1. Introduction

Decree-Law No. 109-E/2021, of 9 December, established the National Anti-Corruption Mechanism (MENAC), which operates at a national level in the field of corruption prevention and related offenses, and approved the General Scheme for The Prevention of Corruption (RGPC).
According to the RGPC, corruption and related offenses include crimes of corruption, undue receipt and offering of advantages, embezzlement, economic participation in business, extortion, abuse of power, prevarication, influence peddling, money laundering, or fraud in obtaining or diverting subsidies, grants, or loans, as set forth in the Penal Code, annexed to Decree-Law No. 48/95, of 15 March, in its current wording, Law No. 34/87, of 16 July, in its current wording, the Military Justice Code, annexed to Law No. 100/2003, of 15 November, Law No. 50/2007, of 31 August, in its current wording, Law No. 20/2008, of 21 April, in its current wording, and Decree-Law No. 28/84, of 20 January, in its current wording.

The aforementioned RGPC, annexed to Decree-Law No. 109-E/2021, applies to Dimpomar - Rochas Portuguesas, Lda. (Dimpomar), as it is a company headquartered in Portugal that employs more than 50 workers. Accordingly, under this regulation, Dimpomar has adopted and implemented a compliance program that includes, at a minimum, a Plan for The Prevention of Risks of Corruption and Related Offences (Ppr), a Code of Conduct, a training program, and a whistleblowing channel, with the objective of preventing, detecting, and sanctioning acts of corruption and related offences committed against or through the entity.

The PPR serves as a crucial tool for internal risk control and management, specifically the management of the likelihood of events occurring that could impact the organization's objectives. It is designed to identify corruption and related risks, assess their probability of occurrence, and define the measures to be implemented to prevent them, as well as the corrective measures to be taken in the event of any occurrence.

In alignment with its operational principles, Dimpomar has developed this PPR, to identify and classify risks and situations that may expose the entity to acts of corruption and related offences. Furthermore, it establishes and implements a set of measures and procedures based on Dimpomar’s Code of Conduct, ensuring and demonstrating compliance with legal requirements and internal regulations.

This PPR has been drafted in accordance with Articles 5 and 6 of the General Scheme for The Prevention of Corruption (RGPC), annexed to Decree-Law No. 109-E/2021, and applies to the entire organization and activities of Dimpomar, including its management and leadership.

2. Identification and Characterization of the Entity

Dimpomar – Rochas Portuguesas, Lda. (Dimpomar) is a private limited company whose primary business activity consists of the manufacturing and sale of marble and similar stone products.

Founded in 1980, Dimpomar specializes in the processing of natural stone and similar products. The company is headquartered in Vila Viçosa, where its main factory and offices are located.

Dimpomar also operates another facility in Pêro Pinheiro, which includes a manufacturing unit and offices.

Currently, Dimpomar has a team of 77 employees and maintains the organizational structure presented in Figure 1.

Figure 1. Dimpomar's organizational structure.

3. Mission, Values, and Code of Conduct

Dimpomar has a Code of Conduct that embodies its mission and values, which define the company, and establishes rules that reinforce, develop, or complement them, setting the standard for the conduct expected from all employees. This document outlines the General Rules of Conduct, ensuring compliance with both legal requirements and the company's internal regulations.

4. Analysis and Identification of Corruption Risks and Related Offenses

The risks mentioned and addressed in this PPR pertain exclusively to practices of corruption and related offenses, in accordance with the typologies and sanctioning frameworks described in Annex I.

Under Article 6(2) of Decree-Law No. 109-E/2021, the PPR must include the areas of activity of the entity that are at risk of corruption and related offenses, as well as the likelihood of occurrence and the foreseeable impact of each situation, in order to facilitate risk grading. To meet this requirement, Dimpomar has implemented a methodology for identifying and assessing the risks associated with its activities, which was structured in three distinct phases:

1. Identification of activity areas at risk of engaging in corrupt practices and related offenses;
2. Identification of corruption risks and related offenses;
   However, it should be noted that not all of these situations are likely to result in criminal liability.
3. Risk assessment, based on the likelihood of occurrence and the potential impact on the company.
   The risk analysis methodology proposed by RGPC arises from the combination of the indicator "likelihood of risk occurrence" with the indicator "foreseeable impact of risk occurrence."

