D. Systems for control of risks
D.1. Risk policy of the Company and/or of its Group. Risks covered by the system. Justification for the adjusting of those systems to fit the profile of each type of risk
Enterprise Risks management in the INDITEX Group is a process driven by the Board of Directors and the Senior Management, incumbent on each and every single member of the Organization, which aims at providing a reasonable safety in the achievement of the targets established by the Group, ensuring the shareholders, other stakeholders and the market in general, an appropriate level of guarantee which ensures protection of created value.
In this context, Enterprise Risks Management in the Group starts with the identification and assessment of those factors that may affect negatively the achievement of the business goals, and this translates into a risks map that includes the main risks grouped in different categories, together with an assessment thereof in accordance with their potential impact, the likelihood of their occurring and the level of preparation of the Group to face up to them. The risk map is subject to review regularly in order to keep it updated by including the amendments regarding the evolution of the Group and of the environment where it operates Risks management process also covers the taking of a certain answer versus such factors, and the organization of the required controls measures for such answer to be effective.
Below are the main corporate areas that specialize in the risks management process in different fields:
- Enterprise Risks Management
- Code Compliance Office
- Financial Management
- Planning and Management Control
- Corporate Social Responsibility
- Occupational Hazards
- Environment
- IT Safety
- Additionally, certain specific Committees have been set up in respect of the follow-up of the major risks:
- Expansion Committee
- Logistics Committee
- Committee of Ethics
- Business Monitoring Committee
- Code Compliance Supervisory Board
Among the policies developed and implemented by the above mentioned areas regarding the management of the different risks, the following should be pointed out:
- Investment Policy
- Payment Management Policy
- Foreign Exchange Risk Management Policy
- Proxies Policy
- Code of Conduct for Manufacturers and Suppliers
- Health and Safety of the Product Policy
- Occupational Hazards Policy
- Environmental Risk Management Policy
- IT Safety Policy
Risks management system is overseen in an independent and objective manner by Internal Audit, which informs the Board of Directors thereof, through the Audit and Control Committee.
Additionally, these risks are considered upon preparing the Business Plan, etc., as part of the ERM system of the Group.
Risks reviewed are classified and grouped in the following categories:
1. Business environment
These are risks stemming from external factors, connected with the Group’s business.
This category encompasses the risks regarding the difficulty in adjusting to the environment or market in which the company operates, whether as regards procurement processes or distribution and sale of goods processes. This is inherent in the fashion retail business and consists in the eventual incapacity of the Group to follow and offer a response to the evolutions of its target market or to adjust to the new situations in procurement countries.
With this respect, demographic and social and economic changes in procurement or distribution countries, the new ways of communication that arise, and changes in consumption habits, or the consumption decline in certain markets are, inter alia, factors which may have an impact on the effective achievement of the business goals of the Group.
In order to reduce the exposure to risk in this area, the Group carries out a feasibility research for each new market, business line or store, considering pessimistic scenarios, and subsequently monitors whether the expected figures are met or not. Moreover, the business model of the Group is not only based upon the management of new openings, but also on improvements in the efficiency and effectiveness of the markets, business lines and stores already existing, so that the growth achieved via expansion and diversification, be complemented by the organic growth of the current business.
In line with the foregoing, the expansion policy, the multi-brand format of the Group and the use of new technologies as an option for communicating and selling to our customers, represent a way to diversify this risk, which downplays the global exposure to this risk of the market.
2. Regulatory risk
Those are risks to which the Group is exposed arising from the different laws and regulations in force in the different countries where it is present.
In order to provide a better management of the risks included in this category, they have been classified in accordance with their nature, into two groups: risks regarding the tax, customs, employment, trade and consumption and industrial and intellectual property regulations and risks associated to the remaining laws and regulations.
In order to reduce the exposure to risk in this area and secure the appropriate enforcement of the prevailing local legislation in force, the corporate Legal, Tax, Industrial Property and Human Resources departments, as well as the General Counsel’s Office work in coordination with the different supervisors and with the legal external advisors of each country or geographic area. In Section D.4 below, the laws that usually affect the Group in those countries where it operates are identified.
Special mention should be made of criminal regulatory risks. For the purposes of reducing such risks, the Group relies on a Manual on Criminal Risks Prevention.
The Internal Audit department conducts regulatory compliance audits on a regular basis with teams of independent professionals specializing in certain regulations which apply to business.
