The Cellnex Group’s Ethics and Compliance Committee was established in 2016. The Committee represents the highest body that guarantees compliance with the Code of Ethics and the Corruption Prevention Procedure of the Cellnex Group and the internal rules that enact them. In addition to its executive role, this Committee is the advisory and management body for all issues relating to ethical rules and compliance of the Cellnex Group.

Likewise, the Ethics and Compliance Committee is the body responsible for identifying the risks of any possible breaches, mainly criminal ones. In its role as the body responsible for criminal enforcement, the Committee evaluates and analyses, improves and keeps track of the system of Crime Prevention and Detection to avoid any criminal liability. In this regard, a model was defined in 2016 for the prevention and detection of criminal offences, for which employee training will be provided during 2017.

The current composition of the Ethics and Compliance Committee:

• General secretary
• Resources
• Internal Audit and Risk Control
• Legal advice

To ensure the independence of the Cellnex Group’s Ethics and Compliance Committee, from a functional and organisational point of view the committee answers to the Appointments and Remuneration Committee of the Board of Cellnex Telecom, S.A.

Following this approach, the Ethics and Compliance Committee regularly reports its activities and initiatives directly to both the Appointments and Remuneration Committee and the Audit Committee.

It should be underlined that compliance management is currently centralised in the corporation. However, the rules provide that Ethics and Compliance Committees may be set up in each of the countries where Cellnex is present should this prove necessary.

Main responsibilities of Cellnex’s Ethics and Compliance Committee.

In addition, the Committee will take part in planning training activities for employees of the business and support areas regarding the criminal liability of legal persons and the Model for the Prevention of Criminal Offences

In order to achieve ethical management of the business, Cellnex also has a Code of Ethics, adopted in 2015 by the Board of Directors of the company, which applies to all employees and stakeholders concerned. The aim of the Code is to establish benchmark guidelines of conduct for the entire company under strict ethical principles of honesty and transparency, based on good faith.

Likewise, the objectives of the Code of Ethics are:

• To establish general guidelines for action and behaviour;
• To define an enforceable ethical reference framework that should govern the work and professional conduct of everyone covered by it (all the employees, including directors, and all the managers of the administration bodies of the Companies in the Cellnex Group);
• To create a set of reference standards of conduct for stakeholders in contact with any of the companies in the Cellnex Group (partners, suppliers, customers, shareholders, partners, etc.);
• To establish a policy for preventing corruption in order to develop the guidelines to follow in the fight against corruption.

A communication campaign was run in 2016 to publicise the Group’s Code of Ethics among employees in Spain and Italy. In 2017, the Committee aims not only to roll out the code to the workforce in the Netherlands, France and the UK, but will also provide training in this field to ensure that all Cellnex staff are fully aware of the purpose and scope of the Code and of the responsibilities, guiding principles, standards of conduct, compliance system and existing information channels.

In addition, and in accordance with the new suppliers assessment system, in 2016 Cellnex started up an information campaign about its Code of Ethics, which will end in 2017.

The Cellnex Group Code of Ethics has an information channel, called the Ethical Channel, which is managed by the Ethics and Compliance Committee. The channel allows the possibility to confidentially inform of any potential significance irregularities detected within Cellnex Group companies.

Using the Ethical Channel, all affected individuals and stakeholders can:

• Consult any doubts about the interpretation of the Code of Ethics, its implementing regulations, and all applicable legislation and internal rules.
• Report any breaches of the Code of Ethics, its implementing regulations, and the applicable legislation and internal rules.

During 2016 there were no notifications of irregularities received through the various communication channels that are available to all personnel of the Group.

Communication channels:

• The Group’s intranet.
• E-mail: canaletico@cellnextelecom.com.
• By post addressed to the Ethics and Crime Prevention Committee.
• Other channels established in the internal rules.

Likewise, Cellnex offers a Corruption Prevention Procedure, approved in 2015 by the Board of Directors, which aims to develop patterns of behaviour to follow in the fight against corruption. This procedure also applies to all employees and stakeholders. In this regard, no cases of corruption were detected in the Cellnex group in 2016.

Risk management and compliance

The Cellnex risk management model is formalised in a risk management policy approved and overseen by the Audit and Control Committee. This model is embodied in a comprehensive risk management system that allows risks to be managed in a logical and structured way while facilitating effective and efficient decision-making. The main stages in risk management include:

• Risk identification: Identifying risks that may prevent Cellnex from attaining its strategic objectives. Cellnex’s risk management system includes four types of risks: strategic, financial, operational and compliance-related
• Risk analysis: Determining possible positive and/or negative impacts of such events materialising and the likelihood of their occurring.
• Assessing and developing risk action plans: Using the corporate risk map drawn up, the governing bodies of Cellnex will prioritise the treatment of risks based on strategic criteria of risk appetite and risk tolerance levels. Likewise, they will analyse the options available for responding to threats (either minimising the negative impact or maximising potential growth of opportunities)
• Monitor and review: Monitoring and updating the results of the risk management system by ensuring that the risks are identified and that the chosen risk treatment approach is the most efficient.

We should highlight that Cellnex’s risk management policy states that the various areas of the Group are responsible for each of those stages. More specifically, the departments within the organisation are responsible for identifying, assessing and tracking risks and for supervising and implementing control measures to mitigate the possible negative impacts of such risks.

Cellnex’s integrated risk management model involves the Steering Committee developing and monitoring a risk map while the Audit and Control Committee oversees its development. In addition, the progression of the main risks identified is communicated to the Board of Directors for consideration.

In 2016, the governing bodies of Cellnex worked to consolidate the organisation’s risk management model through the following actions:

• Monitoring the main risks on the Cellnex Spain map.
• Preparing and approving the Cellnex Italy risk map.
• Drawing up an audit plan based on the risks identified and prioritised in the risk map.

Essentially financial, strategic and operational and compliance risks have been identified within the Spain risk map.

In this regard, we should underline that the management team and the governing bodies of Cellnex are aware that creating value for the organisation is directly linked to managing risks that may jeopardise the sustainability of its strategy. In that connection, one objective set for 2017 involves implementing mechanisms for monitoring and checking the control environment of these risks through the audit plan.

GRI: G4-DMA, G4-2, G4-14, G4-45, G4-46, G4-47, G4-SO3, G4-56-57, SO4, SO6