Corporate governance and compliance

Corporate governance

Autonom is led by its primely settled pillars, which empower all our corporate governance. We are driven by integrity and transparency with a systematic approach on risk management and compliance. We are sure that only by following our values and motivations we will reach satisfaction in all areas of our business, but mainly we will ensure the resilience of our business.

We are firmly committed to responsible corporate governance practices and therefore our internal policies and procedures have been developed to ensure strict compliance with applicable national and international legislative regulations and at the same time adopt the highest standards of environmentally and socially responsible practices.

Autonom has a flat structure with 3 hierarchical levels: board of directors, managers and employees. All managers report directly to the board and there is no ‘management of managers’. The company thus becomes a network: each branch and function is organized as a smaller company, with its own profits and losses for which the manager is responsible. Nearly 90% of decisions are taken within teams without board intervention. Managers report their daily contributions and achievements to the Board of Directors, review their performance and often consult with other managers and the rest of the team, precisely to become accountable and motivated by their financial results.

Organizational Culture and values of Autonom

Our Mission AUTONOM is a long-term thinking family company. The success for us is given by the satisfaction of our clients and by the evolution of our colleagues. Business development, profitability and financial security are natural consequences.

Our Values are:

We do what is necessary to help our customers
The Organizational Culture of the AUTONOM Group is based on the following four principles:

Business ethics and transparency

We identify this materiality aspect as constituting the foundation of our company. We are clearly devoted to respect and promote all our motivations regarding our business: strong ethics, transparency and integrity.

Transparency is also a core value in Autonom, as 90% of information is accessible in Autonom’s internal system and every management decision is derived from the company’s values.

Management meetings are broadcast on our internal group to be followed by all the employees and also monthly team meetings are held and a summary is e-mailed to them.

Anti-corruption and anti-bribery policy

Autonom has several fundamental principles and values that underpin fair and honest business practices and it is therefore important that these are adhered to throughout its subsidiaries, divisions and affiliated companies. One of these principles is zero tolerance of bribery and corruption, wherever and in whatever form it may occur. In this respect, all our relationships with our partners are based on honesty and ethics, fairness, respect for human rights, transparency and compliance with applicable laws and regulations.

At company level, the behavior we expect from all our employees is part of the Internal Rules of Autonom and the policy recently defined for this purpose. (The full policy can be found at the following link:

In 2021, there were no confirmed incidents involving company employees, incidents leading to the severance of working relationships with business partners, or legal actions directed against the company.

Risk management and compliance

We address strategic and operational risks in an integrated way. It is very important for us to have a clear picture of all the processes that take place within each agency. Relevant issues that may lead to risks are addressed immediately through annual reviews and we establish principles and processes to address them so as to minimize risks to the business and stakeholders. At the same time, we know that only through such an approach will we be able to assess the impact associated with each aspect. We also identify opportunities associated with the business and are constantly proactive in addressing them.

Responsibility for risk identification and risk management lies with the Compliance Officer and the Compliance Committee. By applying an internal methodology based on assessment, quantification and evaluation, they make recommendations to mitigate identified risks; on the other hand, by identifying opportunities, they create internal programmes or projects so that more value is created within the organization.

Price Risk and Liquidity Risk Credit RiskCash-flow RiskRisks related to interest rate fluctuationsRisks associated with adverse developments in economic conditionsRisks related to the decline in tourism and disruptions in the functioning of the air transport industryResidual value risks and the evolution of car prices

For further details on the risks mentioned above, in order not to duplicate the information presented to stakeholders, please go to the Investors Annual Report 2021, section Risk Management (

Risks of non-compliance with legislation

Having implemented management standards on quality, environmental, health and occupational safety (ISO 9001, ISO 14001 and ISO 45001) we ensure that we are up to date with all applicable legislative requirements on employee health and safety, environmental legislation, personnel legislation, financial legislation, agency operating legislation, adequately controlling risks across all our operations. We have established strict rules for compliance with all relevant internal and external regulations, constantly striving to minimize the risk of non-compliance. We are aware of these risks, but we manage them through constant awareness of applicable legal requirements, strict compliance monitoring on various operational aspects of the business, and intensive employee training and regular assessment.

We received no penalties on non-compliance with legislation during 2021.

Environmental risks

Climate change risk analysis for our business could be driven by the implementation of the TCFD framework. The results will show a deeper understanding of the specific climate change risks to our financial business area. We aim to have, by 2023 at the latest, climate risk mapping and financial impact scenarios for those physical and transition risks that could affect the company’s business.

There is no litigation and no litigation related to environmental protection is expected.

