Organisational Model General Document

Transcription

Organisation, management and control model
ex Leg. Decree 231/01
Robert Bosch S.p.A. (RBIT)
ORGANISATION, MANAGEMENT AND CONTROL
MODEL
EX LEGISLATIVE DECREE NO. 231 OF 8 JUNE 2001
Approved by the Board of Directors
of 25 September 2012
Page 1 of 52
INDEX
1.
THE LEGISLATIVE DECREE NO. 231/2001..................................... 11
1.1
1.2
1.3
1.4
2.
THE MODEL DRAFTING AND IMPLEMENTATION PROCESS ....... 26
2.1
2.2
2.3
3.
Fundamental characteristics and scope of application. ....................... 11
The organisational Model as a form of exemption from liability ........... 19
The penalty system ............................................................................. 21
The Confindustria Guidelines .............................................................. 23
The Company's choice........................................................................ 26
Methodological approach used ........................................................... 26
Drafting of the Organisation, Management and Control Model ............ 26
THE ORGANISATION, MANAGEMENT AND CONTROL MODEL ... 28
3.1
Model purpose .................................................................................... 28
3.2.
Model characteristics and connections with the Code of Ethics .......... 29
3.3
Model Recipients ................................................................................ 30
3.4 Model introduction, modifications and integrations.................................... 30
4.
THE COMPONENTS OF THE PREVENTIVE CONTROL SYSTEM . 32
4.1
4.2
4.3
4.4
4.5
4.6
5.
SUPERVISORY AUTHORITY ........................................................... 37
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
6.
Identification of OdV pre-requisites ..................................................... 37
Identification of the OdV...................................................................... 38
OdV appointment procedure and duration of post ............................... 39
Reasons for ineligibility, reasons and powers of revocation ................ 40
OdV functions ..................................................................................... 40
Required information to be forwarded to the Supervisory Authority ..... 42
OdV Reporting .................................................................................... 45
Information filing ................................................................................. 46
MODEL DISSEMINATION ................................................................. 47
6.1
6.2
7.
System of ethical principles and rules of conduct ................................ 33
Organisation system ........................................................................... 34
Authorisation and decision making system ......................................... 35
Policy and procedure system .............................................................. 36
Training and information program ....................................................... 36
Computer and computer software systems ......................................... 36
Initial communication .......................................................................... 47
Personnel training on the issues of the Leg. Decree 231/01 .............. 48
PENALTY SYSTEM........................................................................... 49
7.1
Model violations .................................................................................. 49
7.2
Measures taken against employees .................................................... 50
7.3
Model violation on behalf of management and ensuing actions .......... 51
7.4
Measures against the members of the Management Body, the Board of
Statutory Auditors and the members of the OdV............................................. 51
Page 2 of 52
7.5
Measures taken against project collaborators and temporary workers,
Consultants, agents, Suppliers and Contractors involved in Sensitive
Processes. ..................................................................................................... 51
Page 3 of 52
DEFINITIONS
CONTRACTORS”
is conventionally understood as meaning all
contractors of works or services in
accordance with the prescriptions of the
Italian Civil Code, as well as subcontractors,
employment
agencies,
freelance workers who have stipulated a
contract with the Company and which are
used by the same in the performance of
Sensitive Processes.
“CCNL”
National Collective Bargaining Agreement.
“Consultants” subjects not employed by the Company who act in the
name and/or on behalf of Robert Bosch
S.p.A. on the basis of a mandate or other
form of collaborative relationship.
“Decree”
the Legislative Decree n. 231 of 8 June
2001.
“Assignment”
an internal act assigning functions or
responsibilities
within
the
company
organisation.
“Recipients”
all the subjects the Model addresses and, in
particular: the company organisms and their
components, the employees, the Suppliers,
the Contractors, the Company's agents, the
Consultants, the project collaborators and
temporary employees involved in Sensitive
Processes, as well as the members of the
Supervisory Authority that do not belong to
the above categories.
“Suppliers”
the suppliers of goods (goods and materials
for production) and services (excluding
consultancy), including the other Group
Companies, that the Company employs in
the context of its Sensitive Processes.
“Model” the organisation, management and control model foreseen by
the Decree.
“OdV” the Supervisory Authority foreseen by the Decree.
Page 4 of 52
“Sensitive Operation”
the set of activities of particular relevance
performed by Robert Bosch S.p.A. as part
of the Sensitive Processes.
“Management Body” Robert Bosch S.p.A. Board of Director's.
“Sensitive Process/es”
the set of company activities and operations
organised in order to pursue a specific
purpose or manage a particular company
sector of the Robert Bosch S.p.A. company,
involving sectors where one or more of the
crimes listed in the decree may be at a
greater risk of being committed. These
crimes are listed in the Special Section of
the Model, referred to generically and
overall as at risk areas.
“Process Owner” the subject who, given the position they hold or the
activities they perform, is most involved in
the Sensitive Process in question or has the
most visibility for Model 231 purposes.
“Mandate” the unilateral juridical contract by which the company assigns
power of representation towards third
parties.
“Crimes” the types of crimes taken into consideration by the Decree.
“Service Level Agreement” infra group contracts which define the
contents and the service conditions between
Robert Bosch S.p.A. and Group Companies.
“Company” or “Bosch” or
“Robert Bosch S.p.A.” or
“RBIT”
“Group Companies”
Page 5 of 52
Robert
Bosch
S.p.A.,
with
legal
headquarters in
Milano, Via Petitti n. 15,
C.F. 00720460153
registration number in the Company register
REA number MI-174459
all companies belonging to the group
headed by Robert Bosch GmbH.
PRELIMINARY REMARKS
The company was first set up in Stuttgart in 1886 by Robert Bosch (18611942) as a "High precision mechanical and electro-technical workshop".
The activities of the Robert Bosch S.p.A. company currently involve
commercial trading in all sectors of the construction, production, repair,
sale and purchase even for retail and even via non financial lease, import,
export and transit operations of:
-
components, accessories and parts including spare parts for
vehicles of all kinds as well as systems and equipment for control
and diagnosis;
-
electrical products, electrical tools, water heaters and boilers, radio
equipment and related accessories and complementary parts,
hydraulic, pneumatic and oleodynamic components and equipment,
electrical control systems and action systems for industrial use and
industrial equipment;
-
products, systems and plants for heating and air conditioning and
other connected industrial products, as well as goods for the
production and use of energy from renewable sources and
equipment for the combined production of heat and electrical
energy;
-
car-phones, radio-telephones, switchboards and telephone
equipment, satellite navigation systems, electrical and mechanical
material and generally speaking equipment powered by weak
current sources;
-
objects that reproduce the above for learning or entertainment
purposes.
RBIT is also involved in:
-
the installation, assembly, repair, maintenance and providing
technical assistance for all the previously identified articles,
including the training and/or drilling of personnel in the use of the
goods sold;
-
the undertaking of sales mandates;
-
the acquisition or sale on a rental or leasing basis of production
systems and machinery, within the context of the previously outlined
sectors;
-
the purchase and sale of patents, licences and production
procedures in the above mentioned sectors;
-
the organisation and holding of professional training courses,
meetings and seminars on the problems of a technical, regulatory,
commercial administrative and management nature encountered in
Page 6 of 52
the business sectors the company is involved in or that may be
related to them unless not legally authorised to do so;
-
providing administrative, management and company planning
activities, with particular attention being paid to the data and the
problems of Group companies; said activities being limited to areas
which are not legally assigned to specific professional categories;
-
activities involving the processing, filing and management of
databases and data supplied by clients and the organisation of
consultancy services for the installation of hardware and software
systems.
The sole shareholder of Robert Bosch S.p.A. is currently:
o Robert Bosch GmbH (which holds 100% of the share capital).
The Board of Director's of Robert Bosch S.p.A., in the meeting held on 8
June 2005, approved the “Organisation, management and control model”
in accordance with the Legislative Decree of 8 June 2001 no. 231,
containing the “Regulations governing the administrative responsibility of
judicial entities, companies and associations even devoid of judicial status,
in accordance with art. 11 of Law no. 300 of 29 September 2000", while
the Robert Bosch S.p.A. Shareholder's Meeting appointed the Supervisory
Authority in the meeting also held on 8 June 2005.
Following the coming into force of the new type of crimes considered
relevant by the Leg. Decree 231/01 and the changes in the company
organisation, during the course of 2011 and 2012 RBIT carried out a new
risk assessment that led to the Board of Directors' approval of the new
version of the Model in the meeting held on 25 May 2012. Subsequently,
on 25 September 2012, the Board of Directors' approved the current
version of the Model, including the special section concerning
environmental crimes.
As well as adopting the current Model, the Board of Directors' modified the
composition of the Supervisory Authority, taking steps to appoint and
assign supervisory and control powers and tasks as prescribed by the
Decree in question.
Page 7 of 52
MODEL STRUCTURE
The RBIT Organisation, Management and Control model is comprised of a
"General Section" and by many "Special sections" each covering one of
the family of crimes analysed in specific detail (as better specified below)
and by a series of Enclosures which are referred to in each instance in the
Model text and should be considered as an integral part of the Model itself.
In the General Section, after a reference to the principles on which the
Decree is based (as described in the previous Chapter 1), a presentation
