As a corollary to the Code of Ethics, which defines the values, principles and rules of conduct that the Poste Italiane Group intends to pursue, the Company has adopted an Integrated Policy of Poste Italiane Group, which reflects and documents the commitment made to all its stakeholders, to improve its performance and, at the same time, build and develop relationships of trust with them within a path of generation and sharing of value for the Company as well as for the communities in which it operates, with a view to continuity and conciliation of the related interests.
The document was first approved by the Board of Directors on 7 November 2018 for the purpose of implementing the Integrated Management System, subsequently updated on 14 October 2021 for the integration of the Compliance Management System and last approved on 21 February 2025 in order to standardise and align the contents to each certificate achieved.
With the definition of this document, Poste Italiane intends to guarantee the effectiveness and efficiency of processes, activities and resources and to this end considers it essential for the development of its activities:
• compliance with internal and external, voluntary and mandatory regulations relating to the Compliance Management System according to ISO 37301;
• quality of its processes and related services relating to the Quality Management System according to ISO 9001;
• health and safety of workers related to the Health and Safety Management System in the Workplaces according to ISO 45001;
• environmentally responsible conduct related to the Environmental Management System according to ISO 14001;
• prevention of corruption related to the Anti-bribery Management System according to ISO 37001;
• information security and personal data protection related to the Information Security Management System and ICT services according to ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and ISO 20000-1 standards.
This approach is consistent not only with the fundamental corporate values of Poste Italiane, but with the strategic lines of business and with the Group's sustainability strategy, integrating the principles and rules of the different Management Systems mentioned, to guarantee a unified Governance of the same.
With specific reference to the prevention of corruption (ISO 37001), the Policy describes the prohibited behaviours, the general principles to which the Poste Italiane Group undertakes to adapt in carrying out all its activities and the specific principles of conduct for activities more sensitive to corruption risk; such as relations with the Public Administration, relations with political and trade union associations and organisations, relations with suppliers and partners, gifts, gifts or other benefits of any kind, as well as facilitation payments, liberal disbursements and sponsorships, selection and hiring of personnel, mergers, acquisitions and relevant investments.
With reference to Compliance Management (ISO 37301), the Policy ensures continuous monitoring of applicable mandatory and voluntary regulatory developments, preventing violations thereof and supporting timely adjustments of business processes to changes in applicable provisions, also through the establishment of appropriate controls to identify potential critical issues.
With regard to quality issues (ISO 9001), the Document undertakes to pursue relationships of trust with customers, maintaining adequate performance and services offered, within the defined timeframe.
With regard to the prevention of occupational risks (ISO 45001), the Policy guarantees safe working conditions, disseminating in the Company a safety culture that involves continuous attention to the implementation of the prevention and protection measures envisaged.
With reference to environmental protection (ISO 14001), the Document establishes the commitment to the management and prevention of environmental risks through timely planning of activities, minimising energy and water consumption, as well as reducing waste production.
With regard to the security of information and ICT systems (ISO 27001 and ISO 20000-1), the Policy guarantees the containment, within limits deemed acceptable, of the risk of compromising the confidentiality, integrity and availability of information, also through the development of a supporting technological infrastructure that guarantees compliance with the reference standards over time.
The Policy applies to Poste Italiane S.p.A. and the subsidiaries that implement it, making it a reference for the implementation of their general principles and specific issues.
Breach Reporting System
In addition, Poste Italiane has set up a reporting system and an Ethics Committee with the task of managing reports and violations. In this regard, the Group has introduced the “Guideline on Whistleblowing”, a document aimed at regulating the process through which reports can be made by personnel and third parties, with reference to acts or facts referable to violations of internal and/or external regulations, as well as illegal or fraudulent conduct that may determine, directly or indirectly, a financial or image damage for the Company.
The Group has made a reference portal available to the recipients of the Guideline, the management of which is entrusted to the Whistleblowing Committee, which also performs the functions of the Ethics Committee and is responsible for receiving, examining and evaluating the communications received.
The Whistleblowing Committee envisages the assignment of the role of Chairman to an external professional with high requirements of professionalism, honourableness and independence and the permanent presence of the Group Risk and Compliance structure/Presidium 231, in order to ensure a constant assessment of the relevance of the reports received.
Poste Italiane and the Guardia di Finanza
The historic collaboration with the Guardia di Finanza and the protocol signed provide even more effective and up-to-date tools to combat any abuse and offer a concrete contribution to the development of the country.
The Memorandum of Understanding with the Guardia di Finanza consolidates the rooting of company rules and regulations in processes, through the increasingly widespread dissemination of the principles of legality and transparency in the market and the prevention of financial crimes.
In particular, within the framework of the Protocol, the shared objectives are the fight against tax evasion, avoidance and fraud, public spending offences, economic and financial crime, money laundering, counterfeiting and fraud concerning payment systems.
The Protocol also establishes that Poste Italiane supports the work of prevention and combating by sharing with the Guardia di Finanza its information assets against offences in areas of institutional interest carried out also by exploiting technological and IT means.
Under the agreement, Poste Italiane makes the data in the “Identity Check” system available to the Guardia di Finanza, useful for investigations to prevent and repress fraud and any other economic-financial crime.
