Plan for the Prevention of Corruption Risks and Related Offenses

The National Anti-Corruption Strategy 2020–2024, approved by Council of Ministers Resolution No. 37/2021 of 6 April, as well as Decree-Law No. 109-E/2021 of 9 December, reinforced the need for the entities concerned to adopt and implement a Plan for the Prevention of Corruption Risks and Related Offenses (PPR), covering the entire organization and its activities, including management, administrative, operational, and support areas, and containing, in accordance with Article 6 of the Annex to this legal act:

• Identification, analysis, and classification of risks and situations that may expose the entity to acts of corruption and related offences, including those associated with the performance of duties by members of the governing bodies, taking into account the entity’s reality and the company’s geographical area of operation;

• Preventive and corrective measures to reduce the likelihood and impact of the identified risks and situations.

Also pursuant to the aforementioned article, the Plan must include:

• The business areas of the entity with a risk of acts of corruption and related offences;

• The probability of occurrence and the foreseeable impact of each situation, to allow for risk prioritisation;

• In situations of high or maximum risk, the most comprehensive preventive measures, with priority given to their implementation;

• The appointment of the person responsible for the implementation, monitoring, and review of the plan, who may also be the compliance officer.

In preparing this Plan, the directors/managers leading the organizational units of Ascendum were involved, both in identifying risks and related offences and in proposing preventive measures, so that the final document would reflect the realities of all areas and services.

It remains important to strengthen existing internal control mechanisms, to direct them towards the prevention of corruption and related offences, and to enhance the competencies of all employees in relation to this matter.

This Plan has the following main objectives:

• To raise awareness among Directors/Managers, Supervisors, and Employees regarding the issue of corruption and related offence risks;

• To identify the areas in which actions that constitute such situations may occur;

• To establish preventive procedures;

• To adjust, whenever necessary, the Internal Control System, highlighting the set of already defined Procedures and other Internal Control documents;

• To promote a closer alignment between the Management System and the Management of Corruption and Related Offences Risks.

This Plan applies to Ascendum in Portugal, which includes Ascendum Portugal, Ascendum Máquinas, Ascendum Camiões, and Ascendum Agro, and covers management, supervisors, employees, and collaborators (regardless of their contractual relationship), as well as volunteers and/or interns (paid or unpaid).

Ascendum is a multinational company with family roots. Founded in 1959, it has become one of the world’s largest distributors of Volvo Construction Equipment, among other OEM brands.

In 2024, Ascendum reached around 1.3 billion euros in turnover, resulting from its sales, rental, service, and parts supply activities for construction, infrastructure, industrial, agricultural equipment, and trucks.

Ascendum operates in 14 markets, providing global solutions that enable customers to achieve optimal equipment performance and operational efficiency, maximising uptime. With a legacy of more than 65 years of success, we are committed to innovation, service excellence, and the development of long-lasting relationships with our customers.

Today, the company employs more than 1,700 people worldwide and is a strong, geographically diversified business, operating in Portugal, Spain, USA, Turkey, Mexico, Austria, Hungary, Czech Republic, Croatia, Slovakia, Romania, Moldova, Slovenia, and Bosnia and Herzegovina.

To be one of the world’s largest distributors of machinery and equipment, providing global solutions for construction, infrastructure, industry, agriculture and trucks.

Ascendum Portugal aims to play a leading role in the markets where it operates, delivering the highest level of value and quality, while respecting ethical, cultural, social, and environmental values.

The methodology followed in identifying risks and defining actions is based on the approach already used by Ascendum to identify its risks within the scope of the Management System.

In this context, the following definitions apply:

Risk – an event, situation, or future circumstance with a probability of occurrence and potential positive or negative consequence for the achievement of the objectives of an organisational unit. In other words, risks correspond to “facts whose probability of occurrence and respective severity of consequences constitute management risks, including corruption and similar risks.”

Risk Management – a continuous process through which organisations systematically identify and analyse the risks inherent to their activities, with the aim of achieving a sustained advantage in each individual activity and across all activities, through control measures that allow identified risks to be mitigated and/or assumed.

Risk management involves a disciplined approach in several phases, namely:

• Risk Identification and Definition – This phase consists of recognising and classifying facts whose frequency/probability of occurrence and respective severity of consequences constitute management risks, including corruption and similar risks.

• Risk Analysis – To classify the risk according to criteria of frequency/probability and severity of occurrence, sets of criteria, measures, and actions are established, categorised according to whether the consequences are strategic or operational.

Risk Level (RL) – a combination of the degree of frequency/probability with the severity of the consequence of its occurrence, resulting in the ranking of the Risk.

Significance Level (SL) – Each identified risk must be assigned a ranking based on the assessment of probability and severity of occurrence, divided according to the type of consequences, whether strategic or operational, and determined based on the following criteria:

By combining both variables (severity and frequency), a risk matrix was developed, based on the above-mentioned levels, as illustrated in the figure below:

Any risk with an SL (Significance Level) equal to or lower than 4 is considered high. For these, risk control actions must be defined, and, whenever appropriate, established processes are reviewed in order to integrate ways of performing the service that reduce undesired effects.

The priority for action is defined according to the following criteria:

• Determined Significance Level

• Strategic decision of the company

• Degree of implementation of the actions (verified particularly during the monitoring phase and/or audits)

See here the action plan for risk mitigation

The Board has determined that annual monitoring of this Plan is necessary, given that we are in a stage of consolidating methodologies, which requires greater effort from everyone to properly implement and monitor the defined risk treatment measures.

It is the responsibility of the directors of each area to ensure the execution, implementation, and supervision of the proposed risk treatment measures for their unit, managing the necessary resources for their completion.

Monitoring of the Plan will take the form of an annual implementation report, to be prepared by the Compliance Officer (RCN), together with the remaining team designated for this purpose and each of the persons responsible for the defined measures. This report shall be sent, for approval, by the 15th day of March following the end of the year. The report must present the measures defined, the measures implemented, the degree of implementation, and, where not yet fully implemented, the expected date for full implementation.

If there are risks assessed as high or extreme, an interim report will be produced in October of each year, following the methodology described in the previous section.

The Compliance Officer must recommend updating the Plan whenever necessary in the Annual Implementation Report, taking into account the reviews and validations referred to.

Any manager, supervisor, or employee of ASCENDUM must report to the Compliance Officer any situations they consider relevant, so that the latter, together with whomever deemed necessary, can assess the need to recommend an update of the Plan.

RCN – Compliance Officer
PPR – Corruption and Related Offences Risk Prevention Plan