of the method used to develop the Models is provided (as described in
Chapter 2). Subsequently the purpose and nature of the model are
described, the recipients are identified along with the procedures for the
implementation and the introduction of changes to the Model (see Chapter
3), this is followed by a description of the components of the preliminary
control system (see Chapter 4), the features and operation of the
Supervisory Board (see Chapter 5), the procedures introduced to
disseminate the Model (see Chapter 6) and the penalty system associated
to any breach of the principles established by the Model (see Chapter 7).
The "Special Sections" have been drafted with reference to the specific
crime categories to which RBIT is considered to be potentially exposed on
the basis of the results of the Risk Assessment activities performed. The
envisaged crimes, based on the assessments made, have been
subdivided into the following categories:
•
•
•
•
•
•
•
•
•
Crimes against the Public Administration;
Corporate crimes;
Crimes related to the fencing, money-laundering and the use of
funds, goods and services of illicit origin;
Crimes related to health and safety at the workplace;
Crimes related to computer criminality and violation of copyright;
Crimes related to organised crime;
Crimes relating to fraudulent activities in matters of trademarks,
patents and distinctive labels;
Crimes against industry and commerce;
Environmental crimes.
The Special Sections that have consequently been drafted are the
following:
•
•
•
•
Special Section A: "Crimes against the Public Administration";
Special Section B: "Corporate crimes";
Special Section C: "Crimes related to fencing, money-laundering
and the use of funds, goods and services of illicit origin";
Special Section D: "Crimes related to health and safety at the
workplace".
Page 8 of 52
•
•
•
•
•
Special Section E: "Crimes related to computer criminality and
violation of copyright";
Special Section F: "Crimes related to organised crime".
Special Section G: "Crimes relating to fraudulent use or exploitation
of trademarks, patents and distinctive labels".
Special Section H: "Crimes against industry and commerce"
Special Section I: "Environmental crimes"
The Enclosures are considered an integral part of the Model (and are
recalled in each instance in the text of the document itself) and in
particular RBIT's Code of Ethics and the Group's Code of Business
Conduct (Enclosure 1.A and 1.B respectively).
Each Special Section is therefore dedicated to the discussion of each
crime category contemplated in the Risk Assessment activities performed
(as described in Chapter 2) and is divided into the following sections:
•
•
•
•
•
description of the types of crimes that may be included in the
family of crimes that is the object of that specific Special Section;
identification of RBIT's company processes and activities where a
potential risk of incurring in the above mentioned crimes exists
based on the risk assessment activities performed (so called
Sensitive Processes);
examples of potential crimes for each Sensitive Process;
an outline of the principles and rules of conduct that should be
applied in performing the activities included in the Sensitive
Processes, as an integration of the ethical system and the rules of
conduct detailed in Chapter 4 of the General Section of this Model;
with reference to the risk areas/Sensitive Processes a description of
the activities involved in these areas is provided along with a few
examples of how the crimes may be committed, as well as the
indication of specific conduct and control principles consistent
with the fundamental principles as defined in Chapter 4 of the
General Section, in order to highlight specific aspects of the internal
control system components that are relevant for Process
supervision.
Each Special Section therefore is designed to:
•
provide the Recipients with a clear illustration of the Company's
organisation, management and control system as well as an
example of how the crimes may be committed within each Sensitive
process;
Page 9 of 52
•
point out to the Recipients the specific principles and the general
rules of conduct and the specific prescriptions to which they must
comply in performing their activities.
Page 10 of 52
GENERAL SECTION
1.
THE LEGISLATIVE DECREE NO. 231/2001
1.1
Fundamental characteristics and scope of application.
With the coming into force of the Legislative Decree no. 231 of 8 June
2001, a form of corporate penal responsibility has been introduced into our
legislation (and formally qualified as "administrative" responsibility.
The Italian Legislator has thus complied with a series of European
Community and international measures that called for greater responsibility
to be allocated to entities that were involved in the perpetration of certain
types of crimes of penal relevance.
The legislation in questions foresees a responsibility allocated to entities
that is added to that allocated to the physical persons who are materially
engaged in the illicit conduct and which arises when certain crimes are
committed in the interest or to the advantage of the entity, in Italy or
abroad,by:
•
•
persons who hold representative, administrative or management
roles within the company or are at the head of an department
provided with financial and operational independence, as well as by
persons who are effectively responsible for management and
control (the so called management positions);
persons entrusted with the management or supervision of one of
the above mentioned management positions.
The recipients of the legislation according to the Decree are: the entities
provided with legal status and companies and associations devoid of legal
status. The following entities are expressly not included within the scope of
the Decree: the State, all territorial Public Authorities, other non-economic
public authorities, as well as entities that perform tasks of constitutional
relevance.
The Decree applies to both crimes committed in Italy and those committed
abroad, providing the entity in question has its main offices on Italian soil
and no action has been taken against it by the State where the crime has
been committed.
As far as crimes committed for which a responsibility of the entities is
foreseen, the Decree takes into consideration crimes committed in
relations with the Public Administration, company crimes, crimes related to
counterfeiting, legal tender and stamp duties, the crimes committed for
terrorist purposes or in order to overturn the democratic order, crimes
Page 11 of 52
against individuals, crimes of insider trading (abuse of privileged
information) and market manipulation, cross-border crime regulated by
Law no. 146/2006, negligent homicide and serious or very negligent bodily
harm committed through violations in the regulations governing health and
safety at the workplace, crimes of money laundering, fencing and the use
of money, goods or utilities of illegal origin, computer crimes, crimes
related to organised crime, forgeries of trademarks, patents or distinctive
signs, crimes against industry and trade, crimes related to copyright
infringements, crimes of incitement to not testify or to bear false testimony
before the Judicial Authorities, and environmental crimes.
More specifically, the Decree, in its original wording, referred exclusively to
a series of crimes committed in relations with the Public Administration,
and precisely the crimes of:
•
•
•
•
•
•
•
•
•
•
•
•
undue collection of contributions, funding or other disbursements by
the State or other public entity;
misappropriation against the State or other public entity;
fraud against the State or other public entity;
aggravated fraud for the attainment of public disbursements;
computer fraud against the State or other public entity;
bribery of a public official;
bribery of a public official to ensure they act against their official
duties;
judicial corruption;
bribery of a person engaged in public service;
bribery, corruption and instigation to accept bribes by members of
the organisms of the European Community and representatives of
the European Community and foreign states;
instigation to accept bribes;
bribe requests.
On this point, it is specified that by a Person engaged in Public Service, in
accordance with art. 358 of the Italian Penal Code, one here refers to
anyone who "for whatever reason acts in the public service", the latter
being defined as an activity governed by public authority regulations and
authoritative deeds, but without authoritative or certifying powers.
Whereas by Public Official, in accordance with art. 357 of the Italian Penal
Code, one refers to anyone who "exercises a legislative, judicial or
administrative public role". The administrative position governed by public
legislation and by authorising measures and involving the definition and the
expression of the will of the Public Administration, or its performance by
means of authorising or certifying powers is considered a public position.
Subsequently, art. 6 of Law 409, of 6 November 2001, containing "Urgent
dispositions in preparation for the introduction of the Euro", included within
Page 12 of 52
the Decree the art. 25-bis, which is designed to punish counterfeiting,
forgery of legal tender and tax stamps, and more specifically the crimes of:
•
•
•
•
•
•
•
•
counterfeiting, spending and introduction into the state, with full
awareness, of counterfeited currency;
currency tampering;
spending and introduction into the state, without awareness, of
counterfeited currency;
spending of counterfeit currency received in good faith;
counterfeiting of filigree paper used for the production of legal
tender or tax stamps;
forgery of tax stamps, introduction into the state, purchase, custody
or distribution of forged tax stamps;
use of counterfeit or tampered tax stamps;
production or custody of filigree paper or tools for the forgery of
moneys, tax stamps or filigree paper.
Subsequently, art. 3 of the Legislative Decree no. 61 of 11 April 2002, in
force from 16 April 2002 within the context of the reform of company law
has introduced the new art. 25 - ter into the Decree, which was then
modified by Law no. 262, extending the area of administrative
responsibility to the institutions even for so called corporate crimes; more
precisely the responsibility was extended to include the crimes of:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
false or misleading company statements;
false or misleading company statements detrimental to shareholders
or creditors;
deceitful statements in the reports or statements of the auditing
companies (this article was subsequently revoked by art. 37 of Leg.
Decr. no. 39 of 27 January 2010);
obstructed control;
unlawful restitution of capital contributions;
unlawful allocation of shares and reserves;
illicit operations on company or parent company shares or quotes;
transactions to the detriment of creditors;
fictitiously paid-up capital stock;
unlawful allocation of company property on behalf of the liquidators;
illicit influence on the general shareholders' meetings;
share manipulation;
obstacle to the exercise of public supervisory authority functions;
failure to communicate a conflict of interests (introduced by Law no.
262/2005).
The art. 25 quater, included in the original wording of the Decree by art. 3
of the Law no. 7 of 14 January 2003 (Ratification of the International
Agreement against terrorist funding), has extended the administrative
corporate responsibility to crimes with terrorist purposes or designed to
Page 13 of 52
overthrow the democratic order as envisioned by the penal code and the
special laws and the crimes violating the prescriptions contained in the
