Organisational model and management of operations
Corporate and organisational structure
Snam’s corporate governance system – a set of planning, management and control rules and methodologies necessary for the Company to function – was outlined by the Board of Directors:
- in compliance with the regulations to which the Company is subject as a listed issuer;
- in accordance with the Code of Corporate Governance;
- in compliance with the national and international best practices with which the Company compares itself.
This system is based on certain key principles, such as correct and transparent business management implemented through the identification of information flows between corporate bodies and an efficient definition of the internal control and risk management system.
Snam exercises management and coordination activities with regard to subsidiaries and has adopted the guidelines on Corporate Governance which define, among other things, the principles, contents, instruments and operating methods of strategic activities carried out by Snam in line with its own corporate governance system and the characteristics of its organisational structure, at the same time taking into account legal autonomy and the principles of the correct corporate and business management of the subsidiaries.
The organisational structure of Snam features four business units and staff functions, designed with a view to simplifying processes, efficiency and continuous improvement. The business units focus on the activities of (i) international development, (ii) development of the hydrogen business, (iii) development of businesses related to energy transition, (iv) the management of Italian subsidiaries and the development of technical services centred on specialist know-how and expertise for gas sector operators.
The Board of Directors plays a central role in overseeing the company’s commitment to sustainable development along the value chain. In 2019 it was assisted with these tasks by the Sustainability Committee, replaced in May 2019 by the newly established ESG Committee, which makes proposals and provides advice and is made up of three non-executive directors, two of which are independent, including the Chairman. The committee is responsible for the promotion and integration of environmental, social and governance factors in corporate strategies in compliance with sustainable development, as well as the coordination of the preparation of non-financial information. Specifically, in 2019, the Sustainability Committee met twice and then the ESG Committee met six times and dealt, on several occasions (two meetings) with issues relating to climate change analysing the results and strategies in this regard, with a 100% attendance rate of committee members.
Manner of conducting activities
We manage our business in accordance with the Corporate System Framework, the organisational and procedural system applied across all Group companies in Italy and abroad, created to ensure that the system of rules governing the business is clear, simple and organic. The system is inspired by the Code of Ethics45 and is based on management policies, described in the following chapters, based on the principles enunciated by the United Nations Universal Declaration of Human Rights, the fundamental ILO Conventions and the OECD Guidelines for Multinational Enterprises. The main policies46 referred to in the document are:
- the Sustainable Development Policy;
- the Health, Safety, Environment and Quality Policy;
- the Stakeholder Engagement Policy;
- the Human Rights Policy;
- the Policy for the management of philanthropic activities and social initiatives;
- the Social Supply Chain Policy;
- the Enterprise Risk Management Guidelines;
- the Policy Statement in the Anti-corruption Guidelines47,
- the Diversity & Inclusion Policy.
Furthermore, Snam adheres to the UN Global Compact, the most important international sustainable development initiative, which aims to promote and disseminate ten global ethical principles concerning human rights, environmental protection, workers’ rights and anti-corruption.
In order to successfully implement this system, managerial actions need to be based on the allocation of specific objectives to each position of responsibility and on the transparent assessment of results, thereby enabling continual improvements in the effectiveness and efficiency of corporate processes.
Internal Control and Risk Management System
The Internal Control and Risk Management System (“SCIGR”) is a collection of guidelines, rules and organisational structures aimed at allowing for the identification, measurement, management and monitoring of the main risks, including the issues pursuant to Article 3, paragraph 1 of Legislative Decree 254/2016 (environmental and social issues, relating to personnel, respecting human rights, the fight against active and passive corruption).
Snam adopted and undertakes to promote and maintain an adequate Internal Control and Risk Management System. This system is integrated into the organisational, management and accounting structure and, in general, into the corporate governance of Snam and is based on the Corporate Governance Code which Snam complies with, taking as references the national and international models and best practices.
