This section contains, among other issues, the information required by Article 123-bis, paragraph 2, letter b) of Legislative Decree No. 58 of February 24, 1998 (“CFA”). The company, not having issued shares admitted to trading on regulated markets or on multilateral trading systems, avails of the option under paragraph 5 of Article 123-bis of the CFA to not publish the information required of paragraphs 1 and 2 of Article 123-bis of the law, except for that required by the above-stated paragraph 2, letter b).
The Corporate Governance System of Società per azioni Esercizi Aeroportuali S.E.A. (“SEA” or the “Company”) involves a set of rules which meet applicable legal and regulatory requirements. The Corporate Governance system of the company is based on the traditional administration and control model as per Articles 2380-bis and subsequent of the Civil Code, therefore with two corporate boards appointed by the Shareholders’ Meeting – the Board of Directors, which undertakes the management of the Company, and the Board of Statutory Auditors, which is required to ensure financial control, together with the Shareholders’ Meeting itself, which represents the common interests of Shareholders.
SEA has complied with since June 27, 2001 the Self-Governance Code for listed companies issued by the Corporate Governance Committee of Borsa Italiana S.p.A. (the “Self-Governance Code” or the “Code”). Although compliance with the Code is voluntary, SEA applies a significant portion of the recommendations in order to ensure an effective corporate governance system which appropriately assigns responsibilities and powers and supports a correct balance between management and control.
The Company therefore annually prepares on a voluntary basis the Corporate Governance and ownership structure report, which outlines the Corporate Governance structure adopted by SEA and provides information on the means for the implementation of the recommendations of the Self-Governance Code. The report is available on the website www.seamilano.eu.
The company is not subject to management and co-ordination pursuant to Article 2497 and subsequent of the Italian Civil Code.
The Board of Directors of SEA has set up internally two Committees established under the Self-Governance Code undertaking proposing and consultation functions for the Board of Directors (the Control and Risks Committee and the Remuneration and Appointments Committee). The Committees comprise non-executive Directors, the majority of whom independent. The prerogatives of the Committees are established by motions of the Board of Directors, based on the recommendations and principles of the Self-Governance Code; at the Committee meetings minutes are prepared and maintained by the Company.
The Shareholders' Meeting is the body that, through its resolutions, expresses the shareholders wishes. The Shareholders’ Meeting approves the most important decisions of the Company, among which, the appointment of the Corporate Boards, the approval of the financial statements, and any changes to the Company By-laws.
The Board of Directors shall have the widest powers of administration over the company: it in particular may carry out any and all acts it deems appropriate for attaining the corporate scope, with the sole exclusion of those attributed by law and the by-laws exclusively to the shareholders’ meeting. The Board of Statutory Auditors is the company’s Control Board. The Board of Statutory Auditors verifies compliance with law and the By-Laws and the principles of correct administration and in particular on the adequacy of the administration and accounting organisation adopted by the Company and on its correct functioning. The accounting control functions are assigned to the Independent Audit Firm appointed by the Shareholders’ Meeting.
The Board of Directors and the Board of Statutory Auditors in office at the date of the present report were appointed by the Shareholders’ Meeting of May 4, 2016 in accordance with the Company By-laws and remain in office until the approval of the 2018 Annual Accounts.
The Internal Control and Risk Management System is based on the recommendations of the Self-Governance Code and applicable best practice. Therefore, one of the instruments adopted by the company is the Organisation and Control Model as per Legislative Decree 231/01. SEA and its subsidiaries have therefore each drawn up a “Mapping of risks” in order to adopt organisation, management and control models as per Legislative Decree 231/2001 (separately the “Model” and collectively the “Models”), effective and adequate in view of the specific needs of the respective companies and the particular nature of their business, with the principal aim of preventing the offenses set out by the applicable regulation. The Model is constantly updated in line with legislative amendments regarding the introduction of new offenses.
The Corporate Governance System of SEA also involves procedures governing the activities of the various company departments, which are consistently subject to verification and updating in line with regulatory developments and altered operating practices.
The share capital amounts to Euro 27,500,000.00 fully paid-in, consisting of 250,000,000 shares - of a nominal value of Euro 0.11 each. The shares are nominative and indivisible. The shares are not traded on the regulated markets. At December 31, 2017, the company did not hold treasury shares and the share capital was broken down as reported in the “Share capital structure” paragraph.
Internal Control and Risk Management System
Introduction
The Internal Control and Risk Management System is represented by the set of instruments, rules, procedures and corporate organisational structures to ensure compliance with regulatory provisions, the By-Laws, reliable and accurate financial reporting and the safeguarding of corporate assets in line with the corporate objectives defined by the Board of Directors. The latter is responsible for the internal control and risk management system which, on the basis of information provided to the Chairman and to the Control and Risk Committee by the departments/bodies responsible for internal control and the management of business risks, establishes the guidelines, verifies their suitability and effective functioning and ensures the identification and correct management of the main business risks.
