Compliance

The KGCC is binding for all employees and sets out clear rules that include guidance on correct conduct between employees and their colleagues, as well as on how they deal with customers, partners and the public. The KGCC is available in 24 languages and is updated periodically in order to comply with the prevailing legal situation and the current corporate conditions at all times. In the current version, which came into force in April 2018, the focus is on the corporate values laid down one year earlier. The KGCC 3.0 also contains new compliance rules for large-scale projects, as the acquisition of Dematic and the associated project business required additional rules. Last but not least, the updated version of the KGCC also considers the new legal requirements on data protection and IT security.

As a German corporation, KION GROUP AG is primarily subject to German law. At the same time, the company is required to uphold national laws at its global locations. Where there are legal conflicts, the KGCC sets out the company’s approach. Group policies apply across the company, unless they infringe or contradict local laws. In any cases of doubt concerning legal requirements, the Group’s compliance or legal departments serve as the points of contact.

The KION Group’s compliance programme is continuously updated to include new topics and new priorities. In the period under review, compliance activities focused primarily on anti-bribery and anti-corruption. Work also continued on data protection and IT security, foreign trade and export control, anti-money laundering, as well as directors’ and officers’ liability and responsibility. Furthermore, a risk analysis in the area of competition and antitrust law was initiated in the reporting year and will be completed in 2019.

Another focus in 2018 was the technical preparations for the rollout of the Business Partner Check Tool for IT-supported business partner checks, which is to begin in January 2019 in the EMEA IT systems and be successively transferred to the other regions as well.

The Executive Board of KION GROUP AG bears overall responsibility for the compliance management system in the Group. The compliance department reports directly to the CEO of the Group and is headed up by the Chief Compliance Officer. The CCO and the compliance team further develop the compliance management system, provide advice and information on compliance topics and are responsible for the appropriate training.

KION Group Annual Report 2018 – Compliance Management System

Each operating unit has a full-time Compliance Officer who reports directly to the Chief Compliance Officer. Local and regional compliance representatives ensure that operations at subsidiaries comply with statutory and regulatory requirements. Consequently, they are the first points of contact for questions on or reporting of possible instances of non-compliance. Together they form the Group-wide compliance team, reporting to the Compliance Officer of the operating unit, who supports and manages the compliance representatives in their tasks and is responsible for the effective implementation of the KION compliance management system in the operating units.

On a quarterly basis, the local representatives report to the compliance department on inquiries, reported potential compliance violations as well as locally conducted compliance training. The quarterly report also includes information on donations and sponsoring activities.

Regular conference calls as well as personal site visits ensure information is shared continuously. These activities are complemented by the annual Compliance Day, an important in-house platform for professional and personal exchange.

The KION Group compliance department works closely with the legal, internal audit and human resources departments. As a cross-functional body, the KION Compliance Committee is staffed by the managers from these departments. It deals primarily with addressing compliance concerns, managing investigations and advising on sanctions when compliance violations are identified.

The KION Group compliance management system is based on the model of the IDW PS 980 auditing standard, which focuses on preventing compliance violations. Within the framework of its regular audits as well as through ad-hoc audits, its Group audit department checks compliance with the KION Group’s compliance requirements at the subsidiaries. The audit of the compliance management system scheduled for 2019 has been postponed to 2020 to ensure that all necessary preparations can be made.

Actual or suspected incidents of non-compliance can be reported by telephone, post, e-mail or fax. In addition, all KION Group employees as well as external stakeholders can use a whistleblowing hotline to report potential compliance violations anonymously if they so wish. Furthermore, the compliance department’s section on the KION Group website has been expanded to also include such contact details in order to increase transparency for the public.

In the reporting period, the compliance department received notifications of suspected or actual violations. One third of the complaints concerned HR-related issues such as discrimination and harassment. But attempted cyber-attacks via spam e-mails or attempted CEO fraud, HSE-related incidents, possible conflicts of interest, inappropriate gifts and invitations to business partners, theft of company property, and cases of fraud were also reported. Every single notification was followed up.

About half of the notifications resulted in corrective measures being taken, such as improvements in internal controls and processes, as well as additional awareness training; however, they also resulted in disciplinary measures being taken such as formal verbal warnings, through formal written warnings, up to contract termination of the employees concerned.

No significant systemic compliance violations were identified.

Corruption and bribery are not tolerated at any time or in any form by the KION Group. The company has set itself the objective of preventing corruption in all forms, and pursues the ‘Prevent – Detect – Respond’ approach.

The KION Group Code of Compliance (KGCC) sets out specific requirements on conduct to prevent corruption. It focuses on the handling of gifts or benefits granted by or to business partners, dealing with public officials, and the topics of donations and sponsorship. Detailed rules are included in the KION Anti-Bribery and Corruption Policy, the KION Guidelines on avoiding conflicts of interest and the KION Group Donations Policy.

