Esade - Formación Modelo Compliance_EN

Compliance and Criminal Risk Prevention Model Compliance and criminal risk prevention training program FUNDACIÓ ESADE

‹Nº›

Content

Program objectives

Legal framework Primary criminal risks affecting Esade Esade Compliance and Criminal Risk Prevention Model

Questionnaire

01

02

03

04

05

Formación en materia de cumplimiento y prevención de riesgos penales

01

Program objectives

Why is compliance important?

Compliance is a strategic component of Esade’s corporate culture. In this respect, Esade’s leadership and reputation are the result of many years of hard work. Consequently, any inappropriate behavior or action by a single Fundació employee can potentially damage the institution’s image and reputation in just a very short period of time.

Corporate culture

All Esade professionals are required to perform their duties in keeping with current legislation and regulations as well as Esade’s own internal Code of Ethics, Code of Conduct and other internal guidelines, policies and processes.

Internal compliance

Professional ethics are thus fundamental when working and collaborating with Esade. They serve to generate trust in both our clients and society at large. This ethical behavior is based on Esade’s established principles and values. As such, all administrators, executives and employees are expected to act with maximum honesty and transparency, in addition to strictly complying with all laws and internal norms.

Professional ethics

Compliance and criminal risk prevention program

Program objectives

With this program, Esade aims for all its employees to:

Become part of the compliance culture Esade aims to instill and understand that they can be held criminally liable for their actions, regardless of their position at Esade or their professional category.

Be aware that they can turn to the Compliance Committee to resolve any questions or doubts regarding the Compliance and Criminal Risk Prevention Model and its application.

Be capable of identifying the criminal risks they could hypothetically incur, whether intentionally or otherwise, as a result of their actions at work and independently of their positions at Esade or their professional category.

Know what to do and who to contact if they suspect that a crime has been committed or that the Code of Conduct may have been violated.

Program objectives

Target audience

This training program is targeted at all Esade employees, regardless of the position they hold at Esade or their professional category. In this respect, we have designed the program to take all employees’ unique traits and needs into account. This program on criminal risk prevention will also be provided to all new Esade employees as they’re incorporated. We will also update the program periodically as needed (legal reforms, structural changes, etc.).

Your commitment is essential.

With the recent reform of the Spanish Criminal Code, organizations can now be held criminally liable for crimes committed by their administrators, executives and employees when carrying out their responsibilities and for the organizations’ benefit.

Compliance and criminal risk prevention program

02

Legal framework

Legal framework

Legal entities and their criminal liability – Changes in norms

• UNE-ISO 19601: 2017, on Criminal Compliance Management Systems

• Criminal Code reform (Organic Law 7/2012)

2017

2019

2015

2016

2012

2010

• Criminal Code reform (OL 1/2015)

• Criminal Code reform (Organic Law 5/2010)

• Criminal Code reform (Organic Law 1/2019)

• Prosecutor General’s Office Memo 1/2016
• Supreme Court jurisprudence

• ISO 19600: 2015 on Compliance Management Systems

Organization and management models

Control body

Requirements for organization and management models

• The Board of Trustees has to adopt and effectively implement an organization and management model.
• Adopt the appropriate monitoring and control mechanisms to prevent crimes.

• Create an internal body in charge of supervising and implementing the organization and management model.
• Ensure the control body is independent and has the power to act at will and carry out controls.

• Ensure the organization and management model complies with all the requirements stipulated in Article 31, bis 5 in the Criminal Code.

Art. 31, bis 5

Art. 31, bis 2

Compliance and criminal risk prevention program

Legal framework

Cases in which criminal liability may not be incurred

If the crime was committed by administrators, legal representatives or individuals with organizational and control responsibilities

1. The legal entity’s management body has to have adopted and effectively implemented an organization and management model before the crime in question was committed.
2. An internal body within the organization has to be independent and empowered to act at will and carry out controls when monitoring the implemented prevention model’s functioning and compliance with that model.
3. Those committing the crime have to have done so fraudulently, deliberately bypassing the institution’s organization and prevention model.
4. The omission or deficient exercise of the corresponding body’s supervision, monitoring and control responsibilities has to be a secondary condition.

If the crime was committed by employees or collaborators reporting to the previous individuals

• The organization will not be held liable if, before the crime is committed, it has adopted and effectively implemented an organization and management model which is appropriate enough to prevent crimes or to significantly reduce the risk of crimes being committed: Compliance and Criminal Risk Prevention Model.

