Being accountable, ethical and risk aware is central to the way in which we operate. In 2017, we strengthened our Enterprise Risk Management and Ethics and Compliance programme to ensure our business always operates with integrity and makes risk-informed decisions, including introducing an Enterprise Risk Management Framework and a new Code of Conduct.

Corporate Governance


CCEP has a robust corporate governance structure with a Board of Directors overseeing the interests of all stakeholders. Of the five committees that support the Board, the Corporate Social Responsibility (CSR) Committee oversees our sustainability strategy while the Audit Committee oversees the Enterprise Risk Management and Ethics and Compliance programmes.

At CCEP, we hold ourselves accountable to the highest standards of corporate governance and public access to information about our company.

Sustainability governance


Chaired by CCEP Board Director, Alfonso Libáno, the CSR Committee meets five times a year and is primarily responsible for overseeing our progress on sustainability. The Committee manages our CSR risks and approves our sustainability commitments and targets, ensuring that stakeholders’ views are taken into account. Ownership and governance for each commitment area is embedded within the business – for example, our Supply Chain and Procurement functions take the lead on our climate, water, packaging and sustainable sourcing targets. Other areas, such as our drinks, is managed jointly with The Coca-Cola Company and our commercial teams; our diversity targets are managed through our Human Resources (HR) function; and our community targets are managed within local business units. These functions report progress against our targets, as well as on key issues and activities, to our Leadership Team (LT) on a regular basis.



Risk management


Our approach to Enterprise Risk Management

To ensure that we have sufficient visibility of the principle risks that could have an impact on CCEP's strategic priorities and how they are being monitored and managed, CCEP has an enterprise wide risk management programme. The approach has two complementary elements: a top down strategic view of risk at the enterprise level and a bottom-up tactical view of risk at the operational level.

Our Risk Management Governance includes routines that review enterprise and local operational risks. Strategic risks are reported to our corporate Compliance and Risk Committee, chaired by the Chief Compliance Officer (CCO) and made up of members of our Leadership Team (LT) and other senior leaders. Our strategic enterprise wide risk assessment resulted in the identification of CCEP's enterprise risks, and an understanding of how they are being managed. The most impactful of these form the Principal Risks outlined in our Annual Report and Accounts.

We also performed bottom up risk assessments this year to understand operational risks within each of our Business Units and functions. Each Business Unit has a local Compliance and Risk Committees, which meet at least four times a year, reporting to its leadership team. These committees review risks and incidents and ensure risk management is incorporated into day to day business operations.

CCEP’s Enterprise Risk Management department is made up of of risk experts who support risk owners, facilitate risk assessments and develop risk profiles and risk appetite statements for each of our business units and functions. These risk assessments will inform CCEP’s annual and long-range business plans and are integrated into our strategic planning routines.


Principal risks

CCEP’s Enterprise Risk Assessment process is a key component of our annual governance routines. Through interviews with members of the Board and the Audit Committee, and a risk survey to our top 120 leaders, we identified CCEP’s eight Principal Risks. Each of these is assigned to a specific Board Committee and a member of the Leadership Team. All the Principal Risks are assessed by the Board and the Audit Committee. Lauren Sayeski is the Leadership Team member responsible for CSR related risks, reporting to the CSR Committee.

Ethics and compliance


CCEP’s ethics and compliance programme is based upon our commitment to conduct our operations in a lawful and ethical manner, upon the integrity of each of our employees. Our ethics and compliance programme is overseen by CCEP’s Audit Committee, and is applicable to our employees, our officers and our directors. It also supports the way we work within our company and with our customers, suppliers and third parties.

Code of Business Conduct

Our Code will apply to all employees, following consultation with works councils in each of the countries where we operate. We also expect our customers and suppliers to respect the business principles in our Code, and we reflect and communicate these principles to our suppliers through our Supplier Guiding Principles. In 2017, we received no fines for Code violations. Violations of the Code, by type, can be found in our report data table.

In 2017, our Board of Directors approved a new CCEP Code of Conduct (Code). The Code covers items including share dealing, anti-corruption, data protection, environmental regulation and managing gifts and entertainment. It aligns to the UN Global Compact, the US Foreign Corrupt Practices Act, the UK Bribery Act, the UK Corporate Governance Code and Sapin II.


Raising concerns

Raising Concerns

At CCEP, retaliation against anyone for whistle-blowing, including making a genuine report, or for cooperation in an investigation is prohibited. In each of our territories, we have established a way for employees to raise concerns about breaches to the applicable code. This includes channels for employees to contact a line manager, or to share information through our dedicated Speak Up channels. Potential violations of our Code are dealt with by local Committees, chaired by the VP Legal for each business unit, overseen by the company-wide Code of Conduct Committee which is chaired by the Chief Compliance Officer. An overview of all reported incidents is also provided to the Audit Committee.

Our disclosure of reported violations of our Code, by type, including on any issues of bribery and corruption, are in our annual Stakeholder Report data tables.



Following the launch of the Code in each country where it has been approved by local works councils, employees received an introductory video, and copies of the Code. Employees in these countries will also begin to receive Code training throughout 2018. Where applicable to their role, employees may also receive specific training on certain topics, for example, share dealing, anti-corruption, data privacy.

In the former Coca-Cola Iberian Partners countries, employees received criminal risk prevention training (covering compliance policies). For CCEP, share-dealing (insider trading) training was completed for those employees on the black-out list.