Organizational, Management, and Control Model (adopted pursuant to Legislative Decree No. 231/2001)
Document approved by the Board of Directors with resolution on 27.11.2023
1. INTRODUCTION
TrueItalian Experience S.r.l. (hereinafter also referred to as "the Company" or "the Entity") is a company within the Assist Group engaged in the development, production, and commercialization of innovative products or services with high technological value. Specifically, it promotes the national tourism offering through the use of technologies and the development of original software, providing services aimed at both tourism businesses and private individuals.
2. PURPOSE OF THE MODEL
This document describes the Organizational, Management, and Control Model adopted by the Company pursuant to Legislative Decree No. 231 of June 8, 2001 (hereinafter, "D. Lgs. 231/2001" or "Decree"). Through this Model, the Entity aims to achieve the following objectives:
- Compliance with administrative liability regulations by analyzing the potential risks of unlawful conduct relevant under D. Lgs. 231/2001 and enhancing and integrating control measures to prevent such conduct;
- Promote and reinforce an ethical culture based on fairness and transparency in conducting business activities;
- Increase awareness among individuals operating on behalf of the Company in sensitive activities that any violation of the provisions herein may lead to disciplinary and/or contractual consequences, as well as potential criminal and administrative sanctions against them;
- Reaffirm the Company's strong condemnation of unlawful conduct, as such actions are contrary not only to legal requirements but also to the ethical principles that the Company upholds in its business activities;
- Enable the Company to intervene promptly through monitoring actions in risk-prone areas to prevent or counter the commission of offenses and to penalize behavior that contravenes the law and company policies.
The Organizational, Management, and Control Model (hereinafter referred to as "Model") therefore constitutes a coherent set of principles, procedures, and provisions that impact the internal functioning of the Company, its external relationships, and govern the diligent management of a control system over sensitive activities to prevent the commission or attempted commission of offenses referenced in D. Lgs. 231/2001.
The approval of this Model and its constituent elements is the exclusive prerogative and responsibility of the Company's Board of Directors.
3. RECIPIENTS OF THE MODEL
The rules and provisions contained within this Model apply to and must be observed by individuals who, even in practice, perform management, administration, direction, or control functions within the Entity, as well as employees, collaborators, consultants, and all third parties acting on behalf of the Company in areas identified as "at risk."
Thus, the "Recipients" of this Model include:
- Individuals with formal roles (of management, administration, and control of the Entity or one of its organizational units) who fall under the definition of “top management”;
- Individuals who exercise these functions even without formal designation;
- All personnel of the Entity, under any form of contractual relationship (including interns, fixed-term contractors, and project-based collaborators);
- Independent professionals formally integrated into the workforce;
- Members of the Supervisory Body, if appointed;
- All individuals who, although not part of the Company, maintain professional, commercial, and/or financial relationships of any kind with it;
- Anyone acting on behalf of the Entity under its direction and supervision, regardless of an employment relationship.
External collaborators, consultants, suppliers, freelancers, and other contractual counterparts are required by the Company to comply with the provisions of the Decree and the ethical principles adopted by the Company through the inclusion of specific contractual clauses ensuring their commitment to adhere to the rules outlined in Legislative Decree No. 231/2001 and the principles of the adopted Code of Ethics.
4. STRUCTURE OF THE MODEL
The structure of the Model consists of:
- The Company's Code of Ethics, which defines the general ethical values and principles that corporate bodies and their members, as well as employees, collaborators, and consultants of the Entity, must uphold in conducting their activities to prevent unlawful or non-compliant behaviors with company standards;
- A descriptive document of the "Organizational, Management, and Control Model," divided into:
1. General Part, which outlines the contents of the Decree, provides a brief description of the Company's organization, the methods for identifying risks and analyzing control measures, the appointment and functions of the Supervisory Body, references to the disciplinary system, communication and training activities on the Model, and the procedures for updating the Model itself;
2. Special Part, which describes, for each company process potentially at "risk of 231," the relevant offense categories, examples of how these offenses could occur, the behavioral principles to be respected, and the control measures to be ensured for risk prevention.
Integral parts of this document include:
1. Catalog of offenses under Legislative Decree No. 231/2001 (Annex 1).
5. CODE OF ETHICS OF TRUEITALIAN EXPERIENCE
The Code of Ethics of TrueItalian Experience is a primary regulatory source within the framework of the Organization, Management, and Control Model pursuant to Legislative Decree No. 231/2001, and therefore, the principles, values, and rules of conduct specified therein must be regarded as an integral and essential part of the set of protocols, standards, and procedures applicable in each operational area of the Entity.
The Code of Ethics is directed at the Company's governing bodies and their members, employees, collaborators, medical personnel, consultants, suppliers, and any other party who may act on behalf of the Entity.
Failure to comply with the principles and rules of conduct contained in the Code and the Model must be promptly reported to the Supervisory Body and will result in the application of the current disciplinary sanctions, without prejudice to any other civil, criminal, and administrative determinations.
6. REGULATORY FRAMEWORK
6.1 The Administrative Liability Regime for Legal Entities
Legislative Decree No. 231/2001, issued pursuant to the mandate granted to the Government under Article 11 of Law No. 300 of September 29, 2000, governs the "liability of entities for administrative offenses resulting from a crime."
This regulation applies to entities with legal personality as well as to companies and associations without legal personality.
