En impregilo generalpart_260811_def

BOARD OF DIRECTORS’ MEETING – 26TH MARCH 2012

Organisation, Management and Control

Model (ex Legislative Decree 231/01) Impregilo SpA

ORGANISATION, MANAGEMENT AND CONTROL MODEL

IMPREGILO S.p.A.

pursuant to the Legislative Decree no. 231 dated 8 June 2001



Model (ex Legislative Decree 231/01) 2 / 30 Impregilo SpA

CONTENTS

DEFINITIONS 4

GENERAL PART 5

A. THE REGULATION FRAMEWORK 5

1. Introduction 5

2. The underlying crimes 5

3. Criteria for indicting responsibility to the body 5

4. The organisation, management and control Model 7

5. Crimes committed overseas 7

6. The sanctions 7

7. The body’s responsibilities and amending matters 9

B. THE IMPREGILO MODEL 10

1. Purpose of the Model 10

2. Guidelines 10

3. Principles inspiring the Model 11

4. Structure of Model 11

5. Relationship between Model and Code of Ethics 11

6. Corporate Governance System and Organisational Structure 12

6.1 Corporate Governance System 12 6.2 Organisational Structure 12

7. Criteria for adopting the Model 12

8. Significant crimes for the Company 13

9. Model recipients 13

10. Adoption, amendment and additions to the Model 13

11. The Model in the context of the Group 14

12. Board of Vigilance 15 12.1 Function 15 12.2 Requirements 15

12.2.1. Reputation 15 12.2.2 Professionalism 15 12.2.3 Autonomy and independence 15 12.2.4 Continuity of action 16

12.3 Composition, appointment and permanence of role 16 12.4 Removal 17 12.5 Tasks and powers 17

13. Information flows from and to the Board of Vigilance 19 13.1 Information to Corporate Bodies 19 13.2 Information to the Board of Vigilance 20 13.3 Information between Group’s Boards of Vigilance 21

14. Infra-group relations 21




14.1 Provision of services for the companies in the Group 21 14.2 Provision of services carried out by companies belonging to the Group for

the Company 22

15. The sanction system 22

15.1 General principles 22 15.2 Violation of the Model and the Code of Ethics 23 15.3 Sanctions and disciplinary measures 23

15.3.1 Sanctions for employees 23 15.3.2 Sanctions for executive managers 25 15.3.3 Sanctions for Directors 25 15.3.4 Sanctions for statutory auditors 26 15.3.5 Sanctions for collaborators and external subjects working on contract to the

Company 26

16. Communication and training 26 16.1 Communication 26 16.2 Training 27

17. General Prevention Protocols 27

17.1 General Prevention Principles 27 17.2 General Prevention Protocols 28 17.3 Protocols on observing debarment sanctions 30

Attachment 1 to the General Part – Table Sensitive Activities / Special Parts

SPECIAL PART A - CRIMES IN RELATION WITH THE PUBLIC ADMINISTRATION

SPECIAL PART B - CORPORATE CRIMES

SPECIAL PART C - MARKET ABUSE CRIMES

SPECIAL PART D - TRANSNATIONAL CRIMES

SPECIAL PART E - CRIMES CONCERNING HEALTH AND SAFETY IN THE WORKPLACE

SPECIAL PART F - CRIMES OF RECEIVING STOLEN GOODS, MONEY LAUNDERING AND USE OF

MONEY, ASSETS OR BENEFITS OF ILLEGAL ORIGIN

SPECIAL PART G - ACTS OF TERRORISM

SPECIAL PART H - CRIMES AGAINST INDIVIDUALS

SPECIAL PART I - COMPUTER CRIMES

SPECIAL PART J - ORGANIZED CRIME OFFENCES

SPECIAL PART K - CRIMES CONCERNING TRADEMARKS AND AGAINST INDUSTRY AND COMMERCE

SPECIAL PART L - CRIMES CONCERNING COPYRIGHT

SPECIAL PART M - INDUCEMENT TO MAKE NO DECLARATIONS OR TO MAKE MENDACIOUS

DECLARATIONS TO THE JUDICIARY AUTHORITY

SPECIAL PART N - ENVIRONMENTAL CRIMES

ATTACHMENT 1 - UNDERLYING CRIMES

ATTACHMENT 2 - ORGANISATIONAL STRUCTURE

ATTACHMENT 3 - UPDATING OF THE MODEL

ATTACHMENT 4 - IMPREGILO GROUP’S CODE OF ETHICS

ATTACHMENT 5 - LEGISLATIVE DECREE 231/2001




DEFINITIONS

I. Decree: the Legislative Decree no. 231 dated 8 June 2001 and later amendments

and modifications;

II. Model: the herein organisation, management and control model;

III. Code of Ethics: the Impregilo Group’s Code of Ethics (attachment 4);

IV. Top-level subjects: people with representational, administration or management

positions in the Company or in one of its organisational units, who have financial

and functional autonomy, or are actively involved in the management and

control of the Company;

V. Subordinates: people subject to management or supervision by one of the top-

level subjects;

VI. Board of Vigilance (OdV): the board, as set out in art. 6, letter b) of the Decree;

VII. TUF: the Legislative Decree no. 58 dated 24 February 1998 (Finance Consolidating

Act) and later amendments and modifications;

VIII. Underlying crimes: the specific crimes identified by the Decree from which the

body’s administrative responsibility may arise and, as far as they are equivalent,

specific administrative offences may also arise for which the application of the

regulations contained in the decree is foreseen;

IX. Company: IMPREGILO S.p.A.;

X. Companies belonging to the Group:

i) the Italian companies and operating enterprises that are directly or indirectly

controlled by the Company;

ii) the overseas companies and operating enterprises that are directly or indirectly

controlled by the Company, which operate in Italy with a permanent

organization;

XI. Process managers: the process managers to whom the Specific Sensitive Activities

report;

XII. Internal managers for specific sensitive activities: the organisational unit managers

to whom the Specific Sensitive Activities report;

XIII. Operating Unit: affiliates and / or projects that manage one or more contracts

and/or direct job orders;

XIV. UO: Organisational Unit i.e. a group of company resources in charge of manning

a set of activities that are homogeneous by content and skills required for them to

be carried out, all led by a Manager or by a Director;

XV. Sensitive Activities: Company activities within whose realm the risk may arise of

committing one of the crimes explicitly stated in the Decree;

XVI. Prevention Protocols: protocols aimed at programming the formation and

implementation of the body’s decisions in relation to the crimes to be prevented;

XVII. Procedure: organisational regulations that describe the roles, responsibilities,

decision rules and operational modes for carrying out a company process or a set

of activities.

BOARD OF DIRECTORS’ MEETING – 26TH MARCH 2012 GENERAL PART



GENERAL PART

A. THE REGULATION FRAMEWORK

1. Introduction

In our system, the Decree no. 231/2001 (the Decree) introduces and governs “bodies’”

responsibilities for administrative offences resulting from a crime.

The bodies to which the Decree is applied are all the companies, associations with or

without legal status, public economic bodies and private concessionary bodies of a

public service. On the other hand, the Decree is not applied to the State, public territorial

bodies, non-economic public bodies and bodies that carry out constitutional functions

(e.g. political parties and trade unions).

The bodies respond for the perpetration or attempted perpetration of some crimes by

subjects linked to them by functional relationship. Non-observance of the rules contained

in the Decree may give rise to sanctions for the body, which may have a strong effect on

the carrying out of said body’s activities.

The body’s responsibility does not substitute, but is instead added to the personal

responsibility of the person who has committed the crime.

A national register was set up by the Decree which contains the executive rulings and

sentences concerning the application of administrative sanctions to the bodies resulting

from a crime. Each body with jurisdiction over administrative offences resulting from a

crime, all public administrations, the bodies appointed to carry out public services where

a certificate is required to carry out any of their functions and the public prosecutor, for

matters of justice, have the right to obtain certification of all the body’s existing entries in

the register.

2. The underlying crimes

The body can only be called upon to answer for the carrying out of certain crimes (so-

called underlying crimes), identified by the Decree, and by laws that expressly refer to the

Decree’s subject (see Attachment 1 – Underlying Crimes).

3. Criteria for indicting responsibility to the body

The perpetration of one of the underlying crimes is only one of the conditions for

applicability of the regulations set out in this Decree.

There are, in fact, further conditions that pertain to the way in which the crime is indicted

to the body and that, depending on their nature, may be divided into objective and

subjective indictment criteria.

The objective criteria require that:

▪ the crime was committed by a subject functionally tied to the body;

▪ the crime was committed in the body’s interest or to its advantage.