Requirements for organization and management models (Art. 31, bis 2 & 5)

Have appropriate financial resource management models in place to keep crimes from being committed.

Assign the model’s supervision and functioning to an independent body with the ability to act at will and carry out controls.

Periodically revise the model and any later modifications when there is evidence that significant violations have occurred or when organizational changes take place.

Impose the obligation for employees to report any possible risks and non-compliance to the monitoring body (dedicated channel).

Identify the different areas of activity in which crimes can be committed.

Establish protocols or proceedings which specify the organization’s training processes to inform employees about its intent, decision-making and the implementation of those decisions.

Establish a disciplinary system designed to appropriately sanction any non-compliance of the model.

Compliance and criminal risk prevention program

Legal framework

What criminal liability do legal entitites have?

Esade

Criminal liability

Crimes committed by its Employees

Crimes committed by its Administrators

When carrying out their duties for Esade’s own benefit

Attenuating circumstances: Actions taken after the crime has been committed:

• Confessing that they committed the crime before knowing about the legal procedure initiated against Esade.
• Collaborating with the investigation of their crime, providing evidence.
• Repairing or mitigating any harm caused prior to the oral hearing.
• Having established effective crime prevention measures prior to the oral hearing.

No criminal liability for the legal entity when it has adopted crime prevention measures, the corresponding control body has not omitted its duties and the person committing the crime does so fraudulently, contrary to the established control measures.

Organization and Management models (Compliance and Criminal Risk Prevention Model)

10

Compliance and criminal risk prevention program

Legal framework

What penalties can apply?

Legal entity

Natural person

• Fine: specific or proportional monetary amounts.
• Dissolution of the legal entity.
• Suspension of activities.
• Temporary closure of its offices and establishments for a period not to exceed 5 years.
• Future prohibition from carrying out the very activities in which the crime was committed, encouraged or covered up.
• Prohibition from receiving any public subsidies or grants, from signing contracts with public administrations and from benefitting from any fiscal or Social Security benefits and incentives.
• Judicial intervention.

• Fine: specific or proportional monetary amounts.
• Imprisonment for up to 6 years.
• Prohibition from participating in calls for tenders.
• Special prohibition from working or holding public administration jobs.
• Special prohibition from working in a given industry or trade.

No. The fact that the legal entity is held liable does not exonerate the person committing the crime. Consequently, in addition to the legal entity, the natural person will also be held liable as the person responsible for committing the crime.

If a legal entity is held criminally liable, does that mean that the person committing the crime is free of any liability?

• Reputational loss

• Lawsuits for damages

• Fewer resources and their deviation

Other consequences

• Legal uncertainty

• Market distortions

• Difficulties with internationalization processes

11

03

Primary criminal risks affecting Esade

Primary criminal risks affecting Esade

Money laundering and financing terrorism Violation of intellectual (copyright) and industrial property rights Hate crimes and incitement Violations of foreign citizens’ rights Computer-related crimes Crimes against land-use planning Crimes against natural resources and the environment Risks related to the use of explosives and similar items Crimes against public health and safety Altering prices in public calls for tenders and auctions Crimes against workers’ rights

Public corruption Illegally financing political parties Corrupt business practices Prostitution, sexual exploitation and corruption of minors Fraud False advertising Violating personal and family privacy rights Violating professional/business secrecy obligations Tax fraud Social Security fraud Violating accounting obligations and falsifying data Punishable insolvency and hindering bankruptcy proceedings Fraud related to government subsidies and to the EU General Budget

13

Compliance and criminal risk prevention program

Primary criminal risks affecting Esade

Public corruption and illegally financing political parties

What do these entail? Bribery: Offering civil servants, public authorities, entities or administrations any reward or compensation, whether economic or otherwise, in order to obtain a specific licit or illicit benefit for Esade. Influence peddling: Influencing a civil servant or public authority, taking advantage of any personal relation or situation in order for that civil servant or public authority to make a decision which can directly or indirectly result in an economic benefit for Esade. Corruption in international trade transactions: Bribing or attempting to bribe a civil servant or public authority in order to obtain or maintain a contract, business or any competitive advantage when carrying out international business. Misappropriation: Causing harm to a public administration through the improper management of public funds managed by Esade. Illegally financing political parties: Donating or contributing to any political party, federation, coalition or group of electors in violation of related norms. Guiding principles:

• Our relations with third parties have to strictly comply with the highest standards of transparency, honesty and lawfulness.
• Esade does not permit accepting, offering or promising the delivery/receipt of any gift which goes beyond standard business or courtesy practices, and the aim can never be to provide or receive preferential treatment.
• Esade does not tolerate any type of corruption or bribery aimed at influencing the will of third parties in order to gain any type of advantage, preferential treatment or assurance of obtaining benefits for the organization.