Legislative Decree No. 231/2001 is based on certain international and community conventions ratified by Italy, which require the establishment of liability for collective entities for specific types of offenses.
Under the provisions introduced by Legislative Decree No. 231/2001, an Entity (hereafter also referred to as the "Company") may be held "liable" for certain crimes committed or attempted in the interest or to the benefit of the Company by:
- Top-level individuals, i.e., those who hold representation, administration, or management functions in the company or one of its organizational units with financial and functional autonomy, as well as those who exercise, even de facto, management and control over the same;
- Individuals under the direction or supervision of top-level individuals.
As for the concept of "interest," it is deemed applicable whenever the unlawful conduct is carried out with the sole intent of obtaining a benefit for the company, regardless of whether that goal was achieved.
Similarly, liability falls upon the company whenever the perpetrator of the offense, even if not acting to benefit the Entity, nonetheless secures an “advantage” for the legal entity, whether financial or otherwise.
The company's administrative liability is autonomous from the criminal liability of the individual who committed the offense and is complementary to it.
6.2 Offense Categories Provided by the Decree
The Decree pertains only to specific types of criminal offenses explicitly referenced by the Decree itself. For ease of presentation, these offense categories can be grouped as follows:
- Crimes against public administration (Articles 24 and 25 of Legislative Decree No. 231/2001);
- Cybercrime (Article 24-bis of Legislative Decree No. 231/2001);
- Organized crime (Article 24-ter of Legislative Decree No. 231/2001);
- Counterfeiting of currency, public credit instruments, duty stamps, and identifying instruments or marks (Article 25-bis of Legislative Decree No. 231/2001);
- Crimes against industry and commerce (Article 25-bis 1 of Legislative Decree No. 231/2001);
- Corporate crimes (Article 25-ter of Legislative Decree No. 231/2001);
- Terrorism and subversion of democratic order (Article 25-quater of Legislative Decree No. 231/2001);
- Practices of female genital mutilation (Article 25-quater.1 of Legislative Decree No. 231/2001);
- Crimes against individual personality (Article 25-quinquies of Legislative Decree No. 231/2001);
- Market manipulation and insider trading (Article 25-sexies of Legislative Decree No. 231/2001);
- Negligent manslaughter and serious or grievous injury due to workplace safety violations (Article 25-septies of Legislative Decree No. 231/2001);
- Transnational crimes (Article 10 of Law No. 146 of March 16, 2006, concerning the "ratification and implementation of the United Nations Convention and Protocols against Transnational Organized Crime, adopted by the General Assembly on November 15, 2000, and May 31, 2001");
- Crimes of receiving, laundering, and using money, goods, or assets of illicit origin, as well as self-laundering (Article 25-octies of Legislative Decree No. 231/2001);
- Crimes related to non-cash payment instruments (Article 25-octies.1 of Legislative Decree No. 231/2001);
- Copyright infringement (Article 25-novies of Legislative Decree No. 231/2001);
- Inducement to withhold or provide false statements to judicial authorities (Article 25-decies of Legislative Decree No. 231/2001);
- Environmental crimes (Article 25-undecies of Legislative Decree No. 231/2001);
- Employment of third-country nationals with irregular residence status (Article 25-duodecies of Legislative Decree No. 231/2001);
- Crimes related to racism and xenophobia (Article 25-terdecies of Legislative Decree No. 231/2001);
- Fraud in sports competitions and illegal betting or gambling (Article 25-quaterdecies of Legislative Decree No. 231/2001);
- Tax offenses (Article 25-quinquiesdecies of Legislative Decree No. 231/2001);
- Smuggling (Article 25-sexiesdecies of Legislative Decree No. 231/2001);
- Crimes against cultural heritage (Articles 25-septiesdecies and 25-duodevicies of Legislative Decree No. 231/2001).
Please refer to Annex 1 (Offense Catalog under Legislative Decree No. 231/2001) of this document for a detailed description of offenses covered by the Decree, including subsequent amendments and additions.
6.3 Sanctions under the Decree
If liability is established under the Decree for the commission or attempted commission of the offenses mentioned above, the following sanctions apply to the Company:
- Financial penalties, calculated through a quota-based system, determined by the judge within legally defined limits;
- Interdiction sanctions, which may include:
- Prohibition from engaging in specific business activities;
- Suspension or revocation of authorizations, licenses, or permits linked to the offense;
- Prohibition from contracting with public administration entities;
- Exclusion from benefits, funding, contributions, or subsidies and possible revocation of those granted;
- Ban on advertising goods or services;
- Confiscation of the price or proceeds of the offense;
- Publication of the sentence in one or more newspapers.
6.4 Exemption Conditions: Organizational, Management, and Control Models
A unique aspect of Legislative Decree No. 231/2001 is the exemption value attributed to organizational, management, and control models of the company.
The Entity is not liable for offenses committed in its interest or advantage by one of its top-level individuals if it can prove that:
- The governing body has adopted and effectively implemented organizational, management, and control models suitable for preventing the offenses covered by the Decree;
- The task of overseeing the functioning and observance of the models and ensuring their updates has been assigned to a body with autonomous powers of initiative and control;
- The individuals committed the offense by fraudulently circumventing the organizational models;
- The offense occurred without any omission or inadequate supervision by the designated body.
