law);
• for one of the offences regulated by Chapter XI of Book V of the Italian Civil Code (companies and consortia);
• for an offence committed with criminal intent, for no less than one year;
• for an offence against the Public Administration, public faith, the public heritage, the public economy or a tax offence;
• for one of the offences regulated by the rules on the banking, financial, security, insurance business and by the rules on markets and securities, payment instruments.
• if the member, whether in Italy or abroad, has been convicted or involved in plea bargaining, even if not yet final, and even if the punishment is conditionally suspended, subject to the effects of rehabilitation, for violations that are relevant for the purposes of the administrative liability of entities under Legislative Decree no. 231 of 2001;
• if the member has been committed for trial for all the offences/unlawful conduct regulated by Legislative Decree 231/2001;
• if the member has been an executive director, in the three years preceding his appointment as a SB member, in companies: 
• that have gone bankrupt, have been involved in an administrative compulsory receivership or similar procedures

3.4.1.1.2              Autonomy and independence

The autonomy and independence of the SB are guaranteed:

• by its positioning, independently of any function, within the Company’s organisational structure;
• by its members’ independence, integrity and professionalism;
• by the SB’s reporting lines to the Company’s Senior Management;
• by the fact that its activities cannot be challenged by any other corporate body or structure;
• by its autonomy in establishing its operating rules, through the adoption of its own Regulations.

The SB has independent spending authority based on an annual budget, approved by the Company’s Management at the proposal of the SB itself. In any case, the latter may ask for the assigned budget to be increased if the budget proves not to be sufficient for the effective performance of the SB’s duties, and may extend its spending authority on its own initiative in exceptional or urgent cases, to be subsequently reported to the Company's Management.

In the course of its inspections and controls, the SB has the broadest powers so as to effectively perform its duties.

In the performance of its duties, the SB must avoid any conflict of interest with the Company, even only potential conflicts, arising for any reason (for example, for personal or family reasons).

3.4.1.1.3              Professionalism

The SB’s members must have appropriate business experience and technical and legal knowledge to effectively perform the Supervisory Body’s duties.

At the same time, the Supervisory Body must ensure the presence of adequate professionalism for the performance of its functions.

Specifically, the SB must have extensive corporate experience in relation to the activities performed and must hold senior executive positions.

Where necessary, the SB may rely on external consultants for technical operations that are necessary to carry out its controls. In this case, such consultants must always report the results of their services to the SB.

3.4.1.1.4              Continuity of action

The SB must ensure necessary continuity in the performance of its functions, also by programming and planning its activities and controls, taking records of its meetings and regulating all information flows from corporate structures.

3.4.1.2 Revocation

The members of the SB may be revoked by the Company’s Management only for good cause.

In this respect, "good cause" for revocation includes, but not only:

• gross negligence in the performance of the duties connected with their appointment;
• "omitted or insufficient supervision" by the SB - as established by Article 6, paragraph 1 d) of Legislative Decree 231/2001 - resulting from the Company’s conviction, even if not yet final, under Legislative Decree No. 231/01 or from a judgement imposing the sanction requested (the so-called plea bargaining);
• the ascertainment, after their appointment, that the SB members have been members of the Supervisory Body of companies sanctioned, with a final measure (including the sentence issued under art. 63 of the Decree), under art. 9 of the same Decree, for unlawful conduct committed during their office;
• the assignment of operating functions and responsibilities within the Company’s organisation that are incompatible with the requirements of “autonomy and independence" and "continuity of action” that are typical of the SB;
• serious and ascertained reasons of incompatibility which jeopardise the members’ independence and autonomy;

3.4.1.3 Reasons for suspension

A reason for suspension from the position of SB member is the ascertainment, after their appointment, that the SB members have been members of the Supervisory Body of companies sanctioned, with a final measure (including the sentence issued under art. 63 of the Decree), under art. 9 of the same Decree, for unlawful conduct committed during their office.

The members of the SB are required to notify the Company’s Management, assuming responsibility therefor, of the occurrence of the said reason for suspension. The Company’s Management, also in any other case when it learns directly of the occurrence of the said reason, suspends the relevant person(s) from the position of SB member.

The decision on the revocation, if any, of suspended members must be the subject of a resolution by Management.

The non-revoked member is reassigned all his previous functions.

3.4.1.4 Temporary impediment

In case of events that temporarily prevent the SB from carrying out its functions or from performing them with the necessary autonomy and independent judgement, the latter must declare the presence of a legitimate impediment.

For example, an illness or injury lasting more than three months and preventing the full performance of one’s duties, is a reason for temporary impediment.

In the case of a temporary impediment or in any other case that makes it impossible for a member to perform his duties, the Company’s Management provides for the temporary integration of the SB by appointing a substitute member at the first useful meeting, who will remain in office for the period of the impediment.

If the impediment lasts more than 6 months, which may be extended for a further 6 months, the Company’s Management may revoke the member(s) affected by the aforesaid reasons for impediment.

3.4.1.5 Definition of the duties and powers of the Supervisory Body

The audits and controls carried out by the Supervisory Body are strictly functional to the effective implementation of the Model and do not surrogate or replace the institutional control functions of the Company itself.

The duties of the SB are expressly established by Legislative Decree 231/2001 in Article 6, paragraph 1 b) as follows:

• to oversee Model implementation and compliance;
• to oversee its periodic updating.