• Any public funds received have to be managed transparently and faithfully in keeping with the purposes for which those funds were granted.

14

Compliance and criminal risk prevention program

Primary criminal risks affecting Esade

Corrupt business practices

What do these entail? Offering the executives, employees or collaborators of any other company, association or organization any unjustified benefit or advantage of any kind in order to benefit Esade and, as a result, violating its obligations in terms of acquiring or selling merchandise or contracting professional services. Similarly, receiving, requesting or accepting any unjustified benefit or advantage of any kind in order for the party offering or granting that benefit or advantage to receive preferential treatment from a third party. Guiding principles:

• Our relations with third parties have to meet the highest possible standards in terms of transparency, honesty and lawfulness.
• Esade professionals have to avoid any and all situations which may compromise the organization or put it at risk, in particular, with respect to potential conflicts of interest.
• Consult the Ethics Channel if you have any questions or doubts related to possible conflicts of interest.

15

Compliance and criminal risk prevention program

Primary criminal risks affecting Esade

Prostitution, sexual exploitation and the corruption of minors

What do these entail? Forcing a person of legal age to prostitute themselves or continue prostituting themselves by means of force, intimidation or ploys or abusing a position of superiority or the other person’s needs or vulnerability. Induce, promote, favor or facilitate a minor’s prostitution or that of a person with disabilities requiring special protection and/or benefiting financially or in any other way by exploiting a minor or person with disabilities for these ends. Guiding principles:

• Esade will monitor to ensure that no member of its organization favors or promotes prostitution or the corruption of minors in any way whatsoever.
• When dealing with underage students and/or people with disabilities, any type of degrading behavior, abuse or sexual practice as well as encouraging the latter is expressly prohibited.

16

Compliance and criminal risk prevention program

Primary criminal risks affecting Esade

Fraud

What does this entail? Using trickery and similar ploys to provoke other individuals to commit errors and induce them to carry out an action which can harm them or another and benefit Esade financially. Guiding principles:

• Esade employees are required to not take any actions which may confuse or trick clients, collaborators or any third parties in order for them to contract any Fundació service or product.
• Esade employees have to abstain from providing any information that is not clear or transparent.
• Esade employees have to duly tend and respond to complaints presented by clients with respect to any services rendered.
• All promotional activities and campaigns have to be reasonable in terms of the frequency with which they’re run, they have to be appropriate for the circumstances/context and they have to duly comply with all pertinent laws and regulations upon finalizing.

17

Primary criminal risks affecting Esade

False advertising

What does this entail? Presenting offers or advertising products or services which contain false claims or which provide false details about those products or services, potentially causing users severe or manifest harm as a result.

Guiding principles

• Be clear and transparent when publicizing our services and products.
• Esade employees will not provide misleading or false descriptions of its services or products or which do not correspond with reality.

18

Primary criminal risks affecting Esade

Violating personal and family privacy rights

What does this entail? Taking possession of, using or modifying third parties’ personal or family-related data without their express authorization and when said data are stored in computer, electronic or telematic files or media or any other type of public or private media. Guiding principles:

• Esade is committed to fully complying with established laws in the data protection realm. Consequently, its actions affecting personal and family privacy will be guided at all times by that established in pertinent data protection norms.
• Esade employees are required to exercise utmost caution when processing all personal data belonging to students and third parties, including other employees, and ensuring that said data cannot be used for any purpose other than for which said data were gathered. Similarly, Esade employees will not forward said personal data to any third parties unless legally obligated to do so.
• Esade professionals will abstain from using social media to talk about questions or issues which involve sensitive and confidential information.
• Esade employees have to be especially careful when processing academic data (grades, reports, transcripts, etc.), medical and health-related data (e.g., possible problems with dyslexia or special circumstances, etc.) and students’, collaborators’ and other employees’ CVs.

