36

into place new controls or mitigate impacts. The risks are frequently re-assessed to verify

whether they are effectively controlled.

iii.

Compliance: the Atresmedia Group has defined a Regulatory Compliance System that

ensures compliance with all regulations, both internal and external.

The System supervises compliance with such regulations through specific controls.

iv.

Processes: the main processes and sub-processes of the different businesses of the

Atresmedia Group are defined to identify the risks that have the greatest impact on one or

another business process, the existing controls and the improvement requirements for each

of the processes and sub-processes identified.

v.

Organisation: the risks and controls affecting the whole Group have been defined, together

with the risks and controls that exclusively affect certain organisational units. The heads of

each organisational unit monitor the risks and controls specific to their organisation.

Further information on the Company's Risk Management and Control System is provided in the

appendix to section H of this report.

With regard to tax risks, aside from the controls inherent in the Risk Management and Control

System, in 2015, a Corporate Fiscal Policy was approved by the Board of Directors, subject to the

review and approval of the Regulatory Compliance Committee and the Audit and Control

Committee, which regulates the basic principles that govern Atresmedia’s corporate fiscal policy, as

well as the best practices applied in relation to all tax matters. These are summarised through

compliance with all applicable regulations, collaboration with the tax authorities when required and

by avoiding opaque structures and operations and in tax havens.

Likewise, a Procedural Protocol regarding Particularly Significant Tax Transactions was approved by

the Regulatory Compliance Committee and duly notified to the Audit and Control Committee. This

Protocol defines the specific procedure that must be followed with respect to the transactions that,

due to their type and/or amount, require an additional, itemised analysis by the Tax Area.

E.2.

Identify the Company bodies responsible for preparing and implementing the Risk Management

System, including the control of tax contingencies:

The Risk Management and Control System is a corporate system in which the whole of the

Atresmedia Group participates with different levels of responsibility and participation therein.

Through control assessments, all organisational and business units are actively involved in the

System.

Atresmedia's main responsibilities relating to the Risk Management and Control System are

summarised as follows:

BUSINESS UNITS AND CORPORATE UNITS:

Control, assessment and supervision heads

Bound to comply with regulations: external and internal (policies, regulations and procedures).

FINANCIAL DIVISION:



Head of most of the financial controls and of the Internal Control over Financial Reporting

(ICFR) System.



Compliance with policies and rules related with budgets, accounts, financial statements and

financial reporting.



Head of the controls corresponding to the tax risks.

LEGAL ADVISORY SERVICES/SECRETARY TO THE BOARD OF DIRECTORS:



Head of most of the regulatory compliance and Corporate Governance controls.

REGULATORY COMPLIANCE COMMITTEE:



Collective body that monitors the Group's regulatory compliance.



Tasked with monitoring the Code of Conduct, the Queries and Whistleblower Channel and

the Internal Securities Market Regulations.

CRIMINAL COMPLIANCE HEAD



Responsible for the implementation and monitoring of the Group’s Criminal Compliance

System.