1. Company’s control environment

Give information describing the key features of at least:

1.1 Which bodies and/or functions are responsible for: (i) the existence and maintenance of an adequate and effective SCIIF; (ii) its implementation; and (iii) monitoring.

Board of Directors.

Apart from the matters reserved for the competence of the General Meeting, the Board of Directors is the highest decision-making, supervisory and controlling body of the Group, including being ultimately responsible for the existence and update of an appropriate and effective SCIIF.

The Board of Directors is entrusted with the direction, administration, management and representation of the Group, delegating in general the management of the day-to-day business of INDITEX to the executive bodies and to the management team and focusing on the general supervisory function, which includes guiding the policy of the Group, monitoring the management activity, assessing the management by the senior management, making the most relevant decisions for the company and liaising with the shareholders.

Pursuant to the provisions of the Articles of Association and the Board of Director’s Regulations, it is incumbent on the Audit and Control Committee to oversee the process for preparing and releasing the regulated financial information, and monitoring the effectiveness of the SCIIF.

Audit and Control Committee

Among the financial and monitoring duties incumbent on the Audit and Control Committee, it is charged with overseeing the process of preparation and release of the financial information and the effectiveness of the internal control systems of the Group. With this respect, the Committee discharges, inter alia, the following functions:

  • To oversee the effectiveness of internal control of the Group, the internal audit, and ERM systems.
  • To oversee the process of preparation and release of the regulated financial information and the effectiveness of the internal control systems of the company, and (in particular SCIIF) by checking the suitability and integrity of the same and by discussing with the external auditors of the company the significant weaknesses of the internal control system revealed in the course of the audit.
  • To periodically review the risk control and management policy and the management systems, which shall, at least address the different types of risks, the fixing of the risk level which is considered acceptable, the measures foreseen to mitigate the impact of the identified risks, and the systems of information and internal control.
  • To review the company’ s annual accounts and the periodic financial information that the Board of Directors must provide to the markets and the supervisory bodies, overseeing compliance with the legal requirements and with the correct application of generally accepted accounting principles.
  • To inform the Board of Directors about any significant change in the accounting criteria and about risks arising from the balance sheet or from any other source.

Most members of the Audit and Control Committee are independent directors. The Committee meets on a quarterly basis as well as any time it is called by its Chairman. It has met 5 times during FY2014.

Financial Division

The Dirección General de Finanzas [Financial Division] (hereinafter, DGF (Spanish acronym)) is responsible for the design, implementation and update of an appropriate SCIIF, as provided in the “Procedure for Enterprise Risk Management in respect of financial information”. Such procedure is part of the integral risks management system of the Group and it covers exclusively those risks which affect the financial information.

With this respect, DGF sets out and circulates the policies, guidelines and procedures associated with financial information production, and is charged with ensuring the appropriate enforcement thereof within the Group.

Internal Audit

Internal Audit is overseen by the Audit and Control Committee to which it reports. It is charged, inter alia, with supporting the Audit and Control Committee in overseeing the internal control of financial information systems, by performing specific audits about SCIIF, requesting action plans to correct or reduce any weaknesses revealed and by following-up the implementation of the proposed recommendations.

1.2. Existence, especially in the process of drawing up the financial information, of the following elements:

•Departments and/or mechanisms in charge of: (i) the design and review of the organizational structure; (ii) defining clear lines of responsibility and authority, with an appropriate distribution of tasks and functions; and (iii) deploying sufficient procedures for the effective circulation within the company

The Board of Directors is responsible for designing and reviewing the organizational structure and the responsibility lines within the Group. The departments charged with drafting the financial information are found within such structure.

The Nomination and Remuneration Committee is charged with providing and reviewing the criteria to be followed in the recruitment of senior managers. Such body is composed of a majority of independent directors.

It is incumbent on such Committee, inter alia, to report any appointment and/or resignation of senior managers of the Group proposed to the Board of Directors by the chief executive pursuant to the provisions of section 15.2.(e) of the Board of Directors’ Regulations.

Senior officers and the Human Resources Division (hereinafter DRRHH, (Spanish acronym)) are charged with describing duties and responsibilities of each area. Additionally, the Compensation Department, reporting to the DRRHH regularly assesses the classification, description and duties of each position. Such functions are disclosed to each of the affected areas.

For the purposes of preparing financial information, the Group has clearly defined authority and responsibility lines. The main responsibility in preparing financial information falls with the DGF.

The DGF is responsible for the existence and appropriate dissemination within the Group, of the internal control policies and procedures required to ensure the reliable drafting of the financial information. Likewise, the DFG schedules the key dates and the reviews to be carried out by each responsible area.

The structure, size and definition of duties and tasks of each position within the financial area are defined by the DGF together with the DRRHH.