19

Primary criminal risks affecting Esade

Violating professional/business secrecy obligations

What does this entail? Taking possession by any means of any data, documents (whether written or electronic), computer media or any other objects which constitute confidential information for another company, entity, etc., and using, disseminating, revealing or ceding said confidential information without the corresponding owners’ express authorization. Guiding principles:

• Esade employees have to commit to not reveal any confidential information and to protect the latter at all times, duly complying with the various legal norms related to handling, storing and preserving classified information.
• Using confidential information obtained from third parties when not a part of their professional duties or for purposes other than those for which said data were gathered is completely prohibited.
• These confidentiality obligations are permanent. Should employees stop working for Esade, they are prohibited from taking any type of information, data or documentation obtained as Esade employees with them, including those stored in their computers. Similarly, they will not provide or use said confidential information in pursuit of another entity’s or company’s interests.

20

Primary criminal risks affecting Esade

Tax and Social Security fraud

What does this entail? Tax fraud: Failing to pay more than 120,000 euros to the Spanish tax authority; this crime is considered to have taken place the moment it harms the tax authority economically, whether through deliberate action or omission. Social Security fraud: Social Security fraud consists of evading more than 50,000 euros over a 4-year period through actions such as obtaining undue refunds, unlawful deductions or not making any corresponding Social Security contributions. Guiding principles:

• Esade rejects all manner of tax evasion as well as obtaining undue benefits at the tax authority’s expense.
• Tax declarations have to reflect Esade’s financial reality, always presenting real data in its declarations and on time.
• Esade promotes transparency in terms of Social Security information and actions. It expressly rejects any type of falsification, omission, data simulation, entries and/or accounting events, double-entry bookkeeping, billing, etc., which aim to evade payments or obtain illicit benefits at the Social Security Administration’s expense.

21

Primary criminal risks affecting Esade

Violating accounting obligations and falsifying data

What do these entail? Violating accounting obligations: Non-fulfilment of legal obligations to correctly carry out bookkeeping and to appropriately maintain the company’s books and/or accounting records. Guiding principles:

• Esade’s financial data has to be prepared and recorded both faithfully and rigorously, ensuring that:
• The transactions, accounting events and any other entries presented in financial statements exist in fact and were duly entered at the appropriate time.
• The data has to reflect all transactions, accounting events and any other entries for which Esade is the affected party.
• The transactions, accounting events and any other entries have to be classified, presented and provided in financial statements in keeping with applicable norms.

22

Primary criminal risks affecting Esade

Punishable insolvency and hindering bankruptcy proceedings

What do these entail? Punishable insolvency: Removing or concealing any assets at Esade creditors’ expense. This involves any fraudulent act regarding assets or creating obligations which hinder or impede embargoes or attempts to demand and receive refunds. In general, it implies evading responsibilities with respect to Esade creditors. Hindering bankruptcy proceedings: Fraudulent conveyance at creditors’ expense, fraudulent acts regarding assets or creating obligations which hinder or impede an embargo, presenting an incomplete or untruthful list of assets, using embargoed assets without authorization, etc. Guiding principles:

This crime may be committed inadvertently.

• Esade is committed to ensuring the integrity of the organization’s assets when carrying out its functions, the aim being to preserve them and not harm any possible creditors.
• Esade has to ensure continuity and agility during any possible embargo proceeding in which it may be affected one way or another, presenting all the information and data expressly requested by the competent authorities.
• Esade expressly rejects the disposal, transfer, cession, concealment, etc., of any asset pertaining to the organization (funds, real estate property, etc.) in order to not fulfil any obligations with its creditors.

23

Primary criminal risks affecting Esade

Fraud related to government subsidies and to the EU General Budget

What does this entail? Subsidies fraud: Obtaining subsidies or grants from public administrations, including the European Union, for an amount or value greater than 100,000 euros by falsifying the conditions required to obtain said subsidies or grants or concealing the fact that it does not meet any of the established requirements that would otherwise prevent the cession of those subsidies/grants. It also implies dedicating any public funds or subsidies granted to any other purpose than the one for which they were granted. Fraud related to the EU General Budget: Committing fraud against the EU General Budget and any of the latter’s administrators for amounts greater than 50,000 euros, evading the payment of any amounts that have to be made, applying any funds granted for purposes other than those for which they were originally granted or unduly obtaining funds by falsifying the conditions required to obtain said funds or concealing the fact that it does not meet any of the established requirements that would otherwise prevent the cession of those funds. Guiding principles:

• Esade employees are required to abide by and obtain the established authorizations to request subsidies and grants, thus ensuring that it meets the necessary requirements to obtain the subsidies and grants in question.
• Esade can only use the funds obtained through subsidies for the purposes for which they were granted.
• Any expenses incurred within the framework of research projects receiving subsidies have to be duly justified to ensure that the reasons for incurring those expenses are directly associated to the project in question.

