3. Main risks that could prevent attainment of business goals

In order to permit a standard and comprehensive risks management, the Group has established a definition of risk valid for the whole Organization. Thus, the Group defines risk as: “any potential event which might have a negative impact on attainment of business objectives”.

Risks reviewed are classified and grouped in the following categories:

3.1. Business environment

These are risks stemming from external factors, connected with the Group’s business.

This category encompasses the risks regarding the difficulty in adjusting to the environment or market in which the Group operates, whether as regards procurement processes or distribution and sale of goods processes. This is inherent in the fashion retail business and consists of the eventual incapacity of the Group to follow and offer a response to the evolution of its target market or to adjust to the new situations in procurement countries.

With this respect, geopolitical, demographic and social and economic changes in procurement or distribution countries, the new ways of communication that arise, and changes in consumption habits, or the consumption decline in certain markets are, inter alia, factors which may have an impact on the effective achievement of the business goals of the Group.

3.2. Regulatory risk

Those are risks to which the Group is exposed arising from the different laws and regulations in force in the different countries where it does business.

Included in this category are risks regarding tax, customs, employment, trade and consumption and industrial and intellectual property regulations and risks associated with the remaining laws and regulations, namely regulatory risks of a criminal nature, whether or not they determine criminal liability of the natural person.

3.3. Reputation

Those are the risks which have a direct impact on the way the Group is perceived by its stakeholders (customers, employees, shareholders and suppliers) and by the society at large.

These risks arise out of a potentially inappropriate management of the issues regarding the social responsibility and sustainability, the responsibility on account of safety of products, the corporate image of the Group, including in social networks, as well as any other potential regulatory noncompliance which might have an impact on the reputation of the Organization.

3.4. Human Resources

The main risks in the human resources area are those arising out of the potential dependence on key personnel and of the difficulty in properly identifying and retaining talent, and in keeping an appropriate work climate.

3.5. Operations

The main operational risks the Group has to face up to arise out of a potential difficulty in recognizing and taking in the ongoing changes in fashion trends, and in manufacturing, supplying and putting on the market new models meeting customers’ expectation.

The risk arising out of business interruption is associated with the eventual occurrence of extraordinary events beyond the control of the Group (natural disasters, fires, strikes of haulers or of key suppliers, discontinuance in the supply of power or fuel, retention of goods during carriage, etc.,) that may significantly affect normal operations.

Given the way the Group works, the main risks included in this category are to be found in logistics centres and in external operators charged with carriage of the goods. The distribution of apparel, footwear, accessories and homeware for all the concepts is based upon 14 logistics centres spread throughout the territory of Spain. Logistics operations are also ensured by other smaller distribution centres located in different countries and with external logistics operators in charge of small volume distribution operations.

Other risks included in this category are those associated with real estate management, related to the search and selection of business premises and their profitability.

3.6. Financial

In the regular conduct of its business, the Group is exposed to financial risks. Included in this category are foreign exchange risk and counterparty credit risk. Additionally, given the ever growing international dimension of the Group’s business, the Company is exposed to the country risk in different markets.

Euro is the functional currency of the Group. Its international transactions involve using a large number of currencies other than the Euro, which gives rise to the foreign exchange risk. The Group has various investments abroad, the net assets of which are exposed to foreign exchange rate risk. As the consolidated financial statements of all the companies in the Group are prepared in the functional currency, i.e., Euro, it is faced with the foreign exchange risk on account of translation, in respect of all its entities outside the European Union. The company is also faced with the risk resulting from transactions in currencies other than Euro of flows of collections and payments for acquisition of goods and rendering of services both in respect of transactions within the Group and outside the Group.

The Group is not exposed to significant concentrations of counterparty credit risk. Most of its revenue results from retail sales, where payment is primarily made on demand, in cash or with credit card. At any rate, the Group is faced with the risk that counterparties, mainly financial ones, would fail to comply with the obligations stemming from investment of cash or other financial and securities vehicles, and from derivatives used for financial risks hedging.

3.7. Information for the decision making

The risks hereunder included are those linked to the appropriate information at all levels: transactional and operational, financing-accounting, management, budgeting and control.

The different departments of the Group and especially the Planning and Management Control Department and the Administration Department, which report to the Financial Division, are directly responsible for producing and supervising the quality of such information.

3.8. Technology and information systems

The risks hereunder covered include those linked to the technical infrastructure, the effective management of information, of computer and robotic networks and of communications. Risks connected with the physical and logical safety of the systems are also included, namely the risk of cyber-attacks against IT systems, which might eventually affect the confidentiality, integrity and availability of key information.

3.9. Corporate Governance

This category includes the risk of not having the appropriate management of the Group which might entail a breach of Corporate Governance and transparency rules.