To carry out its activity, the DGF is organized in the following departments:

  • Administration Department
  • Planning and Management Control Department
  • Financial Management Department
  • Enterprise Risks Management Department
  • Tax Department

The Group relies on financial organization structures that meet local requirements in each country where it operates, headed by a Chief Financial Officer who is charged, among other things, with the following:

  • Designing and setting local organizational structures fit for the performance of the financial tasks allocated;
  • Integrating into the local management the corporate financial policies defined by the Group;
  • Adapting corporate accounting and management systems to local requirements;
  • Enforcing the procedures which are part of the SCIIF of the Group and ensuring an appropriate segregation of functions at local level;
  • Launching and maintaining control forms through corporate IT tools.

• Code of conduct, approving body, degree of dissemination and instruction, principles and values covered (stating any specific mentions to the recording of transactions and the drafting of financial information), body in charge of investigating breaches and proposing corrective or disciplinary action.

The Board of Directors held on 17 July 2012 approved, after favorable report of the Audit and Control Committee, the Code of Conduct and Responsible Practices of the Inditex Group’s (which replaces both the Internal Guidelines for Responsible Practices of the INDITEX Group’s Personnel and the Code of Conduct) and the Code of Conduct for Manufacturers and Suppliers (which replaces the Code of Conduct for External Manufacturers and Workshops).

Therefore, the Group’s conduct policies are covered in the following codes:

  • The Code of Conduct and Responsible Practices.
  • The Code of Conduct for Manufacturers and Suppliers.
  • The Internal Regulations of Conduct regarding Transactions in Securities (hereinafter, the IRC).

The Code of Conduct and Responsible Practices

The Code of Conduct and Responsible Practices provides the action lines which must be followed by the Group in the performance of its professional duties.

Its goal consists of exacting an ethical and responsible professional conduct from INDITEX and its entire workforce in the conduct of their business anywhere in the world, as a gist of its corporate culture upon which the training and the personal and professional career of its employees are based. For such purposes, the principles and values which shall govern the relationship between the Group and its stakeholders (employees, customers, shareholders, business partners, suppliers and the societies where its business model is implemented) are defined.

The Code of Conduct and Responsible Practices is based upon a number of general principles, inter alia, that according to which the operations of the INDITEX Group shall be developed under an ethical and responsible perspective; all persons, whether natural or legal, who maintain, directly or indirectly, any kind of professional, economic, social or industrial relationships with INDITEX shall be treated in a fair and honourable manner and that according to which, all the activities of Inditex shall be carried out in the manner that most respects the environment, promoting biodiversity preservation and sustainable management of natural resources.

One of the standards covered under the Code of Conduct and Responsible Practices is the “Obligation to Record Transactions”, according to which:

“Any and all transactions carried out by Inditex which may have an economic impact shall be clearly and accurately shown on the appropriate records of accounts, as a true representation of the transactions carried out, and they shall be made available to the internal and external auditors.

Inditex’s employees shall enter the financial information on the company’s systems in a full, clear and accurate manner, so that they would show, as at the relevant date, their rights and obligations in accordance with the applicable regulations. Additionally, the accuracy and integrity of the financial information which, under the prevailing regulations in force shall be disclosed to the market shall be ensured.

Inditex undertakes to implement and maintain an appropriate internal control system on financial reporting, ensuring the regular supervision of the effectiveness of such system.

Accounting records shall be at all times made available to the internal and external auditors. For such purposes, Inditex undertakes to provide its employees with the necessary training for them to understand and comply with the commitments undertaken by the company regarding the internal control on financial information.”

In order to ensure compliance with the Code of Conduct and Responsible Practices, there is a Committee of Ethics, composed of:

  • The General Counsel and Code Compliance Officer
  • The Internal Audit Director
  • The Corporate Social Responsibility Director
  • The Human Resources Director

The Committee of Ethics may act of its own motion or at the behest of any of INDITEX employees, manufacturer, supplier or any third party involved in a direct relationship and with a lawful commercial or professional interest, further to a report made in good faith.

The Committee of Ethics reports to the Board of Directors through the Audit and Control Committee and has the following duties:

  • To supervise compliance with the Code and the internal circulation thereof to the Group’s personnel.
  • To receive any manner of written instruments with regard to the enforcement of the Code and to send them, where appropriate, to the relevant body or department which may be responsible for dealing with and settling such instrument.
  • To monitor and supervise the management and settlement of any file.
  • To solve any doubts which may arise, regarding the enforcement of the Code.
  • To propose to the Board of Directors, after report from the Audit and Control Committee, any explanation or implementation rule which the enforcement of the Code may require, and at least, an annual report to review its enforcement.
  • To oversee the Whistle Blowing Channel and compliance with the Procedure.

