Business integrity

At a glance


Part of NFRIntegrity and compliance are significant cornerstones of the Schaeffler Group’s manner of conducting business and are established in the Code of Conduct. The corporate culture is promoted by the values and principles of the Code of Conduct, which must be observed by the members of the Executive Board of the Schaeffler Group, executives, and employees. The Schaeffler Group expects all employees to feel responsible for compliance with the Code of Conduct and to support others in complying with it. Employees must therefore confirm compliance with the Code of Conduct electronically as part of the “Integrity & Security@Schaeffler” training. The relevant guidelines are part of the training and are also available on the intranet. The Schaeffler Group also expects its business partners to comply with the values and principles of the Code of Conduct.

To uphold its values and standards, the Schaeffler Group maintains compliance management systems (CMSs) within the framework of the overarching corporate governance structure, as well as a compliance organization that incorporates the entire Schaeffler Group.

Management of the compliance organization is the responsibility of the Group Chief Compliance Officer of the Schaeffler Group, who reports directly to the Chief Executive Officer. The Group Chief Compliance Officer also has a reporting line to the Chairman of the Supervisory Board and reports regularly to the chair of the audit committee.

The Board of Managing Directors delegated responsibility to the Group Chief Compliance Officer for ensuring a consistent approach to the implementation of all compliance requirements in line with accepted industry (ISO 27001) and auditing standards (IDW AsS 980). With this transfer of methodological expertise for different management systems, the Schaeffler Group pursues a holistic approach in its governance structure.

The compliance management system is based on the seven core elements of IDW AsS 980: compliance culture, compliance objectives, compliance risks, compliance program, compliance organization, communication, as well as compliance monitoring and improvement.

The Human Rights CMS serves not only to ensure compliance with statutory due diligence (in particular the German Supply Chain Due Diligence Act) but also to respect human rights, which are underlined by various voluntary commitments of the Schaeffler Group. 

The Export Control CMS serves to ensure that Schaeffler Group business dealings with third parties do not violate economic embargoes, trade regulations, import and export control requirements, or requirements to prevent the financing of terrorism.

The Business Integrity CMS includes, in particular, the control and monitoring of the necessary activities for the prevention or early detection of legal violations with regard to corruption, money laundering, competition and antitrust law, and business crime violations. It also supports active risk control and has a protective function for both the Schaeffler Group and its employees. In 2022, an interdependent auditing company confirmed the appropriateness, implementation, and effectiveness of the Business Integrity CMS in accordance with the IDW AsS 980 standard for auditing compliance management systems. The audit of the compliance management system in the areas of anti-corruption, antitrust law, and prevention of business crime violations covered the entire Schaeffler Group.Part of NFR

Compliance management focal points

Part of NFRThe confirmation of the appropriateness and implementation of the Tax CMS and the Export Control CMS by independent auditing firms took place in 2020 and 2021, respectively. An audit of the effectiveness of the Tax CMS in accordance with IDW AsS 980 began in the reporting year, with results expected in 2024. The start of such an effectiveness test in accordance with IDW AsS 980 is also planned for the Export Control CMS in 2024 and for the Technical CMS in 2025.

To prevent corruption and bribery, benefits may only be granted or accepted under certain conditions. Benefits include gifts, hospitality, participation in events, and the assumption of travel and accommodation costs for business partners or third parties. Contributions to persons in official positions are only permitted to a very limited extent. Conflicts of interest must be avoided. Existing conflicts of interest must be disclosed to the leadership and resolved. 

To prevent money laundering and terrorist financing, cash transactions in excess of EUR 10,000 are prohibited. Financial transactions that could provide grounds for suspicion of money laundering or terrorist financing must be reported.

The Schaeffler Group also introduced various compliance processes to support employees in complying with internal and legal requirements. These include, for example, the regulation of compliance with antitrust and competition law, which regulates, among other things, interaction with competitors (horizontal) and suppliers, customers, and dealers (vertical). Especially among competitors, regulations containing core restrictions prohibit price fixing, agreements on conditions and quantities, quantity restrictions, as well as sales area and customer allocations agreements. A digital Competitor Contacts and Associations Register 1 promotes internal transparency and thus supports the approval process for competitor contacts. The antitrust policy also defines unacceptable, coordinated behavior in various scenarios, for example, the exchange of information and misuse of a dominant market position. There are also additional antitrust and competition law guidelines that explain the background of antitrust rules and communicate an in-depth understanding of the issues regulated by antitrust and competition law.

Beyond this, the Schaeffler Group has group-specific compliance regulations on donations and compliance checks of business partners. Accordingly, no donations may be made to political parties, their representatives, politicians and elected officials or candidates for political office, or to individuals. Each donation must comply with applicable laws and the Schaeffler Group’s internal rules and requires special permission from the Compliance department. In addition, the IT-supported business partner assessment – “Know Your Business Partner” – is integrated into existing business processes and addresses risks associated with corruption and export control. Those business partners who, due to the type of business relationship, represent an increased risk for the Schaeffler Group – for example, dealers, sales agents, and consultants – must also undergo an in-depth business partner assessment.Part of NFR

Compliance training

Part of NFRThe Schaeffler Group uses a systematic and target group-specific training program to provide its employees and managers with the necessary understanding of compliance and to raise their awareness of compliance risks in their everyday business. 

They are familiarized with the Schaeffler Group’s Code of Conduct and the relevant Group policies in online and face-to-face training sessions. The training courses are continuously developed and adapted to the employees’ areas of responsibility. In accordance with the risk-based approach, the training courses covered topics such as integrity, the new Schaeffler Group Code of Conduct, competition and antitrust law, and anti-corruption and export control compliance.