above mentioned Agreement. These include by way of non-limiting
example:
•
•
•
•
the promotion, setting up, organisation or management of
associations with terrorist purposes even on an international scale
or for the overthrow of the democratic order;
assistance to its members (art. 270-ter of the Italian penal code);
terrorist or subversive attacks (art. 280 of Italian penal code);
terrorist acts involving murderous or explosive devices (art. 280-bis
of the Italian Penal Code).
The art. 25 quater.1, included in the original wording of the Decree by art. 3
of Law no. 7 of 9 January 2006 (Dispositions concerning the prevention
and the prohibition of female genital mutilation practices), has extended the
administrative responsibility of organisations to crimes involving mutilation
of female genital organs as detailed in art. 583-bis of the Italian Penal
code.
The art. 25 quinquies, included in the original wording of the Decree by art.
5 of Law no. 228 of 11 August 2003 and modified by Law no. 38 of 6
February 2006 (Measures against human trafficking), has further extended
the administrative responsibilities of organisations to crimes against
individuals, such as:
•
•
•
•
•
•
•
forcing into slavery;
slave trafficking and trading;
sale and acquisition of slaves;
prostitution of minors;
pornography involving minors;
possession of pornographic material involving minors;
tourist initiatives for the exploitation of the prostitution of minors.
The art. 25 sexies, included in the original wording of the Decree by article
9, paragraph 3 of Law 62 of 18 April 2005 n. 62 (Implementation of
directive 2003/6/EC of the European Parliament and Council of 28 January
2003, relative to insider trading and market abuse and the directives of the
2003/124/EC, 2003/125/EC and 2004/72/EC) has further extended the
administrative responsibility of organisations to market abuse crimes:
•
•
insider trading;
market abuse.
The same Law no. 62 of 2005, in art. 187- quinquies of the Financial White
Paper, had also called for a new form of responsibility for the Entity related
Page 14 of 52
to the perpetration of the illicit administrative conduct (not crimes) in its
interest or to its advantage referred to as:
•
•
insider trading (art. 185-bis of the Financial White Paper);
market abuse (art. 185-ter of the Financial White Paper).
The art. 10 of Law no. 146 of 16 March 2006 - not expressly mentioned in
the Decree - as subsequently modified, has included the administrative
responsibility of Entities for a series of crimes of a "cross-border" nature
pursuant to art. 3 of the above mentioned law (criminal syndicates, mafia
syndicates, association for the purpose of unlawful trafficking in narcotic
drugs, association for the purpose of smuggling tobaccos processed
abroad, incitement to not testify or to bear false testimony before the
Judicial Authorities, aiding and abetting, granting illegal access onto the
Italian State Territory or that of another State of which the person is not a
citizen and aiding and abetting illegal permanence).
By cross-border crime we here refer to a crime punished with a jail
sentence not below a maximum of four years, if not involved in organised
crime, or: a) is committed in more than one state; b) is committed in one
state but a substantial part of the planning, management and control took
place in another state; c) or it is committed in one state, but a criminal
organisation is involved which is engaged in criminal activities in more than
one state; d) or it was committed in one state but it has substantial effects
on another state.
Furthermore, the law no. 123 of 3 August 2007 has introduced into the
Decree the art. 25 septies. subsequently reformulated by art. 300 of the
Leg. Decree no. 81 of 9 April 2001; the above mentioned art. 25 septies
establishes a further extension of the administrative responsibility of the
Entities relative to crimes of:
•
•
negligent homicide committed in violation of article 55, paragraph 2
of the legislative implementation degree of the assignment as
referred to in Law no. 123 of 3 August 2007 on matters of health
and safety at the workplace;
negligent homicide and serious and very serious personal injury
committed through negligent violations of the regulations governing
health and safety at the workplace.
The legislative decree no. 231 of 21 November 2007, published in the
ordinary supplement no. 268 of the Official Gazette no. 290 of 14
December 2007, implemented the European Parliament and Council
directive 2005/60/EC of 26.10.2005, concerning the prevention of the
exploitation of the financial system for the purpose of laundering the
proceeds of criminal activities and the funding of terrorism (so called Third
Anti-laundering directive).
Page 15 of 52
This legislative decree extended the scope of application of the Leg.
Decree 231/2001, through the introduction of the art. 25 octies designed to
sanction crimes of:
•
•
•
fencing (art. 648 of the Italian Penal Code);
money laundering (art. 648 bis of the Italian Penal Code);
use of money, goods or benefits of illicit origin (art. 648-ter of the
Italian Penal Code).
The Law no. 48 of 18 March 2008, has introduced into the Leg. Decree no.
231/2001, the art. 24 bis, thus extending the responsibility of the entities
even to computer crimes as foreseen by the following articles of the Italian
Penal Code:
•
•
•
•
•
•
•
•
•
•
615 ter, (unlawful access to computer or telecommunication
systems);
615 quater (unlawful possession and distribution of access codes to
computer or telecommunication systems);
615 quinquies (distribution of equipment, devices or computer
programs designed to damage or interrupt a computer or
communication system);
617 quater (illicit tapping, obstruction or interruption of computer or
network communications);
617 quinquies, (installation of equipment designed to tap, obstruct
or interrupt computer or network communications);
635 bis, (damaging of information, data and computer programs);
635 ter, (damaging of information, data and computer programs
used by the state or by any other public authority or in any case of
public interest);
635 quater (damage to computer or communication systems);
635 quinquies, (damage to computer or communication systems
used in the public interest);
491 bis (falsification of a public electronic document or that carries
evidential effectiveness);
640 quinquies (computer tampering of the electronic signature
certifier).
The Law no. 94 of 15 July 2009, through art. 2, has introduced the art. 24
ter "organised crime felonies", designed to extend the scope of the entities'
responsibility even to the following crimes:
•
•
•
Criminal syndicates (art. 416 of the Italian Penal Code);
Mafia syndicates (art. 416 bis of the Italian Penal Code);
crimes committed taking advantage of the conditions of the
previously mentioned art. 416 bis or with the purpose of assisting
the activities of the syndicates foreseen in the previous article (art.
24 ter, first paragraph, Leg. Decree 231/2001);
Page 16 of 52
•
•
•
•
exchange of favours between political entities and the mafia (art.
416 ter of the Italian Penal Code);
kidnapping for the purpose of theft or extortion (art. 630 of the Italian
Penal Code);
criminal association for the purpose of drug or psychotropic
substance trafficking (art. 74 Presidential Decree 309/90);
crimes related to the illicit production, introduction into the state,
sale, transfer, custody and carrying in public place or place open to
the public of small firearms and light weapons or such like or parts
thereof, explosives, clandestine weapons, as well as more common
firearms (art. 407, first paragraph, letter a) no. 5 of the Italian Civil
Code of Procedure).
The Law no. 99 of 23 July 2009, through art. 15 has introduced into the
Leg. Decree no. 231/2001, as part of art. 25 bis the so called "crimes
related to trademarks, patents and distinctive signs", with the extension of
the scope of the entities' responsibility to the following crimes:
•
•
counterfeiting, alteration or use of trademarks, or distinctive signs,
or of patents, models and drawings (art. 473 of the Italian Penal
Code);
introduction into the state and trading of products with false signs
(art. 474 of the Italian Penal Code).
The same art. 15 of the Law no. 99 of 23 July 2009 has introduced, as art.
25 bis 1, the so called "crimes against industry and trade" thus extending
the scope of the entities' responsibility to the following crimes:
•
•
•
•
•
•
•
•
disruption of the freedom of industry and trade (art. 513 of the Italian
Penal Code);
illicit competition involving threats or violence (art. 513 bis of the
Italian Penal Code);
fraud against national industries (art. 514 of the Italian Penal Code);
fraud in trade activities (art. 515 of the Italian Penal Code);
sale of not genuine food substances as genuine (art. 516 of the
sale of industrial products with misleading signs (art. 517 of the
production and sale of goods produced by usurping industrial
property rights (art. 517 ter of the Italian Penal Code);
counterfeiting of geographic or place of origin indications of
agricultural and food products (art. 517 quater of the Italian Penal
Code).
The Law no. 99 of 23 July 2009 has introduced the art 25-novies "Crimes
involving the violation of copyright", designed to extend the scope of the
entities' responsibility even to the following crimes:
Page 17 of 52
•
•
•
•
•
availability to the public, even through the introduction onto
telecommunication networks, through concessions of any kind, of
protected intellectual property or a part thereof, without being so
entitled; the usurpation of the paternity of the work, the deformation,
mutilation or modification of the work itself if the crime is committed
to other person's work intended for publication or if this causes
offence to the author's honour or reputation (art. 171 L. no. 633/41,
first paragraph, lett - a-bis and third paragraph);
the unlawful duplication, for profit, of computer programs; and for
the same purpose, the importing, distribution, sale, custody for
commercial or business purposes or rental of software contained on
supports not bearing the SIAE marking;, in order to reap a profit, on
supports not marked SIAE, the reproduction, transfer, distribution,
communication, audience presentation of the contents of a
database in violation of copyright law, or the extraction or reuse of
the contents of a database in violation of the copyright laws, or the
sale, distribution or rental of a database (art. 171-bis Law 633/41);
reproduction and other illicit actions (such as the reproduction,
duplication, audience distribution etc. ) of intellectual works or other
typical works intended for television broadcasting or similar supports
(art. 171-ter Law no. 633/41);
failure by producers or importers of supports not subject to SIAE
marking to communicate to SIAE within 30 days of their introduction
onto the market or the importing of said supports, of the necessary
information required for their unambiguous identification; false
statements concerning the compliance with the obligations
connected to the SIAE marking (art. 171 septies, L. no. 633/41);
fraudulent production, import, sale, promotion, installation,
modification, public or private use of equipment or parts thereof
designed for the decodification of audiovisual transmissions with
conditional access via the airwaves, satellite or cable, in both
analogical and digital form (art. 171-octies L. no. 633/41).
The Law no. 116 of 3 August 2009, in force as of 20 August 2009,
extended the administrative responsibility of the entities so as to include
the crimes of "incitement to not testify or to bear false testimony before the
