CEPSA - 2021 INTEGRATED MANAGEMENT REPORT

149

2021 INTEGRATED MANAGEMENT REPORT

COMPLIANCE RISKS

Related to governance and compliance with legal requirements and commitments made, as well as the management of legal affairs.

RISKS DESCRIPTION AND CONTROL MEASURES

Regulatory compliance

Any breach of regulations could lead to adverse reputational effects, sanctions, other measures or claims for compensation. Cepsa has an effective compliance management system in place to cover this risk and minimise impacts.

Litigation and arbitration

Cepsa manages a number of administrative, judicial and arbitration proceedings relating to claims arising in the ordinary course of business. Regardless of the amount involved in each case, the extent and final outcome cannot be accurately predicted. On the basis of current information, company management considers that the provisions recorded reasonably cover these risks.

Ethical misconduct

Ethical misconduct and non-compliance with legislation can expose the company to criminal or administrative proceedings and negatively affect our reputation, operations, financial results and stakeholder value. In view of the Group's international activities, the company is also subject to anti-corruption and anti-bribery laws in many jurisdictions.

Cepsa manages risks of this kind by means of: (1) A 'Code of Ethics and Conduct' which sets out the fundamental principles, standards

and ethical conduct applicable to all our employees. (2) A criminal and anti-bribery compliance system certified under the standards ISO

37001 and UNE 19601.

Compliance risks associated with economic and trade sanctions imposed by the United States, European Union or other jurisdictions

The failure to comply with these international sanctions could have severe economic effects, particularly in relation to the Group's funding sources or other contractual arrangements with banks. To manage this risk, Cepsa implements a due diligence process with third parties based on the 'Control Policy on Sanctions and Embargoes in Commercial Relations, Exports and Precursor Products' approved by the Board of Directors. These analyses are carried out centrally by the Ethics and Compliance Office and external advice is received based on the risk levels identified in the counterparties and transactions.