Code of Ethics Internal control system - Intesa Sanpaolo
Internal control system for the application of the Code of Ethics
Intesa Sanpaolo, in line with legal and supervisory regulations in force and consistently with the Corporate Governance Code for listed companies, has adopted an internal control system capable of identifying, measuring and monitoring, amongst others, the risks resulting from non-application of the Code of Ethics. More specifically, along with a system of first-line controls that involves all managers and staff:
CORPORATE SOCIAL RESPONSIBILITY
The Management Control Committee monitors the implementation of the Code of Ethics - the broader regulatory reference due to the integration of social and environmental considerations in the corporate processes, practices and decisions. The Committee receives periodic reports from the Corporate Social Responsibility Service on the outcome of control activities performed in line with provisions of the Group Compliance Guidelines and in reference to the UNI ISO 26000 standard.
The control process of the Code of Ethics – integrated with the management processes underlying the Sustainability Report (stakeholder engagement and listening, definition of improvement objectives, monitoring implementation via KPIs and, lastly, reporting) – envisages an evaluation and a third-party assessment. The statement on the CSR governance level in the Intesa Sanpaolo Group describes the method applied and the results, with separate assessment of respect for human rights. Following the controls, CSR also reports on the corrective measures implemented by the departments and on any serious non-compliance and anomalies, where necessary in agreement with the Compliance and Internal Auditing Head Office Departments.
Assurance Statement over the governance on Corporate Social Responsibility - May 2016
This Department supervises compliance risk regarding the breach of legal or regulatory standards (e.g. laws, codes of conduct, corporate governante codes). Specific attention is paid to the dissemination of a corporate culture with implicit principles of honesty, fairness and respect of the spirit and letter of the rules.
This Department guarantees that the Bank's processes and operations are conducted correctly and independently, in order to avoid or identify anomalous or risk-related conduct as it occurs. In particular it monitors the safeguarding of the value of activities, including those connected with the Bank’s ethical and social responsibilities. It also supports the Management Control Committee in ensuring that the principles and values of the Code of Ethics are respected.
The two Departments direct and coordinate activities of the corresponding subsidiary Compliance and Audit Departments in order to guarantee an appropriate level of attention to the various types of risk and standardised monitoring and control.
The Corporate Social Responsibility Service submits an annual report to the Management Control Committee on the application status of the Code of Ethics, on the critical elements and on stakeholders’ reports, as well as on the consequent corrective actions envisaged.
Audit interventions to verify the implementation of environmental and social policies
In 2014 the Parent Company Internal Audit Department, in conducting the monitoring activity on the compliance with the principles and values contained in the Code of Ethics, carried out the following activities:
analysis of personnel remuneration and incentive systems;
internal policies for the corporate welfare enhancement;
management of risks to employees' health and safety;
check on the compliance in relation to the purchase of goods and services;
analysis of critical suppliers (follow up);
check on the compliance with regulations concerning employee personal transactions.
Whilst conducting ordinary audits on the credit process, the Internal Audit Department also conducted checks on the compliance with corporate rules on arms and environmental policy.
Furthermore, the Internal Audit Department conducted ongoing monitoring on the compliance with the rules laid down by the Internal Code of Conduct through the performance of "investigation" activities on potentially abnormal situations.
Eventually, process audits were activated - among others - regarding the proactive credit management, customers operating in the gambling industry, the management of public funding and moratoria related to seismic events in Abruzzo and Emilia, the crowdfunding portal "Terzo Valore" (Banca Prossima), the compliance with the limit of threshold rates in respect of usury.