Judicial Authorities" as foreseen in art. 377-bis of the Italian Penal Code
and recalled in art. 25-decies1 of the Decree.
Finally the Leg. Decree 121/2011,in force since 16 August 2011, has
introduced among the crimes included under the Decree even crimes
against the environment (art. 25 undecies), such as:
Page 18 of 52
•
•
•
•
•
1.2
The killing, destruction, capture, removal, detention of protected wild
animal or plant species (art. 727 bis of the Italian Penal code) and
destruction of the habitat within a protected site (art. 733 bis of the
Italian Penal code);
The discharge of industrial waste waters containing hazardous
substances (art. 137, Leg. Decree 152/2006), unauthorised waste
processing (art. 256, Leg. Decree 152/2006) failure to undertake
site remediation and clearance (art. 257, D.lgs. 152/2006); violations
in the compulsory keeping of waste transportation registers (art.
258, Leg. Decree 152/2006); illicit waste trafficking (art. 259, Leg.
Decree 152/2006); activities organised for the purpose of illegal
waste trafficking (art. 260, Leg. Decree 152/2006); violation of the
controls on waste traceability (260 bis, Leg. Decree 152/2006);
violation of dispositions on plant operation (art. 279, Leg. Decree
152/2006);
Trading in animals at risk of extinction in violation of the dispositions
of the same law (art. 1 and 2 of Law no. 150/1992), and the custody
of wild animals that are deemed hazardous for public health and
safety (art. 6 of Law 150/1992); the forgery and alteration of
certifications required for the introduction of protected species into
the European Community (art. 3 bis of Law 150/1992);
The use of substances that are damaging to the ozone layer (art.3
of the Law no. 549 of 28 December 1999);
Fraudulent pollution (art. 8 of Leg. Decree 202/2007) and negligent
pollution (art. 9, Leg. Decree 202/2007) of the marine environment
through discharge of waste from ships.
The organisational Model as a form of exemption from liability
The Decree foresees that the entity shall not be held responsible for the
crimes committed by its so called management staff if it can prove that:
•
•
•
•
it has introduced and effectively implemented appropriate
organisation and management Models to prevent the crimes of the
kind that have taken place, prior to their having been carried out;
that it has assigned to a company department with independent
powers of action and control the task of supervising the operation
and compliance with the Model and the handling of all updating
procedures;
that the persons who have committed the crime fraudulently
circumvented the above mentioned organisational and management
models;
that there has been no omission or insufficient vigilance on behalf of
the organism indicated above.
For the crimes committed by subjects that are not in a top management
position the entity is responsible only when the perpetration of the crime
has been made possible through a failure to comply with the obligations
Page 19 of 52
concerning management and supervision. In any case the failure to
comply with the obligations concerning management and supervision is
excluded if prior to the crime being committed the entity has introduced
and effectively implemented an appropriate organisation, management
and control model to prevent the crimes of the type that have taken place.
The Decree foresees that the entities, in order to satisfy the above
requirements, may adopt organisation and management models "based on
codes of conduct drafted by the associations that represents these entities,
as communicated to the Ministry of Justice which, through full collaboration
with the competent Ministries, may produce an opinion on the
appropriateness of the models to prevent crime". In compliance with these
dispositions Robert Bosch S.p.A., in drafting this Model, has taken its
inspiration from the guidelines issued by Confindustria. It should however
be recalled that these indications represent a simple frame of reference to
which each company may refer for the purpose of implementing the Model.
These are suggestions which the company is free to take as its basis for
the development of the Model. Each company must in the end adapt the
guidelines to its own specific reality and therefore to its size and the
specific activities it performs, and thus choose the technical procedures by
which it can proceed to introduced the Model.
Furthermore, with specific reference to the issue of health and safety at the
workplace, it is essential to recall that art. 30 of the Leg. Decree no. 81 of 9
April 2008 establishes that the appropriate organisation and management
model in order to be effective for administrative liability exemption
purposes for the entities indicated in the Decree, must be introduced and
effectively implemented, ensuring the setting up of a company system
designed to fulfil all the connected juridical obligations relative to:
a) compliance with the technical and structural standards prescribed
by law for the equipment, plants, workplaces and all chemical,
physical and biological substances;
b) risk assessment activities and the introduction of the ensuing
prevention and protection measures;
c) activities of an organisational nature, such as emergencies, first aid,
contractor management, regular safety procedure meetings,
consultations with labour representatives on safety issues;
d) health monitoring activities;
e) employee information and training activities;
f) supervisory activities with specific reference to the procedures and
instructions on work safety being provided to the workforce;
g) the acquisition of the necessary documentation and compulsory
certifications required by law;
h) the regular verifications carried out to ensure the application and
effectiveness of the procedures implemented.
Page 20 of 52
The above organisation model must include appropriate registration
systems detailing the actual performance of the activities listed above.
The organisational model must in any case guarantee an appropriate
allocation of tasks that may ensure that the necessary technical skills and
powers are available to provide risk evaluation, management and
supervision, based on the nature and size of the organisation and the type
of activity it is engaged in, which shall also involve the introduction of an
appropriate penalty system with the powers to sanction any failure to
comply with the measures indicated in the model.
The organisational model must also foresee a suitable supervisory system
of the implementation and maintenance over time of the appropriateness of
the measures implemented.
The re-evaluation and any changes to the organisational model must be
introduced if:
•
•
significant violations to the regulations governing prevention of
accidents and hygiene at the workplace are discovered, or
as a result of changes in company organisation and activity due to
scientific and technological progress.
Finally, the above art. 30 establishes that, when first implemented, the
company's organisational model must be drafted in compliance with:
•
•
the UNI-INAIL guidelines for a health and safety management
system at the workplace (SGSL) of 28 September 2001, or
the British Standard OHSAS 18001:2007
which it is presumed comply with the requirements listed above for all
matching sections.
For the same purposes further organisation and management models may
be indicated by the permanent advisory Commission on health and safety
at the workplace, set up at the Ministry of Employment and Social Security
by art. 6 of the Leg. Decree no. 81/2008.
1.3
The penalty system
The Decree establishes that for the illicit conducts outlined above the
entities may incur financial penalties and interdiction measures, the
sentence may be published and the price and profit of the crime may be
confiscated.
The financial penalties are applied each time an entity commits one of
the illicit conducts foreseen by the Decree. They are applied on a quota
Page 21 of 52
basis which cannot be below one hundred nor exceeding one thousand
(each quota has a minimum value of between Euro 258.22 and a
maximum value of Euro1,549.37) and may thus vary between a minimum
fine of Euro 25,822.00 to a maximum one of Euro 1,549,370.00. For the
purpose of quantifying the quotas the judge must bear in mind:
•
•
•
the seriousness of the crime;
the degree of the entities' responsibility;
the actions taken by the entity to eliminate or mitigate the
consequences of the crime and prevent any further illicit actions
being committed.
The quota amount on the other hand is set based on the economic and
asset conditions of the entity. In certain cases the financial sanction may
even be reduced.
The interdiction measures may only be applied to crimes for which they
are specifically foreseen in the Decree when one of the following
conditions is met:
•
•
the entity has obtained a considerable profit from the crime in
question and the crime has been committed by subjects in a top
hierarchical position, or by subjects under the management of
others while the perpetration of the crime has been made possible
or facilitated by serious organisational shortcomings;
if the illicit conducts have been reiterated.
The interdiction measures that apply to the entities on the basis of the
Decree are:
•
•
•
•
•
banning from the exercise of the activity, with ensuing suspension or
revocation of the authorisations, licenses and concessions that are
essential for the activities in question;
the suspension or revocation of authorisations, licenses or
concessions that have been instrumental to the perpetration of the
illicit conduct;
the prohibition from entering into contracts with the public
administration, except to obtain public utility services;
the disqualification from any subsidies, funds, contributions or aid
and the revocation of any previously awarded;
the ban from advertising goods or services.
The type and duration (which may vary between three months and two
years) of the interdictive sanctions may be set by the judge, on the basis of
the criteria indicated for the quantification of the financial penalties. The
Decree also envisages the possibility that certain sanctions be applied on a
permanent basis (therefore exceeding the maximum duration of two
Page 22 of 52
years), in the presence of specific events that are considered particularly
serious by the legislator. If necessary, the interdiction measures may be
applied concomitantly.
The judge, instead of enforcing the interdiction measures requiring the
interruption of the entity's activity, may rule that the activity be continued
under the management of a court-appointed administrative receiver for a
period equivalent to the duration of the interdiction measure which would
have been applied, provided one of the following conditions is met:
•
•
the entity's activity involves providing a public service or a service of
public utility the interruption of may cause serious prejudice to the
community;
the interruption of the entity's activity may lead to serious
repercussions due to its size and the economic conditions of the
area where it is located.
If the interdiction measures are not complied with the penalty may be a jail
sentence of between six months and three years against anyone engaged
in the entity's activity to which the interdiction measures apply and is
nevertheless found to have transgressed the obligations and prohibitions
that the same measures have prescribed.
In this case, against the entity in whose interest or to whose advantage the
crime has been committed the financial administrative penalty to be
applied shall vary between 200 and 600 quotas with confiscation of all
related profits.
