7.1 Procedure for notifications, anonymous or otherwise, received by Snam and its Subsidiaries

In accordance with best practices in this field (“whistleblowing”), since 2006 Snam has adopted a special procedure to establish a codified system for the collection, analysis, verification and reporting of notifications, anonymous or otherwise, received by Snam and its Subsidiaries (Notification Procedure). The Notification Procedure has subsequently been clarified and increased as the legislative framework has evolved, particularly with regard to the prevention of corruption, administrative liability of legal entities (pursuant to Legislative Decree 231/2001) and the protection of savings and regulation of financial markets (pursuant to Law 262/2005).

This procedure applies to Snam and its Subsidiaries as part of Snam’s own management and coordination activities. The management of notifications and the related data processing is carried out by Snam, including in the interest of its Subsidiaries, in compliance with the principles of proper business management of the same Subsidiaries, while respecting their decision-making independence and in compliance with the regulations in force and the internal privacy policy, thereby also fulfilling the confidentiality requirements underlying the performance of preliminary investigation activities.

The Notification Procedure establishes the criteria and procedures for establishing suitable information channels to ensure the receipt, analysis and processing of notifications made by employees (including senior managers), members of corporate bodies or third parties, including in confidential or anonymous form. More specifically:

• in order to facilitate the receipt of notifications, Snam has set up various communication channels that are maintained by the Internal Audit department;
• each notification is analysed by the Notifications Committee, the composition of which ensures the highest possible requirements of independence, confidentiality and competence, in order to properly supervise the necessary investigations and checks;
• once this analysis has been completed, the notifications received are classified according to issues relating to the internal control system, corporate information, administrative liability of the company, fraud, corrupt behaviour or other issues (breaches of the Code of Ethics, mobbing, thefts, security, etc.);
• it is the responsibility of the Internal Audit department to promptly inform the senior management of the company concerned and to forward notifications relating to administrative liability and/or the Code of Ethics to the company’s Watch Structure for the relevant evaluations and actions;
• the investigations are carried out by the Internal Audit department or by the business units responsible for carrying out specialised checks (Security, Technical Audit, Legal, Personnel, etc.), while always ensuring that the necessary independence requirements are met;
• responsibility for assessing the merits or otherwise of the notifications falls, depending on the type of notification, to the Watch Structure or the Notifications Committee, as well as any decision to impose sanctions upon employees of Group companies or third parties in business relationships with those companies (suppliers, customers, consultants, partners, etc.), or to take other measures to strengthen the internal control system.

The Internal Audit department ensures the maintenance and updating of a specific computer archive, using appropriate tools and procedures to ensure the necessary levels of security and confidentiality, as well as the preparation of periodic reporting that includes information about the notifying party, the notified matter, the content and type of the notifications, the unit responsible for the conduct of investigations and their outcomes, the final assessment on the merits or otherwise of the notification, and any decisions taken.

The report on the notifications received is prepared quarterly and sent by the Internal Audit department to the following bodies and departments of the Company:

• Chairman;
• Chief Executive Officer;
• Board of Statutory Auditors;
• Control and Risk Committee;
• External Auditors;
• Legal: Anti-Corruption and Internal Control System;
• Watch Structure;
• CFO.

With reference to notifications relating to the Subsidiaries, the reports, insofar as they are relevant, are sent to the Chief Executive Officers of each Subsidiary concerned, as well as to the related Control and Supervisory Bodies.

The widest circulation of information about the Notification Procedure is ensured, both within the Group companies (through publication on the corporate intranet and postings on noticeboards, as well as in the context of internal training activities, particularly with regard to newly appointed employees) and externally.

The table below breaks down the activities carried out by the Internal Audit department in relation to notifications received during the last three years: