Business integrity

  • In order to preserve its values and standards, the (CMS) is aligned with the core elements of IDW PS 980
  • The appropriateness and effectiveness of the was confirmed by an independent auditor in the reporting year

Compliance

Part of NFBIntegrity and compliance are significant cornerstones of the Schaeffler Group’s manner of conducting business. Therefore, the company pursues stringent standards, particularly when it comes to preventing corruption, lobbying, money laundering and economic crime, observing antitrust and competition law, and protecting human rights. Additional areas of focus include data protection as well as information, cyber, and IT security.

To uphold its values and standards, the company maintains a compliance management system (CMS) within the framework of the overarching structure, as well as a compliance organization that incorporates the entire Schaeffler Group.

The Schaeffler Group’s Group Chief Compliance Officer heads up the compliance organization and reports directly to the Chief Executive Officer. The Group Chief Compliance Officer also has a reporting line to the Chairman of the Supervisory Board and reports to the chairman of the audit committee on a regular basis.

At the end of the reporting year, the Executive Board made the decision to entrust the Group Chief Compliance Officer with the responsibility of standardizing implementation of compliance requirements based on accepted industry and auditing standards in the future. With this transfer of method expertise in subsequent management systems, the Schaeffler Group is taking yet another step in its pursuit of a holistic approach to the governance structure.

The CMS comprises, in particular, managing and monitoring the activities necessary to prevent, or detect early on, violations of law in the area of corruption, money laundering, competition and antitrust law, and economic criminal activity. It also serves to actively manage risk and protect the company and its employees. The CMS is aligned with the seven core components of IDW AsS 980: compliance culture, compliance objectives, vulnerability analysis, compliance program, compliance organization, communication, and monitoring and improvement. The appropriateness, implementation, and effectiveness of the CMS was confirmed by an independent audit firm in accordance with the Principles for the Proper Performance of Reasonable Assurance Engagements Relating to Compliance Management Systems, IDW AsS 980, during the year. The review of the compliance management system regarding anti-corruption, antitrust law, and preventing economic crime covered the entire Schaeffler Group.

The defines the Schaeffler Group’s values and principles of behavior, which need to be observed by the Executive Board, managers, and employees. These represent the binding foundation for the company’s global business activities, which is why the company expects all of its employees to feel responsible for observing the Code of Conduct and helping others to do the same. The Schaeffler Group also expects its business partners to observe these values and principles of behavior.

To prevent corruption and bribery, gifts may only be presented or accepted in certain situations. Gifts refers to presents, hospitality, participation in events, and coverage of travel and accommodation costs for business partners or third parties. Gifts to persons in official agencies are only permitted in very rare cases. Conflicts of interest are to be avoided. Any existing conflicts of interest need to be reported to the management and resolved.Part of NFB Ende

Global compliance management with responsibility for methodology with Group Chief Compliance Officer

1) Including data protection according to ISO 27701.

2) Oriented to audit/industry standard.

Part of NFB StartCash transactions exceeding € 10,000 are prohibited to prevent money laundering and the financing of terrorism. Financial transactions that could result in suspicion of laundering or the financing of terrorism are to be reported.

The Schaeffler Group also introduced a variety of compliance processes to help employees observe internal and legal requirements, including the rule for compliance with antitrust and competition law, which among other things applies to interaction with competitors (horizontal) and suppliers, customers, and dealers (vertical). Rules regarding hardcore restrictions prohibit price fixing, agreements on conditions and quantities, quantity restrictions, and sales area and customer allocation, particularly among competitors. A digital “Competitor Contacts and Associations Register”1) promotes internal transparency and thus supports the pre-approval process for competitor contacts. The antitrust policy also defines unacceptable, coordinated behavior in various scenarios, including the exchange of information and misuse of a dominant market position. There are also additional antitrust and competition law guidelines that explain the background of antitrust rules and communicate an in-depth understanding of the issues regulated by antitrust and competition law.