If there is strong evidence to believe the entity is responsible for an illicit
conduct ensuing from a crime and there are reasonable grounds and
specific elements that would seem to indicate the likelihood that illicit
conducts of the same kind may be reiterated, the interdiction measures
outlined above may also be applied as precautionary measures.
In addition to the above sanctions, the Decree, alongside the conviction,
should also require the confiscation of the price or the profit earned
through the crime as well as the publication of the sentence in the
presence of an interdiction sanction at the entity's own expense.
1.4
The Confindustria Guidelines
As previously recalled in paragraph 1.2, in order to make it easier for
entities to prepare suitable Models, paragraph 3 of art. 6 of the Decree
foresees that the trade associations can provide guidance by issuing
specific codes of conduct to assist companies in the devising of
organisation, management and control models.
Page 23 of 52
In this context, Confindustria has developed the "Guidelines for the
construction of organisation, management and control models pursuant to
Leg. Decree 231/2001”, approving its final text on 7 March 2002.
Said Guidelines can be roughly outlined through the following fundamental
points:
A.
identification of the risk areas, that is to say the company
areas/sectors where it is possible that the prejudicial events foreseen
by the Decree may take place;
planning of a control system in order to prevent the perpetration of the
crimes foreseen by the Model by introducing specific protocols. The
most relevant components of the control system envisaged by
Confindustria are:
B.
•
•
•
•
•
•
Code of Ethics;
organisational system;
manual and computer run procedures;
authorisation and signing powers;
control and management systems;
personnel information and training.
The control system components must be inspired by the following
principles:
•
•
•
•
•
C.
implementation of verification criteria, traceability, coherence and
consistency of each operation;
implementation of the function separation principle, which should
entail that no one is in a position to manage an entire process
independently;
control documentation;
introduction of an appropriate penalty system for violations of the
Code of Ethics and of the procedures envisaged by the Model;
identification of the pre-requisites of the Supervisory Authority (OdV)
which should specifically include: independence and autonomy, a
high level of professional expertise and continuity of action.
information obligations of the OdV and towards the OdV.
On 3 October 2002, Confindustria developed the "Integration Annex to the
Guidelines for the construction of organisation, management and control
models pursuant to Leg. Decree 231/2001 with reference to the crimes
introduced by Leg. Decree 61/2002”.
The objective of extending the dispositions included in the Decree to
corporate crimes was to ensure a higher degree of transparency in
company procedures and internal processes and as a consequence
ensure a greater degree of control over management operations.
Page 24 of 52
This led to the twofold need to:
a) define specific organisational and procedural measures - as part of
the model previously outlined by the Guidelines for crimes against
the Public Administration - designed to provide a reasonable
guarantee that these kinds of crimes may be prevented;
b) define the main tasks assigned to the OdV in order to ensure an
actual, effective and continuous operation of the Model itself.
The above Guidelines have been subsequently updated, the last review
taking place on 30 March 2008.
This last update was brought about by the need to adapt the Guidelines to
the subsequent legislative modifications that have introduced into the
Decree text the crimes against individuals, the crimes of insider trading and
market abuse, cross-border crimes, negligent homicide and grievous or
highly grievous bodily harm caused in violation of the regulations governing
the protection of health and safety at the workplace, as well as the crimes
of fencing, money laundering, and the use of money, goods or benefits of
illegal origin.
It is worth noting that the failure to comply with the specific points of the
Guidelines does not affect the validity of the Model. The single Model, after
all, must be drafted with reference to the actual concrete company reality,
and may well move away from the Guidelines which by their vary nature
are of a general character.
Page 25 of 52
2.
THE MODEL DRAFTING AND IMPLEMENTATION PROCESS
2.1
The Company's choice
Although the Decree does not impose the introduction of an Organisation,
Management and Control Model, RBIT has considered it essential to take
action in this regard in order to guarantee an ethically agreed conduct and
to pursue compliance with the principles of legitimacy, correctness and
transparency in the performance of company activities.
Additionally the choice of implementing the Organisation, Management and
Control Model fits in with RBIT's requirement to pursue its mission while
strictly complying with the objective of creating value for its shareholders
and strengthening national and international competition in the various
business sectors.
RBIT has therefore decided to implement an upgrading project compared
to the contents of the Decree which has entailed a review of its own
organisational structure, as well as its management and control tools, in
order to implement its own Model. The latter is not just a valid awareness
tool for everyone operating on behalf of the Company to ensure that a
correct and straightforward conduct is adopted in performing one's own
activities, but it is also an essential preventive tool to ensure that the
crimes foreseen by the Decree are not committed.
2.2
Methodological approach used
(omissis)
2.3
Drafting of the Organisation, Management and Control Model
The Risk Assessment activities previously described and their results have
been shared with the company management.
This analysis, diagnosis and planning phase was then followed by the
editing phase that led to the drafting of this Model and the definition of the
elements of which it is comprised.
Page 26 of 52
Page 27 of 52
3.
THE ORGANISATION, MANAGEMENT AND CONTROL MODEL
3.1
Model purpose
The introduction of the model aims to create a system of dispositions and
organisational tools which aim to guarantee that the Company activity is
performed while fully complying with the Decree and in order to prevent
and sanction any attempts to engage in conduct which may involve the risk
of committing one of the types of crime foreseen by the Decree.
Therefore the Model sets itself the following objectives:
•
•
to improve the system of Corporate Governance;
the introduction of further principles and rules of conduct into the
Company designed to promote and enhance an ethical internal
approach, with a view to a correct and transparent business
management;
help to devise a structured and organic prevention and control system
designed to reduce the risk of crimes being committed in the context
of business operations;
raise the awareness of all those who operate in the name and on
behalf of RBIT in "areas of operation considered to be at risk", that if
they violate the dispositions included herein they run the risk of
incurring in an illicit conduct which is liable to carry with it sanctions
against the author of the violation (at a civil, disciplinary and in certain
cases, penal level) as well as against the Company (administrative
responsibility pursuant to the Decree);
to inform all those who operate for whatever reason in the name and
on behalf or in any case in the interests of RBIT that the violation of
the dispositions contained in the Model shall lead to the application of
specific sanctions or the termination of the contractual relationship;
to reassert that RBIT will not tolerate illicit conducts of any kind and
regardless of their purpose, in so far as these forms of conduct (even
if the Company were apparently to gain an advantage by them) are in
any case contrary to the ethical principles RBIT intends to operate by;
to actively curtail any conduct implemented in violation of the Model
by inflicting disciplinary and/or contractual sanctions.
•
•
•
•
•
The Model prepared by Robert Bosch S.p.A is therefore based on a
structured and organic system of protocols and control activities which:
•
•
identify the areas and processes which are most at risk among all
company processes, that is to say all those activities within which it
is believed there is the highest likelihood that crimes may be
committed;
define an internal regulations system with the purpose of preventing
the Crimes, which includes among others:
Page 28 of 52
•
•
•
3.2.
o a Code of Ethics and a Group Code of Business Conduct
which
expresses
the
ethical
undertakings
and
responsibilities that must be complied with when conducting
business or engaged in company activities;
o a system of assignments, powers and proxies for the
signature of company deeds which may provide a clear and
transparent representation of how decisions are reached and
implemented;
o formal procedures, designed to regulate the operating and
control procedures in the risk areas;
it finds its basis in an organisational structure that is coherent with
the activity performed by the Company and planned with the aim of
ensuring on the one hand, a correct strategic and operational
management of business activities and on the other an on-going
supervision of the conducts involved. This control is guaranteed by
ensuring a clear and organic allocation of assignments, by applying
the right kind of function separation and by ensuring that the
ordering of the organisational structure used is actually
implemented by means of:
o a formally defined, clear and appropriate organisational chart
that is consistent with the activity performed by the
Company;
o a clear definition of roles and responsibilities assigned to
each organisational unit;
o a system of internal functional appointments and assignment
of the Company's representational powers towards the
outside that may ensure a clear and consistent function
separation;
the identification of a management and control procedure over the
financial resources involved in at risk activities;
assigns to the OdV the task of supervising the operation and
compliance of the Model and suggest any necessary updates.
Model characteristics and connections with the Code of Ethics
The dispositions contained in this Model are integrated with those of the
Code of Ethics introduced on 25 May 2012 by the Company's Board of
Directors' (Enclosure 1 A) and with those of the "Code of Business
Conduct" introduced by the company during the month of May 2008
(Enclosure 1.B). These dispositions are based on the principles of the
latter documents, despite the fact that the Model, given the purpose it
intends to pursue through the implementation of the dispositions found in
the Decree, has a different scope compared to the Codes in question.
From this point of view, after all:
Page 29 of 52
•
•
3.3
the Code of Ethics and the Code of Business Conduct represent tools
introduced independently and are generally speaking subject to the
implementation on behalf of the Company (and the Group) with the
aim of expressing certain principles of "corporate integrity" which it
acknowledges as its own and the observance of which it calls all
Recipients to comply with;
the Model on the other hand has been devised to satisfy the specific
requirements of the Decree, and aims to prevent the perpetration of
specific kinds of crimes relative to facts which, as they are committed
to the apparent advantage of the Company, may entail an