In the fulfilment of these duties, the SB is assigned the following tasks:

• to oversee Model implementation in relation to the prevention of the offences referred to in Legislative Decree 231/2001;
• to check compliance with the Model and with decision-making protocols, identifying any anomalous behaviour arising from the analysis of information flows and from the reports which the managers of the various organisational structures are required to make;
• to carry out periodic inspections and controls, on an ongoing basis and whenever it deems it necessary, in the light of the various sectors of intervention or of the types of activities and their critical issues in order to ensure the efficiency and effectiveness of the Model, coordinating them with those recognised and entrusted to the Managers of the Organisational Structures who are the recipients of specific decision-making protocols, so as to assess Model compliance and implementation.

In pursuing its activities, the SB may:

• have free access, also through specifically appointed structures, to any Company structure - without the need for any prior consent - in order to request and acquire information, documents and data which are deemed necessary to perform its duties. If the SB is denied access to documents, and reasons are given therefor which are not shared by the SB, the latter draws up a report to be sent to Management;
• ask directors, control bodies, audit firms, collaborators, consultants and in general all those who work on the Company’s behalf, for relevant information or for the production of documents, including computer documents, pertaining to activities at risk;
• supervise the constant updating of the Model, including the identification, mapping and classification of activities at risk and submitting to Management, where necessary, proposals for any additions and adjustments that may become necessary as a result of: 
• significant violations of the provisions of the Model;
• significant changes in the Company’s internal structure and/or ways of doing business;
• legislative amendments to Legislative Decree 231/2001, such as the introduction of offences which can potentially have an impact on the Company’s Model;
• define and take care of information flows so as to enable the SB to be periodically updated by the Managers of Organisational Structures and thus identify any shortcomings in the operation of the Model and/or any violations thereof;
• implement an effective information flow that enables the SB to report about Model effectiveness and compliance to the competent corporate bodies;
• check the presence of an effective internal communication system to ensure the transmission of relevant information for the purposes of Legislative Decree 231/2001, ensuring the protection and confidentiality of the informant and fostering knowledge of the types of conduct to be reported and the conditions for reporting them;
• oversee the promotion of initiatives for the widespread knowledge and understanding of the Model, of the content of Legislative Decree 231/2001, of the Code of Ethics, of the impact of legislation on the latter’s business, as well as initiatives to train and make staff aware of of the importance of Model compliance, acquiring information on their frequency;
• oversee the promotion of initiatives designed to facilitate knowledge and understanding of the Model by all those who work on the Company’s behalf;
• give opinions on the meaning and application of the provisions of the Model, on the correct application of protocols and of the corresponding implementation procedures;
• prepare and submit to Management’s approval the budget for the proper performance of the tasks assigned, with absolute independence.
• promptly report to Management, for the corresponding appropriate measures, any ascertained violations of the Model that can give rise to the Company’s liability and propose any sanctions laid down in this Model;
• ensure the suitability of the disciplinary system pursuant to Legislative Decree 231/2001.

In the pursuit of its activities, the Supervisory Body may rely on the support of structures with specific expertise in the corporate sectors the subject of controls from time to time.

The members of the SB and the subjects which the SB itself relies on, for any reason, are required to comply with the obligation of confidentiality in relation to any information they acquire in the performance of their duties.

The members of the SB ensure the confidentiality of any information they acquire, especially when concerning reports received thereby in relation to alleged violations of the Model. The members of the Supervisory Body refrain from receiving and using confidential information for purposes other than those set out in this paragraph, and in any case for purposes that do not conform to the typical functions of the Supervisory Body, except in case of an express and conscious authorisation.

Any information held by the members of the Supervisory Body shall in any case be treated in accordance with the current applicable regulations and, specifically, Legislative Decree 196/2003 ("Privacy Code") as amended.

Any information, signalling, report established in the Model are kept by the SB on a special (computer and/or hard copy) file.

3.4.1.6 Reporting by the Supervisory Body

To ensure its full autonomy and independence in the performance of its duties, the SB reports directly to the Company’s Management.

The SB annually reports to Management on:

• the results of its supervision in the relevant period, reporting any problems or issues and any appropriate interventions on the Model;
• any reports received, including what has been found directly thereby, in relation to alleged violations of the provisions of the Model and of protocols, and on the outcome of the ensuing verifications;
• the activities which, despite being planned, have not been implemented for justified reasons of time and resources;
• the schedule of controls established for the following year.

The SB may ask at any time to be heard by Management whenever it ascertains particularly important facts, or whenever it believes that an assessment or intervention in relation to matters pertaining to the operation and effective implementation of the Model, is appropriate.

To guarantee proper and effective information flows, the SB may ask for clarifications or information directly to Management for the purpose of a full and proper exercise of its powers.

In turn, the SB may be convened at any time by Management to report on special events or situations relating to the operation of and compliance with the Model.

3.4.1.7 Information flows to the Supervisory Body

3.4.1.7.1              Information flows to the Supervisory Body: mandatory information

Information flows concern any information and document that must be brought to the SB’s attention, as laid down in the Model and applicable protocols.

In addition to what is set out in the single decision-making protocols that are an integral part of the Model, specific communication obligations have been established and specified in Attachment 4 – Preventive Security Protocols and in the attached Control Check-List for quarterly reports to the Supervisory Body.

