1. Company’s Risk Management System

Risks management in the Inditex Group is a process driven by the Board of Directors and the Senior Management, incumbent on each and every single member of the Organization, which seeks to provide reasonable safety in the achievement of the targets established by the Group, ensuring the shareholders, other stakeholders and the market in general, an appropriate level of guarantee which ensures protection of value built.

In this context, the Enterprise Risks Management Policy of the Group sets the overarching principles, key risk factors and the general action lines to manage and control the risks which affect the Group. This Policy is enforced on the whole Group and is at the basis of an Integral Risks Management System which is currently being implemented at corporate level and within key business areas.

The Enterprise Risks Management Policy is developed and supplemented by specific internal policies or regulations with regard to certain areas or units of the Group. Among the internal policies or regulations developed and implemented by these areas regarding the management of the different types of risks, the following should be pointed out:

  • Investment Policy.
  • External Financing Policy.
  • Payment Management Policy.
  • Financial Risk Management Policy.
  • Code of Conduct and Responsible Practices.
  • Manual on Criminal Risks Prevention.
  • Internal Regulations of Conduct of the Inditex Group regarding Transactions in Securities.
  • Corporate Social Responsibility Policy.
  • Code of Conduct for Manufacturers and Suppliers.
  • Occupational Hazards Policy.
  • Environmental Sustainability Policy.
  • Information Security Policy
  • Procurement Policy
  • Tax Policy and Tax Strategy

The risk management process is described in detail in the Risks Management Manual attached to the Enterprise Risk Management Policy.

The whole process is based upon the identification and assessment of the factors which may have a negative impact on achievement of the business objectives, which translates into a risks map that includes the main risks which are classified in different groups, together with an assessment thereof based upon their potential impact, the likelihood of their occurrence and the level of preparedness of the Group to face up to them. The risks map is regularly reviewed to keep it updated, in order to include amendments related to the evolution of the Group itself and the environment where it operates. This risks management process also addresses a certain response vis-à-vis such factors, and the establishment of the control measures which are necessary for such response to be effective.

Within the Risks Management System, business units represent the first line of defense, and they report the relevant information to the Enterprise Risks Management Department, which coordinates the System as second line of defense.

Internal Audit acts as third line of defense, overseeing in an independent and objective manner the Risks Management System and reporting to the Board of Directors through the Audit and Control Committee.