Why this issue is significant
The Intesa Sanpaolo Group recognises the strategic importance of activities to ensure compliance with internal and external regulations and codes of conduct, in the belief that respecting standards and fairness in business are essential elements in carrying out banking operations, which by nature are based on trust. The view is that compliance with standards encourages the creation and maintenance of a soundly competitive economic context, in which merit can be measured and shared value can be created, contributing to the area and community development. Intesa Sanpaolo aims to be a reliable, qualified contact for the regulators, relating with these in a transparent manner and helping to develop the regulatory context through the identification of common objectives for banks and stakeholders. The Group actively supports the United Nations’ Global Compact principles that envisage the development of activities to combat corruption and to protect rights in the global context.
Intesa Sanpaolo pursues the respect for standards through synergic operations between all company functions. The operating and business units are required to abide by company processes and procedures, verifying their application with suitable controls, with a view to full compliance with applicable regulations and standards of conduct. The Compliance Guidelines provide a detailed description of the compliance risk management processes. Rules to prevent corruption form an integral part of the internal regulatory sources: Code of Ethics, Internal Code of Conduct, Organisational and Control Model pursuant to Italian Legislative Decree 231/2001; company processes potentially instrumental to committing corruption-related crimes are identified and specifically regulated. The Compliance and Audit departments constantly verify the consistency between the control and conduct principles stated in the 231 Model, including those relating to corruption, and the internal regulations in force, and guarantee compliance with these.
The Parent Company Corporate Bodies are responsible, each to the extent of their own duties and prerogatives, for ensuring suitable monitoring of compliance risk to which the Group is or could be exposed.
Chief Compliance Officer, a permanent and independent department with its own resources and duties, reports directly to the Corporate Bodies. For specific regulatory areas the risk monitoring activities are assigned to specialised functions, required to adopt the methods envisaged in the Compliance Guidelines. The Antitrust Affairs and Strategic Support Service, the Safety and Protection Unit, the Anti-money Laundering Service, the Administration and Tax Department and the Employment Policy Department operate to guarantee the correct application of the specific regulations. For all areas, the Internal Auditing Department performs controls on the regular nature of operations and on monitoring adequacy and efficiency, proposing any corrective action required.
Intesa Sanpaolo has adopted strict internal procedures over time to prevent the risk of corruption and extortion. During the year activities continued in that regard and, with the "Anti-Corruption Project", special monitoring measures will be further enhanced from a “worldwide” Group point of view. Internal regulations have been enacted aimed at identifying reference principles and operational criteria to ensure that products and services offered to customers and the structured transactions, together with the consulting activity, comply with the tax rules. Moreover, the commitment has continued to combat operations in little-transparent countries and/or through particularly complex corporate structures with limited transparency in terms of ownership structures. For this purpose, a tax department responsible for checking tax compliance processes was set up.
A document was issued at the end of 2015 which puts in place a "reporting system by the Personnel of actions or circumstances that could constitute violations of the rules governing the banking business (whistleblowing).
The monitoring of the risk of compliance with competition protection rules has been further expanded and strengthened, to include EU Rules on State aid and the Italian standards to support the competitiveness of the Italian system.
In terms of fraud prevention, for the Group's Italian banks and for some of its International Subsidiary Banks, Intesa Sanpaolo has activated an anti-fraud system that analyses all transactions carried out via Internet Banking in real time and identifies those considered to be questionable so that they may be verified by a specialised unit. The Computer Emergency Response Team was also defined in order to manage cyber-type critical events to external stakeholders, thus allowing to optimize procedures, expertise, investments, reaction times and ensure the compulsory communication with stakeholders established by legal or sector-specific regulations.
Also with regard to the protection of privacy, Intesa Sanpaolo ensures that personal data are collected and processed in accordance with the legal provisions and the principles expressed in the Code of Ethics. All Group personnel participated in training and updates on this issue, through mandatory initiatives online, as well as through classroom meetings and activities focused on specific areas.
Performance indicators and objectives achieved:
|Indicators||2014 results||2015 results|
|Specialist training to
prevent corruption and
60.2% of total)
|38,806 trained employees
(44.3% of total)