Integrity, one of the KION Group’s four core values, also stands for the high regard in which the Company holds compliance with laws, guidelines and voluntary codices. This is why KION GROUP AG and its Group companies worldwide employ a comprehensive compliance management system that centres on the KION Group Code of Compliance.
The compliance guidelines are transparent and available to all employees both at Group level and in the individual operating units. The management of the KION Group constantly ensures that these compliance principles are comprehensively embedded in daily business. In this regard, particular emphasis is placed on communication activities and training to raise awareness of compliance and to keep employees up to date with regulations. In the reporting year the Compliance department’s online presence was also refreshed as part of updating the KION intranet and the associated launch of the KION social intranet.
Current focus areas of the KION Group’s compliance activities include anti-corruption, anti-money laundering and anti-terrorist financing, board member liability and the responsibility of managers, data protection and IT security, as well as foreign trade and export controls. The KION Group is also increasingly requiring its business partners to comply with its compliance principles. To achieve this, the IT-based Business Partner Check tool was set up in 2017. The tool is already in use within the central compliance organisation, with Group-wide roll-out taking place in 2018. Furthermore, development of the roadmap to combat money laundering was also successfully completed in 2017. In doing so, internal regulations on the prevention of money laundering were reviewed and Group departments were questioned on existing risks. This will see the roll-out of targeted risk-minimisation measures. Specific training on the topic of money laundering is intended as an additional risk-prevention measure.
The Executive Board of KION GROUP AG bears overall responsibility for the compliance management system in the Group. The Compliance department reports directly to the CEO of the Group and is headed up by the Chief Compliance Officer. He and his team further develop the compliance management system, provide advice and information on compliance topics, and are responsible for providing appropriate training. The Compliance department supports the operating unit executives in implementing the compliance programme. KION Group Annual Report 2017 – Compliance management system
At a local level within the units, local and regional compliance representatives are appointed who ensure that operations within the Group company or region comply with statutory and regulatory requirements. Consequently, they are the first points of contact for questions on or the reporting of possible instances of non-compliance. Together they form the Group-wide compliance team, and their work is managed by the central Compliance department. Principally, each operating unit is to have one full-time Compliance Officer who reports directly to the Chief Compliance Officer. Regular telephone conference calls as well as personal site visits ensure information is shared continuously. These activities are complemented by the annual Compliance Day, which is attended by all employees who deal with compliance within the Group.
Dematic, which was acquired the previous year, has since been fully integrated into the KION compliance organisation with a full-time Compliance Officer. In addition, in 2018 the KION Group Code of Compliance will be expanded to include points from Dematic.
The local compliance representatives report to the Compliance department on a monthly basis and on an ad-hoc basis in serious cases. The Chief Compliance Officer reports significant incidents and developments directly to the CEO of the KION Group as well as to the Audit Committee of the KION GROUP AG Supervisory Board.
As part of its work, the KION Group Compliance department works closely with the Legal, Internal Audit and Human Resources departments. The KION Compliance Committee is also staffed by the heads of these departments. As a cross-functional committee it deals primarily with addressing compliance concerns, managing investigations, and providing advice on required sanctions on identification of compliance violations.
The KION Group compliance management system is based on the model of the IDW PS 980 auditing standard, which focuses on preventing compliance violations. Within the framework of its regular audits as well as through ad-hoc audits, its Group Audit department checks compliance in the subsidiaries with the KION Group’s compliance requirements. If its audits confirm cases of non-compliance, it is the task of the Human Resources or Legal department to remedy the violations and sanction those responsible. In 2018 the KION Group intends to build on the preparations it has already made and start the process of certifying its compliance management system.
Actual or suspected incidents of non-compliance can be reported by telephone, post, e-mail or fax. In addition, all KION Group employees can use a whistleblowing hotline to report potential compliance violations anonymously if they so wish. Employees can also contact their line manager at any time to raise awareness of possible grievances. Furthermore, the Compliance department’s section on the KION Group’s corporate website is being expanded to include contact details in order to increase transparency for external visitors.
In the reporting period the Compliance department received 147 notifications of suspected or actual violations. The notifications concerned attempted cyber attacks via spam mails or attempted CEO fraud, HR and HSE-related complaints, possible conflicts of interest, theft of Company property, and cases of fraud. Every single notification was followed up.
30 per cent of the notifications resulted in corrective measures being taken, such as improvements in internal controls and processes, as well as additional awareness training; however, they also resulted in disciplinary measures being taken such as formal verbal warnings, through formal written warnings, up to contract termination of the employees concerned.
No significant systemic compliance violations were identified.
