Annual Report 2022

Annual Report 2022

Compliance

The following Compliance section applies to both the Consumer and tesa Business Segments. Both Business Segments have established their own independent compliance management systems (CMS), which follow uniform standards and are implemented in close alignment between the two respective Corporate Compliance Management teams. Differences in the precise design of the CMS of the two Business Segments are described below, insofar as they exist.

Our Core Values for responsible conduct

For us, compliance means observing legal and commercial provisions and rules – and doing so without compromise. Both the Consumer and tesa Business Segments have established a respective Code of Conduct (CoC) to ensure compliance with these standards and to fulfill our social responsibility as a company in the best possible way. As an overarching value framework, the CoC is intended to guide everyone at the company when carrying our business activities. Furthermore, it supports all our employees, managers, and corporate bodies in complying with and living by the core principles and values of the Business Segments. As a directive for our actions, the CoC contributes to affirming our company’s status now and in the future as a trusted partner to our customers, business partners, shareholders, and further stakeholders.

Group-wide compliance management

Our Group-wide CMS is based on established standards such as the IDW AsS 980. We follow these guiding principles:

  • Prevent: Preventive measures are anchored in our management system to avoid wrongdoing.
  • Detect: We use risk analyses to detect and manage material compliance risks Group-wide. Additional control instruments help reveal noncompliant behavior.
  • React and Improve: We penalize any violations of statutory or internal regulations as appropriate in each individual case. In addition, we continuously develop improvement measures for the entire CMS. We see our compliance management system as an important contribution to acting in a sustainable and forward-looking manner and thus living up to our tradition as a reliable and trustworthy company.

Prevent

Antitrust law continues to be an important compliance issue for both parts of the Group. The reasons for this are our business models, legal complexity, the continually increasing prosecution activity worldwide, as well as the potential for sanctions by antitrust authorities. In addition to antitrust law, preventing corruption and acting in accordance with privacy laws are two other focal points of our compliance programs. These programs serve to specifically raise the awareness of our relevant employee groups to these topics and to provide them with both the confidence to act and make decisions.

Our Corporate Compliance departments are responsible for defining, developing, and monitoring the minimum standards for these programs, as well as an appropriate CMS in their respective organization.

In our regions and at our affiliates, we have established local compliance officers who are responsible for communicating all elements of the compliance programs to our employees and working to ensure that they are applied locally. The aim is to enshrine all elements of our compliance system in the regions and affiliates and to monitor and improve them on an ongoing basis. A special network of external attorneys specialized in antitrust issues is available to local companies. Practice-oriented training and consulting services as well as various guidelines form the core elements of our compliance programs:

  • The antitrust guidelines provide clear directives on antitrust-compliant behavior, requirements for contact and the exchange of information with competitors, guidance for communication with customers, for example, with regard to sale prices, as well as fundamental dos and don’ts.
  • The anti-corruption guidelines serve as a guide to dealing with gifts, product samples, and invitations from and to representatives and employees of other companies or public officials. They also contain information on how to deal with conflicts of interest.
  • The data protection guidelines describe, in particular, how the principles of the European Union’s General Data Protection Regulation (GDPR) are implemented for the lawful processing of data at our EU companies. These guidelines direct and instruct our employees on how to handle data in a legally compliant manner. In addition, the data protection teams have established internal partnerships with key data protection functions such as Cyber Security and Procurement.

We have implemented a comprehensive, target group-specific training concept. Taking a risk-oriented approach, we train an average of several thousand employees worldwide annually on corruption prevention as well as antitrust and data protection-compliant behavior. This training is delivered face-to-face or in an e-learning format and it serves to raise our employees’ awareness of the topic and to show them where to obtain further support. In addition, Members of the Executive Board and Supervisory Board are regularly informed about relevant compliance matters. In the fiscal year 2022, the Consumer Business Segment achieved a total training participation rate of 97% and tesa of 99%. The total participation rate applies to the target and risk group defined in advance for the respective compliance fields of antitrust law, anti-corruption, and data protection. This includes all employees and managers who may come into contact with the respective issues and requirements.

Our employees can find key guidance and information on the relevant compliance intranet pages. In addition, we use various communication channels such as the intranet and email to inform our workforce regularly about compliance topics and related new developments. Furthermore, we regularly exchange information with our local affiliates on generally relevant updates, emerging questions, or best-practice approaches, for example.

These ongoing communication and training measures help us institutionalize the compliance principles at our companies.

Detect

The analysis of compliance risks forms the basis of our compliance management system and our compliance programs. To this end, we regularly identify existing and future compliance risk areas in our business models and our geographical presence as part of a holistic compliance risk assessment. In addition, both Corporate Compliance departments support their management teams in identifying risks that go beyond their own organizational responsibility.

In a second step, these are then evaluated and prioritized. High-priority issues are analyzed for their specific risks in order to ensure that appropriate countermeasures exist or are taken. This is carried out both centrally and at the affiliates. The results are presented to the Executive Board and leveraged to continually adapt and improve our global and local compliance programs.

In order to operate in a fully compliant manner over the long term and maintain and further promote an open and trusting compliance and communication culture, it is essential that individual employees are personally committed to the issue. This also includes reporting possible compliance violations and other complaints – even anonymously, if they so desire. To this end, we have established and communicated various reporting systems.

For example, the Consumer Business Segment launched the “Speak up. We care.” whistleblowing platform that can be accessed from anywhere in the world around the clock. The tesa Business Segment has also been using this platform since this reporting period. Furthermore, external ombudspersons received confidential information on potential compliance violations on behalf of tesa until 31.10.2022.

The whistleblowing platforms are available not only to our own employees but also to customers, consumers, suppliers, and other external stakeholders for the purpose of reporting possible misconduct. Besides the above, we also provide internal options for reporting such as Corporate Compliance email addresses.

We have established processes to investigate and clarify any information received and ensure that appropriate measures are taken, following careful consideration. Relevant specialist functions and the Corporate Auditing Department are usually involved in the investigation.

Corporate Auditing is another independent monitoring function within Beiersdorf AG. This department conducts regular audits of both Business Segments, of which compliance-relevant topics form an integral part. In addition, each Corporate Compliance Department regularly monitors compliance with centrally defined minimum standards, through on-site visits or queries about the implementation of measures, for instance.

React and improve

We closely monitor the effectiveness of our compliance management system by means of our regular Group-wide compliance reporting. The results are reported to the Executive Board and Supervisory Board. These reports document compliance incidents as well as the status of our compliance programs centrally and at affiliates worldwide. We derive further courses of action based on this information and implement appropriate measures. The affiliates are naturally required to inform the Corporate Compliance Department immediately about any material compliance incidents, including outside the regular reporting cycles, in order to be able to respond immediately.

We consider the continual and thorough development of our compliance management systems as an integral part of our activities. This is how we take internal adaptation requirements into account, as well as the dynamic changes in legal frameworks and economic conditions. In the reporting year, we developed formalized audit formats for this purpose in the Consumer Business Segment and carried them out at select affiliates. On the basis of the formats, we analyze the effectiveness of antitrust and data protection compliance and improve it on an ongoing basis. At tesa, we revised the data privacy guidelines, the whistleblowing guidelines, and the case management process. We also reviewed the status of local compliance implementation at certain affiliates.