24

Primary criminal risks affecting Esade

Money laundering and financing terrorism

What do these entail? Money laundering: Acquiring, possessing, using, converting or transferring assets, knowing that the latter stem from criminal activity or carrying out any action which aims to conceal said asset’s criminal origins. Financing terrorism: Contributing, distributing or collecting funds or assets by any means, whether directly or indirectly, to use them or knowing they will be used, whether in whole or in part, to commit any terrorism-related crime as described in the Criminal Code.

This crime may be committed inadvertently.

Guiding principles:

• Esade will solely do business with clients, suppliers and partners who are willing to provide us the appropriate information to determine if the payments are legitimate.
• Esade will not make any payments to nor receive payments from an organization or entity that is not a party to the operation or transaction unless expressly approved beforehand by the Legal Department. In essence, we have to know who the payer is.
• Special care has to be given to relations with companies located in countries considered to be high-risk in terms of money laundering.
• Compliance, as the liable party, with the requirements foreseen in Spanish Royal Decree 304/2014, dated May 5th of said year, approving the Enforcement of Law 10/2010, dated April 28th, on the prevention of money laundering and financing terrorism.

25

Primary criminal risks affecting Esade

Violation of Intellectual (copyright) and industrial property rights

What does this entail? Intellectual property rights: Copying, plagiarizing or publicly communicating all or part of a literary work (book), artistic work (painting or photo) and scientific work (specific theory and computer programs and applications) or their transformation, interpretation or artistic execution in any media or communicated by any means without the express authorization of the titleholders of those rights (for example, using computer programs and applications without the corresponding licenses). Industrial property rights: Reproduce or imitate a distinctive sign or trademark without the titleholders’ consent in order to create another identical distinctive sign or one that can be confused with the original, serving to distinguish the same or similar products, services, activities or establishments. Guiding principles:

• When using Esade’s technological assets, its employees cannot download, send, save or store any material subject to intellectual property rights.
• Esade employees will not use any type of material without first ensuring that the organization has the corresponding rights and/or licenses.
• Using, reproducing, ceding, transforming and/or publicly communicating any type of invention protected by intellectual and industrial property rights without the corresponding authorization are expressly prohibited.

26

Primary criminal risks affecting Esade

Hate crimes and incitement

What do they entail? Hate crimes and incitement: Directly or indirectly encouraging, promoting or inciting hate, hostility, discrimination or violence against a group, a part of the latter or a specific individual for belonging to said group based on racist, antisemitic or other motives such as ideology, religion, beliefs, family situation, ethnic group, race or nation, national origin, sexual orientation, identity or gender, health or disability. Guiding principles:

• Esade respects the fundamental rights of all human beings, including their sexual and religious freedom. In particular, Esade respects the rights of women.
• When preparing advertising campaigns or promotions, the messages used are especially important and have to bear our target audience in mind.
• The use of corporate social media accounts and publications in the media has to be centralized through the Communications and Institutional Relations Department.

27

Primary criminal risks affecting Esade

Violations of foreign citizens’ rights

What do these entail? Violations of foreign citizens’ rights: Helping foreigners enter or cross Spanish territory in violation of current legislation. Guiding principles:

• Esade will adopt the necessary measures to ensure that its international students have the necessary visas, residency permits and any other permits that may be required.
• Esade is concerned about respecting all the students and employees that make up the organization and ensuring they are treated fairly.

28

Primary criminal risks affecting Esade

Computer-related crimes

What do these entail? Computer-related crimes: Erasing, damaging, ruining, eliminating or making any other party’s data, computer programs or electronic documents inaccessible without authorization and when the result of the latter actions is considered severe. Similarly, related crimes can include hampering or blocking the correct functioning of another party’s IT systems. Guiding principles:

• At Esade, we have to be diligent at all times when using our IT systems and not attempt to destroy, alter, render useless or harm in any other way the data, programs or electronic documents ceded to Esade or which belong to a third party. Similarly, manipulating security systems is not permitted.
• Employees will at all times respect the confidentiality of passwords, encryption systems and algorithms or any other security-related component in a third-party’s telematic processes and will not try to decipher them.
• Esade professionals will exercise extreme caution when using the Fundació’s IT systems. In this respect, they will be especially careful not to install programs which may contain computer viruses or any other logical device or sequence of characters which affect or could potentially affect any third parties’ IT resources.