If an offense is committed by individuals under another's direction or supervision, the Entity is liable only if the commission of the offense resulted from a violation of the oversight obligations the Entity is required to observe.
Administrative liability of entities is explicitly excluded by law (Article 5, paragraph 2, of Legislative Decree No. 231/2001) if the top-level individuals and/or their subordinates acted exclusively in their interest or the interest of third parties.
7. ORGANIZATION OF THE COMPANY
7.1 Organizational Structure of the Entity
TrueItalian Experience S.r.l. is an innovative start-up under Article 25 of Decree-Law 179/2012 and, as such, is registered in the special section of the company register. The Company is part of the Assist Group, and its share capital is entirely held by the parent company, Assist Group S.r.l.
The Company is engaged in the development, production, and commercialization of innovative, high-tech products and services, specifically in promoting the national tourism offering through the use of technology and the development of original software, particularly by providing services targeted at tourism businesses and individuals.
The recipients of the Company's services are entities involved in the national tourism sector. These can include public entities (such as Ministries, Regions, Provinces, Municipalities, Associations, Promotion Entities, etc.) or private entities (in the hotel, restaurant, logistics, transportation, and cultural sectors).
TrueItalian Experience, under a service agreement with its parent company, Assist Group S.r.l., leverages the support and assistance of the latter in legal and corporate services. Additionally, through service agreements with VIDIERRE S.r.l., another entity within the Group, the Company utilizes its support and assistance for IT services.
The corporate structure includes a Board of Directors, from which a Chairman has been elected. The representation of the Company is vested in the Chairman of the Board of Directors and the Vice Chairman, appointed as Chief Executive Officer within the limits of the conferred mandate.
7.2 Governance and Internal Control Tools of the Entity
The main governance and internal control tools implemented by the Entity are as follows:
- The Company’s Articles of Association, which, in compliance with current legal provisions, include several rules related to the governance of the Company, aimed at ensuring the proper conduct of management activities;
- The organizational chart representing the Entity’s organizational structure;
- Powers of attorney granted by the Board of Directors and/or by notarized act;
- Internal organizational documentation;
- The Code of Ethics, which outlines the guidelines, ethical principles, and standards of conduct that the Company recognizes as its own and requires adherence to by all parties involved in its activities. This document also establishes behavioral guidelines and principles to prevent the offenses covered by Legislative Decree No. 231/2001 and, therefore, should be considered an integral part of this Model and an essential tool for achieving the Model’s objectives.
7.3 Development of the Organization, Management, and Control Model
The Model development process was carried out through the following project phases:
1. Identification of activities and processes that may potentially create the conditions, opportunities, and/or means for the commission of the offenses under the Decree (“sensitive activities”), as well as the corporate areas/functions involved in these activities.
2. Analysis of sensitive activities and processes, identifying the existing or necessary organizational and control mechanisms.
The control system was examined considering the following standard prevention measures:
- Existence of a power and authorization level system consistent with assigned organizational responsibilities and applicable regulations;
- Compliance with the principle of segregation of duties;
- Presence of formalized rules (e.g., policies and procedures);
- Existence of appropriate specific control mechanisms;
- Traceability of activities and controls;
with the aim of assessing their effectiveness in preventing or identifying significant risk situations under the Decree.
3. Identification of necessary improvement actions (Gap Analysis) in cases of deficiencies in the Internal Control System.
4. Preparation of the Organization, Management, and Control Model under Legislative Decree No. 231/2001, structured according to the Confindustria guidelines based on the results of the risk area mapping process.
7.4 Mapping of Risk Areas
The “sensitive activities” identified during the Model development process are as follows:
1. Selection, Hiring, and Personnel Management
2. Administrative Management of Personnel
3. Management of Incentive Systems, Employee Development, and Evaluation
4. Management of Training Activities
5. Management of Employee Benefits and Company Provisions
6. Management of Gifts and Discounts for Employees
Special Part Reference A – Human Resources Management
7. Management of Procurement of Goods, Services, and Consultancy
Special Part Reference B – Procurement Management
8. Management of Relations with Public Administration (including during inspections)
Special Part Reference C – Management of Relations with the Public Administration
9. Accounting and preparation of the financial statements
10. Tax management
11. Management of relations with Shareholders and Control Bodies
12. Management of intra-group relations (including management of service contracts with Group Companies)
13. Management of legal and corporate affairs
14. Management of monetary and financial flows
15. Management of expense reports and representation expenses
Special Part Reference D – Administration, Finance, and Control
16. Management of Information Systems
Special Part Reference E – Information Systems Management
17. Management of Communication and Marketing
18. Management of Events / Trade Shows and Sponsorships
19. Management of Gifts and Complimentary Items
Special Part Reference F – Marketing, Events, and Sponsorships
20. Management of Sales Activities
Special Part Reference G – Sales
21. Management of Occupational Health and Safety Compliance
22. Management of Environmental Compliance
Special Part Reference H – Management of Workplace Health, Safety, and Environmental Compliance
Some of the Sensitive Activities identified in the “Special Sections” may be performed by business functions belonging to other Group Companies, based on intercompany agreements.
