Ethics, compliance & integrity

Italo’s control and management framework, based on the Framework drawn up by the Committee of Sponsoring Organizations of the Treadway Commission (CoSO Report - CoSO ERM) and the Three Lines Model published by the Institute of Internal Auditors (IIA), is constantly assessed to ensure its operational effectiveness and efficiency. A working group with members representing the second and third lines of control has been set up to discuss their key findings, to standardize operational and audit plans and produce a quarterly report on internal control and risk management for senior management.
The following diagram shows the structure of Italo’s control framework.



 

The main risks identified are:

  • strategic and business risks: the risk of failing to achieve the organization’s mission and its strategic and business objectives;
  • financial risks: risks that can adversely affect Italo’s ability to meet its financial obligations (e.g., credit, liquidity, borrowing and interest rate risks);
  • operational risks: risks caused by the flawed conduct of processes, due to inadequacies in the organizational structure, ineffective procedures and/or malfunctioning information systems;
  • compliance risks: the risk of incurring legal or administrative sanctions or reputational damage;
  • external risks: risks caused by external events (e.g., natural or climate-related events, socio-political changes, competition, market forces).

Any critical issues identified during the conduct of audits and monitoring activities are shared with Process Owners, the Chief Executive Officer, the Chairman, the Board of Statutory Auditors and the Supervisory Board (as regards aspects relating to Legislative Decree 231/01). No critical issues were identified during the reporting period.

The issue of integrity and transparency is one of the cornerstones of the Group’s corporate strategy. This ensures that our business dealings are conducted in a correct manner and the oversight of internal operating processes. To prevent instances of non-compliance and act in full compliance with the law, Italo and Itabus have adopted:

  • Code of Ethics: setting out the ethical principles and values that should inspire the conduct and behavior of everyone who, in whatever capacity, acts in the interest or on behalf of the Group.
  • 231 Organizational Model: to prevent commission of the offences referred to in Legislative Decree 231 and contribute to achieving the UN Sustainable Development Goals.
  • Whistleblowing Policy: updated to reflect the provisions of Legislative Decree 24 of March 10, 2023.

Italo has also adopted Guidelines for the “Management of relations with Public and Private Organizations and the prevention of corruption” with the aim of providing a framework for the correct conduct of relations with representatives of public organizations, public officials and/or public service providers and private entities, partly in view of the significance of such relations for the purposes of Legislative Decree 231/01.

Italo S.p.A. protects the values established in its Code of Ethics, mainly regarding correct internal and external relationships, transparency towards all parties concerned and responsibility towards the community.

The Company pays particular attention to complying with laws, rules and regulations and considers this commitment as the main condition for belonging to the Company.

In this context, Italo makes available to all those who - in any way - have relations with the Company, all the necessary channels to report on potential violations regarding the Organisation, Management and Control Model ex Legislative Decree 231/01, laws, rules and regulations.  

A “Report” is defined as any news regarding suspicious behaviours or alleged illegal conduct and/or attitudes that may cause damages and/or detriment to Italo and its reputation, especially for what concerns:

  • alleged breaches, requests or incentives to breach external laws and regulations provisions, the Company Code of Ethics and Organisation, Management and Control Model ex Legislative Decree 231/01 and/or Internal procedures;
  • alleged findings, irregularities, conduct, acts or omissions that harm the public interest and/or the integrity of the public administration and/or private entities;
  • significant unlawful behaviours pursuant to Legislative Decree 231/01.

Reports shall be submitted in good faith, fully aware that Italo shall guarantee confidentiality on Whistleblowers’ identity and the content of the report, as well as protect the informant from any retaliation and/or discriminatory act for reasons connected - directly or indirectly - to the Report.

Italo’s “Whistleblowing Management Guidelines” define the process of receiving, analysing and processing Reports and establish a Whistleblowing Committee to oversee the whole process. The Committee is composed by the Head of Internal Audit & Risk Management, the Head of Human Resources & Organization and the Head of Legal Affairs & Compliance. In order to favour the sending of Reports, Italo has implemented a dedicated IT platform (https://whistleblowing.italospa.it/) to guarantee confidentiality and to protect the identity of the Whistleblower and the Reported person by means of secure protocols and ad-hoc cryptography tools.

It is also possible to submit a Report by sending a letter to the Company headquarters: Italo Via Casilina 1 - 00182 Rome, to the attention of the Whistleblowing Committee in the person of the Head of Internal Audit and Risk Management Function.

Moreover, oral Reports are accepted only if submitted through a direct meeting with the Whistleblowing Committee or one of its members.


