We hold ourselves accountable to the highest standards of corporate governance and public access to information about our company.

Corporate Governance


Corporate governance underpins the conduct of our daily business. Best practice for corporate governance continues to evolve. In 2018, the new UK Corporate Governance Code (the 2018 UKCGC) was published, and this applies to CCEP from the accounting period starting on 1 January 2019. In 2018, we reviewed and amended the terms of reference for our Audit, Nomination and Remuneration Committees to ensure they meet and support the requirements of the 2018 UKCGC.

CCEP has a robust corporate governance structure with a Board of Directors overseeing the interests of all stakeholders. Of the five committees that support the Board, the Corporate Social Responsibility (CSR) Committee oversees our sustainability strategy while the Audit Committee oversees the enterprise risk management and ethics and compliance programmes.

See our download centre to download our Corporate Governance Framework.

Sustainability Governance


Chaired by CCEP Board Director, Alfonso Libáno, the CSR Committee meets five times a year. It is primarily responsible for overseeing our performance against our strategy and goals for CSR.

The Committee reviews CSR risks facing CCEP and the practices by which these risks are managed and mitigated, approves sustainability commitments and targets, and monitors and reviews public policy issues that could affect CCEP.

Ownership and governance for each commitment area is embedded within the business – for example, our Supply Chain and Procurement functions take the lead on our climate, water, packaging and sustainable sourcing targets.

Other areas, such as our drinks, are managed jointly with The Coca-Cola Company and our commercial teams; our diversity targets are managed through our Human Resources (HR) function; and our community targets are managed within local business units. These functions report progress against our targets, as well as on key issues and activities, to our Leadership Team (LT) on a regular basis.

Risk Governance

Our risk management programme is coordinated by CCEP’s enterprise risk management function. This is led by the Chief Compliance Officer, who reports to the General Counsel and Company Secretary. They provide support and expertise to all business units and functions across the organisation. The Chief Compliance Officer also manages business continuity and incident management, ethics and compliance, security, data privacy, and regulation (including in relation to recovery management), and therefore has oversight of risk management across our business.

Risk Management

areas within certain functions and carried out detailed assessments of those areas. These included assessments of cybersecurity risks within our IT function, and environmental and quality risks within our supply chain management function. These functional assessments are now an ongoing part of our risk management process.

Measuring and managing risk

Once risks have been identified through our risk assessment process, we analyse them to understand their likelihood and potential impact, assess how we are managing the risks and consider what mitigation measures we may need to put in place. In 2018, we started to define and monitor key risk indicators to more accurately monitor risk levels as they change over time. During the year we also developed our scenario analysis and planning to better understand how key risks could impact our organisation. As part of this work, we initiated our first climate change risk assessment and scenario analysis. These scenarios have been documented, and we have developed action plans for how we would respond to them.

At present, our scenario planning work is focused on understanding and managing current risks. In future, we are aiming to integrate scenario analysis more fully into our long-range strategic planning.

Our approach to Enterprise Risk Management

Our decisions are informed by an understanding of the risks we face as a business. Through our enterprise-wide risk management programme, we identify, measure and manage risk, as well as embed a strong risk management culture across our business.

To gain an overall understanding of the risks CCEP faces, we assess risk from the top down and the bottom up. Our annual enterprise risk assessment gives us a strategic view of risk at the enterprise level. During this assessment we carry out a risk survey with our top leaders, followed by interviews with Board and Audit Committee members and members of our Executive Leadership Team (ELT). This risk assessment is reviewed and updated periodically. In 2018, we issued the risk survey to 150 top leaders. To gain a bottom-up view of risk from an operational perspective, we also carry out risk assessments on a business unit level. Each business unit has a local Compliance and Risk Committee reporting to its leadership team. The committee reviews and updates risk on a quarterly basis and makes sure that risk management is incorporated into day to day business operations. The ELT Compliance and Risk Committee oversees this work.

In 2018, we expanded our bottom-up risk assessment process to include CCEP’s functions. During the year, we identified high-risk 

Risk factors

forward-looking statements within our 2019 integrated report and other public statements we make.

Some of these risks have materialised during the year (such as the CO2 shortage) and impacted the entire industry. CCEP has managed the mitigation of these risks very well and demonstrated robust business continuity capabilities. 

Risk factors

Beyond our principal risks, CCEP faces other operational risks that we manage as part of our daily routines, such as employee health and safety and human rights. We cover both our principal risks and these other risks in more detail in our risk factors section

Read about our principal risks on pages 40 to 43 and our risk factors on pages 162 to 168.  

Principal risks

CCEP’s Enterprise Risk Assessment process is a key component of our annual governance routines. Through interviews with members of the Board and the Audit Committee, and a risk survey to our top 150 leaders, we identified CCEP’s nine Principal Risks. Each of these is assigned to a specific Board Committee and a member of the Leadership Team. All the Principal Risks are assessed by the Board and the Audit Committee. Lauren Sayeski, Chief Public Affairs and Communications Officer, is the Leadership Team member responsible for sustainability related risks, reporting to the CSR Committee.

Our principal risks are those that have been identified as most impactful to our business by our Enterprise Risk Assessment. CCEP defines these as risks that could materially and adversely affect our business, or could cause our actual results to differ materially from those given in the 

Ethics and Compliance


CCEP’s ethics and compliance programme is based on our commitment to conduct our operations in a lawful and ethical manner, upon the integrity of each of our employees. Our ethics and compliance programme is overseen by CCEP’s Audit Committee, and is applicable to our employees, our officers and our Directors. It also supports the way we work within our company and with our customers, suppliers and third parties.

