Internal Control System

An articulated and coherent system

The internal control system is the set of rules, procedures and organizational structures to ensure sound management of the company through an appropriate process of identifying, measuring, managing and monitoring major risks.
Our Internal Control and Risk Management System (ICRMS) not only ensures compliance with laws, regulations, By-Laws, and internal procedures, but also ensures the safeguarding of corporate assets, the effectiveness and efficiency of corporate transactions, and the reliability of financial information.
We pay the utmost attention to risk management. Therefore, we have implemented internal processes in line with the recommendations of the Corporate Governance Code for Listed Companies promoted by the Corporate Governance Committee established by Borsa Italiana S.p.A..

Parties involved
The Board of Directors carries out a directive role and evaluates the adequacy of the Internal Control and Risk Management System.
The Director in charge of the ICRMS is identified as the Executive Director Luca Pelosin, due to his specific expertise in the field and the powers assigned to him by the Board of Directors on internal control and risk management.
The Control and Risks (and Related Parties) Committee supports the assessments and decisions of the Board of Directors relating to the ICRMS and to risks deriving from prejudicial events of which the Board has become aware.
The Board of Statutory Auditors maintains periodic communication with the Board of Directors and with the Control and Risks (and Related Parties) Committee. At least one member of the Board of Statutory Auditors always attends the meetings of the Control and Risks (and Related Parties) Committee.
The Internal Audit Manager, identified as the company Key Advisory S.r.l. to which the Internal Audit function has been outsourced, is responsible for verifying that the ICRMS is adequate, functioning and consistent with the guidelines set by the Board of Directors.
This manager proposes an Internal Audit plan to the Board of Directors annually, after review by the Control and Risks (and Related Parties) Committee and the Director in charge of ICRMS.
In the exercise of their mandate, the Internal Audit Manager maintains periodic communication with the Executive in charge, the Supervisory Board and the Independent Audit Firm, each for their own areas and responsibilities.
The Supervisory Board monitors the operation, effectiveness and compliance with the Organisation, management and control model pursuant to Legislative Decree No. 231/01.

Assessment
Verification of the adequacy and effective operation of the ICRMS is an integral part of the structure of the system, and concerns the involvement of various parties in different ways.
 
  • The Internal Audit Managerexpresses their assessment of the structure, operation, adequacy and effectiveness of the ICRMS on the basis of the activities carried out directly by its function and/or by external consultants appointed, and from the information received from other corporate functions. These assessments are brought to the attention of other stakeholders through periodic reports.
  • The Control and Risks (and Related Parties) Committee periodically assesses the effective operation of the ICRMS of F.I.L.A. and its subsidiaries based on information received from the Director in charge of the Internal Control and Risk Management System, the Internal Audit Manager, the independent auditors, and other parties involved. These assessments are brought to the attention of the Board of Directors.
  • The Board of Directors evaluates the adequacy and effective operation of the ICRMS with support, as appropriate, of the Control and Risks (and Related Parties) Committee, to the Director in charge of the Internal Control and Risk Management System, from the Internal Audit Manager.
The audit of accounts was awarded to a specialised firm, appointed by the Shareholders’ Meeting on the proposal of the Board of Statutory Auditors.
 
Specifically, upon the proposal of the Board of Statutory Auditors, the Shareholders' Meeting of January 22, 2024, appointed Deloitte & Touche S.p.A. to audit the statutory and consolidated financial statements for a period of 9 fiscal years, until the date of the Shareholders’ AGM called to approve the 2032 Annual Accounts.
We have adopted an Organisation and Management Model (“231 Model") in accordance with Legislative Decree No. 231 of 2001 and appointed a Supervisory Board in order to prevent the risk of committing offences related to the company's business.

