Integrity is one of Ferrovial’s foundational values, which are summarized in the Code of Business Ethics, the cornerstone of the Compliance Program.
The Code is implemented through policies and procedures that contribute to guiding the way of working and interacting with the environment and reflects Ferrovial’s commitment to three core principles: integrity, compliance with the law and respect for human rights.
The Board of Directors of Ferrovial is the guarantor of the Compliance Program, whose supervision is entrusted to the Audit and Control Committee, which is periodically informed of these matters by the Director of Compliance and Risks, who reports to the Chairman.
Ferrovial’s growing international presence has determined the transformation of its Compliance Program to align with international best practices, establishing a common process of evaluation, monitoring and control of compliance risks under the principle of “zero tolerance” towards the commission of criminal acts and, in particular, against any form of corruption.
The Compliance Program is described in the Compliance Policy* and its mission is to contribute to the sustainability and reputation of Ferrovial, promoting observance with all applicable laws and the Code of Ethics, based on an effective risk management system. The policy develops the phases of the Compliance Program and establishes the competencies of its governing bodies and those of its employees.
Likewise, the Compliance Program includes a Crime Prevention Model aimed at preventing or significantly reducing the risks of committing criminal acts, especially, those involving the legal entity’s criminal liability.
It is also noteworthy that in 2019 Ferrovial, S.A. obtained from AENOR (Spanish Association for Standardization and Certification) the certification of its Crime Prevention Model in accordance with the reference standards UNE 19601 “Crime Compliance Management Systems” and UNE-ISO 37001 “Anti-Bribery Management Systems”. In 2020 and 2021 both compliance certifications have been renewed by AENOR. The Compliance Program also includes a Tax Compliance Model certified in 2021 in accordance with UNE 19602.
Ferrovial conducts an annual risk assessment according to the nature of the Group’s activities, which is updated when regulatory, organizational or other changes make it advisable. Risks are assessed in line with international best practices and prioritized by their potential impact and probability of occurrence. The results of the risk assessments, the measures implemented for their mitigation and the proposals for continuous improvement are reported to the Audit and Control Committee and the Board of Directors.
Ferrovial employees and collaborators must know and comply with the principles and commitments stated in the Code of Business Ethics and the policies that develop it. The Compliance and Risk Department, with the support of other company resources, designs and implements a training and communication plan, periodically evaluating its effectiveness.
Ferrovial’s Anti-corruption Policy establishes standards for the behavior of Ferrovial’s employees, directors and managing directors, as well as third-parties with whom they have dealings, under the principle of “zero tolerance” for any practice that could be considered corruption or bribery. The policy requires compliance with all applicable anti-corruption laws and urges the reporting of any violation of their content.
Ferrovial demands behavior in accordance with the highest ethical standards not only from its employees, directors and managing directors, but also from the third parties with which the company interacts. Therefore, key policies and procedures have been updated, such as the Third Party Ethical Integrity Due Diligence Policy, the Suppliers Ethical Integrity Due Diligence Procedure, the Suppliers Code of Ethics, the Gifts and Hospitality Expenses Policy, the Lobbying and Political Contributions Policy and the Procedure for the Approval and Monitoring of Sponsorship, Patronage and Donation Projects.
In 2021, the online training plan on the Code of Business Ethics and Compliance Policy (Prohibited Conduct) has continued and the anti-corruption courses have been rolled out. These were designed according to the level of exposure to the risk of certain groups, including the Management Committee. The Compliance Boot Camp, held in 2020 in the United States, has also been adapted to an online format. The training volume of these courses amounted to 5,361 hours, totaling 10,765 hours in the last two years.
In 2021, a course on Data Protection has been deployed, focused mainly on the General Data Protection Regulation (GDPR).
In addition, short and frequent communication campaigns, called “Did you know?”, have been carried out on relevant aspects of the Compliance policies.
*Available at www.ferrovial.com
Ferrovial’s Code of Business Ethics makes it mandatory to report any breach of legislation or internal policies. The Policy of the Ethics Channel and Management of Queries, Complaints and Reports Policy assigns roles and responsibilities and establishes the principles for diligent and responsible management of the different queries, doubts or complaints raised by any channel. The company promotes the use of the Ethics Channel, a confidential system that is accessible through telephone, mail, the intranet or the corporate website (www.ferrovial.com).
The Ethics Channel aims to facilitate the reporting of any possible irregular situation, breaches or behavior against ethics, legality and Ferrovial’s internal regulations.
The Policy of the Ethics Channel and Management of Queries, Complaints and Reports establishes a protocol for the treatment of all communications that may be received by any channel regarding possible irregularities, establishing responsibilities, deadlines and reporting obligations for the measures adopted. The Compliance and Risk Directorate is responsible for managing the Ethics Channel, with the support of Internal Audit for the analysis of high-priority communications.
During 2021**, 85 complaints were received through the corporate ethics mailbox, of which 50 were anonymous and 35 were identified.
All communications give rise to an investigation by the case handler, ensuring confidentiality, legal protection and absence of retaliations of any kind to the informants. The Compliance and Risk Department reports, on a quarterly basis to the Audit and Control Committee and annually to the Board of Directors, a detailed report of the communications received and the actions taken.
All communications have been investigated and resolved within an average of 67 days. A total of 22% of the complaints received were considered substantiated and appropriate corrective measures were adopted, in some cases imposing disciplinary sanctions and in others correcting deficiencies or revising the applicable internal procedures and regulations. In 2021, no case investigated has given rise to significant impacts for Ferrovial from a criminal, economic or reputational standpoint.
**Information for 2020 is available in the 2020 Integrated Annual Report, page 83.