Discover the Acea Group online 2019 Consolidated Report
Regulatory and Legislative Risks
As is well known, the Acea Group operates mainly in regulated markets and the requirements and obligations that characterise them (as well as changes in the rules of operation of these markets) can significantly affect the results and performance of operations. In particular, several Group companies manage the Integrated Water Service in their respective Territorial Areas, which is known to be a sector receiving an increasing level of attention from lawmakers and the Sector Authority (ARERA). The Group is therefore exposed to the evolution of the relevant legal/regulatory frameworks in the areas served. In this regard, note how the rules of territorial planning and governance of the Integrated Water Service continue to be subject to specific regulatory measures. In fact, two different bills have been drafted (AC 52, first signatory Hon. F. Daga, and AC 773, first signatory Hon. F. Braga) which, taking up previously proposed topics, intend to deal with the government and public management of the integrated water cycle in different ways. The two bills, whose examination was joint and declared urgent, are currently being examined by the Appointee of the Chamber's Environmental Commission.
Companies in the Environment Segment are also exposed to potential risks arising from changes in the legal framework following the forthcoming revision of the Environmental Consolidation Act, and in the regulatory framework following future measures of ARERA concerning the integrated waste cycle sector.
These risks are mitigated by careful monitoring of regulatory developments, interacting with the relevant bodies and participating in association and institutional meetings carried out by the competent business structures in synergy with the Group's organisational structures. These structures monitor regulatory developments in terms of providing support in the preparation of comments in the response to the Consultation Paper, in line with the interests of Group companies, and guidance for the consistent application of regulations in corporate procedures and within the electricity, gas, water and environment businesses.
The nature of the business also exposes the Acea Group to the risk of non-compliance with consumer protection regulations pursuant to Italian Legislative Decree no. 206/2005, i.e. the risk mainly connected to the commission of consumer offences/unfair trade practices or misleading advertising (through activities like omission of relevant information, dissemination of untrue information/forms of undue influence, unfair terms in commercial relations with consumers), as well as the risk of non-compliance with the regulations for the protection of competition, i.e. the risk associated mainly with the prohibition of companies to establish restrictive agreements and to abuse their dominant position in the market (through activities like market allocation, manipulation of tenders, restrictive agreements and other types of anti-competitive agreements, exchange of commercial/competitive information that potentially constitutes the creation of a cartel).
At the end of 2018 Acea adopted a specific Antitrust Compliance Programme and appointed a Holding Antitrust Officer. The main objective of the programme is to strengthen internal controls aimed at preventing the violation of regulations through the implementation of regulatory and organisational instruments, as well as through a more widespread dissemination of the culture of respect for the principles of fair competition and consumer rights. In 2019 the main Group companies adopted the Antitrust Compliance Programme in line with the indications of the Holding Company, and set up organisational structures in which Company Antitrust Officers were appointed, given the task of managing the activities to adapt the Programme to the individual companies and supervise its implementation and maintenance.
Regulatory risks also include all non-conformities, with particular regard to the environmental impact of Acea Group (generated for example by the activities of production and / or treatment of urban waste and waste, and of health and safety). at work, mitigated through the adoption of certified management systems, respectively UNI EN ISO 14001:2015 and BS OHSAS 18001:2007), which may result in the application of administrative and / or criminal penalties, including those of a disqualifying nature.
Some newly introduced crimes expand the catalogue of predicate offences capable of activating the responsibility of the bodies pursuant to Italian Legislative Decree no. 231/2001, thus requiring an update of the organisational models. Specifically:
- on 18 December 2018 the new Anti-Corruption Law was passed (the so-called "Spazzacorrotti"), which introduced into Italian Legislative Decree no. 231 of 8 June 2001, paragraph 1 of art. 25 "Bribery and corruption, undue inducement to give or promise utilities" the crime of "Trafficking in illicit influences" (art. 346 bis of the Italian Criminal Code);
- law no. 39 of 3 May 2019 which, implementing in our system the Convention of the Council of Europe on the manipulation of sporting competitions signed in Magglingen on 18 September 2014, added to Italian Legislative Decree no. 231 of 8 June 2001 a new art. 25 quaterdecies "Fraud in sporting competitions, illegal gambling or betting and games of chance by means of prohibited devices";
- law converting Italian Decree Law no. 105/2019 of 14 November 2019 containing "Urgent provisions on the subject of national cybernetic security perimeter" which amended art. 24-bis of Italian Legislative Decree no. 231/01 "Computer crimes and unlawful data processing" providing for the liability of the entity also for the crimes referred to in article 1, paragraph 11 of Italian Legislative Decree no. 105/2019;
- law converting Italian Decree Law no. 124/2019 of 17 December 2019 that came into force on 25 December 2019, which introduced among the predicate offences in Italian Legislative Decree no. 231/01 some tax offences.