3.5 DISCIPLINARY SYSTEM

3.5.1    General principles

According to Article 6, paragraph 2 of Legislative Decree 231/2001, in order for the Model to be effective and suitable, it must "introduce a suitable disciplinary system to sanction any non-compliance with the measures indicated in the Model".

The application of the disciplinary system and of the corresponding sanctions is independent of any criminal proceedings brought by the judicial authority and of their outcome, where the conduct also amounts to an offence within the meaning of Legislative Decree 231/2001.

The idea of a disciplinary system suggests that the Company must introduce a scale of applicable sanctions depending on the different level of risk posed by a given conduct with respect to the perpetration of an offence.

The Company has thus put in place a disciplinary system which, firstly, sanctions all violations of the Model, from the most serious to the most minor, through a system of gradual sanctions and which, secondly, is in accordance with the principle of proportionality between the conduct and the sanction applied.

Regardless of the nature of the disciplinary system required by Legislative Decree 231/2001, there remains the main characteristic of the disciplinary power to be exercised by the employer, which refers (according to Article 2106 of the Italian Civil Code) to all categories of workers and which is exercised independently of collective bargaining agreements.

The establishment of violations, disciplinary procedures and the application of sanctions fall within the duties of Management. The Supervisory Body is involved, instead, in the ascertainment of violations and in the application of sanctions for violations of the Model, this meaning that a disciplinary measure cannot be applied, or not applied, for any violation of the Model without previously informing and hearing the Supervisory Body.

There remains the right for the Company to take action for any damage and/or liability ascribed thereto for any conduct by its employees that is in violation of the Model.

3.5.2    Sanctions

Any failure and conduct by employees that is in violation of the rules set out in this Model leads, pursuant to Legislative Decree 231/2001, to the application of disciplinary sanctions in accordance with the principle of proportionality set out in Article 2106 of the Italian Civil Code, taking account - in each case - of the objective seriousness of the fact that represents a violation, the level of guilt, any reiteration of the same conduct as well as the intentionality thereof.

The disciplinary system identifies the violations of the principles, behaviours and controls contained in the Model and, in accordance with the applicable provisions of law and/or collective bargaining agreements, it identifies the sanctions established for employees, as reported below.

The disciplinary system is binding on all employees and, within the meaning of Article 7, paragraph 1, Law 300/1970, it must be exhibited "by being posted in a place that is readily accessible to all".

3.5.2.1 Measures against subordinates

Compliance with the provisions and rules of conduct set out in the Model amounts to fulfilment, by the Company’s employees, of the obligations set out in Article 2104, paragraph 2 of the Italian Civil Code; the Model is a substantial and integral part of these obligations.

The employees’ violation of the provisions and rules of conduct set out in the Model always amounts to a disciplinary offence.

It should be noted that subordinates are subject to the National Collective Labour Agreement for employees working in trade (tertiary sector, distribution and services, hereinafter simply "Trade NCLA”), currently in force until 31 December 2018 (as regards its regulatory and economic sections).

The measures indicated in the Model, whose infringement is sanctioned thereby, are communicated with an internal circular that is distributed to all employees; they are posted in a place that is readily accessible to all and are binding on all the Company’s employees.

Disciplinary measures can be applied to the Company’s employees in accordance with Article 7 of Law no. 300 of 20 May 1970 (the so-called “Workers’ Statute") and any special applicable regulations.

For non-executive employees regulated by the Trade NCLA, these measures are those laid down by the disciplinary rules referred to in Article 225 et seq. of the said NCLA and, specifically, depending on the seriousness of the infringement:

• oral reprimand for minor violations;
• written reprimand for repeated minor violations;
• fine not exceeding an amount equal to 4 hours of ordinary wages;
• suspension from pay and service for no more than 10 days;
• disciplinary dismissal without notice.

The notice of infringement of the Model is followed by a disciplinary action aimed at ascertaining the infringement itself. Specifically, during the ascertainment process, the charge will be notified to the employee, who will then be given a reasonable term within which to present his defence case. Once the violation is established, a disciplinary sanction will be applied to the wrongdoer, proportionately to the seriousness of the violation.

It is understood that the procedures, provisions and guarantees laid down by Article 7 of the Workers’ Statute, and by Article 225 of the Trade NCLA in case of non-executive workers regulated thereby, concerning disciplinary measures, will be complied with.

As regards the establishment of infringements, disciplinary procedures and the application of sanctions, the powers previously granted to the Company’s Single Director remain in place.

3.5.2.2 Measures against business partners, Consultants, business procurers, external collaborators

The infringement by business partners, Consultants, external collaborators, business procurers, agents or other subjects having contractual relationships with the Company, of the provisions and rules of conduct set out in the Model and applicable thereto, or the perpetration by the same of the offences regulated by Legislative Decree 231/2001, will be sanctioned in accordance with specific contractual clauses included in their contracts.

These clauses, expressly referring to compliance with the provisions and rules of conduct laid down in the Model, may establish, for instance, such third parties’ obligation not to act or behave in such a way as to cause the Company’s violation of the Model. In the event of a breach of this obligation, contract termination must be envisaged.

The Company remains obviously entitled to seek compensation for damages arising from any breach of the provisions and rules of conduct laid down in the Model by the said third parties.

