Norma Group

corporate responsibility

Global Guidelines Provide Framework

Compliance, Risk Management and Internal Audit are grouped under NORMA Group’s Risk, Compliance & Internal Audit department.

NORMA Group ensures that effective compliance management systems are in place and communicates this to its employees in a transparent manner. (CR Roadmap 2018)

Our corporate culture is characterised by responsibility, integrity and mutual respect – by our managers and employees as well as between NORMA Group and its business partners. NORMA Group expects that its employees do not just comply with the existing laws and regulations, but also respect important ethical standards. NORMA Group’s compliance policies serve as a model for other companies.

The implementation of compliance-specific frameworks ensures that rules are set out clearly and transparently. NORMA Group’s core compliance policies are the Code of Conduct, the Conflicts of Interest Policy, the Anti-Corruption Policy and the Supplier Code of Conduct. We reviewed and refined our key compliance documents in 2015 together with an external law firm. The final documents were submitted to the Management Board and the Supervisory Board for approval in 2016 and then distributed internally. Almost all of NORMA Group’s employees have already received training on the Code of Conduct. We also aim to repeat the recently introduced refresher training module (with varying content) on a regular basis going forward. These documents can be viewed online at the following address: GRI [G4-56]

NORMA Group’s compliance officers take appropriate measures to support and review compliance with these policies in their respective areas of responsibility. They are the point of contact for questions and for reporting potential illegal, unethical or improper conduct. Compliance officers can be approached by anyone, including customers, contractual partners, suppliers or anyone else in a business relationship with NORMA Group. All information is treated with the necessary discretion.

Comprehensive Training Ensures that Compliance Standards Are Observed

NORMA Group offers compliance training in the form of face-to-face and online courses. Employees are assigned training to be completed based on their needs and in line with their tasks and responsibilities. Every NORMA Group employee is required to complete the basic training modules – “Code of Conduct & Compliance Basics” and “Information Security.” In addition, a refresher course was created in 2015 that recaps the main points of the two mandatory courses to keep employees’ knowledge up to date at all times.

Depending on their individual tasks and responsibilities, employees are assigned further training from the available catalog of courses. This training is compulsory. These include courses on anti-corruption, competition law or product liability, for example. All compliance training is mandatory for NORMA Group’s compliance officers.

Once a year, a group of employees defined by the Compliance department (such as senior executives in relevant functions) across the Group are required to submit a Declaration of Compliance. This confirms that the content and requirements of the Code of Conduct and the other compliance policies are known and observed, were observed in the previous year, that all violations have been reported to NORMA Compliance and that no violations by other persons are known that have not already been reported. The rate of submission in 2015 was 100 percent. GRI [G4-SO4]

Compliance Risk Scoping

NORMA Group Compliance implemented a systematic, Group-wide compliance risk scoping process in 2015. This enables Compliance to evaluate the risk exposure of every single NORMA Group company, taking into account standards such as the Corruption Perception Index published by Transparency International.NORMA Group Compliance then conducts detailed compliance risk assessments in selected companies based on the results of the risk scoping process, depending on the risk exposure identified. As part of the compliance risk assessment itself, potential risks, their consequences and risk management measures are discussed with the relevant functions and departments, and additional risk management measures are agreed as required. GRI [G4-SO3]

Online Whistle-Blower System Introduced

NORMA Group encourages its employees to report non-compliance with regulations and internal policies, even across hierarchical levels. In 2015, the existing reporting channels were further professionalised and an online whistle-blower system was introduced. This enables internal and external whistle-blowers to report issues on an anonymous basis. Employees from the compliance organisation always follow up on potential compliance violations. We announced the introduction of the whistle-blower system across the Group on the intranet, with a poster campaign and in an article in the employee newsletter. We prevent violations of the compliance policies through in-depth training and comprehensive compliance and risk management.