The perpetrators of the crime from which the entity’s responsibility may derive can be: a)

Subjects with representation, directorship or management roles in the entity or one of its

organisational units, who have financial and functional autonomy, and also those who

carry out the management and control of the entity , even if only by deed (so-called top-

level subjects); b) persons subjected to the management and control of the top-level

subjects (so-called subordinates).

In particular, the top-level subjects category may include directors, general managers,

legal representatives, but also, for example, persons in charge of branches or divisions, or




Project Managers with financial and functional autonomy. Also, subjects delegated by the

directors to carry out company management activities or management of branches must

also be considered top-level subjects.

The subordinates’ category also includes those persons subject to the management and

supervision of the top-level subjects and who, substantially, carry out the top

management’s decisions in the interest of the body or, in any case, work under their

supervision. All the body’s employees, and all those who act in the body’s name, on its

behalf or in the body’s interest, such as, for example, external collaborators, freelance

insourcing and consultants may also be included in this category.

For the responsibility to be placed on the body, it is also necessary that the crime was

committed in the body’s interest or to its advantage.

In any case, the body will not be liable for the crime, if it was committed in the exclusive

interest of the perpetrator or third parties.

The subjective attribution criteria pertain to the profile of the body’s culpability. The body’s

responsibility exists if proper standards of correct management and control for the

organisation and carrying out of its activity have not been adopted or have not been

observed. The body’s culpability, and therefore the possibility of applying a reprimand,

depends on verification of an incorrect company policy or structural deficits in the

company organisation that have not prevented the perpetration of one of the underlying

crimes.

The Decree in fact excludes the body’s responsibility if, before the crime is committed, the

body has set up and efficiently implemented an “ORGANISATION, MANAGEMENT AND

CONTROL MODEL” (the Model) which is suitable for preventing the perpetration of a crime

of the type that has then occurred.

The Model operates as exempting if the underlying crimes was committed by a top-level

subject or if it was committed by a subordinate. For crimes committed by top-level

subjects, the Decree, however, introduces a kind of assumption of the body's responsibility,

as it only foresees its exclusion of responsibility if the body can prove that:

▪ the Board of Directors has adopted and efficiently implemented a model suitable for

preventing crimes of the very kind then carried out, before the crime was actually

committed;

▪ the task of supervising the functioning and respect of the Model, and taking care of

updating of the latter has been entrusted to a body with autonomous powers of

initiative and control (Board of Vigilance);

▪ the persons have committed the crime fraudulently circumventing the Model;

▪ there has not been insufficient or lack of supervision by the Board of Vigilance.

On the other hand, the body only answers for crimes committed by subordinates if it is

proved that “the perpetration of the crime was possible due to the non-observance of

management or supervisory obligations” which usually rely upon the company’s top

management.

However, in this case too, the adoption and efficient implementation of the Model, before

the crime was committed, excludes non-observance of management or supervisory

obligations and exempts the body from responsibility.

Adopting and efficiently implementing the Model, therefore, while not a legal obligation,

is the sole instrument available to the body to prove its own non-involvement in the crime

and, finally, to be exempted from the responsibility established by the Decree.




4. The organisation, management and control Model

The Model therefore operates to exempt the body from responsibility solely if suitable for

preventing the underlying crimes and only if efficiently implemented.

The decree, however, does not analytically state the Model’s characteristics and

contents, but limits itself to dictating some general principles and some essential content

elements.

Generally speaking - according to the Decree – depending upon the nature and extent

of the organisation as well as the type of activity carried out, the Model must foresee

measures which will guarantee the carrying out of the activity in full observance of the law

and to discover and promptly eliminate risky situations to commit certain crimes.

In particular, the Model must:

▪ identify the activities in whose realm the crimes can be committed (so-called sensitive

activities);

▪ foresee specific protocols aimed at programming the formation and implementation

of the body’s decisions in relation to the crimes to be prevented;

▪ identify the management of the financial resources suitable for preventing the

committing of crimes;

▪ foresee information provision obligations for the body appointed to supervise the

functioning and respect of the models;

▪ introduce a disciplinary system that is suitable for sanctioning the non-observance of

the measures stated in the Model.

With reference to the efficient implementation of the Model, the Decree also states the

need for regular verification and amendments to the Model if any significant violation of

the provisions are discovered, or if any changes are made to the body’s organisation or

activity.

5. Crimes committed overseas

As provided by art. 4 of the Decree, the body can be called upon in Italy to answer for

underlying crimes committed overseas, on the condition that the objective and subjective

indictment criteria set by the Decree have been met.

The Decree however, affects the possibility of pursuing the body for crimes committed

overseas if the following conditions are met:

▪ that the government of the place where the crime is committed is not already

proceeding against the body;

▪ that the body's headquarters are located in Italy;

▪ that the crime was committed overseas by a top-level subject or by a subordinated

one, pursuant to art. 5, paragraph 1, Legislative Decree no. 231/2001;

▪ that conditions to proceed as foreseen by arts.s 7, 8, 9, 10 of the Penal Code exist.

6. The sanctions

The sanctions for administrative offences resulting from a crime are: pecuniary sanctions,

debarment sanctions, forfeiture and publication of the conviction.

These sanctions are considered as administrative, even though they are applied by a

penal judge.

In the event that the body is convicted, a pecuniary sanction is always applied. The

pecuniary sanction is determined by the judge using a system based on “quotas”. The

number of quotas depends on the seriousness of the crime, the body’s degree of




responsibility, the activity carried out to eliminate consequences of said crime and to

alleviate such consequences or to prevent the perpetration of other crimes. When

deciding the size of a single quota, the judge takes the body’s economic and financial

conditions into consideration, in order to ensure sanction efficacy.

Cases for reducing the pecuniary sanction also exist. In particular, the pecuniary sanction

can be reduced by one third to one half if, before the trial is declared open, the body has

fully compensated the damage and has eliminated the harmful or dangerous

consequences of the crime, or if a suitable Model for preventing the perpetration of

further crime has been adopted and implemented.

The debarment sanctions are applied in addition to the pecuniary sanction, but only if

expressly stated for the crime that is being pursued, and on the condition that at least one

of the following conditions exists:

▪ the body has gained a significant profit from the crime and the crime has been

committed by a top-level subject, or by a subordinate, but only if the perpetration of

the crime was aided by serious organisational lacks;

▪ in the event of reiteration of offences.

The debarment sanctions provided for by the Decree are:

▪ debarment from carrying out activity;

▪ suspension or withdrawal of authorisations, licences or concessions functional to

committing the offence;

▪ ban on negotiating with the public administration, except to obtain provision of a

public service;

▪ exclusion from subsidies, loans, contributions or grants and withdrawal of any of the

ones already granted;

▪ a temporary or permanent ban on advertising goods or services.

Debarment sanctions are usually temporary, but in the most serious cases they may

exceptionally be applied with permanent effect.

Debarment sanctions may also be applied as a precautionary measure, i.e. before

conviction, if serious evidence exists of the body’s responsibility and there are grounded,

specific elements that support belief of a tangible danger that offences of the same kind

as the one being tried will be committed.

However, debarment sanctions are not applied if the body carries out the following

before the first instance trial is declared open:

▪ it has compensated the damage and eliminated the harmful or dangerous

consequences of the crime (or has at least worked effectively to achieve such goals);

▪ it has set the crime profit at the judicial authority’s disposal;

▪ it has eliminated any organisational lacks that caused the crime, adopting and

implementing organisational models that are suitable for preventing the perpetration

of new crimes of the same type as the one already committed.

The Decree also foresees another two sanctions: forfeiture, that is always ordered by

means of the conviction ruling and which consists of the State acquiring the price or profit

of the crime, or sums of money, assets or other benefits with the same value as the crime’s

price or profit, and publication of the conviction sentence in one or more newspapers

indicated by the judge in the ruling and using posters billed in the town where the body

has its headquarters.

The Decree also foresees applicability of real precautionary measures against the body.

In particular:




pursuant to art. 53 of the Decree, the judge can order the seizure of the items for which

forfeiture is permitted as set out in art. 19 of the same Decree;

as provided for by art. 54 of the Decree, the judge may order seizure of the body’s

movable property and real estate or of sums of money or items owed to the body, if

there are grounds to believe that the guarantees for payment of the pecuniary

sanction, legal costs, and any other amount due to the Inland Revenue do not exist or

may be lost.

7. The body’s responsibilities and amending matters

The Decree governs the body’s responsibility system in the event of amending matters:

transformation, merger, spin-off and sale of the company.

The Decree approves the rule that, in the event of a “transformation of the body,

responsibility for the crimes committed prior to the date on which the transformation takes

effect remains”. The new body will therefore be the recipient of the sanctions that were

applicable to the original body, for deeds committed prior to transformation.