The 231 Model
Our 231 Model implements the provisions of Legislative Decree No. 231 of 2001 - which introduced into the Italian legal system the administrative liability of entities for certain offenses committed in their interest or to their advantage by Directors, Executives or employees - in order to prevent the commission of the offenses set forth in the Decree.
The Model is aimed at fostering the performance of business activities in accordance with principles of fairness, ethics and transparency and, at the same time, avoiding potential risk situations in business management.
It consists of:
  • a General Section outlining the contents of Legislative Decree No. 231/01, the purposes of the 231 Model, the Supervisory Board and its functions, the penalty system, and staff training;
  • a Special Section describing the behaviours and preventive measures in order to reduce the risk of committing offenses under Legislative Decree No. 231/01.
The 231 Model is updated periodically in consideration of any organizational and/or regulatory developments in line with industry best practices and standards.
The latest version of the 231 Model was approved by the Board of Directors of F.I.L.A. on March 16 , 2021.

The Ethics Code is an integral part of the 231 Model and is the essential bedrock underpinning an ethics and corporate transparency focused culture.
The latest version of the Ethics Code was approved by the Board of Directors of F.I.L.A. on March 16 , 2021.
BoD and Committees Regulation (231)

Supervisory Board

The Supervisory Board provides oversight on the proper functioning, effectiveness and compliance of the 231 Model, as well as being updated and periodically checking the implementation of the principles and controls contained therein.
The Supervisory Board of F.I.L.A. reports to the Board of Directors.
The members of the Supervisory Board of F.I.L.A. meet the requirements of:
  • autonomy and independence of any nature in carrying out its activities;
  • good professional standing and expertise in legal matters, control systems, and business organisation;
  • continuity of action in constant monitoring regarding compliance with the 231 Model, as well as its implementation and updating.
The current Supervisory Board was appointed by the Board of Directors on April 23, 2024, and is composed of:
  • Rosario Salonia, Chairperson of the Supervisory Board, external member
  • Massimiliano Rigo, Internal Audit Manager, external member
  • Patrizio La Rocca, external member
Whistleblowing
The company, in compliance with Law 179/17 which amended Article 6 of Legislative Decree No. 231/01, approved the procedure for employees to report any irregularities or violations of applicable regulations and internal procedures (the whistleblowing system) in line with national and international best practices, which guarantees a specific and confidential information channel and the anonymity of the reporting party.
The procedure also has the following objectives:
  • to comply with the provisions of the Organisation and Management Model as per Legislative Decree 231/01 and the Ethics Code of F.I.L.A.;
  • to limit the risk of the release of non-reliable financial disclosure, as per Law 262/2005.
We have adopted, implemented and regularly updated measures to ensure effective transparency and compliance with criteria of substantive and procedural fairness for the company's related party transactions.
The company has adopted the Related Party Transactions Policy (“RPT Policy") pursuant to Consob Regulation No. 17221 of March 12, 2010.
On May 14, 2021, the Board of Directors adopted a new RPT Policy that replaced that adopted in 2013. The RPT Policy defines the rules and procedures related to the identification, establishment, approval and execution of related party transactions entered into by F.I.L.A., either directly or through subsidiaries.
Related parties are enrolled in a specific register, which is managed and updated in accordance with current regulations.
Related Parties Transactions Policy
We have adopted a code for the internal management and external communication of documents and corporate information (the “Code”), with particular regard to inside information.
The Code was adopted by the Board of Directors in May 2019 and complies with current regulations on the processing of inside information.
The Code aims to regulate the internal management and external communication of documents and information regarding F.I.L.A. and/or its subsidiaries, particularly information deemed inside information pursuant to Regulation (EU) 596/2014 ("MAR"), which, if made public, could have a significant effect on the prices of financial instruments issued by the company.
Code for processing inside information

To whom the Code applies
The Code applies to:
  • to Directors and Statutory Auditors;
  • to employees of the company and all those who by reason of their work or professional activities or functions have access to inside information.
Insider Register
The Code for the processing of corporate information is linked to the establishment and maintenance of the Insider Register.
In compliance with Article 115-bis of the CFA and Article 18 of the Market Abuse Regulation, we have in fact established the register of persons who, by reason of the activities and functions they perform for F.I.L.A. or itsparent companies, have, or may have, access on a permanent or occasional basis to inside information.
The preparation and updating of the Register is entrusted to the Board of Directors.