Other risks

Investors should note that the risks outlined above are the most significant risks of which the company is aware at the time of writing. However, the risks presented in this section do not necessarily include all those risks associated with the issuer’s activities, and the company cannot guarantee that it encompasses all relevant risks. There may be other risk factors and uncertainties of which the Company is not aware at the time of writing that may change the actual results, financial conditions, performance and achievements of the issuer in the future and may cause the Company’s bond price to decline. Investors should also undertake the necessary due diligence in order to make their own assessment of the suitability of the investment.

Risk management by types and areas

  • The Group pays particular attention to the way it selects and monitors customers for operating lease services;
  • The management of the customer financing decision making process and the monitoring of customer payment behavior is carried out by the Finance and Risk Department;
  • Autonom Services received assistance from the EBRD in 2017 to refine its commercial risk policy;
  • A scoring methodology for risk categorisation, based on which the financing conditions and guarantees required are determined;
  • Customers are classified into four categories: very low risk (blue-chip), regular low risk, regular medium risk, high risk (not eligible);
  • The risk analysis includes the analysis of financial information, as well as specific elements such as management experience, legal history of partners and directors, length of time the client has been in business, CIP verification, verification of the existence of debts to the State, verification of pending files as a debtor, etc.
  • In the case of non-blue-chip clients, the Group ensures that payments are made on time by requesting personal guarantees from the administrators and associates by means of promissory notes endorsed in their personal name;
  • The Group discourages late payments by charging high late payment penalties (up to 1%/day after the due date);
  • High customer granularity (average fleet/customer ~ 4.5 vehicles, top 10 customers share less than 14% of total operational leasing and rent-a-car 2021 turnover);
  • Within a maximum of 2 months after the payment of the due lease installment, the Group will repossess the vehicles;
  • The Group decides whether to sell or use vehicles returned early from operating leases as part of its rent-a-car services, especially if the event occurred in the first part of the contract;
  • The complementarity of the business lines in terms of flexibility in moving assets between the two categories of services represents a major competitive advantage for the Group from a risk management perspective.

Managing the risks of the Covid-19 pandemic

It has undoubtedly been a difficult and unforeseen period – a major health crisis that has affected many industries and is putting a strain on businesses everywhere, especially those related to mobility. The global pandemic has challenged companies to find new ways to keep their business moving and adapt their business model to the new context.

Once again, Autonom’s organizational and operating model, based on small teams, autonomy, agility and decentralized decision-making, has allowed us to act quickly to ensure colleagues, customers and company assets are protected. The teams’ autonomy to find and implement quick solutions, as well as transparent communication, kept the team engaged and united in the face of challenges during this period.

Entrepreneurship and putting the community at the heart of what we do has always been in our DNA and that of our team. This is why, even in the early stages of the pandemic, we launched an initiative to make cars from the Autonom fleet available for up to 3 months, with the possibility of extension, to NGOs and public institutions on the front line who needed mobility in their mission to help the persons affected. With a dedicated team and through our colleagues across the country, we have managed, through the HELP project, to support 66 NGOs across the country, contributing almost 100 vehicles and dozens of volunteers.

In a survey of Autonom customers about how the pandemic and the isolation period affected their business, entrepreneurs indicated that one of the biggest challenges at this time was gaining access to finance and maintaining liquidity. As a result, after emerging from the state of emergency, together with our partners, we launched a guide with concrete solutions for entrepreneurs, created with the aim of having a useful resource to help them navigate more easily through the difficulties caused by the coronavirus crisis and redefine their business model into a more agile and sustainable one.

We invite you to access the guide at the following link:

GDPR Compliance

At the organizational level, we are in line with the European requirements on personal data protection (GDPR). Autonom undertakes to strictly respect the confidentiality of the data of its customers or users of its communication channels and undertakes not to transmit this data to third parties.

At Autonom there were no complaints in 2021 about violations of the rules on personal data management, justified complaints received about breaches of customer confidentiality, complaints received from external parties, complaints from regulatory bodies.

There were also no identified leaks, thefts or losses of customer data.

The personal data processing policy is public and can be consulted by clicking on the following link:

Data security

Our decision to provide high level services to our clients, involves strong awareness for data security. We enroll the right solutions to be able to further ensure the security of all client data we manage.

The field of activity involves the use of a wide range of equipment, machinery and technological installations. Some of the current operational processes are digitized and this trend will continue.

Autonom has implemented and maintains appropriate organizational and technical policies and procedures to protect the confidentiality of data against unauthorized access and against unlawful processing or disclosure, as well as accidental loss, alteration or destruction. Technical and organizational measures for data protection are part of corporate information security management and are continuously adapted to technical developments and organizational changes. In 2021, 39 employees were trained through cybersecurity courses.

Compliance with the data protection policy and applicable data protection laws is regularly verified through data protection audits as well as other regular checks.