REPORT ON ETHICS
COMPLIANCE
2
1. CREATION Of fuNCTIONAL PROgRAM
3
2. AudIT COMMITTEE ANd BOARd INTERACTIONS
3
Compliance-related training and corporate governance actions taken by the Iberdrola Renewables Board of directors
and ACC. 3
Board Training 4
3. MEET PERIOdICALLy wITH MANAgEMENT ON COMPLIANCE ACTIvITIES
4
4. dETERMINATION Of HIgH RISk AREAS
4
Annual fraud Risk Assessment 4
Criminal Risk Assessment 4
5. BACkgROuNd CHECkS
4
6. SuMMARy Of HELPLINE ACTIvITIES
4
7. ANNuAL CONfLICT Of INTEREST SuRvEy ANd COMPLIANCE STATEMENT
5
8. EMPLOyEE TRAININg
5
9. COMMuNICATIONS
5
REPORT ON ETHICS COMPLIANCE
This report describes actions taken by the Iberdrola Renewables (the “Company” or “IBR”) Compliance Unit and management in connection with delivering the Company’s Ethics and Compliance Program for 2014. The Compliance Plan was approved in the first quarter of 2014 by the Audit and Compliance Committee of the Iberdrola Renewables Board of Directors (the “ACC”). This report is made annually pursuant to the Compliance Unit Regulations adopted by the Company’s Board of Directors during 2013
Based on the overall results of this Compliance Plan and other compliance-related initiatives taken by the Company in 2014, including, without limitation, those reflected in this report, the Iberdrola Renewables Chief Compliance Office (CCO) certified to the Iberdrola Renewables ACC, at its January 2015 meeting, that the Compliance Program is effective and complies in all material respects with applicable legal and regulatory requirements. The following is a summary of the main actions taken in 2014 that support the certification made by the Chief Compliance Officer of Iberdrola Renewables.
To ensure that compliance addresses the key aspects of the Federal Sentencing Guidelines, the 2014 Compliance Plan that was approved by the Iberdrola Renewables Audit Committee contained the following key activities:
• Deliver training to the IBR Board of Directors on recent developments within the Company’s compliance program; • Meet periodically with the IBR management teams responsible for areas of greatest compliance risk;
• Co-ordinate an IBR business compliance risk assessment process and support the implementation of the crime prevention program; • Develop a compliance protocol and address reports, or actual violations regarding ethical and compliance related procedures;
• Ensure background checks are completed for each new hire and modify procedures in order that promotions to director and above also get re-screened;
• Submit annual compliance report to Iberdrola Renewables ACC and Board; and • Meet at least twice a year with ACC to report activities.
The following pages of this report summarize how the Iberdrola Renewables Compliance Unit has met these goals during 2014.
1. CREATION Of fuNCTIONAL PROgRAM
Early in 2014, in conjunction with the establishment of the Chief Compliance Officer role, a compliance program and plan was put in place for Iberdrola Renewables that supported the goals and objectives of Iberdrola USA Compliance program and started to align compliance processes between the Renewables, Liberalized gas and Networks businesses. Ongoing meetings, communications and reporting have occurred during the year. During December 2014, to further formalize the compliance activities and relationships between the Holdco and the subsidiaries, the three businesses formally adopted the Co-ordination and Information protocol of the USA compliance unit.
2. AudIT COMMITTEE ANd BOARd INTERACTIONS
During the first quarter of 2014, the ACC received a presentation of the 2014 Iberdrola Renewables Budget and Compliance Plan. This was subsequently approved by the Iberdrola Board.
Compliance-related training and corporate governance actions taken by the Iberdrola Renewables Board of directors and ACC. The Iberdrola Renewables Board of Directors and the ACC approved a number of new or amended policies, codes, and procedures in 2014 in support of the Compliance Program, including, without limitation, the following:
• Appointment of Chief Compliance Officer (January 2014) • Anticorruption Protocols (January 2014)
• Procedure for conflicts of interest and related party transactions (January 2014) • Sustainability Policy (January 2014)
• Code of Ethics (January 2014) • Procurement Policy (January 2014) • Corporate Security Policy (January 2014) • Environmental Policy (January 2014)
• Occupational Risks Prevention Policy (January 2014) • Approval of Compliance Budget (April 2014)
• General Risk Control and Management Policy (April 2014)
Board Training
In line with the 2014 Compliance Plan, the Iberdrola Renewables Board received training from the Chief Compliance Officer and the General Counsel. Topics covered included the Board’s responsibility with respect to compliance under the framework established by the Federal Sentencing Guidelines, the structure of how compliance is managed and tone at the top. Additional training was provided by the General Counsel on other areas of legal compliance.
3. MEET PERIOdICALLy wITH MANAgEMENT ON COMPLIANCE ACTIvITIES
In summary, the compliance office operates an “open door” policy for employees and managers to come and discuss compliance related matters. Ongoing discussions occurred during the year on high risk areas. From a formal review perspective, Iberdrola Renewables operates a number of compliance forums with the consolidated executive meeting being the Senior Management Compliance Council (“SMCC”).
The principal purpose of the SMCC is to serve as an active forum for senior managers of the Company, and for the Chief Compliance Officer, to discuss oversight and coordination of, and key issues, policies and developments relating to the Company’s compliance activities. These include, but are not limited to (1) compliance with the laws and regulations relating to its various business activities, internal codes of conduct and (2) identifying and evaluating, on an ongoing basis, material compliance risks facing the Company.