Additionally, the Corporate Social Responsibility Department regularly carries out social audits together with teams of independent professionals, with a great command of the language as well as of the local labour and environmental legislation, to ensure the appropriate enforcement of both the labour requirements covered by the International Labour Organisation (ILO) Treaties and the Human Rights covered in the major Treaties that govern this subject.
3. Reputation
Those are the risks which have a direct impact on the way the Group is perceived by its stakeholders (customers, employees, shareholders and suppliers) and by the Society in general.
These risks arise out of a potential improper management of the issues regarding the social responsibility and sustainability, the responsibility on account of the composition of products, as well as of the corporate image of the Group.
The Group has developed a Social Audit Program, based on the external and independent verification of the degree of implementation and compliance with the Code of Conduct for Manufacturers and Suppliers in order to minimize the potential risks of harming the image due to improper behaviours by third parties. Said program specifies the review procedures which secure the gathering of information and evidences on the minimum working conditions that all manufacturers, suppliers and external workshops must comply with. Additional information on this Program is provided in the “CSR with suppliers” section of the Annual Report.
In such sizable and visible organisations as the Group, some conflicts could arise out of an inappropriate relationship with third parties alien to the proceedings of the Group (CNVM, communication media, Investors, public authorities, etc.,).
The Group, through its Division of Communication and Institutional Relations, responsible for the centralized management of the communications with third parties, sets out the procedures and protocols required to minimize this risk. Likewise, given their relevance, the General Counsel’ s Office and the Capital Markets department are charged with managing specifically the relationship with CNMV and the latter is also charged with dealing with the investors.
Moreover, the large experience gained by the Group, given its long international career, allows it to minimize the risk attached to the difficulty in adapting its products and proceedings to the different social and cultural realities, uses and special features of specific markets, by setting up the right policies which allow it to identify and as the case may be, implement the required measures. Additionally, the Group controls and verifies the level of compliance with its health and safety of the products standards (“Safe to Wear” and “Clear to Wear”), as part of its production process.
4. Human Resources
The main risks in the human resources area are those arising out of the difficulty in properly identifying and managing talent, which could lead to an inappropriate positioning, qualifications and flexibility of human resources, an inappropriate labour environment, high turnover or a potential dependence on key personnel.
To minimize said risk, the Human Resources Department carries out continuous recruitment and hiring processes of new personnel. It has also developed a regular training program for its staff and has implemented specific systems:
- to combine quality in the performance of their duties by the employees and the satisfaction they may obtain at their workplace;
- to facilitate the exchange of jobs among those employees wishing to broad their experience in the different areas of the Organisation.
On the other hand, the work system implemented within the Organization favours the transfer of knowledge between the relevant employees in the different areas, thus minimizing the risk linked to depending excessively on the knowledge of key personnel Additionally, the use of career development, training and compensation policies seeks to retain key employees.
To ensure the appropriate labour environment, the Human Resources department is governed by a series of acting rules which are thoroughly reviewed in the Social and Environmental Performance Report.
On the other hand, a growing demand has arisen lately within the labour market, linked to the social responsibility of companies, which has become a key factor upon selecting a company for the job of choice. Therefore, such issues as equal opportunities or labour and work-family balance are inter alia, factors that the Company takes into account, with policies designed for such purposes.
With this respect, the INDITEX Group has implemented the Equal Opportunities Plan, with measures that seek to meet different goals, such as, inter alia: fostering the commitment and effective implementation of the equal opportunities principle between female and male employees, contributing to reduce inequality and imbalance, preventing labour discrimination, fostering the corporate commitment towards a better life quality, ensuring a healthy work environment and providing actions to promote family and work balance.
5. Operations
The main operational risks the Group has to face up to arise out of a potential difficulty in recognizing and taking in the ongoing changes in fashion trends, manufacturing, supplying and putting on the market new models meeting customers’ expectation.
The Group reduces the exposure to this risk through a manufacturing and procurement system that ensures a reasonable flexibility to answer to the unforeseen changes in the demand by our customers. Stores are permanently in touch with the designer team, through the Product Management Department, and this allows perceiving the changes of taste of the customers. Meanwhile, the vertical integration of the transactions allows cutting the manufacturing and delivery terms as well as to reduce the stock volume, while the reaction capacity that allows to introduce new products throughout the season, is kept.
Given the relevance that an efficient logistics management has on the appearance of such risks, the Group conducts a review of all the factors which may have a negative impact on the target of achieving the maximum efficiency of the logistics management, to actively monitor such factors under the supervision of the Logistics Committee.