In carrying out these intercompany relationships, the service-providing company must:
- adhere to the ethical and behavioral principles uniformly defined at the Group level and adopted by each Group Company through the adoption of the Code of Ethics;
- in accordance with the provisions of the same Code of Ethics, implement an internal control system that safeguards against the possible commission of offenses covered by the Decree;
- commit to respecting the Company’s Model (with specific reference to the applicable behavioral and control principles in relation to the sensitive activity carried out on behalf of the Company).
7.5 Updating the Model
The Board of Directors resolves to update the Model and to adjust it based on any necessary modifications and/or additions due to, for example:
- significant changes in the organizational structure or operations of the Entity;
- substantial violations of the Model and/or results from effectiveness assessments or industry-relevant public experiences;
- specific events (e.g., legislative developments, requests from the Board of Directors, etc.) requiring an expansion of the Model’s scope to address new risk scenarios.
The Model shall undergo periodic analysis by the Board of Directors and the Supervisory Body to ensure the ongoing, dynamic function of its purposes in relation to emerging requirements.
In any case, events necessitating a modification or update to the Model must be reported in writing by the Supervisory Body to the Board of Directors so that the Board may take the appropriate resolutions within its remit.
Amendments to the rules and company procedures required to implement the Model are made by the Entity’s structures. The Supervisory Body is kept informed of updates and the implementation of new operational procedures and is authorized to express its opinion on proposed changes.
8. SUPERVISORY BODY
The delegation of tasks to monitor the functioning and compliance of the Model, as well as its updating to a body within the Entity endowed with autonomous powers of initiative and control, together with the correct and effective performance of these tasks, represent essential prerequisites for exemption from liability as stipulated by Legislative Decree 231/2001.
The main requirements of the Supervisory Body (hereinafter also referred to as the “Supervisory Body”), as proposed by the Guidelines issued by Confindustria and also adopted by judicial authorities in various published judicial rulings, can be identified as follows:
- autonomy and independence;
- professionalism;
- continuity of action.
8.1 Establishment and Appointment of the Supervisory Body
The autonomy and independence of the Supervisory Body are reflected in the autonomous initiative for control, free from any form of interference or influence by any representative of the legal entity and, in particular, the administrative body.
The requirement of professionalism is represented by the technical abilities of the Supervisory Body to fulfill its functions regarding Model oversight, as well as the necessary qualities to ensure the Model’s dynamism through update proposals to be addressed to the company’s senior management.
Lastly, regarding continuity of action, the Supervisory Body must consistently oversee compliance with the Model, verify its effectiveness and efficiency, promote continuous updates, and serve as a constant reference point for any person performing work activities for the Company.
Legislative Decree 231/2001 does not provide specific guidance regarding the composition of the Supervisory Body. In the absence of such guidance, the Company has opted for a solution that, considering the objectives pursued by law and the directives derived from published jurisprudence, is capable of ensuring, in relation to the Company’s size and organizational complexity, the effectiveness of the controls assigned to the Supervisory Body.
The Company has opted for a single-member composition of its Supervisory Body, a choice ratified by the Board of Directors along with the adoption of this Model.
The Company’s Supervisory Body is established by resolution of the Board of Directors. The Supervisory Body holds office for a term of 3 years and is always eligible for re-election.
The Supervisory Body’s term ends upon expiration of the designated period established at the time of appointment, though it continues to perform its functions on an interim basis until a new Supervisory Body is appointed, which must occur at the next available Board of Directors meeting.
If the Supervisory Body ceases to serve during its term, the Board of Directors shall replace it by its own resolution.
The remuneration for the Supervisory Body is determined by the Board of Directors.
The appointment of the Supervisory Body is contingent upon the presence of subjective eligibility requirements. Specifically, at the time of appointment, the individual designated to serve as the Supervisory Body must issue a declaration attesting the absence of grounds for ineligibility, such as, by way of example:
- conflicts of interest, even potential, with the Company that may undermine the independence required by the role and responsibilities of the Supervisory Body. Examples of conflicts of interest may include:
- significant business relationships with the Company, with the parent company, or with its subsidiaries or affiliates, except for an employment relationship;
- significant business relationships with the President or delegated administrators (executive directors);
- having relationships or being part of the family unit of the President or executive directors, with “family unit” referring to a legally non-separated spouse and relatives up to the third degree;
- direct (or indirect) ownership of shares in the Company’s capital to an extent that would allow significant influence over the Company;
- administration functions in companies subject to bankruptcy, compulsory liquidation, or other insolvency proceedings within the three years prior to appointment as Supervisory Body or establishment of a consultancy/collaboration relationship with it;
- temporary disqualification or suspension from public office or from executive positions in legal persons or companies;
- existence of conditions of ineligibility or disqualification as provided by Art. 2382 of the Civil Code;
- preventive measures under the laws of December 27, 1956, no. 1423 or May 31, 1965, no. 575, and subsequent amendments and additions, except where rehabilitation has taken effect;
- conviction, in Italy or abroad, even if not yet final and including those conditionally suspended or plea-bargained pursuant to Art. 444 of the Italian Criminal Procedure Code, except where rehabilitation has taken effect, for offenses referenced by Legislative Decree 231/2001 or offenses impacting professional integrity;
- a non-final conviction or plea bargain for:
- imprisonment for not less than one year for one of the offenses in Royal Decree 16 March 1942, no. 267;
- imprisonment for not less than one year for offenses under laws governing banking, finance, securities, insurance, payment instruments;
- imprisonment for not less than one year for offenses against Public Administration, public faith, property, public economy, or tax offenses;
- imprisonment of at least one year for a non-negligent crime;
- offenses under Title XI of Book V of the Civil Code as amended by Legislative Decree 61/2002.
