Compliance management system
Integrity is one of the mainstays of the Schaeffler Group’s manner of conducting business. Under the Schaeffler Code of Conduct, the Board of Managing Directors and all employees are required to comply with all applicable local, national, and international laws and regulations, wherever the Schaeffler Group does business. A compliance organization covering the entire Schaeffler Group provides them with support in doing so.
The Schaeffler Group’s Board of Managing Directors emphatically supports the underlying compliance management system (CMS) and the necessity of consistently complying with legal requirements and internal regulations.
The CMS is based on the three pillars of prevention, detection, and reaction and is part of the second line of defense within the Schaeffler Group’s governance structure. The CMS in its current state is the result of a comprehensive revision initiated by the Board of Managing Directors as part of the “Compliance Fit & Proper” program. Following the successful completion of a review of the underlying conceptual design in accordance with the Principles for the Proper Performance of Reasonable Assurance Engagements Relating to Compliance Management Systems IDW AsS 980 by an independent audit firm, an independent audit firm has confirmed the appropriateness and implementation of the Schaeffler Group’s compliance management system in 2018.
The CMS comprises, in particular, managing and monitoring the activities necessary to prevent, or detect early on, violations of law in the area of corruption, money-laundering, competition and antitrust law, and economic criminal activity. It also serves to actively manage risk and protect the company and its employees. The CMS consists of seven core components: compliance culture, compliance objectives, vulnerability analysis, compliance program, compliance organization, communication, and monitoring and improvement.
The compliance organization derives its arrangements for preventing violations of antitrust and competition legislation, corruption, economic crime, and money-laundering from a regular groupwide risk analysis using a risk-based approach. The risk analysis provides information on the current situation with respect to risks arising from operations and on the effectiveness of the preventive arrangements in place. The analysis is primarily based on interviews with management and employees of all divisions and regions. Its objective is to obtain information that is required to estimate the probability of occurrence and the size of the potential amount of damage and that is as close to the business processes as possible. These estimates are supplemented with sector and expert knowledge, experience with actual compliance violations, results of controls and audits, as well as by using operations-, market-, and country-specific risk criteria ranging from publicly available risk indicators, such as the Corruption Perception Index compiled by Transparency International, through to issues regarding the location-specific design of the Schaeffler Group’s business model.
The Schaeffler Group’s Group Chief Compliance Officer heads up the compliance organization and reports directly to the Chief Executive Officer. The Group Chief Compliance Officer also has a reporting line to the Chairman of the Supervisory Board and reports to the chairman of the audit committee on a regular basis.
The compliance department provides the Group Chief Compliance Officer with the support of a network of experienced compliance specialists spanning all of the Schaeffler Group’s Europe, Americas, Greater China, and Asia/Pacific regions. He also utilizes a centralized team of experts located at the corporate head office in Herzogenaurach that consists of the “Advisory”, “Risk Analysis & Solutions”, and “Forensics & Investigations” departments. The responsibilities of this team of experts include defining and monitoring appropriate groupwide compliance standards and activities, consulting on compliance, and improving processes and controls. The team is also responsible for independently investigating alleged violations and following up on the necessary consequences. It analyzes the causes of misconduct, derives suggestions for remedial measures, and follows up on their implementation. Violations of laws and regulations or of internal rules on compliance with these are not tolerated and result in disciplinary action.
Measures designed to prevent compliance violations include the Schaeffler Group’s Code of Conduct, guidelines on behavior in compliance with antitrust and competition legislation as well as on fighting corruption and protecting confidential information, web-based training and classroom training sessions, and a compliance helpdesk available for consultation on specific compliance issues. In addition to requirements relating to general conduct, the principles and practices described in the Schaeffler Code of Conduct also cover conduct vis-à-vis business partners and third parties, dealing with sensitive information, employees and co-workers, and requirements regarding the environment, health, and safety. In accordance with the corporate values, bribery or any form of corruption are not tolerated. All Schaeffler Group employees are expressly prohibited from engaging in corruption in any way. The same applies to conduct violating competition or anti-trust laws. The Schaeffler Group stays away from any transactions that cannot be effected or continued without unacceptable conduct.
Training sessions are continually refined and updated and adapted to the employees’ areas of responsibility. In 2018, the compliance training program included training on risk awareness, the Schaeffler Code of Conduct, compliance in sales, security of information including classification of information, protection against cybercrime, and CEO fraud. In addition, the company has also put in place arrangements for detecting possible compliance violations; these arrangements include audits and controls as well as a whistleblowing system which can be used to report violations on an anonymous basis. All such reports received are reviewed independently. Reprisals against employees reporting concerns about misconduct within the company in good faith are prohibited.
The Schaeffler Group has further expanded its arrangements and measures for complying with legal requirements and internal rules in 2018. The company continued to expand its register of contacts with competitors. The register is already being used successfully at various pilot locations worldwide. It contributes to transparency and supports the process for approving contacts with competitors in advance. Digitalizing the process in 2018 has significantly accelerated its groupwide implementation, which has started. The company also established an IT-based business partner due diligence workflow that is integrated into the existing business processes. The workflow, which entered the pilot phase in 2018, simplifies and improves the handling of business partner due diligence. Both underline the standard the Schaeffler Group expects of its business partners with respect to acting with integrity and abiding by rules.
In order to comply with capital markets regulations, the company has established an insider committee that evaluates any (potential) insider information it receives or that otherwise comes to its attention and determines whether that information is required to be published. Additionally, the company maintains an insider list of individuals with access to insider information. As soon as an individual is added to the insider list (whether event-driven or as a permanent insider), the individual is notified and informed of the legal obligations and sanctions related to his or her access to insider information.