3.7 Information and Staff Training

3.7.1    Model distribution

The methods used to communicate the Model must be such as to ensure its full publicity and thus guarantee that its recipients are aware of the procedures to be followed to duly fulfil their duties.

The information given must be complete, timely, accurate, accessible and ongoing.

The Company’s objective is to communicate the content and principles of the Model also to those who, despite not being formally classified as employees, operate - even occasionally - to achieve the Company’s objectives pursuant to contractual relationships.

Communications and training are entrusted to external consultants who are also assigned, inter alia, the task of promoting initiatives to spread knowledge and understanding of the Model, of the content of Legislative Decree 231/2001, of the impact of the law on the Company’s business, and of training staff and making them aware of compliance with the principles enshrined in the Model, and of promoting and coordinating initiatives to facilitate knowledge and understanding of the Model by all those who operate on the Company’s behalf.

3.7.2    Staff Training

Training is designed to promote the staff’s knowledge of the rules set out in Legislative Decree 231/2001.

Such knowledge requires the Company to provide a comprehensive picture of the law, its practical implications, the content and principles which the Model is based on, the Code of Ethics and the Security Protocols implemented by the Company. Therefore, all employees are required to be familiar with, to observe and to abide by the said content and principles, contributing to their implementation.

To ensure the staff’s effective knowledge of the Model and of the procedures to be adopted for the proper pursuit of their activities, specific mandatory training is thus provided to the Company’s staff.

Special attention is paid to the training of newly-hired staff and to employees who, despite not being newly hired, are called to cover new roles.

3.6 Model Updating

As expressly required by law, Management is responsible for adopting and effectively implementing the Model, relying on professionals/external consultants with recognised skills and expertise.

The updating of the Model, this including both any additions and changes to the Model, is designed to ensure its adequacy and suitability.

Section 4: The Code of Ethics

Chapter 4 - The Code of Ethics

4.1 Foreword

This Section outlines the rules of conduct adopted by the Company, which must be complied with by all those who carry out activities on the Company’s behalf and in its interest (cfr. Sec. 3 para. 3.1 “Recipients”) so that their conduct is always in accordance with the principles of fairness, collaboration, loyalty, transparency and mutual respect, as well as to prevent conduct that falls within the list of offences and unlawful conduct provided for by Legislative Decree 231/2001.

Non-compliance with or the violation of the following rules by the recipients of the Model (including third parties, both internal and external to the Company) must be regarded as a violation of the ethical-behavioural principles adopted by the Company, of the duties of fairness toward it, and of specific contractual clauses, if any.

Therefore, such non-compliance and/or violation will be sanctioned in accordance with Article 3.5.2 (Sanctions) of Sec. 3 of this Model.

4.2 The Code of Ethics

In the pursuit of its business, the Company complies with the laws and regulations in force in the legal systems of all the countries in which it operates, in accordance with the principles of loyalty, fairness, responsibility, freedom, personal dignity and respect for diversity, condemning all types of discrimination based on sex, race, language, personal and social conditions, religious and political beliefs.

To this end, the Company promotes a work environment which, inspired by respect, fairness and collaboration and taking account of everyone’s experience in the relevant sectors, allows for the involvement and accountability of employees and collaborators with regard to the specific objectives to be attained and the methods to be used to pursue them.

Given the increased attention that has been recently paid to corporate governance, the Company has deemed it appropriate to draw up a Code of Ethics (hereinafter the "Code" or "Code of Ethics") to clearly define the set of values and responsibilities which the Company recognises, accepts, shares and assumes.

The Code of Ethics represents, inter alia, a founding part of the Organisation, Management and Control Model adopted by the Company within the meaning of Legislative Decree 231/01 (hereinafter "231 Organisation Model"), in the belief that ethics in business should be pursued as a condition for corporate success.

In this perspective, the principles and values enshrined in the Code of Ethics are the first set of rules which the 231 Organisation Model is based on as well as a useful interpretation reference for the concrete application thereof in relation to corporate dynamics.

The Company is engaged in spreading and providing information on the provisions of the Code of Ethics and on the application of the same to the subjects which it refers to, so that all those who operate - in any way - for the Company perform their services and/or duties or functions in strict and continuous compliance with the principles and values enshrined therein.

Whistleblowing

In accordance with the provisions laid down by Law no. 179 of 30 November 2017, the Company has established:

1. a specific channel that can be used by the individuals indicated in Article 5(1) a) and b) to submit, for the purpose of protecting the Company’s integrity, detailed reports of unlawful conduct, which are relevant within the meaning of the said decree, and founded on precise and concordant facts, or of violations of the Company’s organisation and management model, which they become aware of in the performance of their duties; such channels ensure the confidentiality of the whistleblower in the whistleblowing management process;
2. at least one alternative reporting channel that ensures, using IT tools, the confidentiality of the whistleblower;
3. the prohibition to engage in any direct or indirect retaliation or discrimination against the whistleblower for reasons connected, whether directly or indirectly, to the former’s whistleblowing; 
4. disciplinary sanctions (under paragraph 2 e)), for breaching the whistleblowing protection rules and for making deliberate or grossly negligent false claims.

The Code of Ethics is attached as "Attachment 3 - Code of Ethics" to this document.

