CRIME PREVENTION POLICY

The Group develops a corporate culture of ethics and honesty

Crime prevention policy.

Crime Prevention Policy

24 April 2019

The Board of Directors of IBERDROLA, S.A. (the "Company") is vested with the responsibility of formulating the strategy and approving the corporate policies of the Company and for organising the internal control systems. The Board issues this Crime Prevention Policy in the discharge of these responsibilities, and consistent with its culture of prevention of improper activities.

1. Purpose

The Crime Prevention Policy is intended to convey to all members of the management team and professionals of the companies belonging to the group of which the Company is the controlling entity, within the meaning established by law (the "Group"), as well as to third parties establishing relations therewith, an unambiguous message of opposition to the commission of any wrongful criminal acts and the desire of the Group to combat them and to guard against any possible erosion of its image and its reputational value and, ultimately, of the price of its shares and the value of the Company's brand. This Crime Prevention Policy, together with the Anti-Corruption and Anti-Fraud Policy, shows the Group's commitment to unwavering vigilance and punishment of fraudulent acts and conduct, to maintain effective mechanisms for communication and awareness-raising among employees and to develop a corporate culture of ethics and honesty.

To further develop this Crime Prevention Policy, the Company, through the Compliance Unit and other competent bodies, has implemented a specific and efficient programme to prevent the commission of crimes (as a set of measures designed to prevent, detect and react to possible crimes), which shall also cover the prevention and control of other fraud, administrative violations and serious improprieties, all within the framework of the process of revision and adjustment to the duties imposed by the Spanish Criminal Code after inclusion of criminal liability for legal entities, without prejudice to the laws and regulations applicable in any other jurisdiction in which the Company carries out its activities. Furthermore, the other companies of the Group have implemented similar programmes to prevent the commission of crimes.

The purpose of such programmes is, on the one hand, to assure third parties and judicial and administrative authorities that the companies of the Group effectively comply with the duties of supervision, monitoring and control of their activities by establishing appropriate measures to prevent crimes or to significantly reduce the risk of the commission thereof, and therefore exercise over their directors, officers, employees and other subordinates, based on its governance model, such proper control as is legally required thereof, including the monitoring of possible situations of crime risk that may arise within the their scope of action, even in those cases in which the attribution of such situations to a specific person is not possible; an additional objective is to strengthen the existing commitment to work against all forms of fraud and corruption, including extortion and bribery of public officials or other persons.

The programmes include action and supervision protocols designed to reduce the risk of commission of criminal wrongs and improper acts in general (conduct that is illegal or contrary to the Code of Ethics or the Corporate Governance System), supplemented by effective and permanent control systems that may be updated as required.

2. Scope

This Crime Prevention Policy shall apply to all officers and employees of the Company and of the other companies belonging to the Group.

The Group has a governance model in which decentralised executive responsibilities are assumed by the head of business companies of the Group, which enjoy the independence necessary to carry out the day-to-day administration and effective management of each of the businesses and are assigned the responsibility for the day-to-day control thereof through their respective boards of directors and management decision-making bodies, which, with the supervision of the Compliance Unit and other competent bodies, ensure the implementation and the monitoring of the action principles set forth in this Crime Prevention Policy, without prejudice to appropriate coordination at all levels within the Group. This model is complemented with the existence of country subholding companies that group together the equity stakes in the Group's head of business companies and carry out the function of organisation and coordination in relation to such countries and/or businesses as are decided by the Company's Board of Directors, disseminating, implementing and ensuring compliance with the policies, strategies and general guidelines of the Group based on the characteristics and unique aspects of their respective countries and/or businesses.

Listed country subholding companies or companies not wholly owned by the Group may approve their own crime prevention policy applicable to said company and its subsidiaries to comply with any requirements applicable thereto due to its status as a listed company. The policy must in any case be in accord with the principles set forth in this Crime Prevention Policy.

Furthermore, all persons acting as representatives of the Group at companies and entities not belonging thereto shall, to the extent possible, promote the implementation of specific and effective programmes for the prevention of crimes similar to those of the companies of the Group.

Officers and employees of the Group who are also subject to other rules or policies, whether applicable to a particular industry or deriving from the national laws of the countries in which they carry out their activities, shall also be bound hereby. Appropriate coordination shall be established in order to ensure that such rules or policies are consistent with the principles set out in this Crime Prevention Policy.