The procedures and organisation subject to the internal control and risk management system is implemented in order to ensure:
- compliance with the laws, regulations, By-Laws and policies;
- the safeguarding of the company’s assets;
- the efficiency and effectiveness of the business processes;
- the reliability of financial disclosure.
One of the tools implemented to achieve the Internal Control and Risk Management System’s objectives is the Organisation and Management Model pursuant to Legislative Decree 231/01.
Main features of the risk management and internal control systems in relation to the financial reporting process contained in the financial statements and in the half-year report
SEA’s Internal Control System on financial reporting ensures the exchange of data and information with its subsidiary companies and implements its coordination. In particular, this activity is carried out through the dissemination, by the SEA parent company, of regulations on the application of the accounting policies for the preparation of the SEA Group consolidated financial statements and the procedures regulating the drafting of annual and consolidated financial statements and half-year financial statements and reports. The setting of controls occurs at the end of a process carried out by the SEA parent company according to a targeted approach to identify the individual organisational entities’ typical critical issues that could have significant impacts on financial reporting.
Description of the risk management and internal control systems’ main features in relation to the financial reporting process
As regards the financial reporting process, the risk management system should not be considered as distinct from the internal control system. The System is intended to ensure the trustworthiness, accuracy, reliability and timeliness of financial reporting.
The Risk Management and Internal Control System’s monitoring process over financial reporting is divided into the following phases:
- Identification of risks on financial reporting: the activity is carried out with reference to the SEA separate financial statements and the SEA Group consolidated financial statements, taking qualitative and quantitative aspects into account primarily for the selection of the relevant companies to be included in the analysis and, thereafter, of significant transactions.
- Assessment of risks on financial reporting: risks are assessed in terms of the potential qualitative and quantitative impact. Risk assessment is carried out at both the individual company and specific process levels.
- Identification of controls implemented to mitigate previously-identified risks, both at the individual company and process levels.
In 2017, the Board of Directors approved the Enterprise Risk Management Policy, which defined an ERM division, under the responsibility of the Chief Financial and Risk Officer, as a second level of risk management control to support corporate structures in the identification and management of business risks, through the development of tools, frameworks and methodologies, and to guarantee periodic reporting to middle and top management on the evolution of the risk profile.
The described Internal Control and Risk Management System’s components are mutually coordinated and interdependent and the System as a whole involves - with different roles and according to a rationale of collaboration and coordination - administrative bodies, supervisory and control bodies, and the company and SEA Group management. The SEA Board of Directors has not appointed an executive director responsible for overseeing the functionality of the internal control and risk management system.
Control and Risks Committee Functions
The Committee performs advisory and recommendation functions to the Board of Directors on internal control and risk management. The CRC identifies business risks and submits them for examination by the Board of Directors, and finally implements the Board’s guidelines through the internal control system’s definition, management and monitoring. The Control and Risk Committee also examines and approves the Annual Audit Plan.
The Committee also fulfils the functions of Related Parties Committee (except for transactions concerning matters that are the exclusive prerogative of the Remuneration and Appointments Committee).
Internal Audit Manager
The audit on the suitability and functionality of the Internal Control and Risk Management System is entrusted to the Internal Audit Department. The Internal Audit Manager reports to the Chairman and to the Control and Risk Committee; he/she is not responsible for any operational area and does not hierarchically report to any manager responsible for operational areas, including the administration and finance areas. The Internal Audit Manager audits the functionality and suitability of the internal control and risk management system and compliance with internal procedures issued for this purpose. The Internal Audit Manager has autonomy in expenditure and extends his/her activities to all the companies in the SEA Group through specific service contracts. Similarly, the SEA Internal Audit Department reports hierarchically to the Chairman and functionally, to the Board of Directors. The Internal Audit Department is entrusted with auditing the effectiveness, suitability and upkeep of the Organisation and Management Model pursuant to Legislative Decree No. 231/2001, on the instructions of the SEA Supervisory Boards and the subsidiary companies.
In accordance with "Standards for the Professional Practice of Internal Auditing" requirements as defined by the “Institute of Internal Auditors", the Internal Audit Department has completed the "Quality Assurance Review" process for its activities (renewal of the "Independent External Validation" obtained in 2011) for the development and implementation of a "Quality Assurance and Improvement Programme".
The process ended in February 2017 with the issue of an independent external endorsement by a qualified company on the internal self-assessment carried out by the Internal Audit Department. This assessed general compliance with the Standards and Ethics Code issued by the “Institute of Internal Auditors".
