A compliance management system has been introduced to ensure compliance with laws and guidelines within the company. The compliance management system (CMS) forms part of ESG’s “integrated management system” and is therefore integrated into ESG guidelines.

A CMS refers to the organisational structure as well as all measures and methods established within the company in connection with compliance. The aim of the CMS is to recognise, assess and manage compliance risks and prevent violations of the law, and therefore sanctions imposed by the authorities or customers as well as the related damage this causes to both the company’s financial position and reputation, so as to ensure the company’s success in the long term. Group companies are integrated into this compliance system taking into account the company-specific and legal requirements of the respective country.

The compliance organisation consists of the following persons and positions:

• Management Board
• Compliance Officer
• Security Manager
   

In addition,

• an ombudsman
   

has been set up as a unit outside the ESG organisation for external parties and for ESG Group employees to direct their enquiries and reports. The ESG ombudsman, Mr. Björn Rohde-Liebenau, can be contacted by phone at 0049-69-9794 4949 or by e-mail at esg@risk-communication.de.

All persons are available for questions regarding compliance, as well as for information on non-compliance with legal regulations.

In addition, ESG has supplemented the previous communication and reporting channels with an internet-based whistleblowing system called the ESG Integrity Platform. This can be found at the following Internet address:

• https://esg.integrityplatform.org/

In order to protect your anonymity in the whistleblower system, we have deliberately not included a link. Please copy the link and paste it manually into the address bar of your browser. The ESG Integrity Platform offers employees and business partners the opportunity to ask questions and submit reports or information on serious compliance violations via a specially protected system, anonymously if necessary.

ESG’s compliance activities focus on preventive measures such as training, information and communication regarding all compliance-related topics within the company. The CMS also provides an opportunity to address questions or information on violations of the law in a suitable manner.

Regular risk assessments are carried out to determine all compliance risks relevant to ESG. Organisational instructions (compliance rules) have been prepared for all material compliance risks included in the CMS and guidelines specified in the “Code of Conduct”. The organisational instructions constitute an important component of the CMS as they transform legal requirements into company rules for employees.

The compliance rules form an integral part of the regulations and are binding for all employees. Depending on their severity but regardless of their legal consequences, violations will incur disciplinary measures up to the termination of employment. The internal audit department primarily investigates and controls compliance matters. ESG employees can find out about the CMS in the company-wide WIKI (company information). They must also attend compulsory events in accordance with the existing training concept, which is based on the Code of Conduct. Business partners have to undergo regular integrity checks. In a structured process, questionnaires and references, database checks and comparisons with embargo lists are used to collect all information available to create a comprehensive profile of the business partner.