The risk matrix was defined using the following indicators:

- Likelihood of risk occurrence – primarily linked to the existence of preventive measures and the historical effectiveness of those measures; it is considered that it can be measured using a scale with three levels – low, medium, and high (Table 1).

Table 1. Risk classification based on the probability of occurrence.

- Predictable impact of risk occurrence – associated with the potential effects resulting from the realization of actions that are intended to be prevented, and related to the degree of exposure to third parties within the area where the risk is identified. This impact is considered measurable on a scale with three levels – low, medium, and high (Table 2).

Table 2. Risk classification based on the predictable impact resulting from its occurrence.

After assessing the probability of occurrence and the predictable impact of each risk, the risk level is classified based on the combination presented in the analysis matrix below (Table 3).

Table 3. Risk level assessment matrix.

In identifying situations that may give rise to corruption risks and related offenses, the risks were assessed based on their severity and potential likelihood of occurrence, regardless of whether they have materialized, as the primary goal is to prevent them. In light of Dimpomar's activities, the company’s activities that could lead to corruption risks and related offenses are outlined in Annex III, along with their classification according to the criteria previously established, as well as the identification of preventive and corrective measures. For this assessment, and under the coordination of the RCN, all managers from Dimpomar’s organizational units were involved.

5. Internal Control System, Preventive and Corrective Measures

The internal control system implemented at Dimpomar is proportionate to its nature, size, and complexity, and is founded on a close relationship between management, department heads, and other employees. All activities of the company’s staff are monitored and overseen by their respective hierarchical supervisors.

Furthermore, Dimpomar employs pre-assessment procedures (also outlined in the company’s Code of Conduct) to identify, assess, and mitigate risks of corruption and related offenses involving third parties acting on its behalf, suppliers, and customers, prior to making strategic or operational decisions. These pre-assessment procedures are tailored to Dimpomar's low-risk profile and enable the identification of potential conflicts of interest, ensure that suppliers and customers comply with legal and tax regulations, and proactively detect situations that could damage the company’s image and reputation.

The preventive and corrective measures adopted by Dimpomar are realistic, clear, and feasible, with the aim of preventing the occurrence of these risks. The extensive experience of Dimpomar’s management and department heads has enabled the development and adoption of preventive measures over the years, whose effectiveness has been demonstrated on a daily basis, contributing to Dimpomar’s low-risk profile.

The preventive measures implemented and to be implemented aim to inform and hold accountable all individuals working for Dimpomar, as well as to deter the commission of acts constituting corruption or related offenses. The preventive and corrective measures in place or to be introduced at Dimpomar are:

• Preparation of internal communications and dissemination of relevant legislation, with particular emphasis on legislation applicable to the company’s activities and the fulfillment of legal obligations for corruption prevention;
• Existence and dissemination of a Code of Conduct, which establishes the basic principles, ethical commitments, and expected behaviors applicable to all employees;
• Implementation of training and awareness-raising initiatives (also addressed in the company’s Code of Conduct) to promote best practices and reinforce the company’s integrity culture, aimed at preventing corruption and related offenses;
• Pre-assessment of suppliers (also addressed in the company’s Code of Conduct), customers, and third parties acting on its behalf, in order to identify beneficial owners, assess reputational risks, and detect potential conflicts of interest;
• Regular assessment of employee skills and training, particularly in the area of corruption prevention awareness;
• Organization of work to foster knowledge sharing and promote teamwork;
• Ongoing monitoring and supervision of all procedures and activities by hierarchical managers;
• Continuous monitoring and periodic internal control actions;
• Preference for multi-stage approvals and in-person visits/contacts (real), especially for high-value expenses and contracts;
• Monitoring of the proper execution of contracts and adherence to legal and contractual guarantees;
• Existence of a confidential and secure internal whistleblowing channel (also addressed in the company’s Code of Conduct), which encourages the reporting of potential violations and allows for the correction of irregularities and the definition of measures to minimize the occurrence of such situations. The use of this internal whistleblowing channel must be done responsibly and in good faith, and must not be used improperly for illegitimate, personal, or contrary purposes;
• The existence of disciplinary measures for detected violations, including the application of sanctions in accordance with the Labor Code, as well as Dimpomar’s obligation to report any situations that constitute criminal offenses.