In the event of a merger, the Decree establishes that the body emerging from the merger,

also by incorporation, is to be held liable for the crimes for which the bodies involved in

the merger were responsible.

In the event of a part spin-off, the Decree instead establishes that the spun-off body's

responsibility for crimes committed prior to the spin-off remains. However, the bodies

benefitting from the part or full spin-off will be jointly obliged to pay the pecuniary sanctions

owed by the spun-off body, for crimes committed prior to the spin-off. This obligation is

limited to the value of the transferred equity.

If the merger or the spin-off takes place before the trial to ascertain the body’s

responsibility ends, the judge will bear in mind the original body’s economic conditions

when deciding the extent of the pecuniary sanction, and not those of the body emerging

from the merger.

In any case, the debarment sanctions are applied to the bodies which have retained the

branch of activity, even only in part, in which the crime was committed.

In the event that the company is sold or transferred in the realm in which the crime was

committed, the Decree states that, except for the alienor body’s benefit of the right of

prior discussion, the transferee is jointly obliged with the alienor body with regards to

payment of the pecuniary sanctions, within the limits of the value of the sold company

and within the limits of the pecuniary sanctions that are found in the statutory accounting

books or which the transferee already knew about.




B. THE IMPREGILO MODEL

1. Purpose of the Model

The herein Organisation, Management and Control Model (the Model), adopted on the

basis of the provisions contained under arts.s 6 and 7 of the Decree, constitutes the

Company’s internal regulations, to all effects.

Its main objective is to configure a structured system of protocols and organisational,

managerial, and control procedures aimed at preventing the perpetration of the crimes

provided by the Decree, in addition to making the controls and Corporate Governance

system adopted by the company and inspired by the recommendations contained in the

“Code of Self-discipline” for companies listed on the stock market, as briefly described in

point 6.1 below, more efficient.

More generally, the Model is the essential instrument for increasing the awareness of all

the employees and all the stakeholders (suppliers, clients, commercial partners, etc),

called upon to adopt correct, transparent conduct, in line with the ethical values to which

the company aspires in pursuing its own company purpose.

The provisions contained in the herein Model therefore aim at the confirmation and

diffusion of a company culture set on legality, as the indispensable prerequisite for long-

lasting economic success: no illegal conduct, carried out in the interest or for the

advantage of the company, can be considered as in line with the policy adopted by the

company.

The Model is also aimed at the diffusion of a control culture, which must rule all the

decisional and operational phases of the company activity, in full awareness of the risks

coming from the possible perpetration of crimes.

The achievement of the afore-said aims is reached by the adoption of measures that are

suitable for improving efficiency in carrying out the company activities and for ensuring

continuous observance of the law and rules, identifying and promptly eliminating risky

situations. In particular, the goal of an efficient and balanced organisation for the

company, suitable at preventing the perpetration of crimes, is mainly pursued by

intervening on the formation and implementation processes for the company's decisions,

on controls, and on information flows, both inside and outside the company.

2. Guidelines

When drawing up the herein Model, the Company was inspired by the Confindustria

Guidelines for the drawing up of organisation, management and control models pursuant

to the Legislative Decree no. 231/2001, in the final version approved on 31 March 2008

and declared suitable by the Ministry of Justice on achieving the target set by art. 6,

paragraph 3, of the Decree. The herein Model has also taken the Code of Conduct for

construction companies and the Model drawn up by the National Association of Building

Constructors (ANCE), approved on 31 March 2003 and later amendments, into

consideration.

Any differences to specific points in the Confindustria Guidelines and the ANCE indications

are the result of a need to adapt the organisational and management measures to the

activities actually carried out by the Company and to the context in which it operates.

This can, in fact, require some differences to be made compared to the indications

contained in the trade associations’ Guidelines which, by their very nature, are

generalised and do not have any binding value. Within the regular Model review and

updating, the Company also takes into account international “best practices”.




3. Principles inspiring the Model

This Model was prepared with inspiration from some basic principles:

▪ the mapping of activities at risk (so-called “sensitive activities”), i.e. those activities in

whose context the crimes provided for by the Decree may be committed, as an

essential condition for suitable precautionary organisation;

▪ the attribution of powers consistent with the organisational responsibilities assigned to

subjects involved in the drawing up and implementation of corporate will;

▪ transparency and traceability of each important operation, in the realm of activities at

risk of crimes being committed and the consequent possibility of ex post verification of

Company conduct;

▪ attribution to an independent control board (Board of Vigilance) of specific control

tasks over the Model’s effective implementation and observance;

▪ diffusion of the conduct rules, procedures, and Company policies in the Company,

which are compliant with the principles set out in the Model and involvement of all

Company levels in its implementation;

▪ the need to verify the correct functioning of the Model in the field, and to carry out

regular updates on the Model itself, following indications that come from application

experience.

4. Structure of Model

The Model comprises a General Part, that describes and governs the overall functioning of

the organisational, management and control system adopted, aimed at preventing the

perpetration of underlying crimes, and some Special Parts, aimed at integrating the

content in relation to certain types of crime.

Whenever considered necessary for a more efficient coordination of the organisational

rules, the provisions contained in the Model are expressly contained in the relevant

company procedures. No disposition contained in the company procedures can in any

way justify the non-observance of the rules contained in the herein Model.

5. Relationship between Model and Code of Ethics

The Code of Ethics of the Impregilo Group, that was adopted by resolution of the Board of

Directors and that has been successively updated (please see attachment 3) is a different

instrument to the herein model in nature, function, and content.

The Code of Ethics, however, contains the principles of conduct and basic ethical values

to which the Company aims in pursuing its own goals, and such principles must be

observed by all those interacting with the Company.

From this point of view, the Code of Ethics should be considered as a vital foundation for

the Model, as the provisions contained in the latter assume observance of the contents of

the former, together creating a systematic corpus of internal regulations aimed at the

diffusion of a culture of ethics and corporate transparency.

The Code of Ethics, referred to herein as a whole, is attached to the Model (Attachment

4) and is a fully integral part.




6. Corporate Governance System and Organisational Structure

6.1 Corporate Governance System

The herein Model stands alongside the organisational choices made by the Company

regarding corporate governance, whose structure aspires to the principle according

to which having a system of corporate governance rules, ensuring higher levels of

transparency and reliability contemporarily creates higher standards of efficiency.

In this perspective, Impregilo adopted a Corporate Governance system in the year

2000, aspiring to the principles and guidelines contained in the Code of Self-Discipline

of the Italian Stock Market which has represented Italian Best Practice on corporate

governance ever since it was first published in 1998.

In compliance with what is foreseen in art. 124 bis and ter of the TUF and art. 89 bis of

the Consob Regulations implementing the provisions on issuers, the Company annually

publishes a report on its adhesion to the Italian Stock Market’s Code of Self-Discipline

and on the observance of consequent undertakings. This report is made available to

the public on the Company’s web site in a specific section.

6.2 Organisational Structure

In order to implement the herein Model, the Company’s organisational structure,

according to which the essential organisational structures, their respective areas of

competence and the main responsibilities attributed to each are identified, plays a

vitally important role. For a description of the current organisational structure, please

refer to Attachment 2 – Organisational Structure.

7. Criteria for adopting the Model

The Model implementation project was commenced by the Company in September 2001,

and was completed in January 2003, with approval of the Model by the Board of Directors

and the setting up of the Board of Vigilance. Further to legislative amendments that took

place after the first adoption of the Model, with the increase in the number of underlying

crimes, and changes in the Company organisation and the context within which the

Company works, specific Model review and updating projects were started up, with the

aid of external consultants. Within it various updates, therefore, the Model has been

adopted with specific resolutions by the Company's board of directors (see Attachment 3

- Updating of Model).

In agreement with the Decree’s provisions and taking inspiration from the Confindustria

guidelines approved by the Ministry of Justice and the ANCE indications, adoption of the

Model and its various updates have brought about the development of specific analyses

to identify Company areas where the risk of committing the crimes in question exists,

which have also witnessed the involvement of the main functions of the Company.

In particular, these analyses were carried out using the following methods:

▪ appointment to external consultancy Company aimed at carrying out a preliminary

analysis of Company activities at risk, during the drawing up phase of the Model;

▪ analysis of the Company’s organisational structure and consequent interviews with the

Company management;

▪ sharing of crime risk evaluations that emerged with the Company management.

With regards to implementation of the Model, analyses aimed at identifying the existing

gaps between current procedures and Model provisions were carried out. For this

purpose, specific Action Plans were drawn up, whose progress is subject to monitoring by

the Board of Vigilance.




