For Inditex, the main goal sought with the implementation of a strong Compliance Model (hereafter, the “Compliance Model” or the “Model”) has gone beyond adopting mere risk prevention and control systems to limit its responsibility in case of any potential regulatory non-compliance from its employees, to instilling an ethical corporate culture both to its employees and its suppliers, manufacturers and other stakeholders. In order to achieve this goal and in accordance with internal regulation in force since 2010, Inditex has established a number of policies, procedures and directions which make up its Compliance Model and reinforce the Company’s compliance culture.


One of the corporate functions shared by all the formats of the Group is the Corporate Compliance Function. Such function is incumbent on the General Counsel’s Office and Code Compliance Office of the Inditex Group (hereinafter, “General Counsel’s Office-Code Compliance Office”). At the present time, the General Counsel and Secretary of the Board of Directors also holds the office of the Group’s Code Compliance Officer.

From inception, Inditex has relied on a solid corporate compliance system, whose main feature is a continous evaluation and improvement process for the purposes of bringing such system into line with the Group’s development and growth.

Although the whole Company is responsible for compliance matters, with many of Inditex’s departments carrying out regulatory and ethical compliance tasks, the coordination of the Compliance function falls on the General Counsel’s Office – Code Compliance Office. For such purposes, the Compliance function is divided into three areas: (i) organization; (ii) coordination; and, (iii) reporting, as shown in the graph below:

CORPORATE COMPLIANCE FUNCTION COORDINATION REPORTING ORGANIZATION Definition of internal rules and classification Policies Procedures Instructions Sentinel of those rules that do not follow the procedure Ability to monitor the rules published without authorization Identifying / defining Compliance risks Promoting identification of Compliance risks with local Compliance Delegate Identifying critical reporting Compliance risks with local Compliance Delegate Setting the assurance of the information included in Compliance reports and the controls thereof Authorization to publish rules on intranet Procedure to approve internal rules (“Zero Standard”) Requirements for their application and communication Definition of the reporting chain and classification of rules Board of Directors Compliance Function (through the regional Compliance Officer) Local Compliance Delegate Drafting operational Compliance reports Preparation of Annual Reports on Compliance Audit and Control Committee


Based upon the guidelines provided in the regulatory framework, namely the provisions of the amended Criminal Code, in 2012 Inditex prepared a set of high-level core regulations and a number of organizational documents which constitute the main lines of the Company’s Compliance Model. The high-level core regulations at the basis of the Model are:

  1. The Code of Conduct and Responsible Practices: it reflects Inditex’s ethical compliance culture and sets forth the ethical action lines that must be followed by all employees in the performance of their professional duties.
  2. The Code of Conduct for Manufacturers and Suppliers: this defines the minimum standards for ethical behaviour which must be met by manufacturers and suppliers of the Inditex Group.

Meanwhile, organizational documents are shown below:

  1. The Whistle Blowing Channel Procedure: whereby any employee, manufacturer, or supplier of Inditex, or any third party with a direct relationship and a lawful business or professional interest must report any irregular or unlawful conduct to the Committee of Ethics.
  2. The Regulations of the Committee of Ethics: which cover the main duties of the Committee of Ethics.

Previous 2015 and further to the passing of Act 1/2015 of 30 March, whereby the Criminal Code was amended – with the new requirement of relying on appropriate organizational and management models to prevent offences – and to ISO 19600 (2014) Standard, which provides the main guidelines to establish a compliance model, Inditex reviewed its own Model, with the approval of a new Criminal Risk Prevention Model, that supersedes the previous one. Such Model is embodied by the following documents:

  1. The Policy on Criminal Risk Prevention: this Policy intends to exact an ethical and responsible professional conduct from all employees and from the Group itself, as well as to prevent the perpetration of criminal offences. To achieve this, the Policy on Criminal Risk Prevention associates the commitments to ethical conduct covered in the Code of Conduct with criminal offences whose perpetration by employees and the Group it attempts to prevent.
  2. The Criminal Risk Prevention Procedure: it addresses the duties of the Committee of Ethics in the field of criminal risk prevention and the organizational measures of the Company in the area.
  3. The Scoping Matrix of Criminal Risks and Controls: this lists the criminal risks and controls which have been established to prevent the perpetration of criminal offences.

