Compliance
thyssenkrupp has a broad understanding of compliance: compliance with the law and internal regulations is a fixed element of our corporate culture and is accorded high priority. To us, compliance is about more than observing existing regulations; it also involves contributing actively to a business environment characterized by legal certainty and integrity.
Embedding compliance in our corporate culture
Responsibility, respect and compliance with laws are central values at thyssenkrupp. Compliance is a fixed aspect of our Code of Conduct which applies to all employees worldwide and communicates clear standards of conduct for dealings with business partners, other employees and the public. Our compliance strategy is aimed at embedding a value-based corporate culture within the company – a culture characterized by reliability, honesty, integrity and the clear principle that we would rather forgo a business opportunity than act against the law. This was underscored in the renewed Compliance Commitment by the Executive Board, newly confirmed in the reporting year. Top-level management has a special responsibility in this respect. As role models, they must embed the compliance culture in their respective areas of responsibility and ensure compliance with laws and internal group regulations.
Violations of the law or internal rules are not compatible with our understanding of compliance. That is why we aim to:
systematically investigate all reports of violations of the law and clarify the facts.
treat all information confidentially and protect whistleblowers from any disadvantages. When investigating such reports, we take account of the legitimate interests of the affected persons.
Compliance program
The thyssenkrupp compliance program covers the core matters identified as specific areas of risk: corruption prevention, antitrust law, data compliance, anti-money laundering and trade compliance. It is the responsibility of the Corporate Function Legal & Compliance and is based on three elements: “inform and advise,” “identify” and “report and act.” It is closely tied to risk management and the internal control system (ICS), with the result that compliance is embedded in every business process.
Focus of compliance work
In fiscal year 2024 / 2025, compliance work at thyssenkrupp focused on a number of matters. A central aspect was communicating strong values as the basis of our internal collaboration.
Another focus was on further strengthening and refining the compliance management system (CMS) for the core matters of corruption prevention, antitrust law, data compliance, anti-money laundering and trade compliance. At the same time, in order to further boost the effectiveness of the CMS, measures were implemented on the basis of the findings of the external audit conducted in the previous fiscal year and the global compliance risk assessment. In fiscal year 2023 / 2024, thyssenkrupp engaged KPMG AG to perform an initial audit of the CMS in the areas of data protection, anti-money laundering and trade compliance and a repeat audit in the areas of corruption prevention and antitrust law in accordance with IDW PS 980. The corresponding audit reports can be accessed on our website. Also in the previous fiscal year, thyssenkrupp performed an extensive global compliance risk assessment focused on key compliance matters. A further focus of compliance work in the reporting year was on implementing the measures resulting from this compliance risk assessment.
Regarding the core compliance matters, the focus in respect of antitrust law remained on providing support for portfolio measures. We also refined the CMS in respect of corruption prevention. The core compliance matter of data protection was expanded to data compliance in order to implement the requirements of the EU Artificial Intelligence Act and the EU Data Act. There was a special focus on refining trade compliance law in light of factors such as the ongoing war in Ukraine. Processes in connection with sanctions and export controls are regularly updated, especially regarding the risks of circumvention. Another central issue was implementing the legislation to protect whistleblowers in EU member states.
In addition, the Compliance function acts as advisor, coordinator and consolidator to the organizational units that are responsible for further compliance topics, including occupational safety, management of external workforce, equal treatment, information security, supplier compliance, the environment, energy and climate, and the Supply Chain Act. In the reporting year, one special focus was on implementing compliance in the supply chain with a view especially to addressing compliance with human rights and environmental due diligence obligations – not only in our own operations but also along our supply chain. To this end, thyssenkrupp has established a groupwide concept and organization aimed at ensuring the coordinated implementation of statutory requirements. The legally required oversight of risk management for thyssenkrupp AG is performed by the Corporate Function Legal & Compliance. These tasks have been delegated to the Group General Counsel and Chief Compliance Officer.
Further activities in the reporting year relating to each of the three elements of the compliance program can be summarized as follows:
“Inform and advise”: Our compliance officers informed, trained and advised employees around the world on the relevant laws and internal groupwide policies and also advised on individual cases. In fiscal year 2024 / 2025, more than 7,500 employees took part in face-to-face training courses and webinars covering all core aspects of the compliance program. Our e-learning portfolio was expanded to include modules on international data protection and the AI Act. Participants completed a total of more the 72,000 training courses. Around 9,000 employees completed the voluntary basic module: Compliance@thyssenkrupp.
“Identify”: Proactive and event-driven compliance audits and investigations of the core topics were again conducted in the reporting year. These aim to examine critical business operations based on a risk-oriented, structured audit process. Key channels in connection with the identification of compliance risks are the whistleblower system and direct contact to supervisors or the Compliance function which enable employees and external persons to report possible violations of laws or policies and regulations.
“Report and act”: As well as regular reports to the Supervisory Board and Audit Committee, our intensive compliance reporting covers the Executive Board of thyssenkrupp AG. Regular information is also provided to the segment boards and the management teams of the group companies. In the event of proven violations, our “zero tolerance” policy applies: where necessary sanctions are systematically imposed on those concerned.
Compliance organization
As well as the management and constant development of the compliance program, our Compliance function has the important role of acting as a strategic business partner to provide our specialist functions and businesses with advice on relevant strategic decisions at an early stage. This requires a needs-based and appropriately staffed organization with clearly allocated roles and responsibilities, effective and efficient steering, and in particular a task allocation which is structurally in line with the requirements of the thyssenkrupp group. thyssenkrupp employs more than 90 full-time compliance employees worldwide, around 25 of whom also have other legal tasks. They are supported by a network of more than 240 compliance managers. The latter are usually the managing directors of group companies who ensure the operational implementation of the compliance program in their sphere of responsibility. Together they play a key role in permanently embedding compliance in the thyssenkrupp group and are available to employees seeking advice.