administrative responsibility based on the dispositions of the Decree
itself.
Model Recipients
The Model's dispositions are addressed to all company organisms and
their components, the employees, the Suppliers, the Contractors, the
Company's agents, the Consultants, the project collaborators and
temporary employees involved in Sensitive Processes, as well as the
members of the Supervisory Authority that do not belong to the above
categories.
The subjects the Model is addressed to are required to comply very
precisely with all its dispositions, even through compliance with duties of
loyalty, correctness and due diligence that originate out of the legal
relations set up with the Company.
The Company disapproves of all conduct which, in addition to the law,
deviates from the dispositions of the Model regardless of whether it is
performed in the interest of the Company or is intended to produce and
advantage for it.
3.4 Model introduction, modifications and integrations
The Decree foresees that the management body should be responsible for
the introduction of the Model, assigning to each entity the task of
identifying within its ranks the organism to which this task should be
assigned.
Consistently with the indications provided by the "Confindustria
Guidelines", Robert Bosch S.p.A. has singled out its own Board of
Directors as the Management Body responsible for introducing the Model.
The task of supervising the effective implementation of the Model has
instead been assigned to the Supervisory Authority as prescribed by the
Decree.
Page 30 of 52
As a consequence, seeing as this document is a "deed issued by the
management body" (in compliance with the dispositions of art. 6 para. I
lett. a) of the Decree) the subsequent modifications and integrations of a
substantial nature to the same have been coherently been assigned to the
competence of the same Board of Directors'.
Among the substantial modifications we have included by way of nonlimiting example:
•
•
•
•
•
inclusion within this document of additional Special Sections;
elimination of certain parts of this document;
modifications to the OdV duties;
identification of an OdV different to the one currently foreseen;
updating/modification/integration of the control principles and rules of
conduct.
It is further acknowledged that the Managing Director, following a
suggestion by the Legal Department, has the right to introduce possible
changes or integrations to this document of a purely formal nature, on
conditions that the content remains substantially unchanged, as well as
introducing integrations, changes and updates to the Enclosures.
These modifications and integrations must be promptly communicated to
the Board of Directors' and the OdV.
Page 31 of 52
4.
THE COMPONENTS OF THE PREVENTIVE CONTROL SYSTEM
The Model devised by RBIT is based and is integrated within a structured
and organic internal control system made up of protocols and rules, tools
for the definition of responsibilities as well as company process monitoring
mechanisms and tools, which were already in place prior to the publication
of the Model.
The control principles that have inspired the architecture of RBIT's
internal control system, with particular reference to the Sensitive
Processes outlined in the Model and consistently with Confindustria's
dispositions, are described below:
•
•
•
•
A clear identification of roles, tasks and responsibilities of the
subject that are involved in the performance of the company's
activities (whether internal or external to the organisation);
Separation of the tasks between who operationally performs an
activity, who checks it, who authorises it and who records it (where
applicable);
Ex-post verification and traceability of the operations: the
relevant activities performed (particularly where Sensitive Processes
are involved) must be appropriately formalized, with particular
reference to the documentation produced as part of their
performance. The documentation produced and/or available on
paper or electronic supports, must be filed in an orderly and
structured fashion by the positions/subjects involved.
Identification of manual and automatic preventive controls and
ex-post verifications: manual and/or automatic monitoring
processes must be introduced in order to prevent crimes being
committed or to detect any irregularities which might be in conflict
with the objectives of this Mode on an ex-post basis. These controls
are more regular, complex and sophisticated when carried out on
Sensitive Processes which show a higher crime risk potential. On
this basis one area that must be subjected to constant and thorough
monitoring is the management of financial resources. These
monitoring procedures include by way of example:
• Protection of automated systems (access, data back-up, etc.);
• Data reconciliation and balancing;
• Ex-post monitoring/verification of the most significant
activities/the most sensitive data;
• Reports on the activities performed and dispatch to a
hierarchically superior level.
For the purposes of this Model we wish to highlight the following internal
control system components as classified below:
•
system of ethical principles and rules of conduct;
Page 32 of 52
•
•
•
•
•
organisation system;
authorisation and decision making system;
policy and procedure system;
training and information system;
computer and computer software systems.
These components of the control system (and the organisation and
operational tools which they engender), consistently with the inspirational
control principles outlined above, have been specifically assessed during
the risk assessment activities performed (as anticipated in the
"Methodology" Chapter) in order to verify their coherence with the aim of
preventing illicit conduct as prescribed by the Decree.
This process has brought to light that certain tools were already in place
and operational before the introduction of this Model and have been
considered valid and immediately applicable even for the current purposes.
For some of them however areas of improvement have been identified so
that they may satisfy the requirements of this Model 231 and provide a
practical implementation of the principles it envisages.
These corrective and improvement actions have been outlined in the
"Action Plan" or "Executive Summary" (as detailed in Chapter 2).
It is further specified that the above mentioned components of the internal
control system, even if formalised in separate documentation from this
Model, are referred to in the text of the Model and/or contained in the
relative Enclosures and are therefore to be considered an integral part of it.
It follows therefore that the compliance with the principles and the
dispositions it contains are to be considered an essential aspect for the
implementation and effectiveness of the Model itself.
The following paragraphs provide a detailed description of the individual
components that comprise the Bosch internal control system and are also
relevant for the purposes of the Model.
4.1
System of ethical principles and rules of conduct
The Company considers it essential that the Recipients comply with the
ethical principles and general rules of conduct in the performance of their
activities and in managing their relations with colleagues, business
partners, clients, suppliers and with the Public Administration.
These regulations are outlined in a number of company documents and
primarily in:
•
•
Robert Bosch S.p.A. Code of Ethics (expressly provided as an
enclosure to this Model);
Group Code of Business Conduct (expressly provided as an
enclosure to this Model);
Page 33 of 52
•
Parent Company dispositions (Guidelines and Central Directives)
In particular the Guidelines and Central Directives refer to documents that
apply to all Group companies, including Robert Bosch S.p.A., which govern
the business activities and establish the rules of conduct that RBIT
employees in particular must comply with in the performance of their
activities.
A list of some of the issues governed by the above mentioned Policies is
provided below:
-
Conservation of assets;
-
The principle of security and the principle of safety;
-
Authorisation levels;
-
Management Control regulations (for example the 4 eyes principle);
-
Regulations for binding deeds (for ex. the principle of the double
signature);
-
Internal controls.
4.2
Organisation system
The RBIT system of organisation is established through the drawing up of
an organisational chart and the issuing of functional assignments (powers
of attorney), organisational procedures and organisational dispositions/job
descriptions, which provide a clear indication of the functions and
responsibilities assigned to each organisational unit.
The company's organisational chart must represent in a clear and
sufficiently detailed fashion the company's organisational structure, by
identifying and naming the divisions and functions involved.
(omissis)
Page 34 of 52
4.3
Authorisation and decision making system
The Authorisation and decision making system involves a complex and
coherent system of company power delegation and assignment based on
the following dispositions:
•
•
•
•
•
•
•
the assignments must link each management post to the connected
responsibility and an appropriate position in the company
organisational chart and be updated as a result of changes in the
organisation structure;
each assignment must define and describe in very specific and
unambiguous terms the management powers of the assignee and
the subject to whom the assignee refers in terms of hierarchy and
function;
the management powers assigned with these assignments and their
implementation must be consistent with company objectives;
the assignee must be provided with the spending powers
appropriate to the functions assigned to them;
the powers of attorney may be granted exclusively to subjects
provided with assignments or a specific position and must include
the extension of the powers of representation and, possibly,
numerically established spending limitations;
the recipients of powers and assignments as well as the persons
directly involved/interested must be duly informed and instructed
regarding the extension and limitations of the single powers
assigned to them;
in particular everyone who holds relations with the Public
Administration on behalf of RBIT must be provided with
assignments/powers of attorney to this end.
The decision making process concerning Sensitive Processes must be
inspired by the following criteria:
•
•
•
each decision concerning the Sensitive Process operations, as
identified below, must be formally traced (on paper or electronically);
there may in any case never be subjective identity between the
person who decides on the performance of a Sensitive Operation
and the person who actually implements it and brings it to its
conclusion;
by the same token, there may never be subjective identity between
those who decide and implement a Sensitive Operation and those
who are invested with the power to assign any required economic or
financial resources to it.
The principles described above find application and formal definition in the
following documents;
•
Board of Directors' decisions;
Page 35 of 52
•
special powers of attorney;
For the management of the allocation/revocation of powers/assignment
process the Company has issued a disposition note for the Heads of
Human Resource and Organisation, Finance and Company Business and
General Management in which the responsibilities and the operating
procedures for allocation, variation or revocation of specific powers of
attorney are detailed.
4.4
Policy and procedure system
(omissis)
4.5
Training and information program