The risk arising out of the interruption of the transaction is linked with the likely occurrence of extraordinary events beyond the control of the Group (natural disasters, fires, strikes of haulers or suppliers, discontinuance in the supply of power or fuel, etc.,) that might affect significantly the normal operative.
Given the operative of the Group, the main risks included in this category are to be found at the logistics centres and in external operators charged with transporting the goods. The distribution of apparel, footwear, accessories and home ware for all the formats is based upon 13 logistics centres spread throughout the territory of Spain. Logistics operations are also ensured by other smaller distribution centres located in 7 different countries. The size and use of all logistics centres is optimized on account of the volume of each format or the specific requirements existing in each geographic area serviced. Namely, some of the above referred logistics centre specialize in distribution of goods associated with on-line sales. Location of such centres has been considered so that they may be versatile to undertake storage capacity and distribution of other centres in the event of any contingency resulting from any potential accidents or stoppage of the distribution activities.
Additionally, the Group takes active measures to reduce risk exposure, by keeping high levels of safety and protection in all its distribution centres, together with insurance policies covering both the potential property damage incurred by the facilities and stock, as well as any loss of profit which might arise out of any loss.
In order to ensure the growth of the Group and enhance the flexibility of its business model, the Logistics Expansion Plan assess the need and envisages, where appropriate, investing in new distribution centres or in the extension of the existing ones, so as to minimize the risk linked to the logistics planning and sizing. Additionally, investments are carried out towards the improvement and automation within the existing centres so as to increase their capacity and efficiency.
To minimize the risks attached to the quality of finished product, the Group resorts to different monitoring systems based upon defined standards (“Safe to Wear” and “Clear to Wear”) whose implementation is mandatory within the production line, for all finished products, footwear and accessories.
To reduce exposure to the risk arising out of an improper customer satisfaction and service, the Group applies standard store service procedures, training and monitoring programs for store managers and assistants, and communication channels available for customers in order to ensure the quality of the sale and post sale service. Likewise, as a result of the introduction of a new sale channel through the online sale, certain mechanisms to follow-up the degree of satisfaction of customers regarding their online purchase have been set up. With this respect, Marketing and Internet departments of the two formats which currently offer online sale have prioritized the design of their websites, taking into account such premises, while, at the same time, making a large team of professionals available to support the queries, concerns or requests of the customers regarding their online purchase experience.
The Group reduces the risk linked to the real estate management, regarding the search and selection of business premises, through the monitoring of local markets where it operates and through the evaluation and supervision of new openings by the Expansion Committee.
6. Financial
In the regular conduct of its business, the Group is exposed to financial risks. Included in this category are foreign exchange risk, counterparty credit risk, liquidity risk and interest rates risk. Additionally, given the ever growing international dimension of the Group’s business, the Company is exposed to the country risk in different markets.
The Euro is the functional currency of the Group. Its international transactions give rise to the use of a large number of other than the Euro, which gives rise to the foreign exchange risk. This risk must be managed in a proactive, sufficient and systematic manner; to achieve this, the Group has implemented the Foreign Exchange Risk Management Policy with the major goal of reducing potential economic losses and volatility in the financial statements resulting from such risk. Exchange exposure materializes in terms of net investment, translation and transaction risks. The above referred policy sets the guidelines to manage all such exposures.
Payment Management Policy addresses the principles leading to ensure compliance with Group’s obligations, safeguarding its interests and setting up the required procedures and processes to ensure an effective and prompt payment management. Such policy determines the best manner, currency and terms to make payments, in economic, accounting and legal terms. Finally, the Payment Policy covers the potential exceptions and the procedure to authorize such exceptional payments. Meanwhile, the Proxies Policy determines the different proxies of Groups authorized to approve financial transactions on behalf of the Group, including payments, the level of authorization according to the Group to which they belong, the authorized amount of the transaction and the required pairing of proxies according to such criteria.
Under the current policy in force, exchange rate management is incumbent on the corporate Financial Management Department. Such policy lays down the review and follow-up procedures regarding exchange exposure and the potential hedging strategies, the procedure for acquiring derivatives and the recording and registration thereof. At present, forward contracts are the main hedging instrument.