29

Primary criminal risks affecting Esade

Crimes against land use planning

What do these entail? Crimes against land use planning: Carrying out unauthorized projects to develop, construct or build on land specifically designated for roads, green zones and public domain assets or places whose landscape, environmental, artistic, historic or cultural value has been legally or administratively recognized, thus entitling them to special protection. Guiding principles:

• Esade will safeguard that, as it affects the Fundació, all projects to develop, construct or build new campuses, other buildings or facilities are carried out in land zoned specifically for those ends, expressly prohibiting all actions on land which has been declared public or a green zone or which, in keeping with current legislation, is recognized and protected due to its landscape, artistic and cultural value, etc.
• Esade will ensure that any related projects are carried out in compliance with the corresponding building permits obtained, especially if said projects affect specially protected spaces.

30

Primary criminal risks affecting Esade

Crimes against natural resources and the environment

What do they entail? Crimes against natural resources and the environment: Not complying with laws or other general norms designed to protect the environment, provoking or directly producing emissions and dumping substances, etc., in the atmosphere, the ground, subsoil and in inland and subterranean waters or oceans. Guiding principles:

This crime may be committed inadvertently.

• For Esade, protecting the environment is fundamental. Consequently, all the waste generated at its facilities has to be managed and processed in keeping with applicable norms.

31

Primary criminal risks affecting Esade

Risks related to the use of explosive and similar items

What do these entail? Risks related to the use of explosives and similar items: Manufacturing, handling, transporting, having or selling explosives, flammable or corrosive, toxic and suffocating substances or any other materials, devices or apparatuses which can cause harm, contravening the use of established safety and security norms and concretely risking the lives, integrity or health of people or the environment. Guiding principles:

• Esade has adopted security norms to ensure its heating system, boilers, etc., are correctly maintained.

32

Primary criminal risks affecting Esade

Crimes against public health and safety

What do they entail? Crimes against public health and safety: Selling products which are harmful for people’s health and/or which do not meet requirements regarding expiration dates or composition as established by applicable laws and regulations. Similarly, these crimes include preparing harmful substances, serving, supplying or selling them. Guiding principles:

• Esade will strive to ensure the fulfilment of all applicable norms by its food service providers, including in its:
• Cafeterias and restaurants
• Vending machines and
• Others.

33

Primary criminal risks affecting Esade

Altering prices in public calls for tenders and auctions

What does this entail? Altering prices in public calls for tenders and auctions: Crimes related to altering prices in public calls for tenders and auctions include:

• Requesting or receiving gifts to not take part in an auction;
• Attempting to drive away bidders by means of threats, gifts, promises or any other means;
• Conspiring with others in order to alter the end price; and
• Fraudulently violating or abandoning an auction after being declared the winner.

Guiding principles:

• Esade personnel will safeguard the organization’s interests in requests and calls for bids in which it participates, if relevant, and will ignore any offer or gift to alter said requests and calls.
• They have to avoid relations with competitors which specifically aim to set prices, exchange information, etc.
• Carrying out any type of action or ploy to keep other bidders from taking part in any public call for bids or auctions is prohibited.

34

Primary criminal risks affecting Esade

Crimes against workers’ rights

What do they entail? Crimes against workers’ rights: Placing the lives, health and safety of workers in severe danger due to not complying with norms regarding the prevention of work-related risks. Similarly, these crimes include using ploys or workers’ personal situations and needs to impose working or Social Security conditions which harm, eliminate or restrict those workers’ rights. Guiding principles:

This crime may be committed inadvertently.

• A fundamental principle and value at Esade is treating all employees with respect, in particular, respecting their dignity. Esade fundamentally respects all our differences.
• Any action or behavior which can be understood as harassment is expressly prohibited, requiring Esade to fully investigate any circumstance in which that harassment occurs.
• Esade is committed to creating a healthy work environment, complying with all health and safety norms regarding the workplace and, in particular, norms related to the prevention of work-related risks.

35

04

Esade Compliance and Criminal Risk Prevention Model

Esade Compliance and Criminal Risk Prevention Model

Organization and management model requirements (Art. 31, bis 2 and 5)

Endow an independent body with the power to act at will and control the policy.

Establish a disciplinary system to appropriately sanction non-compliance with the model.

Create the appropriate financial resource management model to stop crimes which should be prevented.

Identify the areas of activity in which crimes could occur.

Periodically revise the model and any modifications when important violations of its provisions are detected or when changes occur within the organization.

Establish the protocols and procedures for a specific training program on the organization’s intent, decision-making process and the implementation of those decisions.

Impose the obligation to report any potential risks or non-fulfilment to the control body (Ethics Channel).