8. Significant crimes for the Company

Adoption of the Model as an instrument that can guide the conduct of subjects operating

inside the Company and that can promote lawful, correct conduct at all Company levels

has a positive effect on preventing any type of crime or offence foreseen by the legal

system.

However, in order to fulfil the Decree’s specific provisions, and in consideration of the

analysis of the Company context and Company activities with potential crime risk, the

offences listed in point 2 of each Special Part, which can be consulted for a more precise

identification, are considered to be significant and are therefore specifically examined in

the Model.

9. Model recipients

The rules set in the Model and in the Code of Ethics are applied to those who hold

positions of representation, administration or management in the Company, or in one of its

organisational Units with financial and functional autonomy, as well as also to those who

manage and control the Company, also de facto.

The Model and the Code of Ethics are also applied to all the Company’s employees,

including those who work overseas and all top management or employees of the

Company’s overseas branches.

The Model and the Code of Ethics are also applied, within the limits of existing contracts,

to those who operate according to mandate or on behalf of the Company, even though

they do not actually belong to the same, and those who are in some way linked to the

Company by business relationships that are relevant for the prevention of crime. For this

purpose, the Legal and Corporate Affairs Director, having consulted the Human Resources

and Organisation Director and the Area Manager of the area to which the contracts or

relations belong, will preliminarily determine the types of legal contract with external

subjects, to whom the provisions contained in the Model and the Code of Ethics apply,

due to the nature of the activity carried out. The Legal and Corporate Affairs Director,

having consulted the Human Resources and Organisation Director and the Area Manager

of the area to which the contracts or relations belong also determines the methods for

communicating the Model and Code of Ethics to the external subjects involved, together

with the necessary procedures for the respect of the provisions set therein, in order to

ensure that all the subjects involved know the contents, according to the modes set out in

paragraph 16 below.

The recipients of the Model and the Code of Ethics must observe all the provisions and

protocols contained therein and all the procedures implemented for the latter, with the

utmost correctness and diligence.

10. Adoption, amendment and additions to the Model

The Board of Directors has the exclusive responsibility for adopting, amending and

changing the Model. The Board of Vigilance, in the realm of the powers granted to it in

compliance with art. 6, paragraph 1, letter b) and with art. 7, paragraph 4, letter a) of the

Decree, has the power to submit proposals to the Board of Directors concerning the

updating and adaptation of the herein Model and must also promptly inform the Board of

Directors in writing, also by including the information in the six-monthly report as set out in

point 13.1, of deeds, circumstances, or organisational gaps found in the vigilance activity

that show the necessity or advisability for the Model to be amended or changed.




In any case, the Model must be promptly amended or changed by the Board of Directors,

also further to proposal, and after consultation with the Board of Vigilance, when the

following circumstances occur:

▪ violations or circumventing of Model’s instructions that have proved the inefficacy or

inconsistency of the Model for the purpose of preventing crimes;

▪ significant changes to the Company’s internal structure and/or the modes used for

carrying out the Company's activities;

▪ amendments to legislation.

Amendments, updates or additions to the Model must always be notified to the Board of

Vigilance.

The operational procedures adopted as implementation of the herein Model are

amended by the competent Company functions, if they prove to be ineffective for the

correct implementation of the Model’s dispositions. The competent Company functions

will also address amendments or additions to operational procedures required to

implement any reviews to the herein Model.

The Board of Vigilance is promptly informed about the updating and implementation of

new operational procedures.

11. The Model in the context of the Group

“Companies belonging to the Group” is intended to mean all the Italian companies and

operational enterprises that are controlled directly or indirectly by the Company, and the

overseas companies and operational enterprises controlled directly or indirectly by the

Company that operate in Italy with a permanent organisation.

The Company will communicate the herein Model and any later update to the

companies belonging to the Group using the methods that it considers to be most

appropriate.

The companies belonging to the Group will autonomously adopt their own "organisation,

management and control Model”, by resolution of their own Boards of Directors,

Administrators or Receivers, and under their own responsibility.

Each company belonging to the Group must identify its own activities that are at risk of

crime, and the suitable measures for preventing perpetration of the latter, in consideration

of the nature and type of activity carried out and the size and structure of its own

organisation.

When preparing their own Models, the companies belonging to the Group will aspire to the

principles contained in the herein Model and will acknowledge its contents, except where

an analysis of their own activities at risk shows the need or appropriateness for adopting

different or additional specific prevention measures compared to what it is stated in the

herein Model, and in this case they must inform the Company’s Board of Vigilance.

Until its own Model is adopted, the companies belonging to the Group will guarantee

prevention of criminal deeds through suitable internal organisational and control measures.

Each company belonging to the Group will be responsible for implementing its own Model

and appointing its own Board of Vigilance. In the smaller companies, the function of Board

of Vigilance may be carried out directly by the Board of Directors, pursuant to art. 6,

paragraph 4 of the Decree.




12. Board of Vigilance

12.1 Function

In compliance with the provisions stated under art. 6, paragraph 1, letter b) of the

Decree, a specific corporate body is set up (Board of Vigilance, OdV), with the task of

continuously supervising the effective functioning and respect of the Model, and

taking care of the update of the same Model, proposing amendments and/or

changes to the board of directors in all cases where - pursuant to point 10 (section B) –

this becomes necessary.

12.2 Requirements

The members of the OdV must possess the requirements of good reputation,

professionalism, autonomy and independence as indicated in the herein Model. The

OdV must perform the functions allocated to it, ensuring the required continuity of

action.

12.2.1. Reputation

The members of the OdV will be identified among those subjects with the subjective

requirements of good reputation as provided under the Ministerial Decree no. 162

dated 30 March 2000, for the members of a listed company's Board of Statutory

Auditors, adopted pursuant to art. 148, paragraph 4 of the TUF.

The following are, in any case, reasons for non-eligibility or removal from the OdV:

▪ a conviction (or plea bargaining), even if not yet final, for one of the underlying

crimes provided under the Decree or, a conviction (or plea bargaining), even if

not yet final, with a sanction that brings about debarment (also temporary) from

management roles of legal entities or enterprises;

▪ the issue of a sanction by CONSOB, for having committed one of the

administrative offences in the realm of market abuse, as set out in the TUF.

Any reform of any non-executive conviction (or plea bargaining) will bring about the

overturning of the cause of non-eligibility for election but will not affect any

withdrawal from the appointment.

12.2.2 Professionalism

The OdV must be composed by subjects with specific skills in inspection activities, in

analysing control systems and in legal contexts (especially criminal code), so that the

presence of suitable professionalism is guaranteed for the carrying out of the

relevant functions. Where necessary, the OdV may also use the aid and support of

external experts, for acquiring any specialised knowledge.

12.2.3 Autonomy and independence

When carrying out its functions, the OdV acts with autonomy and independence

from corporate bodies and other internal control bodies.

The OdV is granted with independent financial resources, based on an annual

budget, approved by the Board of Directors, and further to proposal by the OdV

itself. In any case, the OdV can also ask for additional funds to be allocated, if

available funds are not sufficient for the efficient performance of its duties, and may

extend its spending autonomy on its own initiative in the event of exceptional or

urgent situations, which will then be reported to the Board of Directors.

The activities carried out by the OdV cannot be questioned by any other company

body or structure.




The OdV must be exclusively or by majority composed of subjects without any other

relationship with the Company or with other companies in the Group (except for the

role of member of the Board of Vigilance or member of the Board of Statutory

Auditors in one or more companies within the Group). Any internal members must

not in any case carry out any operational role within the Company or other

companies belonging to the Group, and must not hierarchically report to any

operational areas manager.

When carrying out their duties, the members of the OdV must never find themselves

in situations (even potential ones) of conflicts of interest due to any personal, family

or professional reasons. Should this situation occur, they must immediately inform the

other members of the board and must keep themselves from taking part in any

relative decisions. This hypothesis is mentioned in the report in point 13.1 below.

12.2.4 Continuity of action

The OdV must be able to ensure the necessary continuity in carrying out its duties,

also by scheduling activities and controls, writing minutes of meetings and governing

information flows from any company structures.

12.3 Composition, appointment and permanence of role

The OdV is a board composed by at least three members, among those:

a) two or more members are not employed by the Company;

b) one member who is the person in charge of the Company’s Internal Auditing.

The OdV is appointed by the Company’s Board of Directors, with a motivated

provision that acknowledges the existence of the requisites of reputation,

professionalism, autonomy and independence.

For this purpose, the external candidates must send their Curriculum Vitae,

accompanied by a declaration that states that they possess the above-mentioned

requirements.

The Board of Directors examines the information provided by the persons interested in

the role, or available to the Company, in order to assess whether they actually possess

said requirements.

