A compliance management system has been launched to ensure compliance with laws and guidelines within the company. The compliance management system (CMS) forms part of ESG’s “integrated management system” and therefore also the related ESG regulations.

A CMS refers to the organisational structure as well as all measures and methods established within the company in connection with compliance. The aim of the CMS is to recognise, assess and manage compliance risks and prevent violations of the law, and therefore sanctions imposed by the authorities or customers as well as the related damage this causes to both the company’s financial position and reputation so as to ensure the company’s success in the long term. Group companies shall be integrated in this compliance system taking into account the company-specific and legal requirements of the respective country.

The compliance organisation consists of the following persons and positions:

• Management Board
• Compliance Officer
• Security Manager
   

In addition,

• an ombudsman
   

for employees and their enquiries as well as their reports, a unit has been set up outside the ESG organisation. All persons are available for questions on the topic of compliance, as well as for information on non-compliance with legal regulations.

In addition, ESG has supplemented the previous communication and reporting channels with an internet-based whistleblowing system called ESG Integrity Platform. This can be found at the following Internet address:

• https://esg.integrityplatform.org/

In order to protect your anonymity in the whistleblower system, we have deliberately not included a link. Please copy the link and paste it manually into the address bar of your browser. The ESG Integrity Platform offers employees and business partners the opportunity to ask questions and submit reports or information on serious compliance violations via a specially protected system, anonymously if necessary.

ESG’s compliance activities focus on preventive measures such as training, information and communication regarding all compliance-related topics within the company. The CMS also provides an opportunity to address questions or information on violations of the law in a suitable manner.

Regular risk assessments are carried out to determine all compliance risks relevant to ESG. Organisational instructions (compliance rules) have been prepared for all material compliance risks included in the CMS and guidelines specified in the “Code of Conduct”. The organisational instructions constitute an important component of the CMS as they transform legal requirements into company rules for employees.

The compliance rules form an integral part of the regulations and are binding for all employees. Depending on their severity but regardless of their legal consequences, violations will incur disciplinary measures up to the termination of employment. The Internal Audit department primarily investigates and controls compliance matters. ESG employees have the opportunity to find out about the CMS in the company-wide WIKI (company information). They also must attend compulsory events in accordance with the existing training concept, which is based on the Code of Conduct. Business partners have to undergo regular integrity checks. In a structured process, questionnaires and references, database checks and comparisons with embargo lists are used to collect all information available to create a comprehensive profile of the business partner.