As part of the general Group Whistleblowing Procedure aimed at regulating the system with which anyone can make voluntary and discreet whistleblowing reports, guaranteeing the confidentiality of the identity of the whistleblower and thus protecting him/her from any retaliation, the rules governing Whistleblowing relating to unlawful conduct have been updated, also pursuant to Italian Legislative Decree no. 231/2001 and/or violations of the 231 Model, expanding the possible channels of communication to include a specific IT platform soon to be adopted, accessible by everyone (employees, third parties, etc.) on the website of each Group Company, and by employees of the Italian Companies of the Group having access to the company's Intranet.
The subsidiary Acea Ato 5 is involved in investigations and proceedings that relate to cases falling under Italian Legislative Decree no. 231/2001 regarding the environment and corporate crimes. In particular, with regard to corporate offences, case 2031/16 relates to financial years 2015, 2016 and 2017 and alleges that the crimes of accounting fraud and filing fraudulent financial statements were committed by the Chairmen of the Company and the representatives of the supervisory body of this company. Investigations are ongoing. It should be noted that some consolidated companies (mainly Acea Ato 5, Acea Ato 2 and Acea Ambiente), as more fully illustrated in the relative financial statements for the year, are subject to investigations or proceedings that relate to significant cases pursuant to Italian Legislative Decree no. 231/2001, mainly concerning safety and the environment. There is also a complaint for a corporate offence related to Acea Ato 5 alone. In particular, with regard to corporate offences, case 2031/16 relates to financial years 2015, 2016 and 2017 and alleges that the crimes of accounting fraud and filing fraudulent financial statements were committed by the Chairmen of the Company and the representatives of the supervisory body of this company. Investigations are ongoing.
On the basis of the information currently available, taking into account the operational autonomy of the companies with respect to the parent company Acea, any responsibilities that may be ascertained upon the final outcome of the aforementioned proceedings are exclusively attributable to the companies themselves, without any repercussions on the Parent Company or other companies of the Group that are not involved.
It should be noted that some consolidated companies (areti, Acea Ato 2, Acea Elabori and Acea Ambiente), as more fully illustrated in the relative financial statements, are subject to investigations or proceedings that relate to significant cases pursuant to Italian Legislative Decree no. 231/2001 concerning safety and/or the environment.
There are also complaints for corporate offences relating only to Acea Ato 5.
On the basis of the information currently available, taking into account the operational autonomy of the companies with respect to the parent company Acea, any responsibilities that may be ascertained upon the final outcome of the aforementioned proceedings are exclusively attributable to the companies themselves, without any repercussions on the Parent Company or other companies of the Group that are not involved.
Finally, other additional regulatory risks that may potentially be of particular relevance for the Acea Group include those arising from the Privacy Regulation (EU) 2016/679 GDPR.
The Acea Group's compliance programme has made it possible to define and implement a Privacy Governance Model that is valid for the Group, taking the Parent Company as a privileged area of observation in its role as the linchpin of the system and supplier of services and/or centralised activities, looking at the Companies with a logic of priority at the core processes of each business area. The online training programme offered using an e-learning platform that was successfully implemented in the previous period for the Parent Company has been extended to the Companies to provide a first layer of compliance with the obligation for Data Controllers to instruct data processing personnel, providing them with training on individual corporate processes as well as a particular focus on cross-cutting procedures (HR, Legal, etc.).
Corporate working groups have been set up to customise the Group Model in the individual companies, with effects on the implementation and/or fine-tuning of processes having a high impact on privacy, and initiatives have also been carried out to test compliance solutions already adopted.
No computer incidents have been reported affecting the personal data held by Group companies during the period 2018-2019.