On accepting the appointment, the members of the OdV, having read the Model

and having formally adhered to the Code of Ethics, undertake to perform their duties

ensuring the required continuity of action and to immediately inform the Board of

Directors of any occurrence that may affect the upkeep of the above-stated

requirement.

After appointing the OdV, the Board of Directors will check that the subjective

requirements for all OdV members still apply, at least once a year.

If any member of the OdV no longer possesses the subjective requirements as required

he will immediately be removed from his appointment. In the event of withdrawal,

death, resignation or cancellation, the Board of Directors will promptly replace the

missing member.

In order to ensure full autonomy and independence, the OdV will remain in their

appointment for a period of three years, and until the new Board of Vigilance is

appointed, regardless of the expiry date or any advance dissolving of the Board of

Directors that appointed it.




The Board of Directors appoints the Chairman of the OdV, from those among the

members of the OdV who are not Company employees. In its regulations, the OdV

can delegate specific functions to the Chairman.

12.4 Removal

The removal of the members of the OdV may only take place due to just cause, by

resolution of the Board of Directors, having consulted the Board of Statutory Auditors,

where "just cause" means serious negligence in carrying out the duties connected with

the role, such as:

▪ if information-providing reports of activity carried out are not drawn up for the

Board of Directors and Board of Statutory Auditors (see paragraph 13.1 of this

section);

▪ if the OdV’s control plan is not drawn up (see paragraph 12.5 of this section);

▪ non-verification of reports that it receives, pursuant to paragraph 13.2 below,

concerning the perpetration or presumed perpetration of crimes as set out in the

Decree, and violation or alleged violation of the Code of Ethics, the Model or the

procedures set out as implementation of the Model;

if OdV meetings are not summoned and held in a six-month period;

if no controls are carried out on the suitability of training programmes, of

implementation methods and results (see paragraph 16 of the herein section);

if no reports are made to the Board of Directors and the Board of Statutory

Auditors about any changes in the regulation framework and/or significant

changes in the internal structure of the Company and/or Modes used to carry out

the Company activities that require an updating of the Model;

if the Board of Directors is not informed about disciplinary measures and sanctions

that may be applied by the Company, for violation of provisions contained in this

Model, of prevention protocols and any relative implementation procedures, and

the violation of provisions contained in the Code of Ethics;

if no routine/ad hoc control on specific sensitive activities are carried out, as set

out in the OdV’s Verifications Plan.

12.5 Tasks and powers

The OdV has autonomous powers of control and initiative within the Company, so that

they can carry out the duties contained in the Model in an efficient manner. For this

purpose, the OdV has its own rules, contained in the Board of Vigilance Regulations,

which is notified to the Board of Directors.

The OdV has no management or decision-making powers concerning the carrying

out of the Company activities, organisational or modification powers of the Company

structures and no sanction-ordering powers.

The OdV has the task of supervising over the functioning and observation of the Model

and is responsible for any updates to the latter. For this purpose, the Board of

Vigilance has been assigned the following tasks and powers:

a) to verify the efficiency, effectiveness and adequacy of the Model for preventing

the perpetration of the crimes set out in the Decree, proposing any updates to the

Board of Directors, as foreseen in point 10 above (section B);

b) based on information flow analysis and any reports it receives pursuant to points

13.2 and 13.3 below (section B), to verify the observance of the Code of Ethics,

rules of conduct, prevention protocols and procedures foreseen in the Model,

highlighting any differences found in conduct;




c) to periodically carry out inspections, following the modes and dates indicated in

the OdV regulations and specified in the OdV’s Verification Plans, of which the

Board of Directors is informed;

d) to promptly propose the adoption of sanctions as set out in point 15 below (section

B) to the body or the function holding necessary disciplinary power;

e) to monitor the definition of staff training programmes using the group’s Model and

Code of Ethics of the Impregilo Group, as set out in point 16.2 below (section B);

f) to supply the information to the corporate bodies in compliance with what is

defined in point 13.1 below (section B);

g) to freely access any organisational unit without needing to provide notice, to

request and acquire information, documents, and data considered necessary for

carrying out its tasks as set out in the Model;

h) to access all the information concerning the activities at risk of crime, as listed in the

Special Parts of the Model;

i) to request and obtain information or production of documents concerning

activities at risk of crime, wherever necessary, from directors, the Board of Statutory

Auditors and the external auditing company;

j) to request and obtain information or the production of documents concerning

activities at risk from collaborators, consultants, agents and external representatives

and generally from all subjects who must observe the Model, on the condition that

this power is explicitly stated in contracts or mandates that link the external party to

the Company;

k) to receive information provided in compliance with the contents of points 13.2 and

13.3 (section B), for performing its own supervisory duties on the working and

implementation of the Model;

l) to request and obtain information from the Boards of Vigilance of the other

companies in the Group;

m) to use the help and support of Internal Auditing function, and of any external

consultants for particularly complex problems, or that require specific skills.

The OdV carries out its own functions in coordination, when necessary, with the

departments concerned for the aspects regarding the interpretation and monitoring

of the reference regulation framework of the Model, and for specific matters provided

by the sector legislation . The OdV also works in coordination with the Company

functions involved in the activities at risk for all aspects regarding the development of

procedures for the implementing of the Model.

With reference to Italian operating units and overseas branches of the Company, the

Board of Vigilance is in charge of:

- verifying that the Model is effectively implemented and respected, in conformity

with the annual audit plan approved by the ODV itself;

- supervising that the Code of Ethics is handed over to local, overseas and/or on

secondment employees;

- coordinating with the Human Resources and Organisation Function regarding

training of employees on secondment in overseas operating units.

The members of the OdV, and the subjects that the Board uses, for any reason, must

observe the obligation of confidentiality on all the information they learn about while

carrying out their duties.

The OdV carries out its functions in full observance of the laws in force, and the




employees’ individual rights.

13. Information flows from and to the Board of Vigilance

13.1 Information to Corporate Bodies

The OdV reports to the Board of Directors, also via the Internal Control Committee,

except when otherwise stated in the herein Model.

Whenever considered as necessary and using the methods stated in the OdV

regulations, the OdV will inform the Chairman of the Board of Directors and the

Managing Director about significant circumstances and facts of their own function or

about any urgent critical factors in the Model which have emerged while carrying out

supervisory activities.

The OdV will draw up a written report to the Board of Directors and Board of Statutory

Auditors once every six months, which must contain the following information, in

addition to any other information considered appropriate at that time:

a) a summary of the activities carried out in the six-month period by the OdV;

b) a description of any problems that have arisen regarding operational procedures

for implementing the Model's provisions;

c) a description of any new activities at risk from individual crime;

d) a statement of reports received from internal and external subjects, including

anything discovered directly, about the presumed violation of provisions contained

in the Model, in prevention protocols and in relative implementation procedures,

and also violation of the provisions found in the Code of Ethics, and the result of

any consequent controls which were carried out. In the event of violations of the

Code of Ethics or the Model by a member of the Board of Directors or the Board of

Statutory Auditors, the OdV will then make the necessary notifications as set out in

point 15.1 below (section B);

e) information about the perpetration of any significant crimes for the purpose of the

decree;

f) if the Board of Directors is not informed about disciplinary measures and sanctions

that may be applied by the Company, for violation of provisions contained in this

Model, of prevention protocols and any relative implementation procedures, and

the violation of provisions contained in the Code of Ethics;

g) an overall evaluation of the functioning and efficacy of the Model with any

proposals for additions, corrections or amendments;

h) reporting about any changes in the regulation framework and/or significant

changes in the internal structure of the Company and/or modes used to carry out

the Company activities that require an updating of the Model;

i) reporting of any conflicts of interest that exist or are potential, as set out in point

12.2.3 (section B) above;

j) a statement of costs incurred.

The Board of Directors and the Board of Statutory Auditors have the right to summon

the OdV at any time, in order to receive information about its duties’ activities.




13.2 Information to the Board of Vigilance

All recipients of the Model must inform the Board of Vigilance of any information

which may be useful for the carrying out of the verifications on the correct

implementation of the Model. In particular:

▪ If Internal Managers for Sensitive Activities should find realms for improvement in the

definition and/or application of prevention protocols as set out in the herein Model,

they should promptly draw up and send a descriptive memorandum of the

motivations underlying the highlighted areas of improvement.

