Compliance

The following Compliance section applies to both the Consumer and tesa Business Segments. Both business segments have established their own independent compliance management systems (CMS), which follow uniform standards and are implemented in close alignment between the two respective Corporate Compliance Management teams. Differences in the precise design of the CMS of the two business segments are described below, insofar as they exist.

Our Core Values for responsible conduct

For us, compliance means observing legal and commercial provisions and rules – and doing so without compromise. Both the Consumer and tesa Business Segments have established a respective Code of Conduct (CoC) to ensure compliance with these standards and to fulfill our social responsibility as a company in the best possible way. As an overarching value framework, the CoC is intended to guide everyone at the company when carrying out our business activities. Furthermore, it supports all our employees, managers, and corporate bodies in complying with and living by the core principles and values of the business segments. As a directive for our actions, the CoC contributes to affirming our company’s status now and in the future as a trusted partner to our customers, business partners, shareholders, and further stakeholders.

Group-wide compliance management

Our Group-wide CMS is based on established standards such as the IDW AsS 980. We follow these guiding principles:

• Prevent: Preventive measures are anchored in our management system to avoid wrongdoing.
• Detect: We use risk analyses to detect and manage material compliance risks Group-wide. Additional control instruments help reveal noncompliant behavior.
• React and improve: We penalize any violations of statutory or internal regulations as appropriate in each individual case. In addition, we continuously develop improvement measures for the entire CMS. We see our compliance management system as an important contribution to acting in a sustainable and forward-looking manner and thus living up to our tradition as a reliable and trustworthy company.

Prevent

Antitrust law continues to be an important aspect of compliance for both parts of the Group. The reasons for this are our business models, legal complexity, the continually increasing prosecution activity worldwide, as well as the potential for sanctions by antitrust authorities. In addition to antitrust law, preventing corruption and acting in accordance with privacy laws are two other focal points of our compliance programs. These programs serve to specifically raise the awareness of our relevant employee groups to these topics and to provide them with both the confidence to act and make decisions.

Our Corporate Compliance Management departments are responsible for defining, developing, and monitoring the minimum standards for these programs and an appropriate CMS for the business segments.

We have appointed compliance officers with local responsibility in our regions and affiliates who are tasked with communicating all elements of the compliance programs to our employees and ensuring that they are applied at the local level. In this way, we aim to embed all elements of our CMS in the regions and affiliates and to monitor and improve them on an ongoing basis. Our local companies have access to a network of specialized external lawyers, particularly for matters relating to antitrust law. Alongside practical training and advisory services, the core elements of our compliance programs include various guidelines:

• Our antitrust guidelines contain clear instructions on how to behave in accordance with antitrust law, rules on contacting and exchanging information with competitors, guidance on communicating with customers on matters such as sales prices as well as basic dos and don’ts.
• The anti-corruption guidelines provide guidance on how to handle gifts, product samples, and invitations from and to representatives and employees of other companies or public officials. They also contain information on how to deal with conflicts of interest.
• The data protection guidelines describe in particular how to implement the principles of the European General Data Protection Regulation (GDPR) to ensure that our EU companies process data in accordance with the law. These guidelines direct and instruct our employees on how to handle data in a legally compliant manner. In addition, the data protection teams have established internal partnerships with key data protection functions such as Cyber Security and Procurement.

We have implemented a comprehensive, target group-specific training concept. Each year, an average of several thousand employees worldwide receive risk-oriented training on how to prevent corruption and behave in compliance with antitrust law and data protection regulations. The training is provided either face-to-face or through e-learning courses and is designed to raise awareness among our employees and show them where they can seek further support. In addition, members of the Executive Board and Supervisory Board are regularly informed about relevant compliance issues. In fiscal year 2023, the Consumer Business Segment achieved a total training participation rate of 98% and tesa of 98% (January to October). The total participation rate applies to the target and risk group defined in advance for the respective compliance fields of antitrust law, anti-corruption, and data protection. That includes all employees and managers who may come into contact with the topics and requirements in question.

Our employees can find further guidance and information via the relevant compliance pages on the intranet. Moreover, we use various communication channels such as the intranet and emails to keep employees regularly informed about relevant compliance issues and new developments. We are also in regular contact with our local affiliates, for example to discuss general updates, any issues that arise, and best practice approaches.

These regular communication and training measures allow us to embed the principles of compliance within our company.

Detect

Our CMS and compliance programs are based on a compliance risk analysis. To this end, we regularly identify existing and future areas of compliance risk associated with our business models and our geographical positioning in the course of a comprehensive compliance risk assessment. Both Corporate Compliance Management departments also support their respective management teams in detecting risks that go beyond their own organizational responsibility.

In a second step, these risks are assessed and prioritized. Matters of high priority are analyzed for their specific risks so that appropriate countermeasures can be taken. This is carried out both centrally and at the affiliates. The results are communicated to the Executive Board and used to continuously adjust and improve our global and local compliance programs.

If we want our compliance practices to be sustainable and maintain and further promote an open, trusting compliance and communication culture, we need all our employees to be on board and fully committed. This also includes reporting possible compliance violations and other complaints – even anonymously, if they so desire. To this end, we have established and communicated various reporting systems.

For example, the Consumer Business Segment launched the “Speak up. We care.” whistleblowing platform that can be accessed from anywhere in the world around the clock. The tesa Business Segment uses the same platform in parallel.

In addition to our own employees, the whistleblower platforms are also open to customers, consumers, suppliers, and other external stakeholders who wish to report possible misconduct. There are also various internal reporting channels, such as central compliance email addresses.

We have processes in place to help us follow up on all reports of misconduct, shed light on the facts of the matter, and take appropriate action following careful consideration. Relevant specialist functions and the Corporate Auditing department are usually involved in the investigation.

Corporate Auditing is another independent monitoring function within Beiersdorf AG. The department conducts regular audits in both business segments, with compliance-related topics forming an integral part of these audits. In addition, the relevant Corporate Compliance department regularly verifies compliance with centrally defined minimum standards, for example through on-site visits or surveys on the implementation of measures.

React and improve

We gain an impression of the effectiveness of our compliance management system by means of regular Group-wide compliance reports. The results are reported to the Executive Board and Supervisory Board. These reports document compliance incidents as well as the status of our compliance programs centrally and at affiliates worldwide. We derive further courses of action based on this information and implement appropriate measures. Even outside of the reporting cycles, affiliates must of course inform the central Compliance department immediately of any material compliance incidents so that we can take prompt action.

Another key component of our activities is the continuous and consistent further development of our CMS. This is how we take internal adaptation requirements into account, as well as the dynamic changes in legal frameworks and economic conditions. During the year under review, we revised our Code of Conduct for the Consumer Business Segment and introduced it at all affiliates. We also updated¹ our compliance training guidelines and, in particular, incorporated a newly developed training cockpit. This software provides a real-time overview of the status of compliance training and allows us to improve our training management. Moreover, we have aligned the compliance risk assessment process and system more closely with existing financial risk management formats. The aim here is to create a standardized, integrated approach for both business segments using the same platform.

At tesa, we revised both the content and the design of our e-learning courses on corruption prevention and conduct in compliance with antitrust law and data protection regulations during the reporting year. Within the scope of our compliance risk assessment, we identified “Environmental, Social, Governance” (ESG) as a new, relevant compliance risk area and integrated it into the tesa CMS. We also reviewed the local compliance implementation status at certain affiliates.

¹ Valid since Jan. 01, 2024.