The SMCC was initially established by the Chief Executive Officer of the Company. Recently the governance structure, in connection with the establishment of the Compliance Unit, was modified to move the Chairman role from the Chief Risk Officer to the Chief Compliance Officer. As a fixed agenda item of the meeting, the Chief Compliance Officer has accountability to update the members of the SMCC on progress relating to delivery of the Company’s ethics compliance program. The members of the SMCC, in turn, are expected to assist the Chief Compliance Officer in developing, reviewing and implementing all aspects of, the Company’s broader compliance plans.
The SMCC met quarterly during 2014 and actively discussed compliance issues mainly related to energy and NERC issues. The modification to the charter meant that other compliance areas such as Renewable Operations health and safety were also discussed.
In summary, the SMCC is a vital tool in helping deliver the Compliance Plan objective around managing high risk compliance areas during the year.
4. dETERMINATION Of HIgH RISk AREAS
During the first quarter of 2014, Iberdrola Renewables, as part of a Group exercise, completed a compliance risk map that attempted to look at
“Any situation, act or omission than can expose Iberdrola to a potential negative impact as a result of non- compliance of applicable laws/regulations.”
From this exercise a number of areas were highlighted as requiring particular compliance emphasis given the Company’s operational and business footprint and the potential impacts of noncompliance.
For each area a risk and controls assessment was undertaken and this has been shared and agreed with the accountable management teams. Annual fraud Risk Assessment
The Compliance Function oversaw the annual fraud risk assessment this year, a process that had been traditionally managed by internal audit. This review is part of a global fraud risk assessment undertaken by Iberdrola S.A.’s Compliance Unit. Questionnaires were distributed to key executives and completed during the last quarter of 2014. An analysis was performed of the data collected including a top ten list of risks based on management’s perception of a number of potential fraud and corruption areas. The conclusion was that, due to the current controls in place, there was limited perceived fraud risk within the renewables area.
Criminal Risk Assessment
At the beginning of 2014, the Compliance Unit requested Legal Services assist in the preparation of a Criminal Risk Map and analysis of Criminal Prevention practices in order to establish a formal Crime Prevention Program.
During June 2014, the Iberdrola Renewables Chief Compliance Officer adopted a business-specific Legal Risk Map and an annual certification as part of the Iberdrola Renewables Crime Prevention Program. This was presented to the Iberdrola Renewables ACC and Board in July 2014.
Following its adoption, an associated certification process has been put in place similar to that utilized for the internal business and financial controls processes. This certification process means that accountable managers within the organization have to certify that applicable laws have been identified and that controls designed to ensure compliance have been implemented. Ultimately, the intention is that these certificates are used by the Chief Compliance Officer to support the annual certification to the Audit and Compliance Committee of the Board of Directors that the Company’s compliance program is effective and complies with applicable legal and regulatory requirements.
5. BACkgROuNd CHECkS
Pursuant to Company policy, all prospective employees are subject to a criminal background check prior to being hired. To align policies across Iberdrola USA, during 2014, Iberdrola Renewables expanded this control to include persons promoted or hired into a Director-level or higher. Such persons are considered by to be “substantial authority personnel” under the U.S. Federal Sentencing Guidelines.
6. SuMMARy Of HELPLINE ACTIvITIES
The company has a number of methods that employees and other stakeholders can utilize to voice concerns related to ethical issues. One of the key ones is the ability to raise issues anonymously. Iberdrola Renewables utilizes an external independent company to manage help line activities. The
REPORT ON ETHICS COMPLIANCE
Chief Compliance office is accountable for managing the resolution of inquiries, should they occur. During the year, the Compliance Unit received the support necessary from Company management to resolve any issues that arose.
7. ANNuAL CONfLICT Of INTEREST SuRvEy ANd COMPLIANCE STATEMENT
To align practices with Iberdrola USA networks, the Renewables Business is in the process of adopting the annual conflict of interest survey and compliance statement for directors and above.
The intention is that responses to each question will be reviewed by the CCO to identify potential conflicts of interest and other compliance issues. At the end of the Survey, respondents will be required to execute a statement confirming their obligation as managers to comply with the Code of Ethics.
8. EMPLOyEE TRAININg
Compliance related training programs are a key aspect of ongoing compliance activities. Training remains one of the most important controls in ensuring the company remains in compliance with laws and regulations. In summary, and excluding areas of operational training, some of the key areas that employees received training in included:
• NERC and Cybersecurity
• Fraud Awareness • Red Book • Ethical Compliance • Harassment • Supervisor Harassment • Diversity
• Drug and Alcohol Abuse • Dodd Frank Trade Options • Energy Compliance
• FERC 741
• Civil Perjury
• Information Management
9. COMMuNICATIONS
Along with training, communications remains a key method of compliance reinforcement with employees. During 2014, along there were a number of communications to employees that included:
• Recognition that the company had received an Ethisphere Group Compliance Award; • A poster circulated to all company sites highlighting the importance of ethics; and
• NERC and other cyber security updates; including posters, electronic briefings and inclusion in the company “Plugged in” magazine. Specifically related to compliance a number of all employee emails were sent out in 2014 including:
• Modification to the behaviors to include compliance within the leadership model; • Consideration of Ethics before receiving a gift;
• Importance of taking code of ethics training; • Respect and Professionalism in the workplace; • Political Campaigns in the workplace;
• Vendor invitations : when to accept and how to avoid trouble; • Your role in ensuring ethical conduct in the workplace; and • Video message “Leading with Integrity”.
Energy Related Communication
Specifically related to energy management, the legal and compliance team send out updates and, where appropriate, hold in-person briefing sessions on any relevant information received regarding agencies such as FERC, CFTC, CAISO. These are issued to all relevant employees in the energy area and include information on industry rulings or potential/actual violations so that the company can stay current on understanding modifications or interpretations of the law.