Finally, the Protocol establishes periodic meetings to verify the progress of collaboration and share information on new fraud scenarios and initiatives to be implemented.
Integrated Policy of Poste Italiane Group
The document was first approved by the Board of Directors on 7 November 2018 for the purpose of implementing the Integrated Management System, subsequently updated on 14 October 2021 for the integration of the Compliance Management System and last approved on 21 February 2025 in order to standardise and align the contents to each certificate achieved.
With the definition of this document, Poste Italiane intends to guarantee the effectiveness and efficiency of processes, activities and resources and to this end considers it essential for the development of its activities:
• compliance with internal and external, voluntary and mandatory regulations relating to the Compliance Management System according to ISO 37301;
• quality of its processes and related services relating to the Quality Management System according to ISO 9001;
• health and safety of workers related to the Health and Safety Management System in the Workplaces according to ISO 45001;
• environmentally responsible conduct related to the Environmental Management System according to ISO 14001;
• prevention of corruption related to the Anti-bribery Management System according to ISO 37001;
• information security and personal data protection related to the Information Security Management System and ICT services according to ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and ISO 20000-1 standards.
This approach is consistent not only with the fundamental corporate values of Poste Italiane, but with the strategic lines of business and with the Group's sustainability strategy, integrating the principles and rules of the different Management Systems mentioned, to guarantee a unified Governance of the same.
With specific reference to the prevention of corruption (ISO 37001), the Policy describes the prohibited behaviours, the general principles to which the Poste Italiane Group undertakes to adapt in carrying out all its activities and the specific principles of conduct for activities more sensitive to corruption risk; such as relations with the Public Administration, relations with political and trade union associations and organisations, relations with suppliers and partners, gifts, gifts or other benefits of any kind, as well as facilitation payments, liberal disbursements and sponsorships, selection and hiring of personnel, mergers, acquisitions and relevant investments.
With reference to Compliance Management (ISO 37301), the Policy ensures continuous monitoring of applicable mandatory and voluntary regulatory developments, preventing violations thereof and supporting timely adjustments of business processes to changes in applicable provisions, also through the establishment of appropriate controls to identify potential critical issues.
With regard to quality issues (ISO 9001), the Document undertakes to pursue relationships of trust with customers, maintaining adequate performance and services offered, within the defined timeframe.
With regard to the prevention of occupational risks (ISO 45001), the Policy guarantees safe working conditions, disseminating in the Company a safety culture that involves continuous attention to the implementation of the prevention and protection measures envisaged.
With reference to environmental protection (ISO 14001), the Document establishes the commitment to the management and prevention of environmental risks through timely planning of activities, minimising energy and water consumption, as well as reducing waste production.
With regard to the security of information and ICT systems (ISO 27001 and ISO 20000-1), the Policy guarantees the containment, within limits deemed acceptable, of the risk of compromising the confidentiality, integrity and availability of information, also through the development of a supporting technological infrastructure that guarantees compliance with the reference standards over time.
The Policy applies to Poste Italiane S.p.A. and the subsidiaries that implement it, making it a reference for the implementation of their general principles and specific issues.
Breach Reporting System
In addition, Poste Italiane has set up a reporting system and an Ethics Committee with the task of managing reports and violations. In this regard, the Group has introduced the “Guideline on Whistleblowing”, a document aimed at regulating the process through which reports can be made by personnel and third parties, with reference to acts or facts referable to violations of internal and/or external regulations, as well as illegal or fraudulent conduct that may determine, directly or indirectly, a financial or image damage for the Company.
The Group has made a reference portal available to the recipients of the Guideline, the management of which is entrusted to the Whistleblowing Committee, which also performs the functions of the Ethics Committee and is responsible for receiving, examining and evaluating the communications received.
The Whistleblowing Committee envisages the assignment of the role of Chairman to an external professional with high requirements of professionalism, honourableness and independence and the permanent presence of the Group Risk and Compliance structure/Presidium 231, in order to ensure a constant assessment of the relevance of the reports received.
Poste Italiane and the Guardia di Finanza
The historic collaboration with the Guardia di Finanza and the protocol signed provide even more effective and up-to-date tools to combat any abuse and offer a concrete contribution to the development of the country.
The Memorandum of Understanding with the Guardia di Finanza consolidates the rooting of company rules and regulations in processes, through the increasingly widespread dissemination of the principles of legality and transparency in the market and the prevention of financial crimes.
In particular, within the framework of the Protocol, the shared objectives are the fight against tax evasion, avoidance and fraud, public spending offences, economic and financial crime, money laundering, counterfeiting and fraud concerning payment systems.
The Protocol also establishes that Poste Italiane supports the work of prevention and combating by sharing with the Guardia di Finanza its information assets against offences in areas of institutional interest carried out also by exploiting technological and IT means.
Under the agreement, Poste Italiane makes the data in the “Identity Check” system available to the Guardia di Finanza, useful for investigations to prevent and repress fraud and any other economic-financial crime.
Finally, the Protocol establishes periodic meetings to verify the progress of collaboration and share information on new fraud scenarios and initiatives to be implemented.
Integrated Policy of Poste Italiane Group