Should any of the above reasons for ineligibility arise for an appointed individual, they shall automatically forfeit their position.
If any Company employees serve as members of the Supervisory Body, termination of their employment shall also result in termination of the Supervisory Body role.
The Supervisory Body may, under its direct oversight and responsibility, enlist the cooperation of any Functions and structures within the Company or the Group, or external consultants, relying on their expertise. This flexibility enables the Supervisory Body to ensure a high level of professionalism and the necessary continuity of action.
To this end, the Board of Directors allocates a budget to the Supervisory Body based on its formally submitted requests to the Board. The budget allows the Supervisory Body to operate autonomously with the necessary tools to effectively carry out its tasks as provided by this Model and Legislative Decree 231/2001. Should additional funds be required, the Supervisory Body may request them from the Board, with subsequent accounting provided.
To ensure the Supervisory Body’s stability, revocation of the Supervisory Body’s powers and their transfer to another party may only occur for just cause, including organizational restructuring, via a specific Board resolution.
In this regard, “just cause” for revocation of the powers associated with the role of Supervisory Body may include, by way of example:
- a final conviction of the Company under the Decree or a plea-bargained conviction, showing “omitted or insufficient oversight” by the Supervisory Body as stipulated by Art. 6, paragraph 1, letter d) of the Decree;
- a conviction or plea bargain for the Supervisory Body for having committed one of the crimes or administrative offenses covered by the Decree (or similar offenses);
- violation of confidentiality obligations required of the Supervisory Body;
- failure to attend more than two consecutive meetings without valid reason;
- serious negligence in fulfilling duties, such as failure to prepare the semi-annual report for the Board of Directors on activities carried out;
- assignment of operational functions and responsibilities within the company organization incompatible with the Supervisory Body’s requirements for “autonomy and independence” and “continuity of action.”
In particularly serious cases, the Board of Directors may nonetheless suspend the Supervisory Body’s powers and appoint an interim Supervisory Body.
8.2 Functions and Powers of the Supervisory Body
The Supervisory Body is vested with the necessary initiative and control powers to ensure effective and efficient supervision of the Model’s functioning and compliance, as established by Art. 6 of Legislative Decree 231/2001.
In particular, the Supervisory Body must monitor:
- the actual adequacy and effectiveness of the Model in preventing the commission of offenses covered by Legislative Decree 231/2001, also taking into account the Company’s size and organizational and operational complexity;
- the ongoing maintenance of the adequacy and effectiveness of the Model over time;
- the adherence to the Model’s provisions by the Recipients, noting any violations and proposing corrective and/or disciplinary measures to the competent corporate bodies;
- the updating of the Model if any adjustments become necessary due to changes in corporate or regulatory conditions, proposing any necessary adjustments to the competent corporate bodies and verifying their implementation.
To carry out its functions, the Supervisory Body is granted the following tasks and powers:
- access to all Company structures and relevant corporate documentation to verify the Model’s adequacy and compliance;
- conduct regular spot checks on specific high-risk activities/operations and on compliance with control and behavioral measures outlined by the Model and internal procedures;
- promote the updating of risk mapping in the event of significant organizational changes or an extension of the types of offenses covered by Legislative Decree 231/2001;
- coordinate with relevant corporate functions to assess the adequacy of the internal regulatory framework and to define proposals for adjustment and improvement (internal rules, procedures, operational and control methods), subsequently verifying their implementation;
- monitor information/training initiatives aimed at promoting knowledge and understanding of the Model within the Company;
- request relevant information from corporate managers, particularly those working in areas potentially exposed to risk, to verify the Model’s adequacy and effectiveness;
- collect any reports from any Recipient of the Model concerning: i) any critical aspects of the measures in the Model; ii) violations of the Model; iii) any situation that may expose the Entity to criminal risk;
- periodically report to the Director and managers of the relevant Areas/Functions any violations of control measures referred to in the Model and/or corporate procedures or deficiencies identified during audits, enabling them to undertake corrective actions and involve the Board of Directors where necessary;
- ensure consistent application of the sanctions provided by internal regulations in cases of Model violations, without prejudice to the governing body’s authority in applying disciplinary measures;
- identify any behavioral deviations that may emerge from analyzing information flows and reports provided by the Model’s Recipients.
Training activities on Decree 231 and the contents of the adopted Organizational Model are promoted and supervised by the Company’s Supervisory Body, which may rely on the operational support of relevant corporate functions or external consultants.
Each year, the Supervisory Body requests a dedicated budget for its exclusive use to execute its duties.
The Supervisory Body is bound by confidentiality regarding all information it becomes aware of in the course of performing its duties. Disclosure of such information is permitted only to specific persons and by means outlined in this Model.
8.3 Information Flow Requirements for Specific Events and Whistleblowing
The Supervisory Body must be promptly informed by the Recipients of the Model, through appropriate notifications, about acts, behaviors, or events that may constitute a violation of the Model or that are otherwise relevant under Legislative Decree 231/2001.