37

Training and dissemination of values such as ethics and integrity

Esade Compliance and Criminal Risk Prevention Model

Compliance Committee (compliance body)

The Compliance Committee is responsible for tracking and supervising the Esade Compliance and Criminal Risk Prevention Model and ensuring its proper functioning.

Compliance and Criminal Risk Prevention Model

ESADE

Board of Trustees

Ethics Committee (Ethics Channel management)

Compliance Body

• Promote the creation of the compliance body itself, establishing the appropriate policies and procedures.
• Promote a culture of compliance and prevention and inform about Esade’s ethical principles and its Compliance Model.
• Safeguard the Compliance and Criminal Risk Prevention Model’s fulfilment, proposing any revisions as needed.
• Periodically inform the Esade Board of Trustees regarding assessments, events, etc., related to the Compliance and Criminal Risk Prevention Model.
• Advise to help resolve any questions or doubts that arise and manage any reports and investigations (Ethics Committee).
• Coordinate and, if warranted, promote the fulfilment of any disciplinary proceedings and propose applying the appropriate measures (Ethics Committee).

Members of the Compliance Body

Antonio Delgado Planas: Director of Esade Legal Services Antonio holds an undergraduate degree and PhD in Law from Esade. He has been a professor in the Law Department for 8 years. He has served as the Director of the Master in International Business Law for 6 years and has been the Director of Esade Legal Services since May 2019. Prior to joining Esade, he worked in the telecommunications, banking and hospitality industries.

Sonia Gomez Serrano: Director of the Esade Finance Area Sonia holds an undergraduate degree in Business Administration from Esade where she has also worked the last 17 years. Currently, she is the Head of the Finance Area which is responsible for the fiscal and treasury areas as well as relations with external auditors and client management. Sonia is also a member of the Talent Recruitment Committee.

Cristian Rodriguez-Ferrera: Director of People Cristian holds an undergraduate degree in Business Administration and an MBA from Esade. He joined Esade as Director of People in September 2020. He is a leader in the HR field and has previously worked for companies such as Danone, Bimbo (Sara Lee) and Vueling. He has also carried out strategic consulting projects in this field. In addition, he is a professor at Esade, providing classes on leadership and HR in the Executive Education Unit.

Isabel Sáez Giménez: Director of Internal Auditing Isabel holds an undergraduate degree in Economics from UB. She joined Esade in October 2019 as Internal Auditor and to assume responsibilities in the compliance and risk-prevention and process areas. Previously, Isabel worked in the auditing and management control areas for companies such as E&Y and Grupo Planeta, among others.

Ethics Committee members: Internal Esade members

Esade Faculty representatives

Ignasi Carreras Fisas: Associate Professor in the Esade Department of Strategy and General Management He holds an undergraduate degree in Industrial Engineering from UPC and a postgraduate degree in General Management from Esade. He also serves as Vice President of Oxfam Intermon and Vice President of Fundación Jaume Bofill.

MEMBER

Rebeca Carpi: Associate Professor, Department of Law at Esade He holds an undergraduate degree in Law from University of Barcelona and a Phd from Esade. Rebeca Carpi has been linked with university-level teaching of Civil Law and Compared Law since joining ESADE Law School in 2000, where she studied for her PhD and defended her doctoral thesis in 2003. She is also Director Department in Law.

STAND-IN

Esade PAS staff representatives

Belen Trias de Bes Ustariz: Economic Management Controller for Esade Business & Law Schools Belen holds an undergraduate degree and Master’s in Law from Esade. Currently, she serves as the Economic Management Controller for Esade Business & Law Schools. Previously, she served as Academic Director for the Business and Law Schools for 12 years. Belen is also a member of the Economic-Financial Committee and the Talent Recruitment Committee. Prior to joining Esade, she worked at PwC from 2000 to 2007 as a fiscal consultant specialized in audits.

MEMBER

Jordi Mora Pintado: Director of Digital Learning & Innovation Projects Jordi holds an undergraduate degree in Business Administration from UPF and an MBA from Esade. He joined Esade in 2006 in the Financial Aid Department for the MBA and Executive Masters Admissions Area. He began working in the MBA Unit in 2010, holding various positions until being named Director of the FT MBA program in 2013. In 2015 he joined the CORE Project management team. He has been a member of the Educational Innovation Team since 2019. He has been a member of the Management Board since 2015 and collaborated with the Identity and Mission Area (2018-2020).

