Internal Audit, Risk & Compliance

Internal Audit, Risk & Compliance operates by developing projects and initiatives at Group level aimed at improving the Internal Control System by periodically verifying its adequacy and effective functioning.

Within the scope of its powers, Internal Audit, Risk & Compliance defines the Group’s policies, adopting the tools and promoting the corporate regulations necessary to ensure compliance with the provisions in force on the administrative liability of legal entities, personal data protection, anti-corruption, anti-trust, third-party risk management, and so forth.

Within the Group, Internal Audit, Risk & Compliance promotes training and monitoring activities relating to the main compliance issues. It contributes to change management initiatives in order to disseminate the governance and compliance principles essential for the complete development of the Internal Control System.
In the area of relations with third parties, Internal Audit, Risk & Compliance is responsible for the due diligence compliance process by means of which any risk profiles associated with third parties are checked.

In accordance with the Enterprise Risk Management (ERM) Model, Internal Audit, Risk & Compliance, in conjunction with the risk owners, ensures that the main risks to which the Group is exposed are identified, assessed, managed and monitored.