Compliance and Governance

Responsible Government Practices


To support the evolution of the MCA Group’s strategy, the associated risks and the macro context, we have been adapting our governance model, ensuring the proper daily management and strategic orientation of the company, in line with best practices.

Our governance model ensures strict alignment between stakeholders, while providing a clear separation of powers between the different governing bodies.

We also have a transformation program underway to support business transformation efforts. A standardised approach contributes to optimal risk management while ensuring that we seize opportunities.

A diagram depicting MCA group's hierarchical structure with interconnected boxes representing departments and committees. At the very top sits a box labeled General Shareholders Meeting. Branching down from it there is a box labeled Board of Directors with the following branches. First branch with Audit Committee, Investment Committee, Sustainability Committee, Ethics and Conduct Committee and Internal Audit. Second branch with Energies, Urban Development, Infrastructures and Healthcare. Third branch with Corporate Centre. At the same level of Board of Directors there is one box labeled Statutory Auditor and another labeled Company Secretary.


Our Governance Model aims to promote agility in decision-making, ensuring adequate checks & balances. It aims to ensure strict alignment between stakeholders, and at the same time a clear separation of powers between the different governing bodies.

M. Couto Alves Holding B.V. is supported by a corporate structure that ensures the management of the Group’s companies, consisting of a Board of Directors, with executive members who conduct the day-to-day management and are responsible for the management of the sub-holdings and the corporate center, and non-executive members who ensure appropriate advice and supervision. In addition, there is an oversight structure with several Committees, as well as a Society Secretary to support meeting agendas and the timely flow of information.


Risk assessment and management is essential in the execution of the MCA Group’s strategy.

Our risk management process is aligned with our long-term vision and MCA’s Risk Management Policy. It allows the identification of events that potentially prevent the achievement of business objectives, respecting Risk Appetite and Risk Tolerance.

The risk assessment and identification process is transversal to all teams and companies, being an integrated process whose main objectives are:

  • To ensure responsibility for risk throughout the MCA Group (risk-based thinking);
  • To improve the risk identification process;
  • To integrate risk mitigation with risk management responsibility;
  • To implement controls to minimize negative effects and make the most of opportunities;
  • To provide Management with a risk management vision that supports decision-making.

MCA’s Internal Control System follows the model of the three lines of defense of the Institute of Internal Auditors (IIA) and considers the ISO 31000 standard.

Internal Control System

    Internal control and risk management system supervision, auditing and evaluation. Monitoring and evaluation of risk response, efficiency and effectiveness.
    – Internal Audit

    Definition of procedures and rules, and monitoring of internal control and risk levels.
    – Planning & Control Sustainability & HSE
    – Legal, DPO and Company Secretary

    Daily risk management activities and internal control aligned with the business strategy and internal regulations. Local Risk Officers serve as focal points between the Businesses / Corporate and Risk Management.
    – Local Risk Offices
    – Business Lines
    – Corporate Centre


The purpose of risk assessment is to identify risks and measure their impact, both individually and collectively, in order to prioritize risks, define mitigation measures for the most significant risks, and focus Management’s attention on the most important threats and opportunities.


A visual representation of the risk assessment framework, outlining the interconnected steps involved in identifying, evaluating, and prioritizing risks. The framework depicts each stage in the assessment process. Risk Identification Evaluation Criteria Risk Evaluation Risk Prioritization Risk Response Communication & Monitoring Also in the image, a bullet list of Risk Categories Assessed by MCA: External risks, commercial risks, financial risks, reputation risks, operational risks, information & technology risks.


Aware of the impacts of corruption and related infractions, the MCA Group has implemented risk prevention and control mechanisms. Following a process of continuous improvement, we have implemented several measures and initiatives.


  • In accordance with Decree-Law No. 109-E/2021, of 9 December, which establishes the General Regime for the Prevention of Corruption (RGPC), we have adopted and implemented a Plan for the Prevention of Risks of Corruption and Related Infractions (PPR) that establishes measures that will allow us to identify, assess, monitor and mitigate the risks of corruption and other infractions that may affect the MCA Group, your employees, business partners and stakeholders.

  • The MCA Group's Code of Ethics and Conduct guides our employees, business partners and stakeholders, defining ethical values and principles and establishing clear rules and procedures for business relationships. In 2022, the document was revised based on the guidelines of Decree-Law No 109-E/2021.

  • The MCA Group maintains a culture of proximity, trust and transparency with all stakeholders. To promote it, we have created a procedure and a channel, the "Speak up" in order to guarantee the confidentiality and anonymity of any complaint, making the process more effective.

  • We have an ongoing training and awareness program on corruption prevention in the different geographies where the MCA Group is present. We have developed and implemented training actions and an e-learning platform on this topic. According to the risk mapping, specific training is developed and implemented for employees most exposed to the risk of corruption.

  • We have a zero-tolerance policy towards bribery and corruption. We have clear procedures in the organization and we alert to topics such as bribery, gifts and hospitality, facilitation payments and commissions, donations or sponsorships, lobbying, among others. Corruption risks are reviewed on an ongoing basis, taking into account ongoing work and specific checks by the Risk Management, Compliance and Cybersecurity Department. This zero-tolerance approach marks our commitment to mitigating, deterring and detecting bribery and corruption.

  • The MCA Group assesses the risk associated with the Counterparties with which it intends to establish a business relationship. The assessment process includes, but is not limited to, the assessment of the risk of corruption. This process allows us to be proactive in minimizing the connection to Counterparties related to corrupt behaviors.


  • Comply with the laws and regulations that govern our activities, nationally and internationally.
  • Advocate for a robust governance model, with three lines of defense, periodically evaluating and reviewing its management systems.
  • Manage risk independently, with the aim of identifying risks, their potential impact and mitigation measures.
  • Comply with and enforce the practices described in our Code of Ethics and Conduct.
  • Not to be complicit in any form of corruption, fraud and money laundering, bribery or extortion.
  • Extend performance and principles across the supply chain and service delivery.
  • Maintain accurate and complete information and records, and transparently report on the MCA Group’s performance and set targets.


  • 41%

    Employees who have completed Ethics and Compliance training

  • 88%

    Suppliers and partners with risk assessment carried out


Our suppliers are partners who help us achieve our goals. As such, they are subject to rigorous risk assessments, as it is important to ensure alignment on best practices and business conduct. We carry out due diligence and risk assessments before entering into a business relationship.

We ensure that we enter into agreements that transparently describe the services, reasons for compensation, anti-corruption legal compliance, Environmental Management Plans, Construction or Demolition Waste Prevention and Management, among others. By doing so, we ensure that we can conduct routine audits and be alerted of any compliance violations.


Cookie Consent with Real Cookie Banner