RBIT, through its specifically appointed training division with the support of
the "TEC" training school internal to group companies and specifically
designed for the purpose, takes particular care over the training of the
resources that operate within its organisation.
(omissis)
4.6
Computer and computer software systems
(omissis)
Page 36 of 52
5.
SUPERVISORY AUTHORITY
5.1
Identification of OdV pre-requisites
In order to satisfactorily perform the roles indicated in the Decree this entity
must satisfy the following pre-requisites:
•
•
•
autonomy and independence: as had also been highlighted in the
Guidelines, the position of the Entity Organism, "must guarantee the
autonomy of the control initiative from all forms of interference and/or
conditioning on behalf of any Entity member" (including the
Management Body). The Organism must therefore be included as a
staff unit in a hierarchic position (the highest possible) and be
expected to report to the top level of company operation. Besides
this, in order to guarantee the necessary autonomy of action and
independence, "it is essential that the OdV be not assigned operating
tasks which, by requiring it to take part in operating decisions and
activities, might undermine the objectivity of its assessments when
assessing conducts and the Model itself".
professional experience: this pre-requisite refers to the level of
specialist technical knowledge which the Organism must have in
order to be able to perform the activity the regulation assigns it. In
particular, the members of the Organism must have specific
knowledge of all useful techniques which may enable it to perform its
inspection and consultant analysis activities over the control system
and have appropriate juridical knowledge (particularly of corporate
and penal law), as clearly specified in the Guidelines. It is after all
essential that it be provided with analysis and risk assessment
techniques, the ability to develop flow-charting of procedures and
processes, manage fraud detection methods, statistical and structure
sampling and be fully aware of how the crimes are actually carried
out.
continuity of action: in order to guarantee the effectiveness of the
organisational Model, it is essential that a dedicated structure be
constantly present and engaged full time in supervisory activities.
Therefore the OdV must:
•
•
•
be independent and in a third party position compared to those
whose activities it is supposed to verify;
be placed at the highest possible hierarchic level;
be assigned autonomous powers of action and control;
Page 37 of 52
•
•
•
•
•
be granted financial independence;
not be involved in any operating tasks;
engage in continuous supervisory action;
have the required professional profile;
introduce a systematic communication channel with the entire Board
of Directors'.
5.2
Identification of the OdV
The Board of Directors' of Robert Bosch S.p.A. has considered it advisable
to set up a collegial organism to which it might assign the role of
Supervisory Authority (henceforth also OdV).
In particular, this organism is comprised of the following figures:
•
•
•
Head of Internal Audits;
External expert;
Head of Legal Department.
The considerations expressed given the type and the specific nature of the
Company have led to the conclusion that the ideal composition of the OdV
is the collegial one, so as to guarantee the completeness of the required
professional expertise and experience, as well as continuous operation.
For a full compliance with the dictates of the Decree, the OdV as identified
above is a subject which reports directly to the top Company management
(Board of Directors') and is not connected to the operating structures by
any hierarchic constraint, so that its full autonomy and independence in the
performance of its functions can be assured.
The activities performed by the OdV cannot be decided by any other
organism or company structure, it being understood that the Management
Body is in any case called upon to carry out supervisory activities on the
appropriateness of its actions, seeing as it is ultimately responsible for the
operation and effectiveness of the Model.
As a further guarantee of the autonomy and in compliance with the
provisions of the "Confindustria Guidelines", as part of the drafting
procedures of the company budget, the Management Body must approve
an allocation of financial resources, as suggested by the OdV itself, which
the OdV may dispose of for any requirement necessary for a correct
performance of its assignment (i.e. specialist consultancies, business trips,
etc.).
The members of the OdV have the capacity, knowledge and professional
competence as well as a reputation for honorability that are essential for
the performance of the tasks assigned to it. In fact the OdV in the
Page 38 of 52
composition outlined above is equipped with the appropriate inspection
and consultancy capacities, with particular reference, among other things,
to auditing techniques, fraud detection, risk analysis and assessment and
penal judicial competence.
Furthermore, in compliance with the dispositions of the "Confindustria
Guidelines", the best practices and the jurisprudence on this point, it is
believed that the OdV in the composition detailed above has the necessary
requirements of independence, autonomy and continuity of action, seeing
as it can rely on internal RBIT components (Head of Internal Audits and
Head of the Legal Department) and on the presence of an external
specialist with long-standing experience in penal matters as Chairman of
the OdV.
The allocation of the role of OdV to subjects other than those identified or
the modification of the functions assigned to the OdV must be decided by
the Board of Directors'.
5.3
OdV appointment procedure and duration of post
(omissis)
Page 39 of 52
5.4
Reasons for ineligibility, reasons and powers of revocation
(omissis)
5.5
OdV functions
The OdV is completely independent in the performance if its tasks and its
deliberations are unquestionable. In particular the OdV must:
•
•
•
supervise compliance with the Model on behalf of its Recipients;
oversee the effectiveness and appropriateness of the Model relative
to the company structure and its actual capacity to prevent crimes
being committed;
suggest and solicit the updating of the Model when they discover
the need for updating based on changed company or regulatory
conditions or changes in the external context.
The OdV must also operate:
•
•
•
ex-ante (thus taking steps to provide appropriate training and
information to personnel);
continuously (though monitoring, supervision, review and updating
activities);
ex-post (through analysis of the causes and circumstances that may
have led up to a violation of the Model's dispositions or a crime
having been committed).
For an effective performance of the above outlined functions, the OdV
is assigned the following duties and powers:
•
•
•
•
regular verification of the risk area maps in order to ensure updating
relative to the changes introduced to the activity and/or to the
company structure;
collection, processing and filing of information relevant to the Model;
regular verification of the actual implementation of company control
procedures in the areas of at risk activities and effectiveness
monitoring;
verification of the implementation of the actions identified for the
solution of critical elements relative to the internal control system
detected during the risk assessment procedures (Action Plan), as
detailed in paragraphs 2.2.1, 2.2.2, 2.2.3 and 2.2.4.
Page 40 of 52
•
•
•
•
•
•
•
•
carry out regular verifications on specific operations and actions
performed within the context of Sensitive Processes;
conduct internal investigations and inspections to check on any
supposed violations of the Model's dispositions;
monitor the appropriateness of the penalty system foreseen for
violations of the rules established by the Model;
coordinate with the other company departments, as well as with the
other control bodies (first among which the auditing company and
the Board of Statutory Auditors), even through specific meetings, so
as to improve the monitoring of the activities relative to the
procedures set up by the Model, or in order to identify new at risk
areas, as well as assessing in a more general way the various
aspects related to Model implementation;
coordinate and cooperate with the subjects responsible for health
and safety supervision of the workforce in order to ensure that the
control system pursuant to the Decree is integrated with the control
system implemented in compliance with the special regulations
governing safety at the workplace;
coordinate with the heads of the company departments in order to
promote initiatives for the dissemination of knowledge (which may
even involve the organisation of training courses) and the
understanding of the Model's principles and to ensure the drafting of
the internal organisation documentation required for its operation,
containing instructions, clarifications or updates;
carry out regular verifications of the content and quality of the
training programs;
suggest evaluation criteria to the Management Body for the
identification of Sensitive Operations.
To this end the OdV will have the right to:
• issue dispositions and service orders designed to regulate the
activity of the OdV itself;
• access to all and any company documentation for the purpose of
performing the tasks assigned to the OdV in accordance with the
Decree;
• issue directives to the various company structures, even at top
management level, in order to obtain information from the latter that
is considered necessary for the performance of its duties, so that a
prompt identification of any Model violations is guaranteed;
• carry out regular verifications based on its own action plan or even
spot checks not scheduled in said plan, but nevertheless deemed
necessary in order to fulfil the OdV's purpose.
(omissis)
Page 41 of 52
The OdV will draft its own Rules and Regulations which will ensure its
organisation and the functional aspects such as for example the regularity
of the inspections, the decision making procedures, the summoning
procedures and the minute taking for its meetings, the resolution of any
conflicts of interest and the methods to be used for the modification and
revision of the regulations themselves.
Additionally, within these Regulations, the OdV must expressly foresee
formal instances of meeting and discussion, particularly involving:
•
•
•
•
the Board of Statutory Auditors;
the Company account Auditing Company;
the relevant actors involved in the internal control system;
the relevant actors involved in the system of management
responsible for health and safety at the workplace.
The object of these meetings will be primarily to discuss and coordinate
actions with the subjects involved in the so called front line of control
system implementation, each according to their specific area of
responsibility, in order to enable the OdV to identify possible areas where
monitoring may be improved in order to increase the effectiveness of the
Model. With this it mind it will up to the OdV to verify with these same
entities the effectiveness of the flow of information it receives, as defined in
paragraph 5.7 "Required information to be forwarded to the Supervisory
Authority".
The OdV will take steps to regulate the operating procedures and the
scheduling of these meetings, identifying in each instance the subjects that
need to be involved, as well as the agenda of the meetings in question.
Furthermore, the OdV will draft its own "Activity Plan" which it intends to
carry out in order to fulfil the duties assigned to it, and which shall be duly
