Compliance management system
Integrity is one of the mainstays of the Schaeffler Group’s manner of conducting business. Under the Schaeffler Code of Conduct, the Board of Managing Directors and all employees are required to comply with all applicable local, national, and international laws and regulations, wherever the Schaeffler Group does business. A compliance organization covering the entire Schaeffler Group provides them with support in doing so.
The Schaeffler Group’s Board of Managing Directors emphatically supports the underlying compliance management system (CMS) and the necessity of consistently complying with legal requirements and internal regulations.
The CMS is based on the three pillars of prevention, detection, and reaction and is part of the second line of defense within the Schaeffler Group’s governance structure. The CMS in its current state is the result of a comprehensive revision initiated by the Board of Managing Directors as part of the “Compliance Fit & Proper” program. Following the successful completion of a review of the underlying conceptual design in accordance with the Principles for the Proper Performance of Reasonable Assurance Engagements Relating to Compliance Management Systems IDW AsS 980 by an independent audit firm, an independent audit firm has started to review the implementation of the CMS. The review is scheduled to be completed by mid-2018.
The CMS comprises, in particular, managing and monitoring the activities necessary to prevent, or detect early on, violations of law in the area of corruption, money-laundering, competition and antitrust law, and economic criminal activity. It also serves to actively manage risk and protect the company and its employees. The CMS consists of seven core components: Compliance culture, compliance objectives, vulnerability analysis, compliance program, compliance organization, communication, and monitoring and improvement.
The compliance organization derives its arrangements for preventing violations of antitrust and competition legislation, corruption, economic crime, and money-laundering from a regular groupwide risk analysis using a risk based approach. The risk analysis provides information on the current situation with respect to risks arising from operations and on the effectiveness of the preventive arrangements in place. The analysis is primarily based on interviews with management and employees of all divisions and regions with the objective of obtaining information that is required to estimate of the probability of occurrence and the size of the potential amount of damage and that is as close to the business processes as possible. These estimates are supplemented with sector and expert knowledge, experience with actual compliance violations, results of controls and audits, as well as by using operations-, market-, and country-specific risk criteria ranging from publicly available risk indicators, such as the Corruption Perception Index compiled by Transparency International, through to issues regarding the location-specific design of Schaeffler’s business model.
The Schaeffler Group’s Group Chief Compliance Officer heads up the compliance organization and reports directly to the Chief Executive Officer. The Group Chief Compliance Officer also has a reporting line to the Chairman of the Supervisory Board and reports to the chairman of the audit committee on a regular basis.
The compliance department provides the Group Chief Compliance Officer with the support of a network of experienced compliance specialists spanning all of the Schaeffler Group’s Europe, Americas, Greater China, and Asia/Pacific regions. He also utilizes a centralized team of experts located at the corporate head office in Herzogenaurach that consists of the “Advisory”, “Risk Analysis & Solutions”, and “Forensics & Investigations” departments. The responsibilities of this team of experts include defining and monitoring appropriate groupwide compliance standards and activities, consulting on compliance, and improving processes and controls. The team is also responsible for independently investigating alleged violations and following up on the necessary consequences. It analyzes the causes of misconduct, derives suggestions for remedial measures, and follows up on their implementation. Violations of laws and regulations or of internal rules on compliance with these are not tolerated and result in disciplinary action.
Measures designed to prevent compliance violations include the Schaeffler Group’s Code of Conduct, guidelines on behaviour in compliance with antitrust and competition legislation, fighting corruption, and protecting confidential information, web-based and classroom training sessions, and a compliance helpdesk available for consultation on specific compliance issues. In addition to requirements relating to general conduct, the principles and practices described i the Schaeffler Code of Conduct also cover conduct vis-à-vis business partners and third parties, dealing with sensitive information, employees and co-workers, and requirements regarding the environment, health, and safety. In accordance with the corporate values, bribery or any form of corruption are not tolerated. All Schaeffler Group employees are expressly prohibited from engaging in corruption in any way. The same applies to conduct violating competition or anti-trust laws. The Schaeffler Group stays away from any transactions that cannot be effected or continued without unacceptable conduct.
Training sessions are continually refined and updated and adapted to the employees’ areas of responsibility. In 2017, the compliance training program included training on risk awareness, the Schaeffler Code of Conduct, security of information including classification of information, protection against cybercrime, and CEO fraud. In addition, the company has also put in place arrangements for detecting possible compliance violations; these arrangements include audits and controls as well as a whistleblowing system which can be used to report violations on an anonymous basis. All such reports received are reviewed independently. Reprisals against employees reporting concerns about misconduct within the company in good faith are prohibited.
The Schaeffler Group has further expanded its arrangements and measures for complying with legal requirements and internal rules in 2017. The company continued to expand its register of contacts with competitors. The register was introduced at a number of pilot locations worldwide. It contributes to transparency and supports the process for approving contacts with competitors in advance. The company also developed a new business partner due diligence process that can in future be used to further minimize any business partner-related risks groupwide using an IT tool integrated into the business processes as much as possible. Both underline the standard the Schaeffler Group expects of its business partners with respect to acting with integrity and abiding by rules.
The company maintains an insider list in order to comply with capital markets regulations. As soon as an individual is added to the insider list (whether event-driven or as a permanent insider), the individual is notified and separately informed of the legal obligations and sanctions related to his or her access to insider information. In addition, there is an insider committee whose activities include deciding on how to deal with potential insider information and ensuring compliance with the requirements of capital markets laws.