In the performance of its duties, the Committee of Ethics shall ensure:

  • The confidentiality of all the information and background and of the acts and deeds performed, unless the disclosure of information is required by law or judicial order.
  • The thorough review of any information or document that originated its action.
  • The commencement of such proceedings that adjust to the circumstances, where it shall always act with independence and full respect of the right of the affected person to be heard as well as of the presumption of innocence.
  • The indemnity of any employee as a result of bringing complaints in good faith to the Committee.

Decisions of the Committee of Ethics shall be binding for the INDITEX Group and for employees.

The Committee of Ethics submits a report twice a year, to the Board of Directors, reviewing its proceedings and the enforcement of the Code of Conduct and Responsible Practices.

Additionally, the Audit and Control Committee reports to the Board of Directors, on an annual basis as well as whenever this latter so requires, on the enforcement of the Code of Conduct and Responsible Practices and of the additional documents which comprise the regulatory compliance policy of the group from time to time in force.

The Code of Conduct for Manufacturers and Suppliers

The Code of Conduct for Manufacturers and Suppliers defines minimum standards of ethical and responsible behaviour which must be met by the manufacturers and suppliers of the products commercialized by INDITEX in the course of its business, in line with the corporate culture of INDITEX Group, firmly based on the respect for human and labour rights

The Code, which shall be applied to all manufacturers and suppliers that take part in the purchasing, manufacturing and finishing processes, fosters general principles that define INDITEX’s ethical behavior, i.e.: all INDITEX’s operations are developed under an ethical and responsible perspective; all persons, individuals or entities, who maintain, directly or indirectly, any kind of employment, economic, social and/or industrial relationship with Inditex, are treated fairly and with dignity; all INDITEX’s activities are carried out in a manner that most respects the environment; all manufacturers and suppliers (production centres that are not property of Inditex) fully adhere to these commitments and undertake to ensure that the standards which are set forth in the Code of Conduct for Manufacturers and Suppliers are met.

Manufacturers of goods commercialized by INDITEX are bound to comply with this Code of Conduct for Manufacturers and Suppliers and with the Code of Conduct and Responsible Practices, to the extent that they are applicable to them. Likewise, the remaining suppliers of goods and services of the Group shall enforce both Codes where applicable to them.

IRC

The Board of Directors approved on 20 July 2000, pursuant to the provisions of section 78 of Act 24/1988 of 28 July on the Stock Exchange and consistent rules, the “Internal Regulations of Conduct regarding Transactions in Securities of Inditex and its Corporate Group”.

The IRC governs such issues as confidentiality of relevant information, conflicts of interest declarations, transactions in securities of INDITEX and its corporate group by individuals within its scope (affected or related parties), treasury stock and communication of relevant facts.

Two revised texts of the Internal Regulations of Conduct regarding Transactions in Securities were approved by the Board of Directors held on 20 March and 11 December 2003, respectively, for the purposes of adjusting them first to the new obligations introduced by the Financial Act and then to the recommendations included in the Aldama Report; as a result of such review, certain concepts were redefined and control on transactions in securities which might be eventually carried out by Affected Persons was enhanced, among others.

Said revised text was lastly amended further to a resolution of the Board of Directors dated 13 June 2006, for the purposes of adjusting its contents to the provisions of Real Decreto 1333/2005 of 11 November, whereby the Stock Exchange Act in the matter of market abuse was implemented.

Finally, there is a Code Compliance Supervisory Board which reports directly to the Audit and Control Committee of the Board of Directors. Such Supervisory Board is composed of:

  • The Chairman and CEO
  • The General Counsel
  • The Director of the Capital Markets Department, and
  • The Head of Human Resources

Such Supervisory Board is responsible for developing procedures and implementing regulations to enforce the IRC. Likewise, within the Code Compliance Supervisory Board there is a Code Compliance Office. The General Counsel of the Inditex Group is the Code Compliance Officer. The Code Compliance Office is charged, inter alia, with enforcing the conduct policies of stock exchanges and the standards and procedures of the IRC on directors, officers, employees and any other person to which the IRC applies.

The proceedings of the companies which are a part of the Group and of all people with access to such information which may be deemed to be relevant information, and namely, financial information, shall adjust to the following principles: regulatory compliance, transparency, collaboration, information, confidentiality and neutrality. Both the Code Compliance Supervisory Board and the Code Compliance Office shall ensure that the above-referred principles are observed in respect of financial information.

With regard to the dissemination of the above-referred regulations, it is incumbent on the Human Resources Department of the Group to circulate a copy of the Code of Conduct and Responsible Practices to any new employees upon their joining the organization.

