Impact, risk and opportunity management

G1-1 – Business conduct policies and corporate culture

As a globally operating company, thyssenkrupp carries a high degree of corporate responsibility. We are required to comply with many legal requirements and endeavor to successfully implement our own targets. Against this backdrop, corporate governance and corporate culture are of central importance to the long-term success of our business and to ensuring the trust of our business partners, our employees, the public and our other stakeholders. They form the basis for our business conduct.

We regularly and systematically evaluate our corporate culture using the groupwide Employee Pulse Check, a short online survey of employee satisfaction and material success factors for change, such as leadership, culture and communication. Those responsible for the businesses receive the business-specific findings, enabling them to work on targeted improvements. Further information on the Employee Pulse Check can be found in subsection “S1-2” in the section headed “ESRS S1 Own workforce.”

The basis for corporate governance and the corporate culture are the principles of conduct, which are summarized in our Code of Conduct. This expresses our core values and provides guidance on compliance, integrity and ethically correct conduct for all group companies, the Executive Board and management team members, managers and all employees. It covers our conduct and responsibility as a member of society, as well as our conduct in day-to-day business and at the workplace. Corporate policies and agreements give substance to the rules and regulations for individual situations and matters based on the Code of Conduct. Further information on the Code of Conduct can be found in subsection “S1-1” in the section headed “ESRS S1 Own workforce.”

Our compliance program is aimed at anchoring a sustainable value culture within the company. It requires that there is an awareness of internal rules and policies across the company and that business practices are legally compliant. Through the close integration of the internal control system and risk and compliance management, we aim to identify and assess risks at an early stage and decide on suitable actions. Our compliance program covers matters including binding policies, training, communication formats and individual advice. thyssenkrupp fosters a speak-up culture which encourages employees to express concerns about potential violations of the rules or unethical conduct at an early stage. Confidential reporting channels are available to ensure the protection of whistleblowers. Any violations are investigated and sanctioned systematically. Details can be found in the section headed “ESRS S2 Workers in the value chain.”

thyssenkrupp regularly reviews its groupwide compliance program, lastly in fiscal year 2023 / 2024. On July 31, 2024, KPMG AG reviewed the appropriateness, implementation and effectiveness of the compliance management system, also in the area of corruption prevention. The findings of the external audit, which were positive from the perspective of thyssenkrupp, are contained in the KPMG reports for the individual core compliance matters – including corruption prevention – that can be accessed on the thyssenkrupp website.

The global compliance organization headed by the Group General Counsel and the Chief Compliance Officer discusses strategic decisions. A high double-digit number of compliance employees are active worldwide. At the group companies, compliance managers – usually the managing directors – are responsible for implementing the thyssenkrupp compliance program and serve as a point of contact for employees.

thyssenkrupp offers a wide range of classroom-based and e-learning courses on core compliance matters such as corruption prevention. The training formats are selected, designed and regularly updated in a risk-based approach so that they satisfy changed legal requirements, the various business models of the thyssenkrupp group and the findings of the risk assessments and compliance audits. The responsible compliance manager selects the employees to attend classroom-based training, also in a risk-based approach. The participants in e-learning courses are selected by group company employees on the basis of the uniform groupwide training catalogs. Employees must repeat the compliance e-learning courses after any updates but as a rule after three years at most.

Further information on our compliance program can be found in the subsection headed “Compliance”; further information on our governance framework and risk management can be found in the subsection headed “GOV-1 – The role of the administrative, management and supervisory bodies” and in the “Corporate governance statement.”

G1-2 – Management of relationships with suppliers

The situation in the global supply chains has a direct impact on thyssenkrupp’s corporate success. As geopolitical tensions continue and greatly impact supply chains, it is especially important that we have risk-resilient business partners on the procurement side. We therefore endeavor to ensure that our ESG requirements are satisfied across the entire supply chain; our supplier management is the basis for this. It is also crucial to increasing our customers’ satisfaction and achieving our ESG targets.

Policies for implementing our requirements

We implement our requirements towards our business partners through our policy on human rights and environmental due diligence obligations, which is described in subsection “E2-1” in the section headed “ESRS E2 Pollution” and in subsection “S2-1” in the section headed “ESRS S2 Workers in the value chain.” The basis for this is provided by the values and principles for conduct contained in thyssenkrupp’s SCoC, confirmation of which we require at the start of a supplier relationship. In this way, we address the respect for and compliance with fundamental due diligence obligations relating to environmental protection, human rights and working conditions. For their part, suppliers are expected to establish control and monitoring systems to ensure that their subsuppliers also comply with these principles in the same quality, address violations and take appropriate actions to achieve long-term compliance with our requirements. Our suppliers are notified that termination of the contractual relationship is possible in the event of serious violations.