Code of Ethics

Organisation, Management and Control Model under Legislative Decree 231/2001

Approved by the Sole Director with a specific Resolution

TABLE OF CONTENTS

FOREWORD

CHAPTER 1 - GENERAL PROVISIONS

Art. 1 - Scope of application and Recipients

CHAPTER 2 - PRINCIPLES AND VALUES

Art. 2 - General principles and values

Art. 3 - Communication, distribution and implementation

Art. 4 - Liabilities

Art. 5 - Fairness

Art. 6 - Conflict of interest

Art. 7 - Confidentiality

Art. 8 - Equality, non-discrimination and equal opportunities

Art. 9 - Integrity and personal protection

Art. 10 - Intellectual/industrial property

Art. 11 - Use of corporate goods and materials (including the e-mail system, etc.)

Art. 12 - Accounting control and transparency

Art. 13 - Anti-money laundering

Art. 14 - Protection of individual personality

CHAPTER 3 - CONDUCT IN CORPORATE AFFAIRS

Art. 15 - Business relations

Art. 16 - Protection of competition

Art. 17 - Relations with Suppliers

Art. 18 - Relations with Customers

Art. 19 - Relations with Institutions

CHAPTER 4 - HEALTH, SAFETY AND THE ENVIRONMENT

Art. 20 - Health and safety at work

Art. 21 - Environmental protection

CHAPTER 5 - SANCTIONING SYSTEM

Art. 22 - Violations and sanctions

CHAPTER 6 - FINAL PROVISIONS

Art. 23 - Approval and Modifications

FOREWORD

In the pursuit of its business, the Company complies with the laws and regulations in force in the Italian legal system and in the legal systems of any countries in which it operates, in accordance with the principles of loyalty, fairness, responsibility, freedom, personal dignity and respect for diversity, condemning all types of discrimination based on sex, race, language, personal and social conditions, religious and political beliefs.

To this end, the Company promotes a work environment which, inspired by respect, fairness and collaboration and taking account of everyone’s experience in the relevant sectors, allows for the involvement and accountability of employees and collaborators with regard to the specific objectives to be attained and the methods to be used to pursue them.

Given the increased attention that has been recently paid to corporate governance, the Company has deemed it appropriate to draw up this Code of Ethics (hereinafter the "Code" or "Code of Ethics") to clearly define the set of values and responsibilities which the Company recognises, accepts, shares and assumes.

The Code of Ethics represents, inter alia, a founding part of the Organisation, Management and Control Model adopted by the Company within the meaning of Legislative Decree 231/01 (hereinafter "231 Organisation Model"), in the belief that ethics in business should be pursued as a condition for corporate success.

In this perspective, the principles and values enshrined in the Code of Ethics are the first set of rules which the 231 Organisation Model is based on as well as a useful interpretation reference for the concrete application thereof in relation to corporate dynamics.

The Company is engaged in spreading and providing information on the provisions of the Code of Ethics and on the application of the same to the subjects which it refers to, so that all those who operate - in any way - for the Company perform their services and/or duties or functions in strict and continuous compliance with the principles and values enshrined therein.

CHAPTER 1 - GENERAL PROVISIONS

Art. 1 - Scope of application and Recipients

1. The provisions of the Code of Ethics express the fundamental principles and values which inspire the Company and represent also illustrative specifications of the general obligations of due care, fairness and loyalty that qualify work performance and conduct at work.

2. The principles and provisions of the Code of Ethics are binding on the Company’s directors ("Directors") and auditors ("Auditors"), on all individuals connected to the Company by employment relationships ("Employees") and on all those who operate for/with the Company, whatever their relationship, even temporary, with the Company (such as, but not only, "Collaborators", "Suppliers", "Customers", etc.).

All the subjects whom the Company’s Code of Ethics applies to will be hereinafter defined together, for the sake of brevity, as "Recipients" and will be provided with a copy of the Code of Ethics.

CHAPTER 2 - PRINCIPLES AND VALUES

Art. 2 - General principles and values

1. The Code of Ethics is a set of principles and values whose observance is crucial for the Company’s proper operation, reliable management and image. All the various activities put in place by the Company are carried out in accordance with the principle of fair competition, in compliance with the laws and regulations in force and with widely accepted ethical principles in the conduct of business, such as honesty, loyalty, fairness, transparency and good faith. Therefore, these principles should guide any operation, conduct and relationship, both internal and external to the Company.

2. The Company refuses and rejects the use of any unlawful or unfair conduct to achieve its economic objectives and adopts organisation tools to prevent the Recipients’ infringement of provisions of law, of the principles and values set out in the Code of Ethics and in corporate procedures, overseeing their compliance and implementation.

3. The Company recognises the centrality of human resources and believes that an essential factor of corporate success and development is the professional contribution of the people working therefor. Human resources are managed in accordance with the personality and professionalism of each of them and in line with the principles of loyalty, trust and rejection of all forms of discrimination and exploitation.

Art. 3 - Communication, distribution and implementation

1. The Company informs all the Recipients of the provisions contained in the Code of Ethics, prompting them to share and carefully abide by the principles and values set out therein and to promote their application and strict observance.