In addition to these general measures, the other measures outlined in Annex II are also applied.

6. Compliance Officer

In accordance with the General Scheme for The Prevention of Corruption (RGPC), annexed to Decree-Law No. 109-E/2021, of 9 December, Dimpomar is required to appoint a compliance officer from senior management or an equivalent position, responsible for ensuring and overseeing the implementation of the compliance program. The person responsible for the overall execution, control, and review of the PPR, as well as for ensuring compliance at Dimpomar, is Paula Piteira.

This person must perform their duties independently, continuously, and with decision-making autonomy. Dimpomar will ensure that the necessary means and resources are available for the effective performance of these duties, ensuring full access to all internal company information, subject to confidentiality obligations where applicable, particularly with respect to sensitive matters.

The PPR is a dynamic management tool for communicating corruption risks and related offenses, which is subject to control and monitoring to ensure the effectiveness of the measures outlined within it.

Thus, the control of PPR execution is carried out as follows:

• a) In October, an interim evaluation report is prepared for situations identified with a high or maximum risk level;
• b) In April of the year following the implementation of the PPR, an annual evaluation report is prepared, which includes, among other things, the quantification of the implementation progress of the identified preventive and corrective measures, along with an estimate for their full implementation.

7. Review

The PPR is reviewed every three years or whenever there is a change in the company’s responsibilities, organizational structure, or corporate structure that justifies a revision of the elements contained within it.

8. Disclosure and Transparency

Dimpomar ensures the publication of the PPR and the related reports to its employees, reinforcing its commitment to corruption prevention. This should be done through the intranet and on the company’s official website within 10 days of its implementation and respective revisions or updates. Adhering to this plan not only ensures legal compliance but also strengthens the ethical culture and integrity within Dimpomar.

9. Annexes

Annex I: Acts of corruption and related offenses
Annex II: Matrix for Identification, classification, and control of corruption risks and related offenses

Annex I – Acts of corruption and related offenses

For the purposes of the RGPC and, consequently, this Plan for The Prevention of Risks of Corruption and Related Offences, risks related to Corruption Crimes and Related Offenses are taken into consideration, specifically the following:

• Crimes of active and passive corruption, in both the public and private sectors (see applicable sanctions in Articles 373 and 374 of the Penal Code, Articles 36 and 37 of the Military Justice Code, Articles 17 and 18 of Law No. 34/87, Articles 8 and 9 of Law No. 50/2007, and Articles 7, 8, and 9 of Law No. 20/2008);
• Crimes of influence peddling, both active and passive, for issuing lawful or unlawful decisions (see applicable sanctions in Article 335 of the Penal Code and Article 10 of Law No. 50/2007);
• Crimes of money laundering (see applicable sanctions in Article 368-A of the Penal Code);
• Crimes of malfeasance (see applicable sanctions in Article 369 of the Penal Code and Article 11 of Law No. 34/87);
• Crimes of improper receipt and offer of advantages (see applicable sanctions in Article 372 of the Penal Code, Article 16 of Law No. 34/87, and Article 10-A of Law No. 50/2007);
• Crimes of embezzlement, unauthorized use of public assets, and embezzlement due to another’s error (see applicable sanctions in Articles 375 and 376 of the Penal Code and Articles 20, 21, and 22 of Law No. 34/87);
• Crimes of economic participation in business (see applicable sanctions in Article 377 of the Penal Code and Article 23 of Law No. 34/87);
• Crimes of extortion (see applicable sanction in Article 379 of the Penal Code);
• Crimes of abuse of power (see applicable sanctions in Article 382 of the Penal Code and Article 26 of Law No. 34/87);
• Crimes of fraud in obtaining or misappropriation of subsidies, grants, or credit (see applicable sanctions in Article 36 of Decree-Law No. 28/84).

Table legend:

PO - Probability of Occurrence
IP - Predictable Impact
GR - Risk Degree
1 - Management
2 - Administrative and Financial
3 - Procurement and Sales
4 - Marketing and Communication
5 - Operations (Production, Logistics, and Maintenance)
6 - Quality
PPR - Plan for The Prevention of Risks of Corruption and Related Offences
CC - Code of Conduct