Additionally, together with high level regulations, organizational documents and the Criminal Risk Prevention Model, Inditex approved throughout FY2016 a number of cross-cutting compliance regulations which seek to ensure a streamlined disclosure of the compliance Model and function:

  1. The Zero Standard: such standard describes the process to draft internal regulations (production, approval and internal publication of the regulations issued by the Inditex Group).
  2. The Compliance Policy: this sets forth commitments to be undertaken by all the employees of the Group, irrespective of their place of work and their job.
  3. The Compliance Management Procedure: such Procedure implements the provisions of the Compliance Policy, and establishes the organizational measures to prevent, detect and manage Noncompliance Risks events, reinforcing an ethical compliance culture.

Regulations which make up the Compliance Model.

In addition to the structure described above, a number of regulations have been approved to (i) comply with obligations provided in statute or in the by-laws, stemming from the regulatory framework which applies to Inditex (e.g., such regulations arising from the powers of the Board of Directors which such body cannot delegate, pursuant to statute or to the terms of the Articles of Association); and/or, (ii) to comply with the latest regulatory requirements resulting from the business itself.

With regards to the first group of regulations, addressed above, mention should be made of the following policies, which were approved on 9 December 2015:

  1. The Director Selection Policy
  2. The External Financing Policy
  3. The Financial Risk Management Policy
  4. The Enterprise Risk Management Policy
  5. The Sustainability Policy
  6. The Environmental Sustainability Policy
  7. The Tax Policy and Strategy

As for the second group of regulations, a number of sets of rules which embody Inditex’s corporate ethical culture have been approved, particularly since 2015, in the different environments where the Group implements its business model. The following regulations may be pointed out:

  1. The Health and Safety Policy
  2. The Procurement Policy
  3. The Policy on Prevention and Mitigation of Sexual Harassment in India
  4. The Policy on Official Internet and Social Networks Accounts and Profiles
  5. The Policy on Human Rights
  6. The Corporate Citizenship Policy


No real Compliance Function can be in place without the appropriate information (clear regulations available to all the employees and, where appropriate, the remaining stakeholders), and training (on compliance culture, provided to employees). Being aware of such facts, Inditex has carried out the following proceedings:

  1. With regard to information: a repository of duly arranged easy to find regulations has been set on the relevant Compliance folder available on INET. Likewise, main regulations are available to the stakeholders, on the corporate website, and on the web of the suppliers. Likewise, the main regulations are also available to all stakeholders who wish to consult them in a prominent place on the corporate website and on the suppliers’ website.
  2. With regard to training: Inditex pays special attention to training and/or awareness-raising for all its stakeholders in respect of the ethical culture of the Company. To achieve this, appropriate training is provided (both on-site and through an e-learning platform) which may be useful for their activity in the Company, reflecting the risks they are faced with.


As previously mentioned, the Compliance Function, which is incumbent on the General Counsel – Code Compliance Office, is key for all the companies in the Group, and all the markets where Inditex is present. For such reason, in line with the Group’s development and expansion, the Compliance Model has become increasingly sophisticated.

Consequently, the Board of Directors has resolved to encourage in 2017 the international roll-out of the Compliance Model.

To achieve such goal, a global system has been put in place with regional officers (Europe, Asia and America) to lead and coordinate the international roll-out of the Compliance Model, with the help of Compliance Delegates at each market.

The goal sought consists of establishing a system to detect, prevent and manage noncompliance risk events. Such system will be duly monitored from the Compliance Function.

The management of the Compliance Model is coordinated from the Corporate Compliance Function. However, regional officers are charged with overseeing and ensuring compliance with such Model in their respective territories, with the support of the compliance delegates within their region.