Independent Audit Firm
Deloitte & Touche SpA is the Independent Audit Firm appointed to audit the separate and consolidated annual financial report, to periodically verify corporate accounting practices and to carry out the limited audit of the SEA consolidated half-year financial report. The appointment was conferred by the Shareholders’ Meeting on June 24, 2013 and extended to financial year 2022 by the Shareholders’ Meeting of May 4, 2016. The Board of Statutory Auditors and the Independent Audit Firm regularly exchange information and data in relation to the controls carried out.
Supervisory Board as per Legislative Decree 231/2001
The Supervisory Board in office at December 31, 2017 is composed of four members, three of whom were appointed by the Board of Directors on May 4, 2016 (two external independent members, Luigi Ferrara - Chairman - and Alberto Mattioli, and the Director of the Internal Audit Department, Ahmed Laroussi) and a non-executive member of the Board of Directors, Michaela Castelli, appointed by the Board of Directors on May 25, 2017.
On January 25, 2018, the Board of Directors appointed, in place of Luigi Ferrara, an independent external member, Giovanni Maria Garegnani, who was subsequently appointed as Chairman of the Supervisory Board on February 8, 2018.
The Supervisory Board regularly reports to the Board of Directors on the Model’s effectiveness, its suitability and upkeep. It sends a written report to the Board of Directors every six months on the 231 Model’s implementation status and, in particular, on controls and audits performed and on any critical issues that emerged.
The Supervisory Board has autonomous powers of initiative, control and expenditure.
Organisation, Management and Control Model pursuant to Legislative Decree 231/2001
SEA has adopted an Organisation and Management Model pursuant to Legislative Decree 231/2001 – which lays down the "Rules on the administrative liability of legal persons, companies and associations, including those without legal status" (the "Decree") to prevent the offences envisaged by the Decree. The Model is, therefore, adopted in compliance with the Decree’s provisions. The Model was adopted by the SEA Board of Directors by resolution of December 18, 2003 and more recently amended and supplemented by the resolution of the Board of Directors of September 21, 2017. The Model is currently being updated with respect to the amendments introduced in the Decree in November and December 2017. The Model consists of a “General Section" and a "Special Section". The administrative bodies of SEA’s subsidiary companies have adopted their own Organisation and Management Model pursuant to Legislative Decree 231/2001.
Related Party Transactions Policy
The company has adopted a Related Parties Transactions Policy (the “RPT Policy") in effect since February 2, 2015.
The RPT Policy is also available on the company’s website www.seamilano.eu.
In assessing the substantial and procedural correctness of transactions with related parties, the Board of Directors is assisted by the Related Parties Committee which is identical to the Control and Risk Committee or the Remuneration and Appointments Committee, depending on the matters dealt with from time to time.
Code of Conduct
The applicable Code of Conduct was approved by the Board of Directors on December 17, 2015 and is an integral part of the Organisation and Management Model pursuant to Legislative Decree 231/2001.
The Code of Conduct forms part of the broader "Ethics System" adopted by the Board and defines the framework of the reference values and principles which the SEA Group proposes to adopt in the corporate decision-making process.
The main duties of the Ethics Committee, composed of a member of the SEA Board of Directors and the "Human Resources and Organisation", "Legal and Corporate Affairs" and "Audit" departmental managers, is to promote the Code of Conduct’s dissemination and to monitor compliance thereof.
Anti-Corruption Focal Point
With effect from January 31, 2014, the company identified an anti-corruption focal point in the person of the Legal & Corporate Affairs Director who is also a member of the Ethics Committee.
The anti-corruption focal point deals with any communication on corruption, including toward third parties; the role, prerogatives and responsibilities are therefore not comparable with those provided for by applicable legislation in relation to the Anti-Corruption Manager (namely, the person in charge pursuant to Law 190/2012).
Diversity policies
The obligations of article 123(a), paragraph 2 of Legislative Decree No. 58/1998 require a description of the Company's policies on the composition of the administrative, management and governing bodies taking into account aspects such as age, gender, professional and educational background. For cases where no policy has been adopted, there is a requirement to explain this decision which we now outline below.
SEA’s By-Laws, in compliance with the legislative provisions, comprehensively cover gender diversity within the Board of Directors and Board of Statutory Auditors; no policy on diversity was adopted with regard to the two aforementioned aspects of age and professional and educational background.
Adopting a diversity policy could however be reviewed given that the SEA corporate bodies are subject to renewal for the 2019 financial year with the approval of the financial statements at December 31, 2018. This is also the first renewal taking place after the implementation of the aforementioned legal provision.
The Board of Directors, therefore at its Board meeting of February 22, 2018 decided to research the option of adopting a policy on diversity based the above conditions.