2. In particular, the Company, also under the supervision of the Supervisory and Control Body under Legislative Decree 231/01 (“Supervisory and Control Body”):

• distributes the Code of Ethics to its Recipients through appropriate information activities;
• construes and clarifies the provisions set out in the Code of Ethics;
• checks actual compliance with the Code of Ethics by promoting the adoption of measures following any violations;
• provides for any future updates and for the implementation of the provisions of the Code of Ethics, according to any needs that may arise.

The Code of Ethics is published in the "231/2001 Model" section on the Company’s website.

3. Should the Recipients become aware of any violations of the Code of Ethics in case of events and/or circumstances that are relevant for the purposes of compliance with the principles contained therein, they may contact the competent corporate functions as well as the Supervisory and Control Bodies, where set up by single entities, in accordance with 231 Organisation Models.

In case of reports made by informants, without prejudice to statutory obligations, the absolute confidentiality as to the identity of informants will be ensured, guaranteeing their utmost protection.

Art. 4 - Liabilities

The Recipients perform their work and/or duties or functions with professional commitment, care, efficiency and fairness, making the most of the tools and time at their disposal and assuming responsibilities connected with their commitments.

Art. 5 - Fairness

1. All actions and transactions and any conduct held by the Recipients in performing their work and/or duties of functions in their relationship with the Company are inspired by transparency, fairness and mutual respect, as well as lawfulness both in formal and substantive terms, in accordance with the rules in force and internal procedures, also for the purpose of protecting the Company’s assets and image.

2. Specifically, the following conduct is forbidden:

• the pursuit of personal or third party interests to the detriment of the Company’s interests;
• the pursuit of corporate interests in breach of the laws and regulations in force;
• the abusive exploitation, in the Recipient’s personal or third party interest, of the name and reputation of the Company and of information acquired and of business opportunities learned in the performance of the Recipient’s work and/o duties or functions;
• the use of goods and equipment that are available to the Recipients in the performance of their work and/or duties or functions for unauthorised purposes or for other purposes.

3. No Recipient may, for himself of others, exert pressure, make or accept recommendations or preferences that might prejudice the Company or might cause an undue advantage for himself, the Company or third parties.

4. If a Recipient receives gifts, goods or other appraisable benefits, except for customary gifts of little value, he must give immediate notice to the Company’s Director and return them to the donor either directly or through the Company.

Art. 6 - Conflicts of interest

1. The Company requires the Recipients, in the course of their relationships therewith, to strictly comply with the laws and regulations on conflicts of interest.

2. In the performance of their work and/or duties or functions, the Recipients must pursue the Company’s objectives and general interest and must thus refrain from any activity, conduct and act that is incompatible with the obligations arising from their relationship with the Company.

3. The Recipients must inform promptly, considering all circumstances, their superior or the Director directly or the Supervisory and Control Bodies, of any situation or activity in which they might have - either directly or on behalf of third parties - interests that are (even only potentially) in conflict with those of the Company. The Recipients shall abide by any decisions taken by the Company in this respect.

Art. 7 - Confidentiality

1. In the conduct of its business, the Company collects a significant amount of personal data and confidential information that it undertakes to treat in compliance with all the privacy rules in force and the best practices on the protection of confidentiality.

2. In addition, the Recipients keep strictly confidential all data, news and information falling within the Company’s assets or concerning the latter, whether acquired and/or processed in the performance of their work and/or duties or functions.

Art. 8 - Equality, non-discrimination and equal opportunities

1. The Company rejects and excludes any form of exploitation of labour and of discrimination based on sex, age, race, language, nationality, religion, personal and social conditions, sexual orientation, political and trade union membership in any decision that influences its relationships with its stakeholders.

2. Therefore, the Company condemns any approach or behaviour that is discriminatory or that damages individuals, their beliefs and preferences.

3. The Company is committed to encouraging equal opportunities with respect to work conditions and job opportunities, training, development and professional growth, in full accordance with the regulations in force and with the values that inspire this Code of Ethics.

Art. 9 - Integrity and personal protection

1. The Company repudiates child labour and any form of unlawful recruitment and hiring of male or female workers, and takes steps to ensure that work conditions at the Company are respectful of the moral integrity and personal dignity of individuals. It is also committed to ensuring a safe and healthy work environment, free from any conduct that involves any kind of personal harassment, requiring all the Recipients to contribute to this objective also through interpersonal relationships and individual conduct that is respectful of the sensitivity of others.

2. In compliance with the applicable regulations in force and considering its intention to create a healthy and pleasant environment for its Employees, Collaborators and Recipients in general, the Company imposes a smoking ban in the workplace.

3. The Company, in the course of the aforesaid subjects’ relationship therewith, prohibits the same from performing their work and/or duties or functions under the influence of alcohol, narcotic drugs or psychotropic substances, of which it discourages the abuse also outside of the workplace.

Art. 10 - Intellectual/industrial property

1. The Recipients whose work, duties or functions include, in any way, the processing of data, information or documents relating to the Company’s intellectual and/or industrial property rights, are required to keep them with utmost care, accuracy and confidentiality.

2. Any intellectual and/or industrial property rights relating to products, works and/or knowledge developed at work belong to the Company, which holds the right to exploit such knowledge, as and when deemed most appropriate, in compliance with the applicable laws from time to time.

3. Likewise, the Company respects and protects third party intellectual and industrial property rights, ensuring the use only of original products and works in corporate activities, duly licensed by their owners and used in accordance with the corresponding authorisations.