Preventing corruption and bribery
Integrity underpins the approach taken by all levels of the KION Group. Corruption and bribery are not tolerated in any form by the KION Group. The Company has set itself the objective of preventing corruption and bribery in all forms, and pursues the ‘Prevent – Detect – Respond’ approach. Within this, training courses and guidelines are intended to prevent potential violations of the law, whereby the Business Partner Check tool plays an important role. Clauses in contracts with distributors, consultants and suppliers also have a preventative effect. And last but not least, measures to eliminate procedural and regulatory weaknesses are derived as part of systematic risk analyses. This also serves to prevent bribery and corruption risks, as does the ongoing training of employees who are exposed to an increased risk of corruption.
Violations that have already occurred are detected through effective control measures such as regular or special audits, and the necessary measures are initiated to prevent these from happening again. All reported suspected cases are followed up rigorously; disciplinary action is taken in any cases of misconduct, and if necessary the compliance management system is modified to counter future violations.
Since 2016 the KION Group has been expanding its assessment of compliance risks across the Group using a standardised system according to which these risks are assessed and recorded in all Group entities. When assessing risks, the particular country’s ranking in the Corruption Perception Index, the size and structure of the local purchasing or sales organisation, and contact with public officials play a key role. In fiscal year 2017 the assessment was continued at a country level. The results show that employees around the world are highly aware of both topics. Only individual improvements in the implementation of compliance guidelines and the business partner check are required, and these will be implemented in 2018 together with the roll-out of the Business Partner Check tool.
The KION Group Code of Compliance sets out specific requirements on conduct to prevent corruption. It focuses on the handling of donations from and to business partners, dealing with public officials, and the topics of donations and sponsorship. Detailed rules are also included in the KION Guideline on avoiding conflicts of interest and the KION Group Donations Policy. These focus in particular on the handling of gifts, entertainment and invitations, as well as the avoidance of possible conflicts of interest. They also set out the requirements on collaboration with business partners in sales. Based on the KION guidelines, local units are also encouraged to establish their own local regulations such as on value limits for gifts and invitations to reflect local laws and customs.
In the reporting year there were no confirmed cases of corruption or bribery at the KION Group.
Data protection regulated at Group level
Data protection and IT security are high-priority topics at the KION Group and are regulated centrally by a Group-wide data protection policy that is accessible to all employees on the intranet. There are also a range of Group-company agreements covering topics such as IT security in the workplace and dealing with IT systems, e-mail and the Internet. Employees also have access to examples and templates for the daily handling of personal information and sensitive business data.
The local operating units are responsible for implementing the central requirements. The Group Data Protection Officer reports directly to the KION Group CFO. Individual Group companies, such as Dematic, have their own Data Protection Officer as well as data protection coordinators who report to the respective Executive Board.
To protect the data and security of IT systems, the KION Group employs a range of organisational and technical measures whose workflow is documented centrally. In 2017 the KION Group took another step forward with the roll-out of a standardised IT workstation to ensure implementation and compliance with the prescribed protective measures.
The KION Group routinely monitors the security situation and takes appropriate countermeasures. Modifications to suit changed legal frameworks are also made continuously.
As a company based in Germany, the KION Group is subject to the European Union’s GDPR (General Data Protection Regulation) Directive. In light of this, the Company’s data protection management system is currently being modified to fulfil the required control mechanisms.
In addition to the general compliance reporting system, the Company also has a central e-mail inbox (firstname.lastname@example.org) for complaints or information regarding potential data-protection infringements. Reports are viewed and actioned promptly. Due to the low number of instances, no statistical evaluation is currently performed.
In the reporting year no incidents according to article 42a of the German Federal Data Protection Act (BDSG) were reported to the KION Group.
Consistent approach to training measures continued
To the KION Group, employee training is the cornerstone of a good compliance management system. Through this, its employees learn which rules apply to their field of work, which stance the Company and its representatives take on certain business practices, and what behaviour is expected of its employees. In particular the Company’s culture is communicated very intensively through training measures.
Every new employee at the KION Group is required to complete an e-learning course that covers all aspects of the KION Group Code of Compliance. For employees without a PC, the Company provides face-to-face training. Those employees who are exposed to particular compliance risks owing to their activities, such as in the area of purchasing, receive special face-to-face training. The KION Group aims to train all its employees regularly on the most critical topics (anti-corruption, competition law, anti-money laundering, data protection, IT security and human rights). Besides findings from its compliance management system, changes to legislation or jurisprudence are also incorporated into its face-to-face training courses.
One particular focus is on the continuous training of local compliance representatives. As the local point of contact, they should always be abreast of the latest developments. The face-to-face training courses within the international compliance organisation that were launched the year before were continued as planned in 2017. In the reporting year 11,458 participants received a total of over 12,000 online and face-to-face training hours on compliance. These were based on local compliance training plans that were created according to the specifications of the central Compliance department. Human rights topics – an area that is covered for at least 50 per cent of all training participants – are also represented through training on issues such as discrimination and harassment.
In 2017 training measures were also expanded to include authorised distributors, for example as part of the regular Distributor Meetings.