Specifically, all Recipients of this Model are obligated to promptly report the following information to the Supervisory Body (so-called “reports”):
- the commission, attempted commission, or reasonable risk of commission of offenses stipulated by the Decree;
- any alleged violations of the behavioral and operational procedures defined in the Code of Ethics, the Model, and/or the company’s regulatory and procedural framework, of which they have direct or indirect knowledge;
- in any case, any act, fact, event, or omission observed or noted in the performance of assigned responsibilities and duties, with a potential to conflict with the Decree’s provisions.
Each report must be detailed, based on precise and consistent facts, and must include a comprehensive description of the subject of the report, the persons involved, the time period in which the violation occurred, and, where available, supporting documentation.
Written reports may be sent via regular mail to:
TrueItalian Experience S.r.l. – San Polo D’Enza (RE) 42020 – Via Ermete Conti n. 7,
or in accordance with the methods specified in related procedures that will be updated, adopted, and properly communicated.
It is also possible to request a direct meeting with the Supervisory Body to provide a verbal report.
Reports received by other company entities must be forwarded (in the original with any attachments) to the Supervisory Body within seven days of receipt. Transmission must comply with strict confidentiality criteria and use methods that protect both the reporting individual and the identity of the reported parties, without compromising the effectiveness of subsequent verification activities.
The Supervisory Body will examine all received reports, verifying their truthfulness and reliability while ensuring traceability of the assessments made. If deemed appropriate, the Supervisory Body may contact the reporting individual for additional information and may also seek assistance from relevant company functions or specialized external consultants.
Any actions resulting from the investigations are defined and implemented in accordance with the Disciplinary and Sanctioning System (see chapter 9).
The Company, at all stages of the procedure, ensures compliance with the applicable provisions for handling reports in the private sector.
All received reports are managed with guaranteed confidentiality regarding the existence and content of the report, as well as the identity of the reporting persons (if provided), subject to legal obligations and the protection of the Company’s rights or those of persons wrongly accused or in bad faith.
The Company expressly prohibits any act of retaliation or discrimination, whether direct or indirect, against reporting individuals for reasons directly or indirectly connected to their reports. These protections apply not only to employees of TrueItalian Experience but also to anyone who comes into contact with the Company (e.g., independent contractors, consultants, suppliers, interns, volunteers, etc.), as well as designated “facilitators” and third parties connected to the reporting person (e.g., colleagues and family members).
Finally, conduct that is subject to sanctions in accordance with the Disciplinary and Sanctioning System (see chapter 9) includes the violation of protection measures for the reporting person and connected individuals established by the Company, as well as reports made with intent or gross negligence that are proven to be unfounded.
8.4 Periodic Information Flows
In addition to the reports referenced in the previous paragraph, the relevant corporate Areas/Functions must obligatorily transmit to the Supervisory Body, within the timeframes set by the Body, information concerning the following (so-called "general information"):
- any measures and/or notifications from law enforcement agencies or any other authorities that reveal the conduct of investigations or criminal proceedings, even against unknown persons, related to matters of interest and/or potentially involving the Entity (related to Legislative Decree 231/2001 or otherwise);
- any measures and/or notifications concerning the existence of significant administrative or civil proceedings related to requests or initiatives from public authorities;
- any summons or subpoenas involving individuals connected to the Entity or its collaborators;
- requests for legal assistance submitted by employees if they are subject to criminal or civil proceedings (not limited to offenses under Legislative Decree 231/2001);
- information on any inspections conducted by public administration officials as communicated by all corporate Areas/Functions;
- updates on disciplinary proceedings conducted, any sanctions imposed, or dismissals of such proceedings along with their respective justifications;
- notifications of organizational and corporate changes;
- anomalies or issues identified by responsible persons while carrying out sensitive activities relevant to the application of Legislative Decree 231/2001.
Each Area/Function Manager within the Entity, as the person responsible for the full and correct adoption of company policies to safeguard against risks identified in their respective sectors, is also required to periodically submit to the Supervisory Body the data and information necessary for the monitoring functions carried out by the Body.
General information and specific information must be sent to the Supervisory Body in written form using the dedicated email address: odv@trueitalianexperience.it.
All required information or reports are stored by the Supervisory Body in a dedicated, confidential archive (electronic or paper-based).
8.5 Reporting of the Supervisory Body to Other Corporate Bodies
To ensure full autonomy and independence in carrying out its functions, the Supervisory Body reports directly to the Board of Directors of the Entity.
Specifically, the Supervisory Body produces and provides the Board of Directors with:
- biannual report on the activities conducted;
- a notification, as relevant, upon verification of Model violations with suspected commission of offenses.
The Supervisory Body also has the authority to request an audience with the Board of Directors whenever deemed necessary. Likewise, the Board of Directors has the authority to convene the Supervisory Body as it sees fit.
The biannual reporting includes the following aspects:
- - controls and audits carried out by the Supervisory Body and their outcomes;
- - any identified issues;
- - progress on any corrective or improvement actions to the Model;
- - any legislative updates or organizational changes that may require updates to risk identification or modifications to the Model;
- - any disciplinary sanctions imposed by the relevant bodies following violations of the Model;
- - any reports received from internal or external individuals during the period regarding alleged violations of the Model or the Code of Conduct;
- - the activity plan for the upcoming semester;
- - other relevant information.
The Supervisory Body may initiate coordination meetings with various corporate bodies, including the Control Body.