Click the following link to access the website: https://whistleblowing.italospa.it/

 

 

Reports are received and analysed by the Whistleblowing Committee composed by the Head of Internal Audit & Risk Management, the Head of Human Resources & Organization and the Head of Legal Affairs & Compliance.
If a Report refers to a member of the aforementioned Committee, the reported person shall not be involved in any activity regarding the process of receiving, analysing and processing the Report.
Aggregated data regarding Reports received as well as any detailed information arisen from the analysis of significant Reports may be shared – depending on the topic and specific areas of responsibility – with the Surveillance Body ex L.D. 231/01, the Board of Statutory Auditors and -  if deemed appropriate - with the Top Management.

Italo shall guarantee confidentiality and protection of Whistleblowers identity with the aim of eliminating any element that may discourage anyone from submitting reports. The Company will take into consideration anonymous Reports only if they are timely, substantiated and backed by adequate documentation and it is required that Whistleblowers indicate their personal data to allow the company to ask for further evidence and information while analysing and managing the Report.

Italo’s Whistleblowing IT platform stores data on a dedicated server and guarantees confidentiality of the Whistleblower’s identity as:
  • IPs and servers from which Reports were submitted are not traced (“no log policy”);
  • Reports and ID data are stored in separated databases;
  • An anonymous ID code is automatically assigned to every single Report.
Therefore, from the moment in which the report is received and during its processing, only the anonymous ID code will be visible into the platform.

Italo’s Whistleblowing Committee and its members (the Head of Internal Audit & Risk Management, the Head of Human Resources & Organization and the Head of Legal Affairs & Compliance).
In the cases foreseen by the law, the identity of the Whistleblower can be viewed only inside the IT platform through a function that stores activity logs regarding the person who and the reasons why identity has been disclosed.

ITALO shall treat all data acquired through the Report in compliance with Regulation n. 2016/679 (“GDPR”) and with any applicable internal procedure. Therefore:
  • the Company shall not disclose to the reported person the identity of the Whistleblower, but for the cases foreseen by the law in order to avoid retaliation, threats, violence, etc. and to protect the Whistleblower’s confidentiality;
  • as part of disciplinary proceedings against the reported person, the identity of the whistleblower may be disclosed only with the whistleblower's express consent, if the dispute is based - in whole or in part - on the report and knowledge of the whistleblower's identity is essential for the defense of the accused person. In that case, the Company will ask the whistleblower's consent to the disclosure of his / her identity by notifying in writing the reasons for the disclosure of his / her confidential data.

You can submit a report by:
  • accessing the Whistleblowing platform using a private and/or non-company owned fixed/mobile device.
  • filling the form with all the required information
  • don’t forgetting to thick the appropriate field to let us aware that you are an ITALO “employee”.
You can either send a letter to the Company: Italo Via Casilina 1 - 00182 Rome, to the attention of the Whistleblowing Committee in the person of the Head of Internal Audit and Risk Management Function.
Moreover, you can submit oral Reports through a direct meeting with the Whistleblowing Committee or one of its members.

External parties can submit a report by accessing the Whistleblowing platform using any fixed or mobile device with an Internet browser and by inserting the following data: name, surname, email address and phone number.
They can also send a letter to the Company: Italo Via Casilina 1 - 00182 Roma, attention of the Whistleblowing Committee represented in the person of the Head of Internal Audit and Risk Management Function.
Moreover, they can submit oral Reports through a direct meeting with the Whistleblowing Committee or one of its members.
Please note that Italo will acknowledge anonymous Reports only if they are timely, substantiated and backed by adequate documentation.       

Whistleblowers can monitor the progress of their Reports by accessing the Whistleblowing portal and by inserting the ID code (10 digits / numeric code) provided by the portal at the time the Report was submitted.

The IT platform allows you to attach text, image, audio and video files to your Report for up to 60 mb.

Whistleblowers can monitor the progress of their Reports by accessing the Whistleblowing portal and by inserting the ID code (10 digits / numeric code) provided by the portal at the time the Report was submitted.Specific channels are provided for internal reporting (see FAQ 6 and FAQ 7), external reporting and public disclosures.
In fact, applicable regulation provides for the possibility of forwarding external reporting the Italian Anticorruption Authority (ANAC) in the following hypotheses:
(i) the internal reporting channel is not active or does not comply with legal requirements;
(ii) the internal report previously submitted by the whistleblower has not been followed-up;
(iii) the whistleblower has reasonable grounds to believe that:
  • the internal report has not been effectively investigated;
  • a risk of retaliation may occur;
  • the alleged breach may cause an imminent or manifest danger to the public interest.
Guidelines and procedures for submitting and handling external reports are published on the ANAC website.