The Group has various investments abroad, the net assets of which are exposed to exchange rate risk. As the consolidated financial statements of all the companies in the group are drafted in the functional currency, i.e., Euro, it is faced with the foreign exchange risk on account of translation, in respect of all its entities outside the European Union. The company is also faced with the risk resulting from transactions in currencies other than Euro of flows of collections and payments for acquisition and rendering of goods both in respect of transactions within the Group and outside the Group.
The Group is not exposed to significant concentrations of counterparty credit risk. Most of its revenue results from retail sales, where payment is primarily made in cash or through credit card. Anyway, the Group is faced with the risk that counterparties, mainly financial ones, would fail to comply with the obligations stemming from investment of cash or other financial and securities vehicles, and from derivatives used for financial risks hedging.
The Investment Policy of the Group, which aims at ensuring security, integrity and liquidity of financial assets of the company, provides the guidelines which need to be observed by counterparties and classifies them in panels in accordance with their rating and solvency profile and their relevance for the Group. Likewise, such Policy sets maximum exposure limits in terms of counterparty and provides procedures to ensure control, follow-up and monitoring of credit risk.
The Group has enough liquidity to undertake the funding requirements of its regular functional transactions and to face its future growth expectations. At present, the Group has no external debt and keeps on its balance sheet a sufficient position in very liquid assets (cash and cash equivalents). For the purposes of attending to any potential cash need, the Group relies on a sufficient number of loan agreements, both in Euro and in other currencies.
With regard to the interest rate risk, direct exposure of the Group to such risk is rather scarce, considering the non existence of leverage. However, as the value of financial assets depends upon the evolution of interest rates, the Group is exposed to such risk in terms of its financial investments. The Investment Policy of the Group aims also to minimize such risk by determining the nature, term and credit quality of the underlying integrating the investment vehicles of the company.
Finally, the international nature of the Group’s business determines the exposure to country risk in a growing number of markets. The Investment Policy sets guidelines with regard to the role of sovereign risk in terms of counterparty credit risk, and the influence thereof on financial assets and/or investment vehicles.
7. Information for the decision making
The risks hereunder included are those linked to the appropriate information at all levels: transactional and operative, financing-accounting, management, budgeting and control.
These are not significant risks in relative terms, although the various departments of the Group and especially the Planning and Management Control Department and the Administration Department, which report to the Financial Division, are directly responsible for producing and supervising the quality of such information. Moreover, in order to reduce exposure to this kind of risks, the Group regularly reviews the management information disclosed to the relevant officers and invests in IT, follow-up and budgeting systems, among others.
With regard to the risks associated to financial reporting, the Group has set up an Internal Control System on Financial Reporting (SCIIF, Spanish acronym) aimed at achieving an ongoing follow-up and assessment of the main risks associated, which permits ensuring reasonably the reliability of the public financial information of the Group. Section 7 of the schedule to this report: “Additional information to the current Model of Annual Corporate Governance Report pursuant to Sec. 61 bis of Act 24/1988 of 28 July, on the Stock Exchange (LMV, Spanish acronym) (as amended by the Fifth Final Provision of Act 2/2011 of 4 March, on Sustainable Economy)”, provides additional information on this issue.
In addition, the consolidated Annual Accounts and those of each and every relevant company are subject to review by the independent auditors who are also in charge of carrying out certain audit works regarding the financial information. Likewise, as regards the most significant companies of the Group, independent auditors are requested to issue recommendations on internal control.
8. Technology and information systems
The risks hereunder covered are those linked to the technical infrastructure and the efficient management of information and of the computing and robotic networks. The risks connected with the physical and logical safety of the systems are also included.
To reduce exposure to this type of risks, the IT department permanently monitors the streamlining and coherence of the systems, for the purposes of minimizing the number of software packages, maximising training of all users involved in handling these and guaranteeing the security and stability required for the continuous development of the activities of the Group.
Moreover, there are contingency systems in the event of computer stoppage, with double equipment and data storage in a different location to the main Centre, which would reduce the consequences of a breakdown or stoppage.
9. Corporate Governance
This category includes the risk of not having the appropriate management of the Group which might entail a breach of the Corporate Governance and transparency standards.
Therefore, compliance with the corporate governance system of the Company, which comprises the Articles of Associations, the Board of Directors’ Regulations, the Regulations of the General Meeting of Shareholders, the corporate policies implemented for enterprise risk management, and the internal regulations of the Group (the Code of Conduct and Responsible Practices, the Code of Conduct for Manufacturers and Suppliers, and the Internal Regulations of Conduct regarding Transactions in Securities – hereinafter, IRC).