Art. 11 - Use of corporate goods and materials (including the e-mail system, etc.)

1. Every Employee is required to protect the Company’s assets. Specifically, every Employee is accountable for the protection of any corporate goods and materials entrusted thereto and is required to act with due care to protect them (by mere way of example, against theft, loss, damage, unlawful or inappropriate use), by acting responsibly and in accordance with corporate provisions regulating the use thereof.

2. Special care and attention is required when using IT and electronic systems (e.g. hardware supports, Internet and Intranet networks, corporate email system, remote accesses, etc.) which all Employees are required to use for reasons relating to their professional activity and in compliance with the regulations in force and with the instructions given in specific corporate procedures.

3. The same applies also to other categories of Recipients, to the extent they are concretely involved in the protection of the Company’s assets when they are authorised to use the latter’s goods, materials or resources.

Art. 12 - Accounting control and transparency

1. The Recipients, in accordance with their roles, functions and duties, ensure that the facts relating to the Company’s management are represented accurately and truthfully in its accounts, according to the following principles:

• utmost correctness in accounts management;
• completeness and transparency of information;
• lawfulness in legal and substantial terms;
• clarity and truthfulness of the accounts according to the applicable laws and corporate procedures in force from time to time.

2. All operations or transactions carried out in the course of all the Company’s activities must be duly and timely entered in its accounts according to the criteria laid down by law and the applicable accounting standards, so that every operation or transaction is authorised, consistent, lawful, assessable and supported by appropriate and complete documentation certifying the activity performed.

3. The documents certifying the accounts must be such as to allow for the rapid reconstruction of every single operation, the identification of any possible error and the level of responsibility within the single operating process.

4. The Recipients, always in accordance with their roles, functions and duties, are required to check the correctness and truthfulness of the accounts and to report any errors, omissions and/or falsifications thereof to the competent subjects.

Art. 13 - Anti-money laundering

The Company complies with all anti-money laundering laws and regulations, both national and international, and requires the Recipients to refrain from any operation that might contribute to the transfer, replacement or otherwise to the use of illegal profits or which might hinder in any way the identification of money, goods or other benefits of criminal origin.

Art. 14 - Protection of individual personality

1. The Company views the protection of freedom and individual personality as an essential value. Therefore, it rejects and condemns any behaviour or activity that might lead to the exploitation or reduction of individuals to subjection.

2. The Company also attaches primary importance to the protection of minors and to the repression of any form of child exploitation, also with electronic and IT tools.

CHAPTER 3 - CONDUCT IN CORPORATE AFFAIRS

Art. 15 - Business relations

1. In its business relations, the Company acts in accordance with the principles of lawfulness, loyalty, fairness, transparency and efficiency.

2. The Recipients who act in the name or on behalf of the Company, in any business relations in the latter's interest or in dealings with the Public Administration, regardless of market competitiveness or of the importance of the deal in question, are required to behave properly and in compliance with the laws and regulations in force and in accordance with the principles of fairness, due care and good value.

3. In any dealings with Suppliers, Customers and third parties in general, no money, gifts or benefits of any kind may be offered for any reason and in any personal capacity to obtain any undue, real or apparent advantage.

4. No Recipient may accept or make, for himself or others, any pressure, recommendations or reports that can damage the Company or cause an undue advantage for himself, the Company or third parties.

Each Recipient also rejects and refrains from making any promise and/or undue offer of money, gifts or other benefits, unless the latter are of little value and are not related to any kind of requests.

Should a Recipient receive an offer or request for money, gifts or benefits of any kind from a third party, except for customary business gifts or of little value, he must immediately inform his superior or the subject whom he is required to report to, as the case may be, or the Supervisory and Control Bodies, if any, so that any appropriate measures can be taken.

Art. 16 - Protection of competition

The Company acknowledges that fair, free and loyal competition is decisive for market growth and for the Company’s constant improvement, and thus refrains from any conduct that can favour the conclusion of deals to its own benefit in violation of existing rules.

Art. 17 - Relations with Suppliers

1. The selection of Suppliers, the determination of purchases of goods and/or services and the establishment of the corresponding purchase conditions must take place in accordance with the principles of this Code of Ethics and are based on the assessment of objective standards such as quality, the price of the good or service, guaranteed support services, timeliness and efficiency. Special attention is paid, when selecting Suppliers, to the assessment of their reliability and seriousness in terms of compliance with the rules in force from time to time and with the specific provisions that regulate their services.

2. Purchase processes are governed by specific corporate rules that ensure the timely identification of Suppliers and the traceability of supply channels, also for the purpose of ensuring the quality and legitimacy of the goods and services bought. In accordance with the principle of lawfulness and with best practices in business, all purchase processes seek to obtain the maximum competitive advantage for the Company and to ensure impartiality and equal opportunities to each supplier meeting the conditions required.

3. If a Supplier, in the pursuit of its activities for the Company, behaves not in accordance with the principles set out in this Code of Ethics or in the 231 Organisation Model, appropriate measures are taken, such as - in the most serious cases - the termination of outstanding contracts or even the prohibition of any further collaboration therewith.

Art. 18 - Relations with Customers

1. The Company pursues its activities by offering high quality products and services at competitive conditions and in accordance with the rules that apply in its sector and those on the protection of competition.

