3. Main risks that could prevent attainment of business goals

In order to permit a streamlined and comprehensive risks management, the Group has established a definition of risk valid for the whole Organization. Thus, the Group defines risk as: “any potential event which might have a negative impact on the achievement of its business objectives”.

Risks reviewed are classified and grouped in the following categories:

3.1. Business environment

These are risks stemming from external factors, connected with the Group’s business.

This category encompasses the risks regarding the difficulty in adjusting to the environment or market in which the Group operates, whether as regards procurement processes or distribution and sale of goods activities. This element is inherent in the fashion retail business and consists of the eventual inability of the Group to follow and offer a response to the evolution of its target market or to adjust to the new situations in procurement or distribution countries.

In this respect, geopolitical, demographic and social and economic changes that trigger the country risk in procurement or distribution countries, the emergence of new communication channels and changes in consumption habits or the consumption decline in certain markets are, inter alia, factors which may have an impact on the effective achievement of the business objectives of the Group.

3.2. Regulatory risk

Those are risks to which the Group is exposed arising from the different laws and regulations in force in the different countries where it conducts its business.

Included in this category are risks regarding tax, customs, employment, trade and consumption and industrial and intellectual property regulations, and risks associated with the remaining laws and regulations, namely regulatory risks of a criminal nature, regardless of whether or not they determine criminal liability of the natural person.

3.3. Reputation

Those are the risks which have a direct impact on the way the Group is perceived by its stakeholders (customers, employees, shareholders and suppliers) and by the society at large.

These risks arise out of a potentially inappropriate management of the issues regarding social responsibility and sustainability, responsibility on account of health and safety of products, the corporate image of the Group, including in social networks, as well as any other potential regulatory noncompliance which might have an impact on the reputation of the Organization.

3.4. Human Resources

The main risks in the human resources area are those arising out of the potential dependence on key personnel and of the difficulty in properly identifying and retaining talent, and in keeping an appropriate work environment in all work centres.

3.5. Operations

The main operational risks the Group faces arise out of a potential difficulty in recognizing and taking in the ongoing changes in fashion trends, and in manufacturing, supplying and putting on the market new models meeting customers’ expectations.

The risk arising out of business interruption is associated with the potential occurrence of extraordinary events beyond the control of the Group (natural disasters, fires, strikes of haulers or of key suppliers, power outage, discontinuance in the supply of fuel, goods detention during carriage, etc.,) that may significantly affect normal operations.

Given the way the Group works, the main risks included in this category are to be found in logistics centres and in external operators charged with carriage of the goods. The distribution of apparel, footwear, accessories and homeware for all the concepts is based upon 14 logistics centres spread throughout Spain. Distribution logistics are also ensured by other smaller distribution centres located in different countries and by external logistics operators in charge of small volume distribution operations.

Other risks included in this category are those associated with real estate management, related to the search and selection of business premises and their profitability.

3.6. Financial

In the regular conduct of its business, the Group is exposed to financial risks. Included in this category are foreign exchange risk and counterparty credit risk. Additionally, given the ever-growing international dimension of the Group’s business, the Company is exposed to the country risk in different markets.

The Euro is the functional currency of the Group. Its international transactions involve using a large number of currencies other than the Euro, which gives rise to the foreign exchange risk. The Group has various investments abroad, the net assets of which are exposed to foreign exchange rate risk. As the consolidated financial statements of all the companies in the Group are prepared in the functional currency, i.e., Euro, it is faced with the foreign exchange risk on account of translation, in respect of all its entities outside the European Monetary Union. The company is also faced with the risk resulting from transactions in currencies other than Euro in flows of collections and payments for acquisition of goods and provision of services both in respect of transactions within the Group and outside the Group.

The Group is not exposed to significant concentrations of counterparty credit risk. Most of its revenue results from retail sales, where payment is primarily made on demand, either in cash or with credit card. At any rate, the Group is faced with the risk that counterparties, mainly financial ones, would fail to comply with the obligations stemming from investment of the company’s cash, loan agreements and other financial and securities vehicles, and from derivatives used for financial risks hedging.

3.7. Information for the decision making

The risks hereunder included are those linked to the appropriate information at all levels: transactional and operational, financing-accounting, management, budgeting and control.

The different departments of the Group, and especially the Planning and Management Control Department and the Administration Department, which report to the Financial Division, are directly responsible for producing and supervising the quality of such information.

3.8. Technology and information systems

The risks hereunder covered include those linked to the technological infrastructure, the effective management of information, of computer and robotic networks and of communications. Risks connected with the physical and logical safety of the systems are also included, namely the risk of cyber-attacks against IT systems, which might eventually affect the confidentiality, integrity and availability of key information.

3.9. Corporate Governance

This category includes the risk associated with the non-existence of an appropriate management of the Group which might entail a breach of Corporate Governance and transparency rules.