The guiding principles on which the SCIGR is based are defined in the Code of Ethics:
- the segregation of the activities of the persons in charge of the authorisation, execution, or control procedures;
- the existence of company regulations that can provide general benchmark principles for governing corporate processes and activities;
- the existence of formal rules for the exercise of signatory powers and internal authorisation powers;
- traceability (guaranteed through the adoption of information systems that can identify and reconstruct sources, information and checks carried out in support of the formation and implementation of the Company’s decisions and financial resources management procedures).
The internal control and risk management system is audited and updated over time to ensure it is always suited to overseeing the main areas of corporate risk. In this context, and also in order to execute the provisions of the Code of Corporate Governance, Snam has adopted an ERM (Enterprise Risk Management) system.
The Board of Directors charges the CEO with giving structure to and maintaining the entire system. The system is divided into three levels, each with different objectives and associated responsibilities.
Identification, evaluation and monitoring of risks inherent to the individual Group processes.
Monitoring the main risks to ensure they are effectively and efficiently managed and processed, and monitoring the adequacy and functioning of the controls in place to protect against these risks; support for Level One in defining and implementing adequate management systems for the main risks and related controls.
Independent and objective verification of the operating effectiveness and adequacy of Levels One and Two, and, in general, of the overall risk management methods. Internal Audit operates on the basis of the “Guidelines on internal audit activities”.
The ERM Model, in particular, provides suitable tools for identifying, measuring, managing and monitoring the main risks that could affect the achievement of strategic objectives. The main objectives of ERM are to define a risk assessment model that allows risks to be identified, using standardised, group-wide policies, and then prioritised, to provide consolidated measures to mitigate these risks and to draw up a reporting system.
We use an integrated, dynamic and group-wide method of assessing risk that evaluates the existing management systems in the individual corporate processes, starting with those relating to the prevention of fraud and corruption and health, safety, environment and quality.
Similarly, the ERM model allows the mapping of opportunities, referring to the positive effects of the uncertainty of corporate objectives.
The results of the risk and opportunity assessment and monitoring activities and the related mitigation measures are presented regularly to the Control and Risk and Related-Party Transactions Committee, the Board of Statutory Auditors and the Supervisory Bodies of Snam and its subsidiaries. They are also used by the Internal Audit department to draw up the audit schedules.
Risk Assurance & Integrated Compliance
The Board of Directors approved the “Risk Assurance & Integrated Compliance” Guideline, which has the objective, under the scope of the SCIGR, of integrating the second control level models and promoting and sustaining conformity to the reference regulations and the prevention of offences through a dedicated Compliance Programme for the Prevention of Offences (CPPI), fully compliant with the Code of Ethics.
The Guideline defines the content of the CPPI in line with best practice standards, in full compliance with the Code of Ethics which defines the values, behavioural principles and guidelines on which the entire SCIGR that Snam recognises, accepts, shares and assumes, internally and externally, are based.
The CPPI is implemented and rendered operational through:
- the regulatory system;
- the corporate governance provisions adopted in conformity with applicable legislation and international best practices;
- the provisions, methodologies and activities of the models applied by the dedicated functions;
- an integrated Risk Assurance & Compliance process.
The following are significant elements for the implementation of the CPPI:
- the Risk Assurance & Integrated Compliance model;
- the systems: reporting48, rewarding and penalty;
- training and communication.
The integrated Risk Assurance & Compliance model is intended to improve the perception of the checks by the various owners involved and to make the SCIGR even more efficient through better coordination and integration of the flows and interaction between the three lines of control, valuing the respective contributions.
This model involves the use of a Risk Assurance & Integrated Compliance (RACI) information platform that makes it possible to coordinate the risk management activities implemented under the scope of the second level control models, maintaining the specific characteristics of the methodologies of each model49 and create an integrated data base (Risk & Control Register), where the models involved in the Risk Assurance & Integrated Compliance process share a single risk and control catalogue. This repository makes it possible collect consistent and complete information and data in an integrated fashion to support the decision making processes of the top management and corporate bodies which receive dedicated reports.