3. Principles of Conduct

The principles governing the Crime Prevention Policy are the following:

a) Integrate and coordinate a set of actions required to prevent and combat both the possible commission of wrongful acts by any professional within the Group and, in general, possible situations of impropriety or fraud, as a basic pillar of the Crime Prevention Policy, in line with the Anti-Corruption and Anti-Fraud Policy, General Risk Control and Management Policy and the General Sustainable Development Policy.

b) Create a transparent environment, integrating the various systems developed to prevent crimes and maintaining appropriate internal channels to favour the communication of possible improper acts, including the use ethics mailboxes, which allow professionals of the Group, suppliers and shareholders of the Company to report financial or accounting improprieties and to communicate other conduct that may entail a breach of the Company's Corporate Governance System or the commission by a professional of the Group of an act contrary to the law or to the rules of the Code of Ethics.

c) Act at all times in compliance with applicable law and within the framework established by the Code of Ethics, as well as pursuant to the internal rules and regulations of the Company.

d) Foster a preventive culture based on the principle of "zero tolerance" in respect of the commission of wrongful acts and on the application of principles of ethical and responsible behaviour by all professionals of the Group, irrespective of their level and the country where they work.

e) Within the drive for this culture of prevention, foster processes of self-control in the activities and decision-making of employees and officers, such that any action of a Group professional is based on four basic premises: (i) that it is ethically acceptable, (ii) that it is legally valid, (iii) that it is desirable for the Company and the Group, as well as (iv) that the professional is prepared to assume responsibility therefor.

f) Ensure that the Compliance Unit has the physical and human resources required to efficiently and proactively monitor the operation and observance of this Crime Prevention Policy, without prejudice to the responsibilities assigned to other decision-making bodies and divisions of the Company and, if appropriate, the administrative and management bodies of the country subholding companies and head of business companies of the Group.

g) Develop and implement appropriate procedures for the control and comprehensive management of crime prevention at all companies of the Group.

h) Keep the focus on proactive activities, such as prevention and detection, rather than on reactive activities, such as investigation and punishment.

i) Investigate any claim of an allegedly criminal act or of any fraudulent or improper act, regardless of the amount thereof and as soon as practicable, guaranteeing confidentiality in respect of the reporting party and the rights of the persons investigated. In addition, the companies of the Group shall provide all assistance and cooperation that may be requested by judicial and administrative bodies and domestic or international institutions and entities to investigate allegedly criminal, fraudulent or otherwise improper acts that have been committed by their professionals.

j) Seek a fair, non-discriminatory and proportional application of penalties as provided by applicable law from time to time.

k) Notify all professionals of the Group of their duty to report any act amounting to a possible criminal offence or improper act of which they have evidence, through the channels established in this regard, and specifically regarding any sign or suspicion that a planned transaction or operation might be connected with money laundering or the financing of any unlawful activity.

l) Implement appropriate training programmes, both in person and online or by any other appropriate method, for professionals of the Group regarding the duties imposed by applicable law, with a frequency sufficient to ensure that the knowledge of their professionals in this regard is kept up to date.

m) Impose disciplinary penalties in accordance with the provisions of law applicable at any time for conduct that contributes to preventing or impeding the discovery of crimes as well as the breach of any specific duty to inform the control bodies of violations that may have been detected.

4. Control, Evaluation and Review

a) Control
The Compliance Unit shall be responsible for controlling the implementation, development and fulfilment of the Crime Prevention Programme of the Company and of those companies of the Group that are not country subholding companies, head of business companies or companies in which they have a stake, and to supervise the implementation, development and fulfilment of similar programmes at the other companies of the Group, without prejudice to the responsibilities assigned to other bodies and divisions of the Company and, if applicable, to the administrative and management bodies of the country subholding companies and head of business companies of the Group.

For such purposes, the Compliance Unit shall have the power of initiative and control required to oversee the operation, effectiveness and observance of this Crime Prevention Policy, ensuring that the crime prevention programmes respond to the needs and circumstances of each of the companies of the Group at all times and that the disciplinary systems applicable in each case appropriately penalise the breach of the measures provided for in the programmes.

The foregoing is without prejudice to such bodies or units specifically focusing on the control of criminal or fraudulent activities as it may be necessary or advisable to create at other companies of the Group in order to comply with the industry-specific or national laws of the countries in which they carry out their activities, with which relations shall be established for coordination purposes as appropriate pursuant to the respective applicable law.

b) Evaluation
At least once per year, the Compliance Unit shall evaluate the observance and effectiveness of the Company's Crime Prevention Programme. At least once per year, the compliance divisions of the country subholding and head of business companies of the Group shall also evaluate the observance and effectiveness of their respective crime prevention programmes. In any event when significant violations of the programmes become evident or there are changes in the organisation, the structure of control or the activities carried out by the companies of the Group, there shall be an assessment as to whether a modification thereof is appropriate.

c) Review
The Sustainable Development Committee shall periodically review the Crime Prevention Policy and shall propose to the Board of Directors those amendments and updates that contribute to the development and ongoing improvement thereof, taking into account any suggestions or proposals made by the Compliance Unit or the professionals of the Group.

This Crime Prevention Policy was initially approved by the Board of Directors on 14 December 2010 and was last amended on 24 April 2019.

Download the policy in pdf. [PDF]