Understanding NORMA Group’s values forms the basis for all business decisions and activities at our Group. In particular, our growing global focus makes global implementation and compliance with codes of conduct increasingly important.
The implementation of compliance-specific frameworks sets rules clearly and transparently. The central compliance guidelines at NORMA Group are
- the Code of Conduct,
- the two policy directives Conflicts of Interest Policy and the Anti-Corruption Policy as well as
- the Supplier Code of Conduct.
Requirements on human rights (no forced labor, no child labor, freedom of association and anti-discrimination) form an integral part of the compliance guidelines. Our compliance management system aims to ensure that our values and rules are lived throughout the Group. Concrete steps are determined, implemented and comprehended each year in a Compliance Action Plan.
Group-wide compliance managementThe Management Board of NORMA Group is responsible for an effective compliance management system. The Chief Compliance Officer manages the Group-wide compliance activities and reports directly to the Management Board. Besides the central compliance department at Group level, Compliance Officers are appointed at the level of the EMEA, Americas and APAC regions as well as in all operationally active individual entities. The Compliance Officers of the individual Group companies are in regular contact with the other local departments and regularly report to the responsible Regional Compliance Officer, who in turn reports to the Chief Compliance Officer.
Any member of NORMA Group’s compliance organization can be contacted at any time on any compliance issues. The Compliance department is in close communication with the legal department of NORMA Group in order to continuously take into account new or changed legal requirements in the compliance risk analyses and in the compliance program.
The effectiveness of the compliance organization set up by the Management Board is monitored by the Supervisory Board of NORMA Group SE, which is regularly informed about compliance-relevant matters and receives the Company’s annual Compliance Action Plan.
Close risk monitoring and controlBased on a rating system that incorporates both internal and external factors (such as Transparency International’s Corruption Perception Index), the risk exposure of each individual NORMA Group company is evaluated centrally for possible compliance-relevant risks (compliance risk scoping) by NORMA Group Compliance.
Together with the companies that have a higher risk value according to the rating system, specific compliance risk assessments are carried out on-site, performing a detailed analysis of the specific compliance risks of the company. In addition to the local Compliance Officer, representatives of all relevant departments are included, e.g. Finance, Purchasing, Human Resources, Production, Research & Development.
The risks to which NORMA Group is exposed form the basis for determining the compliance program and the corresponding measures. Implementing these measures and adhering to the compliance rules are also regular audit tasks of Internal Auditing.
Systematic, demand-oriented training of employeeslTo ensure the effectiveness of NORMA Group’s compliance management system, all employees must be familiar with the relevant legal requirements and internal compliance guidelines. Our goal is that all employees of NORMA Group know our compliance rules as well as the contact persons and reporting channels.
The compliance training that NORMA Group offers serves as the basis for this. It takes place in the form of face-to-face and online training sessions. Depending on the job and responsibility profile of an employee, the training courses to be completed are assigned as needed. Training of fundamental relevance must be completed as basic training by every employee of NORMA Group. This includes the online training courses “Code of Conduct & Compliance Basics,” “Information Security” and “Compliance in Purchasing.” Depending on the employee’s job profile, specific focus trainings (including “anti-corruption,” “antitrust,” “product liability”) must also be completed. In addition, we have developed a concept to refresh the learning content so that the essential and basic contents of the online training are repeated in compressed form once a year in order to keep the knowledge of the employees up to date.
In the past fiscal year, a total of 487 employees (2017: 598) were registered in the online training system for the basic training courses and 242 employees (2017: 418) for the relevant focus training courses. The reduction compared to the previous year is due to the lower number of new employees as well as to technically related differences in registration times resulting from a change in the compliance training system.
In 2018, 2,189 employees were also enrolled in the mandatory compliance training course “Information Security & Cyber Risks,” which served as a refresher on significant risks in the area of information security and the proper handling of these risks.
A total of 2,350 employees received online training on compliance topics (2017: 1,318). The significant increase is mainly due to the mandatory and global registration of all registered employees in the refresher training course “Information Security & Cyber Risks.” The aforementioned training courses were completed on schedule by 96.5% of registered employees as of the balance sheet date, taking into account the processing time to be applied. Due to the change in the training system in 2018 and the necessary technical and procedural conversion, it was not possible to complete 100% of the training as of the balance sheet date.
4,205 hours of online compliance training were carried out in fiscal year 2018 in line with previously mentioned criteria (2017: 2.939). Employees who are unable to participate in online training for language or technical reasons, especially industrial employees, are trained personally by the local Compliance Officers in face-to-face trainings.
The need for training is checked regularly. Internal reporting records the status of compliance training. This report is included in the status report on the Compliance Action Plan and is reported to the Management Board on a quarterly basis. Compliance-related topics are also communicated via additional channels such as posters, brochures, Compliance Safety Cards, which summarize key compliance topics in a condensed form, and emails and Intranet articles.
Different ways of reporting violationsWe encourage our employees to report violations of rules and internal policies, even across hierarchical levels. Besides personally approaching supervisors, the human resources department or Compliance Officers, our Internet-based whistleblower system is yet another example. It enables the anonymous reporting of matters by internal or external whistleblowers. The employees of the compliance organization always follow up on indications of possible compliance violations.
For cases in which the electronic whistleblower system cannot be used by our employees for technical or organizational reasons (for example, a lack of PC access by employees in production), we offer other suitable reporting channels, such as notice boxes at our plants.