STAND-IN

Ethics Committee members: External independent expert

Diego Pol is a partner at Cuatrecasas in Corporate Gobernance Diego’s work focuses on advising both national and international clients on legal risk prevention and compliance, primarily on anti-corruption norms (FCPA, UK Bribery Act, Spanish Criminal Code). Chambers&Partners, the prestigious legal directory, has repeatedly recognized Diego for his work in the corporate compliance area. Diego is a member of Spanish and U.S. bar associations.

Esade Compliance and Criminal Risk Prevention Model

Norms regarding ethics (training on the legal entity’s intent)

Code of Ethics and Code of Conduct The values and principles stipulated in Esade’s Code of Ethics and Code of Conduct represent the institution’s hallmark traits. The Code of Ethics outlines the fundamental pillars and unwavering values on which Esade aims to fulfil its mission. It underscores values such as integrity, honesty and responsibility which also help shape its commitment to training, education, diversity and knowledge generation. Consult the Code of Ethics and the Code of Conduct here.

Compliance and Criminal Risk Prevention Policy This policy manifests Esade’s determination to promote a culture of compliance and favor honest, trustworthy and transparent professional conduct. In line with the rest of Esade’s internal norms, this policy also establishes general guidelines that employees should bear in mind when carrying out their functions and related activities. Consult the policy here.

42

Esade Compliance and Criminal Risk Prevention Model

Ethics Channel (obligation to report questionable behavior)

Esade has created the Ethics Channel as the means for employees to duly report any possible non-compliance. The channel’s design ensures our confidentiality is protected.

What is it?

You can access the Ethics Channel in one of three ways:

• Internal Information System DirectorYou can file a report verbally with the Internal Information System Director (that is, Isabel Sáez, the Internal Auditor).
• Thruohg the Ethics Channel hosted on a third-party platform, thus offering greater security and confidentiality to those filing reports of irregularities at this link.
• By e-mail, writing to our independent expert Diego Pol via e-mail or phone (+34) 648 870 897).

How can I access it?

What should I report?

Use the Ethics Channel to notify the Ethics Committee about any action or behavior contrary to the Compliance and Criminal Risk Prevention Model, the Code of Ethics and Code of Conduct and other Esade norms related to corporate ethics.

Esade will protect all those using the Ethics Channel in good faith against any type of retaliation. However, presenting false reports or allegations may imply being subject to the pertinent disciplinary measures.

Can someone retaliate against me for reporting them?

43

Esade Compliance and Criminal Risk Prevention Model

Disciplinary system (to punish improper behavior)

Esade’s disciplinary system

The existence of norms, policies and pre-defined procedures is essential to ensure the organization’s success. Esade is responsible for safeguarding that they are complied with to guarantee that the Fundació functions correctly and effectively. Any irregular conduct or non-compliance may imply being subject to disciplinary measures which, when applied, have to serve to react to and punish that non-compliance but, at the same time, educate and create the appropriate culture.

Did you know that…..?

As a member of Esade, you’re required to: Comply with all the Foundació’s norms, policies and procedures Report any suspicious actions or conduct that violates the policy Report any non-compliance of Esade’s Code of Ethics and Code of Conduct.

Consequently, employees are required to be familiar with and abide by Esade’s internal norms in every aspect of their work. All non-compliance will be punished in keeping with the applicable collective bargaining agreement, corresponding labor laws, the disciplinary code and all other civil and mercantile obligations the responsible individuals may have acquired as a result of their labor relation with Esade.

44

Esade Compliance and Criminal Risk Prevention Model

Financial resource management model

Dual focus

Technical, human and financial resources

Financial resource control

Controlling financial resources facilitates efforts to monitor and prevent crimes within the organization. In this respect, Esade has enacted a series of controls and proceedings in the financial and economic areas, providing full transparency for its books, transactions and, in general, its economic management.

Esade has allocated the necessary financial and human resources to the Compliance Committee to ensure the Compliance and Criminal Risk Prevention Model functions appropriately and is effective.

45

Esade Compliance and Criminal Risk Prevention Model

Monitoring and verification

• Supervise the policy’s functioning, effectiveness and compliance.
• Prepare an annual Action Plan, scheduling actions to be carried out.
• Develop and maintain a Testing Plan on the measures adopted to ensure they are both appropriate and effective.
• Gather self-evaluations from those in charge of carrying out the controls and update the criminal risk maps.
• Revise and verify the model within the established timeframes.
• Inform the Board of Trustees every year about the actions taken within the framework of the Compliance and Criminal Risk Prevention Model and propose any improvements or modifications as needed.

46