Likewise, such regulations are available at the corporate web page (www.inditex.com) and on the intranet, and are subject to the appropriate measures regarding disclosure, training and awareness-raising, so that they may be understood and implemented within the whole organization. Additionally, the Code of Conduct and Responsible Practices is also available on the stores TGT in most countries.

With regard to the IRC, the Code Compliance Office keeps a General Documentary Register of all Affected Persons (persons subject to the IRC) and it is bound to inform them that they are subject to the provisions of the IRC and of any breaches and penalties which would arise, where appropriate, from an inappropriate use of Reserved Information.

Likewise, the Code Compliance Office shall inform the Affected Persons that they have been included on the General Documentary Register and about any other issues addressed by Ley Orgánica 15/1999, of 13 December on the Personal Data Protection.

• Whistle Blowing Channel, for the reporting to the Audit Committee of any irregularities of a financial or accounting nature, as well as breaches of the Code of Conduct and malpractice within the organization, stating where appropriate, whether reports made through this channel are confidential.

There is a Whistle Blowing Channel available to all employees of the Group, manufacturers, suppliers or third parties with any direct relationship and a lawful business or professional interest, regardless of their tier or geographic or functional location, so that they may report through this Whistle Blowing Channel any breach of Inditex’s conduct and regulatory compliance policies which affect the Group, and which arise from any employees, manufacturers, suppliers or third parties with whom the Group has any direct employment, business or professional relationship.

Therefore, any breach and any manner of malpractice may be reported, including those of a financial and accounting nature.

It is incumbent on the Committee of Ethics to oversee the Whistle Blowing Channel and the enforcement of the Whistle Blowing Channel Procedure.

The proceedings of such Channel are implemented in the Whistle Blowing Channel Procedure approved by the Board of Directors last 17 July 2012; such document is available on the corporate intranet.

Reports about any breach or any queries regarding the construction or application of internal conduct and regulatory compliance policies may be sent to the company by post, for the attention of the Committee of Ethics (to Avenida de la Diputación, Edificio INDITEX, 15142 Arteixo, A Coruña); by e-mail to: (comitedeetica@inditex.com), or by fax (+34 981186211). The confidentiality of such reports is ensured

Upon receipt of the report, the Committee of Ethics verifies first whether it falls within its remit. If so, the Committee of Ethics will refer such report to the relevant department so that it would make the appropriate enquiry. Otherwise, the Committee of Ethics will order staying of proceedings.

In light of the findings reached further to the enquiry, the relevant department or departments shall, having heard first the interested party, propose any of the following measures to the Committee of Ethics which will have final say:

  • Remedy of the breach, if appropriate,
  • Proposal of penalties or relevant measures
  • Staying of proceedings, where no breach has been detected.

• Training and refresher courses for personnel involved in preparing and reviewing financial information or evaluating SCIIF, which address, at least, accounting rules, auditing, internal control and risk management

The Training and Development Department of the Group, which reports to the DRRHH, is charged with preparing, together with each of the areas reporting to the DGF and with internal Audit, training and refresher schemes for the different staff members involved in the preparing and overseeing the financial information of each and every company comprising the Group. Such schemes include, both general courses focusing on business expertise and knowledge of the different departments which make up the company, and specific schemes aimed at training and refreshing employees in respect of new regulatory changes in the matter of preparation and supervision of financial information.

  • General Training

    This training aims at the internal knowledge of each business unit, as well as of each department with their respective activities, functions and duties within the business.

    Pursuant to such training plan, employees begin by working at the stores, getting acquainted with the whole process of running a store. Then, they spend time at the different corporate departments at headquarters to finally visit any of the subsidiaries of the Group abroad.

  • Specific training

    Group employees involved in procedures associated with the drafting of financial information receive regular training and refresher courses focusing mainly on learning about local and international standards governing financial information

    Within the financial environment, such training and refresher schemes are organized by the Training and Development Department which reports to the DRRHH:

    At the beginning of each year, this Department prepares a “Training Scheme” encompassing the different courses, both external and internal, addressed to employees of the various departments comprising the DGF.

    Training courses are provided on an annual basis for all new supervisors of financial areas in each country, in order to train them in respect of the management model of the INDITEX Group, and in the internal control system on financial information implemented by the Group.

    Additionally, supplementary courses are taught by internal staff on the operation of financial software tools used in the preparation of financial information.

    During FY2014, a seminar headed “Internal Control” has been given to the different corporate supervisors charged with the Group’s internal control system on financial information. Issues covered in such seminar included types of control, assessment of their performance and effectiveness and identification of improvement opportunities.

    Likewise, the Group has launched during the year a new intranet with all the main courses taught, which are thus available to all the staff from the financial area.