Business Conduct (Compliance)
Our corporate conduct is characterized by a sense of responsibility as well as ethical principles. Compliance with legal and regulatory requirements is integral to our operations. It is only in this manner that we can sustainably increase the company’s enterprise value and safeguard our reputation.
Governance
Compliance Culture and Targets
In its Corporate Compliance Policy, Covestro has specified a Group-wide code of conduct that mandates fundamental principles and rules for all employees. This code of conduct details our commitment to fair competition, integrity in business dealings, the principles of sustainability and product stewardship, data protection, upholding of foreign trade and insider dealing laws, the separation of business and private interests, proper record-keeping and transparent financial reporting, as well as to providing fair, respectful, and nondiscriminatory working conditions. The Code of Conduct was revised in the reporting year and the new version will be rolled out in the year 2024
These requirements apply within the company as well as to all interactions with external partners and the general public. Our code of conduct provides a framework for all decisions by the company and our employees. The Corporate Compliance Policy is available on our intranet and on our website, and is part of an information packet distributed to new employees when they are hired.
Covestro is aware that employees will likely embrace and exhibit integrity if managers are excellent role models. The Board of Management states very clearly in its Corporate Compliance Policy for all staff that, above and beyond any legal requirements, Covestro elects not to conduct any business activities that would violate our rules and that management staff is prohibited from instructing employees otherwise. In this way, management continuously fosters our compliance culture by, for example, regularly drawing employees’ attention to compliance topics and their significance to the company. At Covestro town hall meetings, for example, Board of Management members regularly present recent compliance cases to employees and underscore the importance of complying with statutory requirements and internal regulations.
We want to utilize our compliance management system in order to:
- Foster and reinforce conduct per compliance requirements,
- Minimize or even eliminate compliance violations,
- Identify risks for potential violations,
- Implement preventive measures, and
- Uncover, halt, and proactively eliminate a repeat occurrence of any compliance violations committed by individuals acting without authorization and in breach of clear rules.
We have taken steps to meet our targets, including implementing an internal control system to ensure compliance rules are followed. The insights gained from our annual evaluation of effectiveness are leveraged in our efforts to continually improve our compliance management system.
Compliance Organization
The Chief Compliance Officer is in charge of all compliance activities at Covestro, and in this function reports directly to the Board of Management. The corporate Law, Intellectual Property & Compliance function is the single point of contact that coordinates Group-wide compliance activities. Chaired by the Chief Financial Officer (CFO) of Covestro, the Compliance Committee is the Group’s top-level decision-making body on these issues. The Committee’s responsibilities include the following: exercising a Group-wide compliance governance function, initiating and approving compliance-related regulations, and approving the annual training plan. In the reporting period, the Compliance Committee met a total of four times. The suitability and effectiveness of compliance activities are regularly reviewed by the Corporate Audit function in independent, objective audits.
Data privacy is under the responsibility of the corporate Law, Intellectual Property & Compliance function and is coordinated Group-wide. By defining controls and processes, the function works to ensure compliance with legal requirements (in particular the EU General Data Protection Regulation, GDPR) and legal judgments to protect personal data of employees, as well as of business partners, media representatives, etc. Local Data Privacy Officers have been appointed for each country in which Covestro has employees. They serve as local points of contact for employees on all questions regarding data privacy. The Board of Management is informed regularly about activities in the company relating to data privacy law.
A local Compliance Officer has also been appointed for each country in which Covestro has employees. This person serves as a local point of contact for employees on all questions regarding legally and ethically correct conduct in business situations. The country organizations also have local compliance committees.
Covestro expressly encourages its employees to openly address any doubts about proper conduct in business situations and to solicit advice. We inform all employees whom they can contact if they have any doubts or questions. Covestro has also set up a whistleblowing tool. Employees and third parties can report potential compliance violations through a hotline accessible worldwide or use an online tool that also permits anonymous reports. In addition, employees can also report any compliance incidents to their supervisors or to the Compliance organization.
An internal policy sets out the principles for handling compliance incidents at Covestro. All suspected compliance incidents are recorded in a central database. Confirmed violations are evaluated, and organizational, disciplinary, or legal measures are taken if necessary.
Compliance incidents are regularly reported to the Supervisory Board, the Board of Management, and the business entities’ management teams. Moreover, a current overview of incidents, including additional information on various aspects and developments related to this topic, is published in a monthly Compliance Telegram on the intranet. This ensures a high degree of transparency for all employees.
On a quarterly basis, all companies document risks arising from pending or current legal or administrative proceedings. Relevant cases are reported on a regular basis to the Board of Management and to the Audit Committee of the Supervisory Board. The material legal risks are disclosed in the Notes to the Consolidated Financial Statements.
Actions
Covestro systematically conducts training courses on compliance. Once focus areas have been specified, target groups are defined for each content category and the employees (including managerial staff) are invited.