1. INTENTION AND SCOPE

This Compliance Policy establishes the organisational and managerial procedures defined by ALSA to monitor, control and prevent criminal activity and to guarantee the legality of the professional activities performed at all times by all ALSA employees and executives with regard to Criminal Compliance.

In this context, the Policy applies to all levels and departments and sections of the Company, bearing in mind the oversight measures put in place by the Company to detect and prevent the criminal activities defined in applicable legislation.

This Compliance Policy is applicable to ALSA and all work centres and branches based in Spain. The CEO and Management Committee are involved in the company's compliance programme actively, directly and at executive level, ensuring that it is, as far as possible, transversal and multidisciplinary, and that it complies with the requirements of the organisation.

With regard to Compliance, ALSA considers it essential to have in place a robust, solid Criminal Compliance Model, including a range of opinions in the decision-making process and thus reducing the possibility of errors or inaccuracies in the operation and application of the programme. Likewise, having a good Criminal Compliance Model in place paves the way for a culture of ethics and compliance within the Company and ensures the effectiveness of the rules and oversight procedures put in place to minimise the risk of illicit activity by ALSA executives and employees.

To this end, the organisation's aims with regard to criminal risk are:

  • To optimise and streamline criminal risk management system in all areas.
  • To establish a structured, organic system for the prevention and oversight of criminal risk, aimed at absolutely minimising the risk of illicit behaviour.
  • To avoid the imposition of sanctions for breaching the rules that govern our activity.
  • To make all ALSA personnel aware of the importance and scope of the Criminal Compliance Model and the ethical principles contained in internal regulations.
  • To make all employees aware that breaching the provisions of the Code of Ethics and internal regulations may lead to disciplinary measures.
  • To make it expressly and publicly known that we absolutely condemn all illegal behaviour, understood not just as breaching legal provisions, but also ALSA's Code of Ethics, the compilation of the values and principles put in place by our organisation to attain our business goals.
  • To adapt existing oversight measures to processes, with the aim of preventing criminal activity.
  • To give employees training and awareness in criminal risk avoidance, adapting the content to its targets and using the methods considered most effective for the purpose.
  • To regularly review the effectiveness of the oversight of the operations and processes identified as being of greatest potential risk within the scope of criminal risks.
  • To supervise the correct operation of the Model and its updates, whether they are made due to organisational changes within ALSA or as a consequence of changes to current legislation.

2. BASIS FOR THE CRIMINAL COMPLIANCE MODEL

The ALSA Criminal Compliance Model contains the procedures and measures in place at the Company to mitigate, prevent and forestall criminal risks. It consists of the following basic elements:

  • Code of Ethics: The Code of Ethics establishes the general principals and patterns of action of all Company employees and agents in their day-to-day professional activities. It also aims to regulate the behaviours, actions or events that could constitute violations of the company's internal standards or the regulations or codes of ethics that govern its business activity. All ALSA employees are required to act with integrity and responsibility in their professional duties, to give example of ethical conduct and to continue to foster the Values of the Group. ALSA Management is committed to eradicating fraud, not just to create an environment of transparency, but also to protect the Group's assets and to forestall financial losses and damage to the reputation of the Company.
  • Complaints channel: ALSA offers all employees a tool with which to make known any suspected illicit circumstance, conduct or activity possibly incurring the risk of criminal sanctions or breaching the Code of Ethics. Employees are required to use the Complaints Channel to report any conduct, act or information which they consider may constitute criminal activity or breach the Code of Ethics. The Compliance Committee will ensure that any person making any such report in good faith is subject to no direct or indirect reprisals for making the report; said persons will always be protected by Management against reprisals of any type. The channel is managed with absolute confidentiality.
  • Criminal Compliance Manual: The Criminal Compliance Manual establishes the model for the organisation, prevention, management and oversight of criminal risks in ALSA in relation to the criminal liability of corporations as established under Article 31 bis of the Spanish Criminal Code. In addition to this Manual, ALSA also has in place the following three elements, corresponding to the key elements of the Model: an inventory of criminal risks, a map of criminal risks and a matrix of criminal risks and oversight.
  • Disciplinary system for the sanctioning of breaches of the Criminal Compliance Model: to ensure that the Model responds effectively to violations or criminal activity, ALSA has in place a disciplinary system to regulate violations or breaches of the set rules of conduct. These measures make it possible to respond against employees who fail to comply with the requirements of the Criminal Compliance Policy or any other elements of the Criminal Compliance management system.
  • Compliance Committee: The Compliance Committee is the internal body tasked with management, monitoring and compliance with the Company's Criminal Compliance Model; it reports hierarchically and functionally to the CEO. Any complaints or questions that ALSA employees may be made directly to any member of the Committee or by e-mail at buzon.compliance@alsa.es.

ALSA has in place an oversight structure made up of (i) the Board of Directors, as the chief decision-making body of the Company, acting through the CEO; (ii) our Internal Audit department, as the body tasked with compliance and risk management within the Organisation; and (iii) the Compliance Committee, tasked with oversight and control and chiefly liable for managing and applying the Criminal Compliance Model and keeping it up-to-date.

The Compliance Committee is tasked with implementing the oversight and monitoring measures associated with the Model. It is appointed to do so by the CEO, as having the necessary autonomy and independence in terms of power of oversight, as well as the required initiative under this oversight framework.

In order to ensure the maximum efficacy of its respective activities, the Compliance Committee has free access to all ALSA documents which may be of use to it. In this regard, the heads of all areas are required to provide the Compliance Committee with all the information it may request regarding activities in each area which may relate to possible criminal activity or incidents which may need to be monitored and dealt with by the Compliance Committee.

To perform its Criminal Compliance Model monitoring and oversight duties, the Compliance Committee works closely with the Internal Audit Department and the Legal Advisory Department, both of which areas it may appoint certain of the day-to-day activities relating to the Model, such as on going monitoring of procedures, standards, oversight and any other functions determined by the Compliance Committee.