The Schaeffler Group established the “Horizon Next” integrity workshop in the Europe region to anchor value-based compliance within the organization. It aims to promote awareness of integrity by encouraging participants to reflect on their internal value system with the aid of interactive case studies.

Online training courses contribute to a fundamental understanding of compliance issues at all levels of the company. They also refer to the whistleblowing system and its handling. The training courses are continuously developed and tailored to the workforce’s profile. In addition to the basic training course “Integrity & Security@Schaeffler”, additional online advanced courses are available on the topics of preventing corruption and observing antitrust and competition law. These mandatory online training courses were developed for all executives as well as employees who have been allocated a compliance-related activity profile such as purchasing or sales. In the reporting year, a refresher course on “Integrity & Security@Schaeffler” was rolled out, which must be completed annually by executives and employees.


Participants in compliance training

A total of 26,057 people 2 (prior year: 9,926) took part in online training courses on compliance in the reporting period. One of the reasons for this increase is the required training course “Refreshing Integrity & Security @Schaeffler”. 96.3 % 3 (prior year: 95.6 %) of invitations to mandatory online compliance training courses were accepted in 2023. This compliance rate in the reporting period therefore exceeded the targeted level of 95 %. This does not include those employees who were absent over a longer period of time during the year or for whom the deadline to complete the compulsory training courses had not yet passed by the end of the year. Furthermore, 6,126 employees (prior year: 4,476) were trained in face-to-face courses and workshops. This increase is the result of the easing of coronavirus protection measures, particularly in the Greater China region. Both the face-to-face and online training courses on compliance focus on Business Integrity.Part of NFR

Due diligence and whistleblowing system

Part of NFRAs a part of the central competence team for compliance, the “Forensics & Investigations” department is responsible for the independent investigation of alleged violations. The Internal Audit department also conducts annual process-specific checks in Schaeffler companies as part of governance audits using a risk-based approach. This applies in particular to the approval process for competitor contacts and donations as well as compliance training. 

To address inappropriate behavior, employees can contact someone in their direct work environment such as managers, regional compliance officers, the HR, legal, and audit departments, and employee representatives. In addition to various similar reporting channels, information on potential violations, in particular illegal business practices, can also be submitted using the globally accessible whistleblowing system. It is available in 20 languages and allows whistleblowers to communicate confidentially, encrypted and securely. Information can generally be provided in all languages. 

The reporting channels and the procedure for investigating reports are defined in the rules of procedure for the whistleblowing system. It also determines the measures for protection of whistle­blowers. As part of the implementation of the Supply Chain Due Diligence Act, the reportable topics were adjusted.

The organizational structure enables an independent and comprehensive investigation of any compliance violations. In the event of violations, all appropriate and legally permissible measures are taken, up to the extraordinary termination of employment relationships. Retaliation against employees or external persons who express concerns or provide information about misconduct within the company is prohibited and itself represents a serious violation of the Schaeffler Group’s Code of Conduct.

The Group Chief Compliance Officer reports quarterly to the Board of Managing Directors of Schaeffler AG on potential compliance violations, which were submitted to the Forensics & Investigations department. Reporting includes the number and, if applicable, details of indications of potential misconduct, compliance investigations performed, and issues in which misconduct was identified. In the event of significant compliance investigations, ad hoc reports are also submitted to the Board of Managing Directors. Issues are particularly significant if the Schaeffler Group is threatened with fines or in the event of official investigations.

The Compliance & Corporate Security and Mergers & Acquisitions (M&A) departments cooperate on all M&A projects. In addition to the initial compliance review of the transaction partners, the Compliance & Corporate Security department is responsible for performing compliance and corporate security M&A due diligence and votes on the M&A resolution proposals. The Compliance & Corporate Security department is also responsible for the implementation of management systems for compliance, information and cybersecurity, data privacy, and a site security concept following an acquisition.Part of NFR

Data Privacy, Information, and IT Security

Part of NFRProtecting personal rights is a high priority for the Schaeffler Group and is therefore part of the Code of Conduct. Data belonging to business partners and employees is processed with the greatest care and sensitivity. The corresponding processes comply with legal data protection requirements. The Data Protection Officer at Schaeffler AG plays a central managing role in this. This officer is assigned to the Compliance & Corporate Security division and thus to the Chief Executive Officer’s division. The Schaeffler Group has an IT security by design process that is based on national and international standards. This takes IT security into account even during the early phase of system and application development. Protective measures are integrated into the process and monitored on the basis of the corresponding protection requirements.

The Schaeffler Group’s information security and cybersecurity measures are designed to protect the intellectual property and business secrets of business partners from theft, loss, unauthorized disclosure, unlawful access, and misuse. Protective measures were introduced to prevent, detect, and correct. These measures are continuously optimized. They are based on the ISO/IEC 27001 standard, take national and industry-specific regulations into account and, where necessary, fulfill the VDA-ISA standard within the framework of Trusted Information Security Assessment Exchange (TISAX). 

These are some of the topics reinforced by the Information & Cybersecurity program in the reporting year: 

  • Implementation of global phishing simulations
  • Development of Silver Rules 4 for the use of Generative ­Artificial Intelligence in the company
  • Preparatory measures for new legal provisions on information security
  • Implementation of technical measures in the IT and OT environment to continuously increase cyber resilience
  • Intensification of awareness measures and training on information security
  • Further development of the information security management system (ISMS)
Part of NFR

1 The Competitor Contacts and Associations Register, CARe, is a database containing information on trade associations and their potential competition law risks.
2 Employees, including temporary office staff, trainees in apprenticeship, trainees, and people working on a thesis. 
3 Does not include those employees who were absent over a longer period of time during the year or for whom the deadline to complete the mandatory training courses had not yet passed by the end of the year.
4 Silver Rules represent principles of specific application areas, such as generative AI.

zum Seitenanfang