55 ReSPOnSIBLe BUSIneSS MAnAGeMenT54 ReSPOnSIBLe BUSIneSS MAnAGeMenT MONCLER GROUP 2023

company s assets and compromise the value of the Moncler and Stone Island brands or the companies reputation. The Model is in- tegrated and functional in the relevant decision-making processes as well as in the development of products and services.

The risks identified may be internal or external to the Group. In par- ticular, external risks of this latter kind are linked to the industry and market context, as well as to the perception of all stakeholders of the Group s way of operating. The enterprise Risk Management model classifies risks into four categories:

Strategic Risk; Business Risk; Compliance Risk; Financial Risks.

Strategic risks may refer to changes in the business or the inad- equate response to changes in the competitive scenario and the Company s business development activities. Sustainability risks may also be included in this category.

Business risks are those related to the sector in which the Group operates, the business operations, the organisational structure, information systems and Group s control and reporting processes.

Compliance risks, in general, are those related to non-com- pliance, in the conduct of the business, with applicable national and international laws and regulations, to business activity, as well as to the Code of ethics and internal procedures.

Financial risks are those related to the Group s financial management, specifically related to the risk of: liquidity, currencies, rates interest and financial counterparties for financial and com- mercial transactions.

In the case of internal risks, the aim of the eRM model is to manage risk through specific prevention and control systems in- corporated into the corporate processes, aimed at avoiding or transferring the risk, reducing the probability of occurrence or, in the event of occurrence, containing its impact. In the case of exter- nal risks, the aim of the eRM model is to monitor risks and mitigate the impact if such risks occur, for example through insurance pol- icies on which the Group relies for risks that have a significant im- pact on operating processes.

The main risks are identified following an analysis of the con- text in which the Group operates and the results of the materiality analysis. Risk assessment considers four dimensions: the impact that a risk could have on the organisation if it materialises; the likelihood that the risk occurs; the speed at which a risk could spread across the organisation if it occurs; and the interconnection of a risk with oth- er risks. The analyses are conducted using quantitative and qualita- tive methods according to the type of event. The assessment makes it possible to estimate the likelihood of occurrence and impact. Risks are then classified on a four-level scale and thus prioritised on the ba- sis of the risk appetite. In particular, the procedures governing the risk management system include a description of the Group s risk appe- tite for each macro-category. Lastly, the Risk Register contains a de- scription of the mitigation actions formulated by the Group to limit the possible impacts of each risk identified and assessed.

The quantitative analysis performed on the most significant risks (of both a financial and non-financial nature) considers multi- ple scenarios in terms of potential lost revenue and reduced mar- gins and assesses the potential effects for each of the scenarios considered using stress tests and sensitivity analyses. The scenar- ios are then placed on likelihood curves and combined using sta- tistical and mathematical models. These analyses provide an initial quantification of the Group s exposure to certain risk scenarios, in- cluding pandemic events, catastrophic natural events, credit risk and production stop.

during the risk assessment activity, conducted at least ev- ery six months, all risks and risk owners responsible for managing the risk and the related control system, as well as the implementa- tion or improvement of mitigation actions, are identified, in line with the Group s risk appetite, approved by the Board of directors. The risks, the assessment of the internal control system covering them and the related mitigation actions are included in the Risk Register, which is periodically updated in collaboration with the operational risk owners on the basis of an annual plan approved by the Board of directors with the support of the Control, Risks and Sustainabili-

ty Committee. The proposed plan is periodically updated to include any new elements of risk and/or to reflect a possible increase in the likelihood or impact of occurrence.

The Moncler Group s eRM model involves the following bodies: the Board of directors, which sets the guidelines and assess-

es the adequacy of the internal control and risk management system;

the Control, Risks and Sustainability Committee, which sup- ports the assessments and decisions of the Board of direc- tors relating to the risk management system with adequate investigations and proposals;

the director in charge for the Internal Control and Risk Man- agement System, responsible for establishing and maintain- ing an effective internal control and risk management system and implementing the guidelines set by the Board of direc- tors together with the Control, Risks and Sustainability Com- mittee;

the head of the Group Internal Audit, responsible for verifying that the internal control and risk management system is func- tional and adequate;

the Risk Manager, responsible for coordinating the enterprise risk management activities;

the Board of Statutory Auditors, which monitors the effec- tiveness of the internal control and risk management system.

The eRM model is also included in the individual employee perfor- mance review process, with indicators that correlate to the effec- tiveness of the risk management measures specific to each area of competency.

The methodology underlying the eRM model continued to be updated in 2023. In particular, the focus was on revising the risk appetite rating scale and refining the quantitative multi-scenario methodology for measuring the main risks reported.

In addition, during the year, it continued the integration of the eRM model with climate change risks according to the areas de- fined by the recommendations of the Task Force on Climate-relat- ed Financial Disclosures (TCFd) of the Financial Stability Board.

The results of eRM activities and risk management process- es in general are presented to the Control, Risks and Sustainabili- ty Committee and the Board of directors at least every six months, as an integral part of the report by the head of Internal Audit on the functioning and adequacy of the internal control and risk manage- ment system.

SOCIAL RISKS Concerning people, among the main risks relating to human re- sources management the Group has identified the potential risks of reliance on key people and the difficulty in retaining and developing talent. To address these risks, a performance evaluation system has been implemented, covering the entire corporate population and taking into account both soft skills and technical skills. This sys- tem enhances and develops individual skills in the medium-to-long term, defines succession plans and nurtures the best talents. In ad- dition, the Group has developed a medium-to-long-term incentive plan specifically aimed at managers and key roles in order to pro- mote their retention. See also pages 97-100; 100-102; 103-104.

The risk of human rights violation against employees of Group companies is considered at the theoretical risk level, due to the protections provided by the various laws and/or collective la- bour agreements, the working standards and de&I principles set out in the Moncler and Stone Island Codes of ethics, the Human Rights Policy issued in 2023 as an integral part of the Code of eth- ics and, above all, the oversight activities carried out at corporate sites. Since 2022, to continue to ensure equal opportunities in the personnel selection and recruitment and to promote diversity and an environment that is increasingly inclusive right from the candi- date experience phase, the Group updated the Personnel search and selection Policy. See also pages 95; 105-107. The Group has always encouraged reporting witnessed or suffered misconduct to the manager or the Human Resources team. The Group has al- so implemented a system of rules and a whistleblowing process for reporting irregularities, also in anonymous form, offences and vio-

ENVIRONMENTAL, SOCIAL AND COMPLIANCE RISKS