▪ The Process Managers and/or Company bodies/organisational Units, in compliance

with their respective organisational empowerments, must inform, on a biannual

basis, the Board of Vigilance in writing of any information as follows:

- the issue and/or update of organisational documents;

- the evolution of responsibilities for the functions with activities at risk;

- the Company proxy and power of attorney system and any update thereto;

- the main elements of extraordinary operations started up and completed;

- stipulation or renewal of service and infra-group service agreements;

- the reports issued by the Functions/Control Bodies (including the Auditing

Company) on their verification work, from which facts, deeds, events or

omissions may emerge that are critical for observance of the Decree’s

provisions or the provisions contained in the Model and the Code of Ethics;

- disciplinary proceedings started up due to violation of the Model, dismissal

orders for such proceedings and relative motivations, application of sanctions

for violation of the Code of Ethics, the Model or procedures set up for

implements of the latter;

- possible misalignment observed during the protocols’ implementation foreseen

in the Special Parts of the Model and/or Company procedures.

▪ All the employees and members of the Company’s corporate bodies must

promptly report the perpetration or alleged perpetration of the crimes stated in the

Decree, of which they become aware of, and also any violation or presumed

violation of the Code of Ethics, the Model or procedures set up to implement the

latter, of which they become aware of.

▪ Collaborators and all external subjects, identified as per the contents of point 9

above (section B), must directly inform the Board of Vigilance about any violations

as stated above, regarding the activity carried out for the Company, on the

condition that said obligation is specified in the contracts that tie said subjects to

the Company.

▪ All the employees and members of the Company's corporate bodies can clearly

ask the Board of Vigilance about the correct interpretation/application of the

herein Model, prevention protocols, relative implementation procedures and the

Code of Ethics of the Impregilo Group.

In order to ensure the regular observance of the provisions as set out in this section,

13.2, the electronic mail address [email protected] has been set up, dedicated to

communications to the Board of Vigilance by employees, members of the Company’s

corporate bodies and external collaborators. If access to the computer system is not

possible or not available, notifications can be made orally or by internal

correspondence, to the Internal Auditing Manager, in his role as member of the Board

of Vigilance. In the event that the notifications are made orally, the Internal Auditing

Manager, in his role as member of the OdV, will write a report about the meeting. In




any case, the Internal Auditing Manager, will promptly inform the other members of

the OdV.

Notifications are kept by the OdV according to the modes indicated in the Board of

Vigilance Regulations.

The Company adopts suitable measures so that confidentiality about the identity of the

person sending information to the OdV is guaranteed. Any form of reprisal,

discrimination or penalisation against those subjects who make notifications to the

Board of Vigilance in good faith are forbidden. The Company reserves the right to

take any action against anyone who makes untruthful notifications mala fide.

Violation of the obligation of providing information to the OdV as set out in the herein

point, which constitutes a violation of the Model, will be sanctioned in compliance

with the provisions as set out in the point 15 below (section B), which represents the

sanction system.

13.3 Information between Group’s Boards of Vigilance

Each company in the Group will appoint its own autonomous and independent Board

of Vigilance.

The Company Board of Vigilance may request information from the Boards of

Vigilance of the other companies in the Group, if such information is necessary for the

carrying out of its own control activities.

The Boards of Vigilance (OdV) of the companies in the Group will draw up a report for

the Company OdV every six months, pointing out any relevant facts that have

emerged during their own activities, disciplinary sanctions applied and any significant

amendments made to their own Model.

The OdV of the companies in the Group will promptly inform the Company OdV in the

event of a violation of their Model, their Code of Ethics and their preventive protocols.

The Company OdV refers the information as set out in this point to the Company

Board of Directors, in the report as set out in point 13.1 (section B).

14. Infra-group relations

14.1 Provision of services for the companies in the Group

The provision of services by the Company for companies belonging to the Group, that

might involve sensitive activities as set out in the Special Parts below, must be

regulated by a written agreement; a summary report on the status of the agreements

is periodically sent to the Company’s Board of Vigilance.

In particular, the service agreements, as in the point above, must provide for:

▪ the obligation for the company receiving the service to certify the lawfulness and

completeness of the documentation or information communicated to the

Company, for the purpose of carrying out the services requested;

▪ the power for the Board of Vigilance of the company receiving the service to

request information from the Company Board of Vigilance, i.e. – after informing the

latter - to the Company functions, for the correct carrying out of supervision.

When providing services as set out in this section, the Company must observe the

code of ethics and the contents of its own Model and procedures established for the

latter’s implementation.

If the services provided are considered as sensitive activities not considered in its own

Model, the Company will produce suitable rules and procedures for preventing the

perpetration of crimes, after consulting the OdV.




14.2 Provision of services carried out by companies belonging to the Group for

the Company

The provision of services, carried out by companies belonging to the Group for the

Company, that may involve sensitive activities as set out in the Special Parts below,

must be regulated by a written contract; a summary report on the status of the

agreements is periodically sent to the Company’s Board of Vigilance.

In particular, the service agreements, as in the point above, must foresee:

▪ the obligation for the Company to certify the lawfulness and completeness of the

documentation or information provided for the purpose of carrying out the services

requested;

▪ the power for the Company Board of Vigilance to request information from the

Board of Vigilance of the company providing the services, i.e. – after informing the

latter - to the functions of the company providing the services, for the correct

carrying out of its supervisory tasks.

The agreements must establish that the company belonging to the Group which

provides the services will have a model and procedures that are suitable for

preventing the perpetration of crimes and administrative offences.

15. The sanction system

15.1 General principles

The sanction system described below is an autonomous system of measures, aimed at

safeguarding the observance and effective implementation of the Model and the

Code of Ethics, fixing the awareness in the minds of Company staff and any type of

Company collaborators of the Company's desire to pursue any violation of the rules

established for the correct carrying out of the Company business. The application of

sanctions set by the Model does not substitute or suppose the infliction of further,

sanctions of another kind (criminal, administrative, tax), which may derive from the

same deed. However, if the violation committed also configures a hypothesis of a

crime that may be notified by the judicial authorities, and the Company cannot reach

a clear reconstruction of the facts using the verification instruments at its disposal a, it

may await the result of judicial investigations to adopt any disciplinary measures.

Observance of the dispositions contained in the Code of Ethics and the Model applies

to any type and nature of labour contracts, including those for executive managers,

project-based contracts, part-time contracts etc, and also any type of insourcing

contracts.

The disciplinary procedure may be started up on the OdV's initiative, which also

carries out an advisory role during its entire procedure.

In particular, the OdV, having become aware of a violation or alleged violation of the

Code of Ethics or the Model, will immediately undertake the necessary controls,

ensuring confidentiality of the subject against whom proceedings are being taken.

If it is ascertained that the violation was committed by a Company employee

(meaning any subject linked to the Company by an employment contract), the OdV

will immediately inform the holder of the disciplinary power and the Central Corporate

Director.

If the violation concerns an executive manager of the Company, the OdV must inform

the Board of Directors, as a representative of the Chairman and the Managing

Director in writing, in addition to the Central Corporate Director and the holder of

disciplinary power.




If the violation is committed by a Company Director, the Board of Vigilance must

immediately inform the Chairman of the Board of Statutory Auditors, and the Board of

Directors, in the person of the Chairman and the Managing Director, if not directly

involved, in writing.

If the violation is committed by a Member of the Board of Statutory Auditors, the OdV

must immediately inform the Board of Directors, in the person of the Chairman and the

Managing Director, and the Board of Statutory Auditors, in the person of the

Chairman, if not directly involved, in a written report.

If a violation is committed by collaborators or external subjects who operate by

mandate of the Company, the Board of Vigilance will inform the President and the

Managing Director by written report, and also the Central Corporate Director, the

Human Resources and Organisation Director, the Legal and Corporate Affairs Director

and the Area Manager in whose area the contract or mandate are carried out.

The bodies and functions departments holding disciplinary power, will start up the

procedures they are responsible for notification of and any application of sanctions.

The sanctions for violating the dispositions contained in the Code of Ethics and the

herein Model are adopted by the bodies who are responsible due to the powers and

attributions awarded them by the articles of association or by the Company’s internal

regulations.

15.2 Violation of the Model and the Code of Ethics

All the violations, also committed through omissive conduct and together with others,

of the orders contained in the herein Model, Prevention Protocols and relative

implementation procedures, and all violations of the provisions in the Code of Ethics,

constitute offences.

Below is a list of examples of conduct that would constitute offences:

a) the unlawful or incomplete drawing up of documentation provided for by the

herein Model, prevention protocols and the relative implementation procedures; b) facilitating the unlawful or incomplete drawing up by others of documentation

provided for by the herein Model, prevention protocols and the relative

implementation procedures; c) the non-drawing up of the documentation provided for by the herein Model, in the

prevention protocols and the implementation procedures; d) the violation or circumvention of the control system provided for by the Model,

carried out in any way, such as, for example, by theft, destruction or tampering with

documentation pertaining to the procedure, obstructing controls, preventing

subjects carrying out controls on procedures and decisions from gaining access to

information and documentation; e) non-notification of the prescribed information to the Board of Vigilance; f) the violation or circumvention of supervision obligations by top-level management

towards the work of his subordinates; g) Violation of obligations regarding attending training programmes, as set out in

point 16.2 below (section B) Training.

