Responsible risk management

Responsible risk management is integrated into every level of the Organisation. Effective risk management is what enables us to perform well and generate a return that is sustainable over time, which is key to our transformation.

Inditex’s Enterprise Risk Management (ERM) System establishes the Group’s risk management and control framework. The ERM encompasses the entire Group, end to end, and includes the corporate departments as well as the various business units and subsidiaries no matter where they are located.

The ERM addresses financial and non-financial risks. The Group classifies the risks to which it is exposed into six categories (which are then broken down into more specific risk categories): financial, geopolitical, technological, environmental, social and governance risks.

At Inditex we are strongly committed to being an agent of change in the garment industry’s sustainability transformation, an effort that includes addressing climate change, which is now a key aspect of our business strategy. Collaboration and teamwork with all our stakeholders are essential to making progress.

In 2021 we continued to work on improving alignment with the recommendations issued by the Task Force on Climate Related Financial Disclosures (TCFD). To that end, our TCFD VISION group, set up in 2019 with the mission of analysing, managing and adapting our climate management and awareness framework for those recommendations, designed a 2023 Alignment Plan, which encompasses a series of actions that will enhance our management of the risks and opportunities derived from climate change.

We believe in the need to take a holistic approach that involves analysing future climate scenarios and identifying the associated risks and opportunities in order to ensure a strategy that is resilient in the short and long term. Building on the work already done in prior years, the Inditex Group collaborated with the Centre for Risk Studies at Cambridge University to design a climate risk assessment model under different scenarios.

We believe that our approach to sustainability allows us to progress towards a triple objective: minimising potential environmental and social impacts in our value chain; mitigating our exposure to potential climate change risks; and, lastly, taking advantage of the opportunities created by a low-carbon economy.

We view IT security as key to enable robust digital transformation, underpinned by best information protection practices and resilient supporting processes.

At Inditex, we attach the utmost importance to protecting information and ensuring the continuity of all the processes that support our information channels. Our IT Security department is tasked with that mission and our IT Security Committee checks we are applying best practices in the areas of IT security and regulatory compliance and business ethics.

In 2021 we completed our Next Generation Cybersecurity project, a strategic plan put together in collaboration with international experts from a range of fields whose aim is to protect, tighten and raise the level of maturity of our IT security system.

To continue to flesh out our privacy culture, we worked on several fronts in 2021:

• Guaranteeing protection of our customers’ personal data through applicable regulations and the Group’s in-house standards.
• Driving continuous improvement of data and privacy protection within our compliance model. Specifically, we issued a series of official procedures and instructions, such as the Personal Data Protection Procedure which impacts how we design our data processing rules.