Intesa Sanpaolo considers its relationship of trust with customers and with the market to be a key asset to the sustainability of its business activities. Considering the increased awareness on business ethics and the growing interest of investors in the measurement of intangible assets, the Group has developed a model to actively manage its reputation with all stakeholders with a view to preventing and minimising potential negative effects. In this context the corporate values and the principles of conduct to adopt with stakeholders, expressed in the Group Code of Ethics, are an important reference for all employees.

The corporate bodies and functions of Intesa Sanpaolo directly involved in the reputational risk management process, with separate roles and responsibilities, perform strategic supervision and control duties.

Intesa Sanpaolo’s reputational risk governance model envisages that reputational risk management and mitigation are pursued through systematic and independent monitoring by the corporate structures with the specific duty of protecting reputation and through transversal monitoring across the various departments using a Reputational Risk Management process.

As regards the transversal monitoring implemented by the Reputational Risk Management process, the main figures provided by the various company functions involved in the process of safeguarding the corporate reputation allow the Enterprise Risk Management Head Office Department - in agreement with the Chief Compliance Officer in relation to compliance risks - to identify and define the main risk scenarios to which the Group is exposed and submit these for company management assessment with a view to identifying, where necessary, suitable communication strategies and specific mitigation measures.

The identification stage of the main critical areas uses the results of the corporate processes that assess the reputational component of compliance risk management, internal and external communication activities, monitoring of antitrust regulations, communications with investors and rating agencies and the Corporate Social Responsibility function. In particular, the CSR Unit makes available the results of two processes, essentially the Sustainability Report management activities with stakeholder engagement and materiality analysis, and the activities associated with monitoring application of the Code of Ethics (see chapters: “Relations with stakeholders: engagement and listening” and “Control of social and environmental risks in the governance processes”).

Reputational risk mitigation and management activities are performed to guarantee consistency between the Group’s risk appetite and business developments, and the prioritisation of action on the various critical issues and related proposals.

In order to strengthen, even in terms of organisation, the monitoring of reputational risks, in July 2015 the Reputational Risk office was set up, as part of the Enterprise Risk Management Department; such a structure is in charge of ensuring a structured monitoring of reputational risk also through the integration and enhancement of the contributions made by the corporate functions monitoring corporate reputation.