Compliance, ethics, risk, data protection and cyber security

These are the cornerstones of UCI's activity and thus they form part of our ESG (Environment, Social and Governance) Framework and the Sustainability Policy demonstrating our responsibility and commitment to an appropriate Governance strategy and to our values.

Our governance: a commitment to regulations and standards and interest groups.

As a company and a financial entity, we have a responsibility to society. Based on our slogan "We comply” we have drawn up a description of our corporate governance for efficient decision making. We incorporate transparency in the assignment of functions and responsibilities.

"In an uncertain economic and geopolitical atmosphere it is essential to ensure adequate management of the company. Our governance must be effective and adapted to both regulatory and supervisory requirements as well as committed to our interest groups".

Corporate Governance

One of our priorities is to strengthen the framework of corporate governance and ensure its effectiveness in fulfilling the terms of internal rules and standards and the pertinent regulations. In this regard, in 2022 the framework for policies and procedures was defined and updated, along with internal governance, in order to strengthen governance within our company.

Our Corporate Governance policy provides a framework that defines the company's “Governance, Risk Management and Compliance, (GRC)” strategy.

Corporate compliance and ethical culture

Compliance is key to our daily work, ensuring that we can provide legal security, and ensure ethical and professional best practices in the company.

Compliance culture is cross cutting and therefore it impacts the company at every level and is part of the daily life of our workforce. Implementing Compliance in the organisation is achieved on three levels, namely, prevention, detection and risk management, and it is implemented through the creation and development of specific programmes.

Responsible management of Service Providers

For adequate global management of our suppliers that is sustainable over time, at UCI we have created a new model that includes the following phases:

  • Knowledge of the supplier
  • Risk analysis and certification
  • Transparent conditions and no surprises
  • Evaluation, control and monitoring

Service Provider Assessment

Assessment of suppliers and /or externalised services is carried out by the supervisors associated with each of our processes.

• Service providers who come within the scope of ISO 9001 and/or ISO 14001 standards are assessed, for which purpose specific criteria and assessment methods have been established and documented in the corresponding procedures.

• In 2022, environmental aspects were incorporated in the annual quality evaluation, taking into consideration our "life cycle".

Privacy and Data protection

The main initiatives in this area focus on taking steps to ensure that all the company's information assets are duly protected, restricting their use to the purpose for which they are designated, and ensuring controlled access thereto, based on the terms of the UCI security guidelines.

Both our technical and organisational methods ensure confidentiality, integrity and availability of information in our data bases and corporate applications.

Data security

Cyber security and data security are an important part of UCI's strategies. Protection and privacy are critical to ensuring correct development of the business, controlling possible risks and vulnerabilities to which we may be exposed, so that our clients, investors and other interest groups can trust us implicitly.

UCI has obtained certification for information security with the ISO 27001 standard, attesting to the fact that at UCI we have an Information Security Management system in compliance with the UNEISO/IEC 27001:2017standard.

Risk management

Correct analysis, measurement and management that will contribute to the maintenance of adequate solvency and liquidity levels.

We have an integral process of risk management that includes efficient surveillance by the Board of Management and senior management, and implementation of different policies and procedures appropriate for identifying, quantifying, assessing, monitoring, informing and controlling or mitigating all the significant risks at the right time, and in order to assess the sufficiency of capital and liquidity in relation to the risk profile and the macroeconomic and market situation.