15.3 Sanctions and disciplinary measures

15.3.1 Sanctions for employees

The Code of Ethics and the Model constitute a set of regulations which Company

employees must abide by, pursuant to what is provided under arts. 2104 and 2106 of




the Civil Code, and the National Collective Employment Contracts (CCNL), on the

matter of conduct rules and disciplinary sanctions. Therefore, all conduct of

employees, which violates the provisions contained in the Code of Ethics, the Model

and its implementation procedures, constitutes a breach of primary employment

contract obligations and are consequently offences, with the possibility of being the

cause of a disciplinary procedure and the consequent application of the relative

sanctions.

For employees with the role of manual worker, office worker and middle

management, in the case in point, in observance of the procedures provided under

art. 7 of the law no. 300 dated 20 May 1970 (Workers' Statute), the provisions foreseen

in arts.s 99 and 100 of the CCNL for building company and similar employees are

applicable.

With regards to what is forseen in the herein paragraph, labour contracts with

overseas employees including the on secondment staff are governed, in the EU

member states, by the regulations contained in the Convention on the law

applicable to contractual obligations, signed in Rome on June 19 1980, while the

contracts closed after December 17 2009, are governed by the law applicable to

contractual obligations included in the CE regulation no. 593/2008, for employees

outside that area, labour contracts are regulated by local provisions in force.

In full observance of the principles of gradualness and proportion, the type and

extent of the sanctions that can be inflicted are determined on the basis of the

following criteria:

▪ seriousness of violations committed;

▪ duties and role of the persons involved in the deeds;

▪ voluntariness of the conduct or degree of negligence, carelessness or

incompetence;

▪ the employee’s overall conduct, with particular concern for the existence or non-

existence of previous disciplinary action, within the limits allowed by law and by

the CCNL;

▪ other particular circumstances that accompany the disciplinary violation.

Based on the principles and criteria indicated above:

a) the provisions as follows: verbal reprimand, written reprimand, fine and suspension

from work and from remuneration will be applied if the employee violates the

procedures foreseen in the Model or if, while carrying out his activities in the areas

at risk from the perpetration of crimes, his conduct is not compliant with the

prescriptions of the Model itself or the Code of Ethics, using the hypothesis as set

out in letter g), paragraph 2, of art. 99 CCNL and/or violation of art. 2104 of the

Civil Code. In particular, the measure usually applied is that of a fine that does not

exceed the equivalent of three hours’ salary. In the event of serious or repeated

violations as above, but which do not justify firing the employee, the employee

may be suspended from work and from receiving remuneration for up to three

days, while in less serious cases, there may be a verbal or written reprimand.

b) the measure dismissal with notice (for justified reason) will find application if the

employees adopts a non-compliant conduct, during his work in the areas at risk

from perpetration of crimes, with the prescriptions contained in the herein Model

or the Code of Ethics, such as to constitute a considerable breach of contractual

obligations or conduct that is seriously detrimental to production activity, work

organisation and the regular running of work activity (art. 100, no. 2 CCNL), such

as, for example:




- any conduct directed solely at the aim of committing a crime foreseen in the

Decree;

- any conduct aimed at concealing the perpetration of a crime foreseen in the

Decree;

- any conduct that deliberately infringes the specific measures foreseen in the

Model and the relative implementation procedures to protect workers’ health

and safety.

c) the measure dismissal without notice (for just cause) will be applied further to

substantial conduct in the serious and/or repeated violation of conduct rules and

procedures contained in the Model or in the code of ethics, as conduct that

does not permit the employment relationship to be continued, even temporarily

(art. 100, no. 3, CCNL).

15.3.2 Sanctions for executive managers

The role of executive manager is characterised by its outstanding nature of trust. In

addition to having repercussions inside the Company, the Executive manager’s

behaviour, as a model and example for all those who work in the Company also has

effects on the Company’s external image. Therefore, observance of the provisions

contained in the Code of Ethics, the Model and the relative implementation

procedures by the Company’s executive managers is a vital elements of an

executive manager’s work contract.

The department holding disciplinary powers will start up relative procedures against

executive managers who have committed a violation of the Code of Ethics, the

Model or the implementation procedures of the latter, to carry out relative

notifications and apply the most suitable sanctions, in compliance with the contents

of the Executive Managers’ CCNL and, wherever necessary, observing the

procedures set out in art. 7, law no. 300, 30 May 1970.

The sanctions must be applied in full observance of the principles of gradualness and

proportion compared to the seriousness of the deed and guilt or possible malice.

Among other things, on notification the executive manager may also undergo

precautionary annulment of any powers of attorney entrusted to him, and provisions

go as far as the dissolution of his employment contract due to violations that are

serious as to make the relationship of trust with the Company ineffective.

15.3.3 Sanctions for Directors

Impregilo strictly evaluates all violations of the herein Model carried out by those who

fill top-level management roles in the Company, and who for this reason, are more

capable of driving Company ethics and the work of those who work in the

Company towards values of correctness, lawfulness and transparency.

The Board of Directors may apply any suitable measures allowed by law to directors

who have committed a violation of the Code of Ethics, the Model or the

implementation procedures for the latter, including the following sanctions:

a) formal written reprimand; b) pecuniary sanction equal to an amount of two to five times the subject’s

average monthly emoluments;

c) full or part annulment of any powers of attorney.




For the most serious cases, and however when the violation is of such an extent to

damage the Company's trust in the perpetrator, the Board of Directors will summon

the assembly, and propose removal of the individual's appointment.

15.3.4 Sanctions for statutory auditors

If the violation is committed by one or more members of the Board of Statutory

Auditors, the Board of Vigilance must immediately inform the Board of Directors, in

the person of the Chairman and the Managing Director, and the Board of Statutory

Auditors, in the person of the Chairman, if not directly involved, in a written report.

The recipients of the Board’s of Vigilance information may take suitable measures,

according to the contents of the articles of association, including, for example,

summoning the Shareholders’ Meeting, in order to adopt the most suitable measures

foreseen by law.

If the violations are such as to justify removal of appointment, the Board of Directors

proposes to the shareholders that the relevant measures are taken and then

addresses the further duties foreseen by law.

15.3.5 Sanctions for collaborators and external subjects working on contract to the

Company

With regards to collaborators or external subjects who work on a contract basis with

the Company, as set out in point 9 above (section B), the Legal and Corporate

Affairs Director, having consulted the Human Resources and Organisation Director,

and the Area manager in whose area the contract or work is carried out, will

preliminarily determine the sanctions and the application modes for violations of the

Code of Ethics, the Model and relative implementation procedures. For more serious

violations, or for violations which damage the Company’s trust in the person

responsible for the violations, these measures may foresee termination of the

contract. If a violation is committed by said subjects, the Board of Vigilance will

inform the President and the Managing Directors by written report, and also the

Central Corporate Director, the Human Resources and Organisation Director, the

Legal and Corporate Affairs Director and the Area Manager in whose area the

contract or work is carried out. Managers in this category will be subjected to

measures that are determined pursuant to this point.

16. Communication and training

16.1 Communication

For all employees and all subjects with management, administration, and control

roles, the Company guarantees a correct knowledge and disclosure of the Model

and the Code of Ethics.

The Model and Code of Ethics are notified to all Company staff by the Human

Resources and Organisation Function, and to all members of corporate bodies by the

Legal and Corporate Affairs Function, using the most suitable means, including internal

notices or access to the intranet system.

Suitable ways for certifying reception of the Model and the Code of Ethics by the

Company staff are decided by the Human Resources and Organisation Function,

after consulting the Board of Vigilance.




Specific forms of notifying the Model and Code of Ethics to external subjects who must

receive both the latter, as foreseen in paragraph 9 above (section 9) are planned. The

contracts regulating relations with these subjects must provide for clear responsibility

for observing the Company’s working policies, in particular its Code of Ethics and the

acceptance of the Model general principles.

The Code of Ethics is published in its full version on both the Company intranet and on

the Company’s web site. The Model is published in its full version on the Company

intranet and in a shortened form on the web site.

16.2 Training

The Company undertakes to implement training programmes with the aim of

guaranteeing that employees and members of the corporate bodies actually know

the Code of Ethics and the Model.

The training programmes concern the Decree and the relative legislative framework,

the Code of Ethics and the herein Model. The level of training is regulated with a

different level of deepness depending upon the recipients’ position in the Company

and the different level of involvement in sensitive activities. Specific training is provided

for members of the Board of Vigilance and the subjects that the Board refers to when

carrying out its own functions.