The Schaeffler Group also defines group-specific compliance regulations regarding donations and the auditing of business partner compliance. As such, no donations may be made to political parties, their representatives, politicians, elected officials, candidates for political office, or individual persons. Each donation must comply with applicable laws and the Schaeffler Group’s internal rules and requires special permission from the Compliance department. In addition, the IT-supported business partner assessment – “Know Your Business Partner” – is integrated into existing business processes and addresses risks associated with corruption and export control. Those business partners who, due to the type of business relationship, represent an increased risk for the Schaeffler Group – e.g., distributors, sales agents, and consultants – must also undergo an in-depth business partner assessment.Part of NFB Ende

Compliance training

Part of NFBWith a systematic, target group-specific training program, the Schaeffler Group provides its employees and managers with the necessary understanding of compliance and makes them aware of compliance risks in their day-to-day business. Online and in-person training courses acquaint them with the Schaeffler Group and relevant Group policies. The training courses are continuously developed and tailored to employee profiles.

The face-to-face compliance training courses were primarily conducted as video conferences again in 2022 due to the ongoing coronavirus pandemic. In accordance with the risk-based approach, the topics covered in the training courses included integrity, the Schaeffler Group Code of Conduct, competition and antitrust law, anti-corruption, tax compliance, and export control compliance.

The Schaeffler Group introduced the “Horizon Next” integrity workshop to establish value-based compliance within the organization and promote awareness of integrity by encouraging participants to reflect on their internal value system with the aid of interactive case studies.

Web-based courses ensure a consistent level of knowledge on the topic of compliance across all company levels and are continuously developed and tailored to the workforce’s profile. In addition to the basic training course “Integrity & Security@Schaeffler”, there are also advanced online courses on the topics of anti-corruption and compliance with antitrust and competition law. These mandatory web-based courses were developed for all executives as well as employees who have been allocated a compliance-related activity profile such as purchasing or sales. A refreshment course on “Integrity & Security@Schaeffler” was developed in the reporting year and will be rolled out globally in 2023.

Participants in compliance training courses

9,926 people2) (prior year: 19,980) took part in online compliance training within the reporting period. Approximately 96%3) (prior year: 95%) of the invitations to compulsory online compliance training courses were accepted in 2022. The compliance rate in the reporting period therefore exceeded the targeted level of 95%. Furthermore, 4,476 employees (prior year: 3,033) were trained in face-to-face training and workshops.Part of NFB Ende

Due diligence and whistleblowing system

Part of NFBAs a part of the central competence team for compliance, the Forensics & Investigations department is responsible for the independent investigation of alleged compliance violations. The Internal Audit department also conducts annual process-specific checks at the Schaeffler companies with a risk-based approach as part of its governance audits, most notably for the approval process for competitor contacts and donations as well as for compliance training courses.

To address inappropriate behavior, employees can contact someone in their direct work environment such as managers, regional compliance officers, the HR, legal, and audit departments, and employee representatives. In addition to a variety of analog reporting channels, whistleblowers can also use the globally accessible whistleblowing system to report potential violations – most notably, illegal business practices. The system is available in 20 languages and provides whistleblowers with a confidential, encrypted, and secure form of communication. Tips can be submitted in any language.

Potential compliance violations are resolved independently and in full. In the event of violations, all appropriate and legally permissible measures up to the extraordinary termination of employment relationships are taken. Retaliation against employees or external persons who express concerns or provide tips about misconduct at the company is prohibited and represents a serious violation of the Schaeffler Group Code of Conduct.

In quarterly reports, the Group Chief Compliance Officer informs the Schaeffler AG Executive Board of potential compliance violations that have been reported to the Forensics & Investigations department. The reporting specifies the number of tips and details surrounding the potential misconduct, the compliance investigations conducted, and circumstances in which misconduct could be identified. For more serious compliance investigations – for instance, when there is a risk of potential fines for the Schaeffler Group or during official investigations – ad-hoc reporting is submitted to the Executive Board.

The Compliance & Corporate Security and Mergers & Acquisitions (M&A) departments are involved in all M&A projects. The Compliance & Corporate Security department is in charge of the initial investigation of transaction partner compliance as well as Compliance & Corporate Security M&A due diligence, and votes in M&A draft resolutions. It is also the Compliance & Corporate Security department’s responsibility to introduce compliance, information security, cybersecurity, data privacy management systems, and a site security concept following acquisition.Part of NFB Ende

Data privacy, information and IT security

Part of NFBProtecting personal rights is a high priority for the Schaeffler Group and is therefore part of the Code of Conduct. It handles the processing of data belonging to business partners and employees with the greatest care and sensitivity. The corresponding processes comply with legal data protection requirements. The Data Protection Officer at Schaeffler AG plays a central managing role. He is assigned to the Compliance & Corporate Security department and thus to the Chief Executive Officer’s function.