Organisational management and control model pursuant to Legislative Decree 231/2001 (Model 231)
Snam S.p.A.’s Model 231 is composed of an organic set of principles, rules and provisions concerning, inter alia, the management and control of each corporate process. Its aim is to protect the Company from any conduct that may incur its administrative responsibility, pursuant to Legislative Decree 231 of 2001, in relation to offences committed or attempted in the interest or the benefit of the company by parties in so-called top management positions in the structure or by parties subject to their supervision and control.
The Board of Directors adopted the 231 Model to prevent the offences referred to in the legislation on corporate administrative liability for the offences committed in the interests or for the benefit of the company, and appointed a Supervisory Body having autonomous initiative and control powers, in compliance with the laws and regulations.
The analysis of corporate processes and the comparative analysis of the existing control environment and of the control systems are carried out according to the COSO Framework (most recently published in May 2013), which is the international reference model for the establishment, updating, analysis and assessment of the internal control system.
The Subsidiaries have also adopted a Model 23150 commensurate with their own specific nature, appointing their own Supervisory Body to monitor the implementation of Model 231 and its effective application.
At the end of 2019 risk assessment and gap analysis activities were carried out through the “Risk Assurance & Integrated Compliance” model, created with the intention of uniting the entire risk and control detection and management system supporting business operations, aimed at updating the 231 Model of Snam and the subsidiaries.
This update also involved the offences introduced by Law 39/2019 (Fraud in sporting competitions, illegal gambling or betting and the use illegal gambling devices) and by Legislative Decree 105/2019 (violation of national cybersecurity regulations).
According to the logic of the Risk Assurance & Integrated Compliance model, the scope of 231 was revised from an integrated logic which, starting from the specific nature of the original Sensitive Activities pursuant to the special part of the 231 Models, has made it possible to develop and apply an integrated analysis method for “Crime Risk” in line with the reference best practices.
The outcomes of these activities will make it possible to adapt the Special Part documents known as the “Processes, Sensitive Activities and Specific Control Standards of the 231 Model” for Group companies, giving evidence of the new 231 methodology applied.
Snam also developed a specific training programme aimed at circulating the principles and contents of Legislative Decree 231/2001 and Model 231. A specific course aimed at ensuring the correct raising of awareness with regard to the prevention of offences relating to 231 issues for management and the reference corporate population (Senior Managers, Middle Managers and Administrative Workers) was created and delivered.
More generally, a Compliance Route was created and made available in the second half of 2019 aimed at the entire corporate population arranged in 5 modules on the following themes: Model 231, Privacy, Market Abuse, Antitrust e Anti-corruption. Lastly, for some time Snam has been preparing, as part of the reporting management process (so-called whistleblowing)51, specific communication channels that the subsidiaries also refer to in addition to Snam.
In order to guarantee levels of excellence and independence, Snam has entrusted the management of the aforementioned communication channels to an external subject (Ombudsman), who ensures the receipt and analysis of each report applying criteria of maximum confidentiality suitable, among other things, for the protection of the integrity of the persons reported and the effectiveness of the investigations52.
As regards the ERM Model in particular and the summary representation of the main risks Snam generates or suffers53 in relation to its activities and related mitigation actions implemented, for further details please refer to the paragraph “” of the Integrated Management Report.
The risks generated or suffered are also described in full in the chapter Risk factors and uncertainties of the Integrated Management Report.
48 The CPPI is also effective thanks to the contribution made by the adoption of a whistleblowing system. The Guideline “Anonymous reports received by Snam and subsidiaries” regulates the process of receiving, analysing and dealing with the reports from anyone anonymously and confidentially.
49 The prerogatives of the Chief Financial Officer in particular are preserved as a result of Article 154-bis of the TUF, with reference, among other things, to the preparation of adequate administrative and accounting procedures for preparing the financial statements and the consolidated financial statements as well as any other financial reports.
53 See Article 3, paragraph 1, letter C of Decree no. 254 of 30 December 2016.