The Code Compliance Supervisory Board and the Code Compliance Officer are charged with overseeing and enforcing the IRC.
With regard to the Code of Conduct and Responsible Practices and the Code of Conduct for Manufacturers and Suppliers, the Committee of Ethics is responsible for the enforcement and construction thereof. Such Committee may act “ex officio” or further to a report.
D.2. Materialization during the fiscal year of the various types of risks affecting the Company and/or its Group
The risks described in section D.1 are inherent in the business model and the activity of the Group; therefore they are always present somehow, throughout each financial year. However, none of them has had any significant impact on the Organization during last fiscal year, as control systems anticipated to meet such risks have been duly operative.
D.3. Committee or other governing bodies responsible for establishing and supervising the mechanisms of control
The main governing bodies responsible for controlling risks are the Board of Directors and the Audit and Control Committee.
1. The Board of Directors
The Board of Directors is responsible for identifying the main risks for the Group and for organising the appropriate internal control and information systems.
2. The Audit and Control Committee
The Audit and Control Committee assists the Board of Directors in its supervision and control duties by reviewing the internal control systems. The duties of the Audit and Control Committee are provided under the Articles of Association and the Board of Directors’ Regulations.
The Board of Directors’ Regulations provide that it is incumbent on the Audit and Control Committee, exclusively comprised of non-executive directors of the Group, to supervise the process for preparing and presenting the regulated financial information and the effectiveness of the internal control systems of the Group, (namely, of the internal control system on financial information) and to check the appropriate type and integrity of said systems. Additionally, the Audit and Control Committee is charged with overseeing the Internal Audit Department of the Group, approving the budget of the Department and the Internal Audit Plan, the annual report of activities of the Internal Audit department and supervising the material and human resources thereof, whether internal or external, to discharge its duties.
The Internal Audit Department is directly linked to the Board of Directors, to which it reports, through the Audit and Control Committee, thus ensuring the full independence of its acts.
In accordance with the Internal Audit Charter of the Group, the mission of the Internal Audit function is that of contributing to the good running of the Group, by assuring an independent supervision of the internal control system, and by providing recommendations to the Group that help reduce to reasonable levels the potential impact of the risks that hinder the accomplishment of the objectives of the Organization.
Likewise, according to the Charter, the goals of the Internal Audit function are to promote the existence of appropriate internal control and risk management systems, the homogeneous and efficient application of internal control system policies and procedures which make up such internal control system and to serve as communication channel between the Organization and the Audit and Control Committee, in relation to those matters that are responsibility of Internal Audit.
D.4. Processes of compliance with the various regulations that affect the Company and/or its Group
Among the external risks that affect the Group, a specific category described as “Regulatory” has been included, which is described in section D.1 above. Within this category, it has been thought fit to classify the risks in six groups, depending on the kind of regulation to which they refer and on the potential impact they have on the Group. This classification shall be used to detail the legislation that affects the Group in the conduct of its business.
- Consumer and trade legislation: linked with laws and regulations which govern those commercial issues which apply to retail: (business hours, end of season sales, etc.,) and any other regulations regarding consumers and users. Included in this group are such issues as: licence for store opening, business hours; end of season sales period and advertisement terms related thereto; conditions that must be met by the products being sold in stores, especially in relation to the labels and packaging, and generally, all aspects that affect retail sales.
- Tax legislation, relating to the taxes that are charged on the Group’s activities and profits.
- Customs legislation, referring to cross-borders movements of merchandise.
- Labour legislation, which regulates the relations with its workers as regards wages, working hours, labour calendar, health and safety, etc.,
- Intellectual and Industrial property legislation, which refers to protection of intellectual and industrial property rights, such as trademarks, industrial designs, copyrights, etc.,
- Other legislations, including common legislations for any listed company and specific legislation relating to the activity performed by the Group:
- Accounting legislation, relating to the accounting principles and standards.
- Securities market legislation, which affects all listed companies.
- General civil and mercantile legislation, relating to company law and civil and commercial contracts.
- Competition law, which specifically affects the relations with other competitors in the market.
- Real Estate legislation which fundamentally affects urban regulations, commercial properties and namely, the leases of business premises where the stores of the Group are located.
- Legislation governing the personal data protection, regarding protection in the processing of such data.
- Environmental legislation, regarding the proper treatment of waste, spillage, etc.,