Meetings with corporate bodies to which the Supervisory Body reports must be documented. The Supervisory Body is responsible for archiving the related documentation.
9. DISCIPLINARY AND SANCTION SYSTEM
9.1 Purpose of the System
The establishment of a disciplinary system, applicable in cases of violations of the provisions set forth in this Model, is essential to ensure the effective implementation of the Model itself, as well as a prerequisite for enabling the Company to benefit from exemption from administrative liability.
The application of disciplinary sanctions is independent of the outcome of any criminal proceedings, as the rules of conduct and internal procedures are binding on Senior Executives and Subordinates, regardless of whether a crime was actually committed as a result of the conduct in question.
The exercise of disciplinary power by the Company must adhere to the following principles:
- Proportionality, matching the sanction to the severity of the violation in question;
- Due process, ensuring the involvement of the affected party by providing an opportunity to present justifications in defense of their conduct.
Violations of the rules and provisions outlined in the Model, including the codes of conduct within the Code of Ethics, are assessed for the purposes of applying disciplinary sanctions in accordance with legal provisions and the relevant provisions derived from Collective Labor Agreements relating to the category of personnel concerned.
The Disciplinary and Sanction System of this Model also provides for sanctions in cases of breaches of whistleblower protection measures and for those who submit false reports with intent or gross negligence. Furthermore, it addresses, in general, non-compliance with the provisions regarding whistleblowing as stipulated by Legislative Decree no. 24/2023 of March 10, 2023, which implements EU Directive no. 2019/1937 on the protection of persons who report breaches of Union law and provides provisions regarding the protection of persons who report violations of national regulatory provisions.
9.2 General Criteria for Imposing Sanctions
The sanction system is differentiated according to:
- the category of recipients as per Art. 2095 of the Italian Civil Code, and the potential autonomous or semi-autonomous nature of the relationship between the violator and the Company;
- the seriousness of the violation and the role and responsibility of the violator, considering the following general criteria:
- Subjective element of conduct (intent or negligence, including imprudence, carelessness, or lack of skill, also considering the predictability of the event);
- Significance of the violated obligations;
- Severity of the risk exposure caused;
- Extent of damage potentially caused to the Company by the application of sanctions provided for by the Decree and subsequent amendments;
- Functional position and level of responsibility and autonomy of those involved in the violation;
- Presence of aggravating or mitigating circumstances
- Possible recidivism
- Potential shared responsibility with others who contributed to the infraction.
Consequently, in reference to the Recipients, in cases of verified infractions, the Company, in accordance with the corporate position held by the individual responsible for the offending or omissive conduct:
- applies the disciplinary sanctions set forth in Sections 9.3 and 9.4 to its employees, in compliance with legal provisions, the applicable Collective Labor Agreement, and the Code of Ethics;
- exercises the actions deemed most appropriate toward members of the Board of Directors, depending on the severity of the infractions committed, as further specified in Section 9.5.
Furthermore, the Company adopts measures against third parties as specified in Section 9.6.
These actions are undertaken in accordance with legal and/or contractual provisions, as outlined in this Model 231.
9.3 Sanctions for Employees (Non-Executive)
The individual behavioral rules set forth in this Model constitute “instructions for the execution and regulation of work given by the employer,” which, pursuant to Article 2104 of the Italian Civil Code, every employee is required to follow; non-compliance with the Model by an employee therefore constitutes a contractual breach, in response to which the employer may impose disciplinary sanctions as provided by law and collective bargaining agreements.
If a violation of the Model attributable to the Employee is confirmed, and in accordance with the provisions of Article 7 of Law 300/1970 and the applicable Collective Labor Agreement, the following disciplinary measures may be applied:
- Verbal warning;
- Written warning;
- Fine not exceeding the amount of three hours' wages;
- Suspension from work and pay for a period not exceeding 10 days of actual work;
- Individual dismissal.
The disciplinary procedure for issuing charges will be promptly initiated within 10 days of the employer becoming aware of the facts and/or non-compliance relevant for disciplinary purposes.
The disciplinary measure shall not be imposed until five days after the charge is issued, during which time the employee may present their defenses and justifications in writing or request a hearing for their defense, with the possible assistance of a representative of the trade union to which they belong or have delegated authority. Notification of the disciplinary measure will be given in writing.
An employee wishing to challenge the disciplinary measure imposed may use the conciliation procedures under Article 7 of Law 300/1970 or those provided by the applicable Collective Labor Agreement.
Sanctions are imposed in accordance with the powers assigned within the Company. Every document related to the disciplinary procedure must be communicated to the Supervisory Body for its assessment and monitoring purposes.
9.4 Sanctions for Executives
In the event of a confirmed violation by an Executive of the provisions of the Model, or if it is proven that an Executive has allowed employees hierarchically subordinate to them to engage in conduct that constitutes a violation of the Model, the Company will assess the most appropriate actions based on the severity of the Executive's conduct, the collective bargaining agreement, and applicable legal provisions, including the termination of the employment relationship.
9.5 Sanctions for Directors
If conduct subject to sanction under the Model has been carried out by one or more members of the Board of Directors, the Supervisory Body promptly informs the entire Board of Directors so that, excluding the director involved, the Board may take and/or promote the most appropriate actions in relation to the severity of the violation, in accordance with the powers provided under applicable law and the Company’s bylaws.