2. The Company acknowledges that Customer satisfaction is crucial for its success. Therefore, its objective is to ensure an immediate, qualified and competent answer to its Customers’ requests, acting in accordance with negotiating fairness and the transparency of contractual commitments, as well as kindness and collaboration.

Art. 19 - Relations with Institutions

1. The Company maintains a collaborative and transparent relationship with national, Community and international public institutions ("Institutions") with the objective of facilitating dialogue on any issues of specific interest.

2. The Company’s relationships with Institutions and with public officials or representatives of public services, i.e. bodies, representatives, mandatees, spokespersons, members, employees, consultants, people in charge of public functions or services, belonging to public institutions, public administrations, public entities, including financial ones, entities or public companies at a local, national or international level ("Public Officials"), are managed by the Director and by each Employee, whatever his work, duties or functions, as the case may be, by each Collaborator or other Recipient, in accordance with the rules in force, the principles set out in this Code of Ethics and the applicable corporate procedures, based on the general standards of fairness, transparency and loyalty.

3. Therefore, any unlawful payments to Institutions and Public Officials are forbidden. Any form of corruption, favouritism, collusion, direct and/or indirect solicitation, also through promises of personal benefits to any subject working in the Public Administration, are equally forbidden.

CHAPTER 4 - HEALTH, SAFETY AND THE ENVIRONMENT

Art. 20 - Health and safety at work

The Company acknowledges the importance and central value of health and safety at work, these being viewed as fundamental rights of workers, in the pursuit of all business activities, and thus undertakes to pursue the continuous improvement of its performances in relation to prevention and protection in the workplace.

Art. 21 - Environmental protection

1. The Company views environmental protection as a key factor of business activities and acts in accordance with the principles of environmental and territorial respect and protection, which are of the utmost importance both for their intrinsic value and for their impact on the health of human beings and other living species. To this end, the Company undertakes to comply with the rules in force and takes steps to ensure that its business, in any sector it is performed, is in accordance with the highest standards of environmental compatibility and safety.

2. Special attention is paid to the collection and disposal of waste produced by the Company’s activities which - where possible - is treated in accordance with the principles of waste sorting and recycling, as established by the rules in force and best practices.

CHAPTER V - SANCTIONING SYSTEM

Art. 22 - Violations and sanctions

1. The violation of the provisions of this Code of Ethics and of the principles set out in the 231 Organisation Model (and in any corporate procedures that can be referred thereto) implies the application of sanctions indicated, inter alia, in the 231 Organisation Model, in relation to the Recipients who are responsible for these violations, so as to protect the Company’s interests and compatibly with the rules in force.

In fact, these violations damage the relationship of trust with the Company, which is based on transparency, fairness, integrity and loyalty.

2. Specifically, in relation to Employees (including executives), the violation of these rules is a breach of the obligations arising from their employment and can thus lead to disciplinary proceedings against the persons concerned, with all ensuing legal consequences, also in relation to the continuance of their employment, regardless of the commencement of any criminal or administrative proceedings – in case the conduct in question amounts, or does not amount, to an offence - and of the outcome of the ensuing trial, since the Code of Ethics, 231 Organisation Models and any corporate procedures that can be referred thereto are specific rules of conduct which the Recipients are bound by.

As regards the sanctions that can be applied to Employees, these fall among those laid down by the Company’s disciplinary system and/or the sanctioning system established by special rules contained, specifically, in the National Collective Labour Agreement, in compliance with the procedures regulated by art. 7 of the Workers’ Statute (Law 300/1970) and any special and/or industry regulations.

3. As regards Collaborators, Suppliers and/or subjects entering into business relations with the Company, regardless of the type of relationship therewith and including temporary ones, the violation of the provisions of this Code of Ethics and of the principles contained in 231 Organisation Models (and in any procedures that can be referred thereto), is a breach of their contractual obligations, with all ensuing legal consequences, and can thus lead to the application of the remedies set out in their contracts (e.g., penalties) or - in the most serious cases - to termination of their contract and/or assignment and to compensation for damages caused to the Company.

4. The Company pays close attention to any violation of the Code of Ethics, 231 Organisation Models and any corporate procedures that can be referred thereto, by senior management, since the latter represents the head of the Company and conveys its public image.

Therefore, in case of a violation, by Directors and/or Auditors (if any), of the principles and provisions of the Code of Ethics, of 231 Organisation Models and of any corporate procedures that can be referred thereto, or in case of the adoption, in the exercise of their powers, of measures that are in conflict with these provisions, the competent corporate bodies shall take the most appropriate protection measures from time to time, chosen from amongst those established by the rules in force from time, including the revocation of their assignment and/or mandate, without prejudice to the right to enforce the remedies established in their favour by the Italian Civil Code (liability actions and/or claims for compensation).

In case of a violation by a senior position who is also a subordinate, the disciplinary actions available against Company subordinates are also applied.

The provisions of paragraphs 2 and 3 of this Article apply to members of the Supervisory and Control Bodies, respectively, depending on whether their relationship is an employment or collaboration relationship.

CHAPTER 6 - FINAL PROVISIONS

Art. 23 - Approval and Modifications

1. The Code of Ethics is approved by the Company’s Single Director.

2. Any future updates to this Code of Ethics, resulting from any statutory changes, the evolution of civil society or any other reason, must be approved by the Single Director and promptly communicated to all the Recipients.