communicated to the Management Body.
5.6
Required information to be forwarded to the Supervisory
Authority
In order to facilitate the supervisory activities over the actual
implementation and effectiveness of the Model, the OdV must be provided
with:
•
•
Page 42 of 52
reports of any presumed or actual violations of the model
(henceforth Reports);
useful information required for the performance of the
supervisory duties assigned to the OdV (henceforth classified as
General Information and Information on Sensitive
Operations).
The OdV must also be allowed access to all types of information that may
be deemed useful for the performance of its activities. This necessarily
requires that the OdV must consider all acquired information as strictly
confidential.
More specifically, all the Recipients must promptly report to the OdV any
actual or even presumed violations of the Model regulations.
These Reports must be sufficiently accurate and detailed and ascribable to
a specific company sector or events; it should be underlined that these
Report may concern any company area with relevance in terms of the
application of the Leg. Decree 231/2001 and the current Model, including
violations of the Model deemed relevant in terms of health and safety at
the workplace.
It is further underlined that these Reports may also be sent to the OdV by
Worker Safety Representatives provided this function is not already fulfilled
by a subject identified among the Model's Recipients.
(omissis)
In any case in order to facilitate the supervisory activities assigned to it, the
OdV must be promptly provided with all General Information considered
useful for the purpose which, by way of non-limiting example, may include:
•
•
•
•
•
•
•
•
any critical, anomalous or atypical events encountered by company
management during Model implementation;
any proceedings and/or news received from the judicial police
authorities or any other authority from which one may infer that
investigations are underway, even against unknown parties, for
particular crimes;
the internal and external communications concerning any event
which may be connected to a possible crime among those included
in
the
Decree
(i.e.
disciplinary
proceedings
set
in
motion/implemented against any employees);
any requests for legal assistance forwarded by employees following
the opening of criminal judicial proceedings;
any investigation committees or internal reports concerning
responsibilities for potential crimes included in the Decree;
any news on disciplinary proceedings carried out in relation to
Model violations and any sanctions issued (including the
proceedings against employees) or indeed any case dismissal
actions concerning said proceedings with their relative motivations;
any news on changes to the organisational structure;
the updating of the assignment and power of attorney system
(including the system for allocation of powers on matters of health
and safety at the workplace);
Page 43 of 52
•
•
•
•
any news related to changes in key positions of the organisational
structure affecting matters of health and safety at the workplace and
environmental procedures (i.e.: changes of positions, assignments
and in the subjects responsible for worker protection);
changes to the regulatory system on matters of health and safety at
the workplace and the environment;
any communications issued by auditing company concerning
aspects that may refer to failings of the internal control system, any
reprehensible facts, all observations made on the Company
accounts;
any assignment conferred or which it is intended to confer to the
auditing company or to companies linked to it, other than accounting
review or account verification;
copies of the minutes of the meetings of the Board of Directors' and
the Board of Statutory Auditors.
This General Information must be supplied to the OdV by the heads of the
various company departments depending on their area of competence,
and coordinated by at least one Managing Director.
Besides what will be specified below regarding the Informations handled by
Process Owners concerning Sensitive Operations, the e-mail
[email protected] is available for the forwarding of Reports
and General Information.
(omissis)
Page 44 of 52
5.7
OdV Reporting
(omissis)
Page 45 of 52
5.8
Information filing
(omissis)
Page 46 of 52
6.
MODEL DISSEMINATION
To guarantee the effectiveness of the Model, it is of major importance that
the rules of conduct that it contains be fully understood by the company's
human resources as well as those that may join the company in the future,
as well as by every other Recipient, with a different degree of
understanding depending on the level of involvement in Sensitive
Processes.
6.1
Initial communication
In order to guarantee its effective knowledge and application, the
implementation of the Model is formally communicated by Board of
Directors' to the various Recipient categories.
In particular, following the Model's approval, the Company employees and
subsequently all new employees are required to sign a statement
indicating they have become fully conversant with the Model itself and
undertake to comply with its dispositions (Enclosure 2).
As far as Company Collaborators, Suppliers, agents, distributors as well as
external Consultants and Contractors, the letter of assignment or contract
which sets up a form of collaboration must explicitly contain clauses
drafted in line with the one shown in Enclosure 3 which may also be
drafted on a separate documents compared to the contract itself
(Enclosure 4). All temporary workers shall also be required to underwrite a
statement of acknowledgement of the Model itself and the commitment to
comply to its dispositions (Enclosure 5).
In the case of reviews and/or significant updates of the Model the
Company shall takes steps to duly inform the Recipients.
The Model shall also be made available according to the procedures and
the tools that the Board of Directors' shall decide to implement such as for
example the publication on the Company's internet site, or by making the
Model available in hard copy form in each plant location.
Page 47 of 52
6.2
Personnel training on the issues of the Leg. Decree 231/01
The training of all personnel for the purposes of the implementation of the
Model is entrusted to the Board of Directors' which must identify the most
qualified resources (internal or external to the Company) to which it may
entrust its organisation.
(omissis)
Page 48 of 52
7.
PENALTY SYSTEM
The Decree establishes that a "penalty system capable of sanctioning any
failure to comply with the measures indicated in the model" must be
introduced both for subjects in top management positions and subjects
who are managed and supervised by others.
The existence of a system of applicable sanctions in the presence of a
failure to comply with the rules of conduct, dispositions and internal
procedures detailed in the Model is in fact essential in order to guarantee
the effectiveness of the Model itself.
The implementation of the sanctions in question must be totally
independent of the any developments or outcome of any penal or
administrative procedures set in motion by the Judicial or Administrative
Authorities, if reproachful is also valid as an integration of a crime case
which is relevant in accordance with the Decree or a penal or
administrative crime which has relevance pursuant to the regulations
governing health and safety at the workplace. In fact, the rules imposed by
the Model are introduced independently by the Company regardless of
whether any of these conducts may constitute a form of illicit penal or
administrative conduct and that the Judicial or Administrative Authorities
may intend to press charges against this illicit conduct.
The verification of the appropriateness of the penalty system, the constant
monitoring of any sanction implementation procedures against employees
as well any actions taken against external subjects is assigned to the OdV,
which is also responsible for reporting any infringements it may become
aware of in the performance of its own specific duties.
Without jeopardy to the provisions of paragraph 5.4 ("Reasons for
ineligibility, reasons and powers of revocation"), the established penalty
system may even be applied to members of the OdV, relative to the
functions that are assigned to it under this Model (see on this point the
subsequent paragraph 7.4).
7.1
Model violations
Model violations consist of:
1. conduct which integrate the crime categories contemplated by the
Decree;
2. conduct which, despite not being included among the crime
categories detailed by the Decree, are nevertheless directed without
question to their being committed;
3. conduct not compliant with the procedures indicated in the Model
and the Code of Ethics and Code of Business Conduct principles
Page 49 of 52
4. conduct not compliant with the Model dispositions or recalled by the
Model.
(omissis)
5. conduct of a non collaborative nature towards the OdV, consisting
by way of a non-limiting example, in the refusal to provide the
required information or documentation, the failure to comply with the
general and specific directives issued by the OdV in order to obtain
the information considered necessary in order to fulfil its
assignments, the unjustified failure to take part in scheduled
inspection meetings with the OdV, the failure to take part in training
meetings.
(omissis)
7.2
Measures taken against employees
The violation of the single conduct rules of this Model on behalf of
employees subject to the "Collective Bargaining Agreement for employees
of service industry companies involved in distribution and services of 17
July 2008 (renewed on 26 February 2011)", and subsequent renewals,
constitutes an sanction able illicit conduct.
(omissis)
Page 50 of 52
7.3
Model violation on behalf of management and ensuing actions
As far as violations to the single rules of conduct foreseen by this Model
and perpetrated by Company employees holding "management" roles,
these also constitute a sanctionable illicit conduct.
(omissis)
7.4
Measures against the members of the Management Body, the
Board of Statutory Auditors and the members of the OdV
In the case of Model violations on behalf of one or more members of the
Company's Management Body, the OdV shall inform the entire Board of
Directors' and the Board of Statutory Auditors who shall take the
appropriate actions depending on the seriousness of the violation
committed.
(omissis)
7.5
Measures taken against project collaborators and temporary
workers, Consultants, agents, Suppliers and Contractors
involved in Sensitive Processes.
Each violation perpetrated by the project collaborators or temporary
workers, by Consultants, agents, Suppliers or Contractors involved in the
Sensitive Processes, depending on the prescriptions of the specific
clauses included in their respective contract, may lead to the contract's
termination, without jeopardy to any possible claims for reimbursement, if
the conduct in question leads to damages being incurred by Robert Bosch
S.p.A., as would be the case if the Judge calls for the application of the
measures included in the Decree.
Page 51 of 52
ENCLOSURES
•
•
Enclosure 1.A: Code of Ethics
Enclosure 1.B: Code of Business Conduct
(OMISSIS)
Page 52 of 52

Organisational Model General Document

Transcription

Documents pareils

à la une

the English version of the text in PDF format

France - Tax Code, Art. 570

aus: Epigraphica Anatolica 36 (2003) 19–23 © Dr. Rudolf Habelt

Dancer Vocabulary

co2 emission estimation ship horizon

PDF-8-ECO-CHARTER-Im..

the Call for Papers

Official Gazette of the Republic of Tunisia — 8 July 2008 N° 55 Page

CareLine Jutlandia PL 165 Lifter