The member(s) of the Board of Directors to whom the violation is attributed shall have the right to promptly present their defense prior to the imposition of any measures as described above.
9.6 Sanctions for Third Parties
The adoption of behaviors by third parties with contractual relationships with the Company (e.g., suppliers, consultants, and collaborators) that are in conflict with Legislative Decree 231/2001, the ethical principles adopted by the Company, or—for those acting on behalf of the Company—the provisions of this Model (as applicable to the activities performed under their mandate from the Company) and any specific procedures and/or regulations applicable to them, shall be sanctioned as specified in the contractual clauses included in the relevant agreements or letters of appointment.
The adoption of such behaviors may be deemed a breach of contractual obligations and may lead to the termination of the contract by the Company.
10. COMMUNICATION AND TRAINING
The Company promotes widespread dissemination and understanding of the Model and encourages compliance with it through publications, communications, training activities, and any other means deemed appropriate for this purpose, based on annual training plans tailored to the roles and responsibilities of the different recipients.
Training initiatives are generally organized and managed by the relevant internal departments. The training programs and the content of the informational materials prepared by these departments are shared with the Supervisory Body.
[1] As amended by Law 190/2012 and the more recent Legislative Decree 75/2020, regarding the introduction of offenses in Articles 24 and 25, including: (i) fraud in public procurement (Art. 356 of the Criminal Code); (ii) agricultural fraud (Art. 2, Law 898/1986); (iii) embezzlement (Art. 314, paragraph 1); (iv) embezzlement through exploitation of others’ error (Art. 316 of the Criminal Code); (v) abuse of office (Art. 323 of the Criminal Code).
[2] As amended by Law 190/2012 concerning the introduction of the offense of "Private-to-private Corruption" (Art. 2635 of the Civil Code) and the more recent Law of May 21, 2015, no. 69 (Law 69/2015) concerning the revised offenses of "false corporate communications" (Art. 2621 of the Civil Code), "false corporate communications of listed companies" (Art. 2622 of the Civil Code), and the new "false corporate communications of minor significance" (Art. 2621-bis of the Civil Code), with redefined penalties.
[3] As amended by Law December 15, 2014, no. 186 (Law 186/2014), introducing the offense of self-laundering under Art. 648-ter.1 in the catalog of offenses under Decree 231, as well as the more recent Legislative Decree 195/2021, which amended offenses in Article 25-octies of Legislative Decree 231/2001. This amendment expanded, for the first time, the range of predicate offenses for receiving stolen goods, money laundering, reuse, and self-laundering to include contraventions, providing new and independent penalty frameworks. Additionally, the above Decree extended the applicability of laundering and self-laundering offenses to assets originating from “even negligent” crimes and introduced/modified circumstantial hypotheses as well as adapting the related penalty frameworks.
[4] As supplemented by Law of May 19, 2015, no. 68 (Law 68/2015), which introduced eight new offenses into the Criminal Code within Title VI-bis (Book II), “Crimes Against the Environment,” marking their relevance under Legislative Decree 231/2001 and their respective penalties.
[5] As amended by the recent Legislative Decree 75/2020, introducing to Article 25-quinquiesdecies the offenses of: (i) false tax return (Art. 4, Legislative Decree 74/2000); (ii) failure to file a tax return (Art. 5, Legislative Decree 74/2000); (iii) unlawful compensation (Art. 10-quater, Legislative Decree 74/2000).
[6] The personal data of the whistleblower, the accused, and all individuals involved in the report are processed in accordance with current data protection regulations under Regulation (EU) 2016/679 ("GDPR") and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
[7] On March 16, 2023, Legislative Decree no. 24 of March 10, 2023, implementing EU Directive 2019/1937 of the European Parliament and the Council on the protection of persons reporting breaches of Union law, was published in the Official Gazette. The provisions of the aforementioned Decree will take effect from July 15, 2023.
Reports submitted prior to the effective date of the Decree, as well as those submitted until July 14, 2023, will continue to be governed by the provisions of Article 54-bis of Legislative Decree no. 165 of 2001, Article 6, paragraphs 2-bis, 2-ter, and 2-quater, of Legislative Decree no. 231 of 2001, and Article 3 of Law no. 179 of 2017.
For private sector entities employing an average of up to 249 employees over the past year, the obligations arising from the new legislation will take effect from December 17, 2023. Until then, Article 6, paragraph 2-bis, letters a) and b), of Legislative Decree no. 231 of 2001, as in force until the date of entry into force of Legislative Decree 24/2023, shall continue to apply. Upon entry into force of the provisions of Legislative Decree 24/2023, Article 6, paragraph 2-bis, of Legislative Decree no. 231 of 2001 is replaced with the following: "2-bis. The models referred to in paragraph 1, letter a), shall provide, pursuant to the Legislative Decree implementing Directive (EU) 2019/1937 of the European Parliament and Council of October 23, 2019, internal reporting channels, anti-retaliation provisions, and the disciplinary system, adopted pursuant to paragraph 2, letter e)."
[8] Referring to individuals who may have assisted the whistleblower during the reporting process in the workplace.
[9] National Collective Bargaining Agreement for Commerce, Services, and Distribution.
[10] Should the Manager hold powers of attorney with authority to represent the Company externally, the imposition of a disciplinary dismissal will also result in the revocation of such power of attorney.