There is an IT Security by Design process within the Schaeffler Group that is based on national and international standards. This takes IT security into account even during the early phase of system and application development. Protective measures are integrated and monitored on the basis of the protection requirements associated with the process.

The Schaeffler Group’s information security and cybersecurity measures are designed to protect the intellectual property, business secrets, and confidential information of business partners from theft, loss, unauthorized disclosure, unlawful access, and misuse. Protective measures were introduced to prevent, detect, and correct and are continuously optimized. The measures are based on the ISO/IEC 27001 standard and take national and industry specific regulations and compliance with the VDA-ISA standard within the framework of Trusted Information Security Assessment Exchange () into account where necessary.

These are just some of the targets the Information & Cybersecurity program achieved in 2022:

  • Increasing internal awareness measures and cybersecurity training courses
  • Boosting the transparency and cyber resilience of shop floor systems and production facilities
  • Further development of the information security management system (ISMS)
  • Increased cyber resilience thanks to further development of IT security
  • Successful implementation of the Schaeffler TISAX certification strategyPart of NFB Ende

Business continuity and crisis management

The Schaeffler Group bundles and coordinates activities designed to ensure business continuity at the Group level. Elements such as effective emergency and crisis management have been established.

Coronavirus protection measures were implemented at Schaeffler locations around the world again in 2022. Consistent monitoring of internal case numbers and regular status reports made it possible to tailor measure implementation to the current situation. At the beginning of the year, government-imposed lockdowns in Shanghai and other Chinese provinces posed enormous challenges for crisis management and all of those employees affected. Strict implementation of concepts to prevent infection made it possible to continue fulfilling customers’ needs.

The massive price increases and logistical bottlenecks in the global supply chains at the beginning of the reporting year normalized again in the same year. Geopolitical developments have prolonged uncertainties and higher volatility in supply and demand, which the company continuously evaluates and manages.

Advocacy

The Schaeffler location in Berlin coordinates development and communication of company positions regarding political institutions and stakeholders. As a mediator between the Schaeffler Group and politics, the company aims to help create the best possible political, economic, and social conditions. Areas of focus include the climate and sustainability, digitalization, competition, a changing sector, and innovative technologies.

The Schaeffler Group is listed in the lobbyist registry for interest groups that interact with the German Bundestag and the German federal government. As a company, the Schaeffler Group provides information about the number of employees and annual expenditure dedicated to lobbying as well as on collaboration with associations, and public grants and funding. The Schaeffler Group is also registered in the Transparency Registry of the State Parliament of Baden-Württemberg and in the lobby registries of the Bavarian State Parliament and the Bavarian state government.

1) The Competitor Contacts and Associations Register (CARe) is a database containing information about trade associations and their potential risks associated with competition law.

2) Employees, including temporary office staff, trainees in apprenticeship, interns, and people working on a thesis.

3) Does not include those employees who were absent over a longer period of time during the year or for whom the deadline to complete the compulsory training courses had not yet passed by the end of the year.

Compliance Management System (CMS)
The Compliance Management System describes all measures, structures and processes established at a company to ensure compliance with legal and ethical requirements.
Compliance Management System (CMS)
The Compliance Management System describes all measures, structures and processes established at a company to ensure compliance with legal and ethical requirements.
Corporate Governance
Set of legal and practical requirements for the management and supervision of companies.
Code of Conduct (CoC)
The Code of Conduct (CoC) describes the values and principles of behaviour to be followed in letter and spirit by all employees of the Schaeffler Group. Compliance with the commands and prohibitions is also expected from the Schaeffler Group’s business partners.
Code of Conduct (CoC)
The Code of Conduct (CoC) describes the values and principles of behaviour to be followed in letter and spirit by all employees of the Schaeffler Group. Compliance with the commands and prohibitions is also expected from the Schaeffler Group’s business partners.
Trusted Information Security Assessment Exchange (TISAX)
Standard for information security defined by the automotive industry.