Training initiatives may also be carried out remotely using computer systems (e.g.

Video-conference, e-learning).

Staff training for Model implementation purposes is managed by the Human

Resources and Organisation Function. The Board of Vigilance verifies the

appropriateness of training programmes, implementation modes and results.

Participation in training programmes as set out herein is mandatory. Violation of such

obligations, constituting violation of the Model, is subject to the provisions as set out in

point 15 above (section B) the sanction system.

17. General Prevention Protocols

17.1 General Prevention Principles

The protocol system for the prevention of crimes - finalised by the Company on the

basis of indications provided by the Confindustria Guidelines, jurisprudence, and

international best practices – was carried out by applying the following General

Prevention Principles to each sensitive activity, that guide the General Prevention

Protocols as set out in point 17.2 below (section B) and the Specific Prevention

Protocols as set out in point 4 of each Special Part:

▪ Policies and Procedures: The existence of Company regulations suited to providing

principles of conduct, decision rules, and operational modes for the carrying out of

sensitive activities and filing modes for relevant documentation;

▪ Traceability: each operation regarding the sensitive activity must be, wherever

possible, suitably documented; ii) the decision process, authorisation and carrying

out of sensitive activities must be verifiable ex post, also using document support

and the cases and modes for any possibility of deleting or destroying recordings

made must in any case be regulated;

▪ Segregation of duties: separation of activities between the subject who authorises,

who carries out and who controls. Such separation is ensured by the intervention of

several subjects within the same Company macro process, in order to guarantee

independence and objectivity of processes. The separation of roles is also




implemented by using computer systems that only enable certain operations to

identified and authorised persons;

▪ Proxies and powers of attorney: Authorisation and signatory powers assigned must

be: i) consistent with the organisational and management responsibilities assigned,

foreseeing an indication of expense approval limits, where required; ii) clearly

defined and known within the Company. The Company roles to which the power of

committing the Company to certain expenses, specifying limits and nature of

expenses costs, must be defined. Allocating roles must observe the specific

requisites that may be required by law (e.g. delegation and sub-delegation on

employees’ health and safety matters);

▪ Monitoring: This activity is aimed at the periodical/prompt updating of powers of

attorney, proxies for roles and control systems, in compliance with the decision-

making system and with the entire organisational structure. This activity is the

responsibility of the Legal and Corporate Affairs Department, with regards to

Company powers of attorney and the Organisation Function with regards to

proxies. Finally, the protocol foresees the existence of process controls carried out

by Process Managers or by a super-ordinate third-party body.

17.2 General Prevention Protocols

In the context of sensitive activities identified for each type of crime (see the Special

Parts of the Model below), the General Prevention Protocols state that:

a) for all operations, the formation and implementation of Company decisions must

correspond to the principles and prescriptions contained in law provisions, the

Company memorandum of association, the Code of Self-Discipline, the Code of

Ethics, and Company procedures;

b) the Company provisions suitable to providing principles of conduct, decision rules

and operational modes for the carrying out of sensitive activities and filing modes

for relevant documentation are defined and suitably communicated;

c) for all operations:

▪ the management, coordination and control responsibilities within the Company

and the levels of hierarchical dependence, with description of relative

responsibilities are formalised;

▪ the phases of formation of documents can be documented and are

recoverable;

▪ the authorisation levels of document formation are always formalised and

possible to provide proof thereof, as a guarantee of the transparency of the

choices made;

▪ the Company adopts communications tools for the signatory powers awarded

that ensures such knowledge within the Company environment, also by

publication of the proxy and power of attorney system on the Company

intranet;

▪ the allocation and exercising of powers in a decision-making process is

consistent with the positions of responsibility and with the significance and/or

critical nature of the underlying economic operations;

▪ there is no subjective identity among those who take on or implement decisions,

those who must provide accounting evidence for the operations decided and

those who must carry out the controls foreseen by law and by the procedures

considered by the internal control system;




▪ access to Company data is compliant with the Legislative Decree no. 196

dated 2003 and later amendments and modifications, including regulatory

ones;

▪ access to and intervention on Company data is permitted solely to authorised

persons;

▪ confidentiality in transmitting information is guaranteed;

▪ the documents concerning the formation and implementation of decisions are

filed and stored by the competent department, using methods that do not

allow any later modification, unless with specific evidence. Access to filed

documents is only permitted for authorised subjects according to internal

regulations, and the Board of Statutory Auditors, the Auditing Company and the

Board of Vigilance;

d) for each of the processes included in the sensitive activities listed in the herein

Model, a Process manager is identified, in the Special Parts of the Model, except in

Special Part E, due to the specific nature of the subject of work safety. In particular,

the Process Manager:

▪ is formally recognised by the Company organisational system (e.g. internal

proxies, job description, procedures), in observance of any requisites of efficacy

set by the law for the assigning of roles;

▪ has all the necessary tools to pursue the internal objectives of the same process,

observing timescales and principles that regulate it;

▪ can supervise all the main phases of the process involved, coordinating and

activating the various subjects belonging to the organisational units that

participate, or that he believes should take part;

▪ has full visibility and access (direct or indirect) to all relevant information on the

process.

The Process Manager has the specific responsibility of:

▪ guaranteeing that the process is carried out in compliance with internal

dispositions (e.g. Company procedures and guidelines) and the current

legislation in force on the matter;

▪ guaranteeing that all controls are carried out on underlying activities by the

individual subjects who take part in the process;

▪ guaranteeing that the whole process is carried out in observance of the

principles of transparency and traceability, on whose basis each operation must

have suitable document support;

▪ regularly informing the Board of Vigilance pursuant to point 13.2 above (section

B) and to specific operational procedures, and in any case as soon as any

irregularities are found or particular critical situations occur (e.g. violations or

suspect of violations of the Model and the Code of Ethics, cases of inefficacy,

unsuitability and difficulty in implementing control protocols).

e) the relative Internal Managers for Sensitive Activities are identified for each of the

sensitive activities listed in the herein Model, in each of the Special parts of said

Model, except for Special Part E, considering the specific nature of safety in the

workplace. These figures correspond to the competent organisational unit

managers for stated sensitive activities.

In particular, the Internal Manager for Sensitive Activity:

▪ Is formally recognised by the Company organisational system (e.g. internal

proxies, job description, procedures), in observance of any requisites of efficacy

set by the law for the assigning of roles;




▪ has all the necessary tools to pursue the internal objectives of the relevant

activities, observing timescales and principles that regulate them;

▪ can supervise the relevant activities, coordinating and activating the various

subjects who belong to his own organisational unit;

▪ has full visibility and access (direct or indirect) to all information on the relative

activities;

The Internal Manager for the Sensitive Activity has the specific responsibility to:

▪ guarantee that the competent activities are carried out in compliance with

internal dispositions (e.g. Company procedures and guidelines) and the current

legislation in force on the matter;

▪ set up the direct and indirect controls, aimed at guaranteeing the correctness,

truthfulness and updating of the result of activities he is responsible for (e.g.

data, information, documents provided to the Process Manager);

▪ ensure and certify the correctness, truthfulness and update of the result of

activities he is responsible for in observance of the principles of transparency

and traceability, on whose basis each operation must have suitable document

support;

▪ immediately inform the OdV and also the Process Manager, as set out in point

13.2 above (section B), if any particular critical situations occur that regard the

efficacy, adequacy and implementation of preventive protocols;

▪ immediately report any violation (or suspected violation) of the Model, Code of

Ethics and preventive protocols to the Board of Vigilance.

17.3 Protocols on observing debarment sanctions

In the event that debarment sanctions or precautionary measures are applied to the

Company, ex art. 23 of the Decree:

▪ it is forbidden for any to start up any operation that violates the obligations and

bans included in said sanction;

▪ the Process Managers carry out the necessary supervision in order to preliminarily

identify any operations that may constitute a violation of the obligations and bans

as set out in the debarment sanctions and precautionary measures.

If the Process Managers find any characteristics in a certain operation that can be

traced even in part, to a violation, or a potential violation, of obligations deriving from

the debarment sanctions or precautionary measures:

▪ must suspend any activity pertaining to the operation in question;

▪ must immediately send specific information to the Legal and Corporate Affairs

Function, which analyses the operation, also using external legal consultants, to

provide an interpretation and details of the procedure to be followed.

A copy of the information prepared by the Process Managers and the documentation

prepared by the Legal and Corporate Affairs Function is promptly sent to the Board of

Vigilance.

Attachment 1 to the General Part

Table Sensitive Activities / Special Parts

En impregilo generalpart_260811_def

Business