Code of Business Conduct

Preventing bribery and corruption

All forms of bribery and corruption in both public and private sector are forbidden. Our CoC sets out our principles and standards to prevent bribery and corruption, and to avoid conflicts of interest. It also provides guidance on the exchange of gifts and entertainment.

Code of Conduct Committee 

Investigations into potential breaches of our CoC are overseen in each business unit by local CoC Committee, chaired by the business unit’s Vice President, Legal. All (potential) CoC breaches and corrective actions are overseen by the Group CoC Committee, which is a subcommittee of the Group Compliance and Risk Committee and is chaired by the Chief Compliance Officer. The Group CoC Committee also:
- Ensures that all reported cases have been recorded, investigated and a conclusion reached
- Evaluates trends
- Ensures consistent application of the CoC across CCEP

As required under the Spanish Criminal Code, the Iberia business unit has an Ethics Committee formed of members of the Iberia business unit leadership team. It is responsible for any ethics and compliance activities, including overseeing the local crime prevention model. It reports to the Iberia business unit leadership team and the Chief Compliance Officer.

Our Code of Conduct (CoC) ensures that we act with integrity and accountability in all of our business dealings and relationships, in compliance with all applicable laws, regulations and policies. We expect everyone working at CCEP to adhere to the CoC. We also expect all third parties who work on our behalf to act in an ethical manner consistent with our CoC. 

In 2017, our Board of Directors approved a new CCEP Code of Conduct (CoC). The CoC covers items including share dealing, anti-bribery, data protection, environmental regulation and managing gifts and entertainment. It  aligns with the UN Global Compact, the US Foreign Corrupt Practices Act, the UK Bribery Act, the 2016 and 2018 UKCGCs, The EU General Data Protection Regulation, the Spanish and Portuguese Criminal Codes and Sapin II.

As of 31 December 2018, the new Code of Conduct (CoC) has been formally adopted in all the territories in which we operate, as well as our shared-service centre in Bulgaria. All employees are required to do CoC training, and it is part of the induction process for new employees. Training on topics related to specific roles is also provided where required. All people managers receive a CoC guide that addresses their responsibilities. This includes a matrix to help with decision making and guidance on situations such as bullying and harassment.

We received no fines for CoC breaches in 2018. Breaches of the CoC, by type, can be found in our 2018 Integrated Report.


Raising concerns

is a sub committee of the Group Compliance and Risk Committee and is chaired by the Chief Compliance Officer. The Audit Committee has oversight of the adequacy and security of the Group’s whistleblowing policy and other arrangements for its employees and contractors to raise concerns, in confidence, about possible wrongdoing in financial reporting or other matters, including breaches of our CoC. 

As required under the Spanish Criminal Code, the Iberia business unit has an Ethics Committee formed of members of the Iberia business unit leadership team. It is responsible for any ethics and compliance activities, including overseeing the local crime prevention model. It reports to the Iberia business unit leadership team and the Chief Compliance Officer. An overview of all reported incidents is provided to the Audit Committee.

CCEP does not tolerate any form of retaliation against anyone for whistleblowing, including making a genuine report, or for cooperating in an investigation.

In each of our territories, we have established ways for employees to raise concerns about breaches to the applicable code. These include channels for employees to contact a line manager or HR representative, or to share information through our dedicated, independent and confidential Speak Up service.

Investigations into potential breaches of our CoC are overseen in each business unit by the business unit’s CoC Committee, chaired by the business unit’s Vice President, Legal. All (potential) CoC breaches and corrective actions are overseen by the Group CoC Committee, which

Speak Up

Respect for Human Rights

internal human rights workshop with cross-functional participation from senior managers across our business, including support and engagement from our Executive Leadership Team.  We also benefitted from input and advice from key external stakeholders including UN OHCHRInstitute of EmployersKnow The Chain and industry peers. Our aim was to understand what human rights means for our own operations and our supply chain.

As a result, we committed to conduct a Human Rights Risk Assessment for CCEP in 2019 based on the salient issues identified during the workshop. The risk assessment process in Q1 2019 included interviews with senior leaders across the business, followed by a risk assessment workshop to develop more detailed action plans on key issues. We identified what human rights means for CCEP, namely protecting people’s inherent and indivisible rights and freedoms both in our own operations and in our value chain; fair and equal treatment of people (no discrimination) and treating people with dignity and doing no harm to others. Throughout this process, there has been clear acknowledgment that human rights issues can and do present themselves in our own day-to-day operations in Western Europe and not just in the extended global value chain. During 2019, we will also deliver human rights training for our procurement function.

We consider human and workplace rights to be inviolable and fundamental to our sustainability as a business. We have a duty to respect and protect the human rights of everyone working throughout our operations and within our supply chain, and to ensure that they are treated with dignity and respect. Our principles regarding human rights are set out in our CoC and further detail is provided in our Human Rights Policy, which is based on accepted international standards such as the United Nations Guiding Principles on Business and Human Rights.

We have a zero-tolerance approach to modern slavery of any kind within our operations and supply chain. Together with The Coca-Cola Company, we expressly prohibit any form of human trafficking within our system or by any company that directly supplies or provides services to our business. We prohibit the use of all forms of forced labour, including prison labour, indentured labour, bonded labour, military labour, slave labour and any form of human trafficking within our company and by any company that directly supplies or provides services to our business. For more information, read our Modern Slavery Statement.

CCEP reviews risks annually through its risk assessment process. During 2017, we expanded this process to also include the risk of modern slavery within our supply chain. In October 2018, we hosted an


Human Rights Workshop

Internal human rights workshop for senior managers across our business