With the Anti-Bribery and Corruption (ABC) Policy published in September 2018 in particular, the KION Group is responding to the increasingly stringent anti-corruption regulations worldwide, setting clear and uniform rules to minimise the corresponding risks. Among other things, the policy sets country-specific approval limits and a uniform approval process for handling gifts and invitations and defines guidelines for the correct documentation of such transactions. It also regulates cooperation with external business partners with regard to integrity checks or performance incentives. Compliance reviews within the scope of merger and acquisition activities are also covered. All employees as well as the members of the Management and Supervisory Boards were informed of the new guidelines.

Training courses and guidelines are intended to prevent potential violations of the law. In these efforts, the Business Partner Check tool plays an important role. Clauses in contracts with distributors, consultants and suppliers also have a preventative effect. The ongoing training of employees who are exposed to an increased risk of corruption also serves to prevent bribery and corruption risks. 96 per cent of employees who received compliance training in 2018 were also trained in fighting corruption. In 2019, new e-learning courses will be added to the KION Group’s compliance training programme. For the first time, this includes targeted, interactive short training courses on anti-corruption topics such as the handling of gifts and invitations or conflicts of interest.

Corruption and bribery risks are recorded and evaluated throughout the Group in a systematic analysis and adequate measures to eliminate process and control weaknesses derived. The characteristics of the corruption perception index for the respective country, the size and structure of the local purchasing or sales organisation and contacts with public officials play an important role in risk assessment. The analysis has already been completed for 76 per cent of all KION subsidiaries, and no significant risks of corruption have been identified in the risk analyses carried out to date. The results show that employees around the world are highly aware of these two issues. Improvements are only necessary in the areas of implementing compliance guidelines and in business partner reviews, the latter being implemented with the Group-wide rollout of the Business Partner Check. In 2018, risk analyses were carried out as planned in all operating units. The risk analysis will be completed in 2019.

Violations that have already occurred are detected through effective control measures such as regular or special audits, and the necessary measures are initiated to prevent these from happening again. All reported suspected cases are followed up rigorously. Disciplinary action is taken in any cases of misconduct, and if necessary the compliance management system is modified to counter future violations.

In the reporting year, there were no confirmed cases of corruption or bribery at the KION Group.

Data protection and IT security are high-priority topics at the KION Group and are regulated by a Group-wide data protection policy. There are also a range of Group-company agreements covering topics such as IT security in the workplace and dealing with IT systems, e-mail and the Internet. Employees also have access to examples and templates for the daily handling of personal information and sensitive business data.

The local operating units are responsible for implementing the central requirements. The Group Data Protection Officer reports directly to the KION Group Chief Digital Officer (CDO), an Executive Board position newly established in 2018. Individual Group companies have their own data protection officers as well as data protection coordinators who report to the respective Executive Board.

Modifications to suit changed legal frameworks are made continuously, as in 2018, for example, to accommodate the
European Union’s newly introduced General Data Protection Regulation (GDPR). To implement the GDPR, employees were made aware of the fundamentals of data protection, the reporting obligation and the reporting channel via an online training course. Furthermore, a project to advance data protection was launched in 2018, which is scheduled to be completed by December 2019.

In addition to the general compliance reporting system, the company also has a central e-mail inbox (dataprotection@kiongroup.com) for complaints or information regarding potential data protection infringements. Reports are viewed and actioned promptly. Due to the low number of instances, no statistical evaluation is feasible. Nevertheless, each case is assessed with regard to its general relevance and used to generally improve data protection.

In the reporting year, no incidents according to article 42a of the German Federal Data Protection Act (BDSG) or the GDPR were reported to the KION Group.

For the KION Group, continuous employee training is a key prerequisite for an effective compliance management system. The correct understanding of guidelines and instructions creates security, and training courses also convey the corporate culture.

This is why every new employee at the KION Group is required to complete an e-learning course that covers all aspects of the KION Group Code of Compliance. For employees without a PC, the company provides face-to-face training. Those employees who are exposed to particular compliance risks owing to their activities, such as in the area of sales, receive special face-to-face training. The KION Group aims to train all its employees regularly on the most critical topics (anti-corruption, avoiding conflicts of interest, competition law, anti-money laundering, data protection, IT security and human rights). Besides findings from its compliance management system, changes to legislation or internal regulations, as currently the new Anti-Bribery and Corruption Policy, are also incorporated into the face-to-face training courses.

The continuous development of the KION Compliance Team and the technical expertise of local compliance representatives around the world have had a markedly positive effect: The face-to-face training courses launched in 2016, combined with the availability of active local contacts, have led to a noticeable improvement in employees’ awareness of compliance issues. This is reflected in the results of the risk analyses and the increasing number of employee inquiries to the compliance representatives.

In the reporting year, 9,038 participants received a total of over 11,000 online and face-to-face training hours on compliance, primarily on anti-corruption, handling of conflicts of interest and antitrust law. Human rights topics – an area that is covered for at least 50 per cent of all training participants – are also represented through training on issues such as discrimination and harassment.