331

2021 INTEGRATED MANAGEMENT REPORT

Indicator reference InTraining reported

Related GRI standard

Additional comments

EM-EP-510a.2

Description of the management system for prevention of corruption and bribery throughout the value chain

Corruption management approach

The main general anti-corruption controls in the E&P business are:

· Code of Ethics and Conduct' and 'Anti-Bribery, Anti- Corruption and Conflict of Interest Policy'.

· Ongoing conflict of interest screening of our employees and all new business relationships with third parties (before entering into the relationship).

· Awareness-raising actions. · Due diligence investigation of third parties and continuous

monitoring of the risk of sanctions and the integrity/ reputation of our asset partners.

· Ethics and Compliance Channel.

The asset-specific controls and assurance activities are as follows:

· Counterparty analyses (in supply chain processes, donations, social actions and sponsorships, security services, relations with governments or public entities, and tendering and permitting).

· Save for contracts for a minimum amount, all standard contracts include specific clauses containing obligations, duties and statements related to anti-corruption risk. Our 'Anti-Corruption Policy' is annexed to larger contracts as an integral part of the agreement (in supply chain processes).

· When a match with a list is identified or a red flag is raised, the matter is analysed to decide whether further enquiries (in supply chain processes) are necessary.

· Extensive or intensive due diligence investigations (on supply chain processes) are mandatory when sourcing local suppliers or contractors or high-risk services.

· Local policy regulating the form and controls for entering into agreements with non-profit entities, including the need to sign written agreements expressly stating our anti- corruption policy and certain restrictions on contributions (in donation, social action and sponsorship processes).

· Any courtesy items given to public servants must be reported in a pre-established format (in security services and relations with governments or public entities).

In non-operated assets, the risk of corruption is reviewed through joint venture audits. In the case of Algeria, counterparty analyses are carried out for transactions exceeding the economic limit stipulated in joint operating contracts. Compliance questionnaires are used to request reports on the most relevant aspects of corruption issues by those responsible for the business in non-operated assets.

EM-RM-520a.1

Total amount of monetary losses as a result of legal proceedings associated with price fixing or price manipulation

Monetary losses incurred by Cepsa in this connection have amounted to 0 during the reporting period.

1 Contributions must be made in kind, unless approved by the Compliance Officer.