In our SCoC, we have formulated that thyssenkrupp not only awards contracts on the basis of legal, economic, technical and process criteria, but also social, environmental and ethical criteria. We expect the same from our suppliers and their subcontractors. In its own Code of Conduct, thyssenkrupp commits itself and its employees to complying with all applicable bans and obligations, even if this should result in short-term disadvantages for thyssenkrupp or individual persons. It is in this context that we seek to treat each of our suppliers fairly.

The central aspects of the policy – thyssenkrupp’s Group Policy Procurement Principles and the Group Operating Instruction for the implementation of human rights and environmental due diligence obligations – commit all relevant employees to include the sustainability requirements in all contracts with suppliers and to apply sustainability criteria in selecting suppliers. In this way, we can potentially influence possible environmental, human rights and occupational safety impacts of our suppliers’ activities.

Payments to suppliers

Longer terms of payment may have serious consequences for small and medium-sized undertakings especially. In line with our mission statement and Code of Conduct, in which we commit to reliability, honesty, credibility and integrity, we therefore aim to make payments as agreed contractually. As of the end of the fiscal year, thyssenkrupp currently has no additional policy to prevent late payments to suppliers. We have not identified any indication that suppliers of the thyssenkrupp group are treated differently in respect of terms of payment or payment behavior because of their size. Further information can be found in subsection “G1-6” in this section.

Risk assessment

We seek to avoid the inclusion of new high-risk suppliers as a matter of principle. We classify existing suppliers with an annual procurement volume of €10,000 or more regarding their sustainability risks using an internal management and monitoring system (see also the discussion of the HSR in subsection “S2-5” in the section headed “ESRS S2 Workers in the value chain”); if elevated risks are identified, we expect the supplier to work with us to take risk-preventing actions. The goal is to ensure clarity regarding our expectations of suppliers and to avoid from the outset any situations that might impede or even block our company’s market access as the result of poor ethics or sustainability-related efforts. The last resort is to terminate the business relationship.

In our relationships with suppliers, we consider risk aspects in the supply chain and impacts on sustainability matters. The basic ESG risk analysis provides us with a set of external risk scores relating to environmental protection, for example, in respect of climate change, carbon dioxide and greenhouse gas emissions, environmental regulation and waste management scores. The topic of biodiversity is also covered.

Other risk scores ensure the consideration of working conditions on site, for example, scores relating to occupational safety, adequate wages, discrimination/equal treatment, working time and freedom of assembly. In addition, this risk analysis examines aspects of respect for human rights such as local water and air pollution, the right to privacy, the rights of (sexual) minorities, forced labor, slavery, women’s rights, child labor and the use of violence by security forces. This also covers the economic, social and cultural rights of affected communities.

In fiscal year 2024 / 2025, thyssenkrupp used an interdisciplinary risk management system. Further details can be found in subsection “S2-1” in the section headed “ESRS S2 Workers in the value chain.” An IT-based analysis of the aforementioned abstract ESG risk positions for all relevant suppliers provides us with transparency about industry- and region-specific ESG risks. On the basis of these findings, we took supplier-specific preventive action in individual cases and as judged by the business units that have direct contact with potential high-risk suppliers in order to reduce any possible ESG risks. Further information can be found in subsection “S2-4” in the section headed “ESRS S2 Workers in the value chain.”

If it is found that a supplier has already violated a human right or environmental obligation or such a violation is imminent, we focus on the necessary remedial action. Further details of this can be found in subsection “S2-4” in the section headed “ESRS S2 Workers in the value chain.” As part of the risk analysis, the abstract supplier-related risks are continuously adjusted. This is based on the type of violation and the implementation status of the actions decided.

The findings of the risk analysis are considered in supplier selection and in our supplier qualification process prior to establishing a business relationship. Further details can be found in subsection “S2-4” in the section headed “ESRS S2 Workers in the value chain.” In this way, we can directly influence possible environmental, human rights and occupational safety impacts which may arise from our suppliers’ activities.

We seek to establish stable business relationships on the basis of this strategy of active collaboration and communication with our suppliers.

G1-3 – Prevention and detection of corruption and bribery

The compliance program at thyssenkrupp focuses particularly on avoiding corruption and bribery. Our ambition is for our business success to be based solely on the quality of our products and services. We categorically reject corrupt conduct and bribery. To this end, we are also a signatory to the UN Global Compact and take account of international corruption prevention regulations, including the UN Convention against Corruption (UNCAC). Our compliance program also covers the many elements relating to corruption and bribery, such as binding guidelines, training courses, communication measures and individual advice.

In order to identify and investigate misconduct, the Executive Board of thyssenkrupp AG has appointed the Legal & Compliance Investigations department (Compliance Investigations for short) to investigate reports and allegations relating to possible compliance-related misconduct. Compliance Investigations reports to the Chief Compliance Officer, who reports in turn to the CEO. The department conducts regular and proactive audits as well as ad hoc investigations, especially in connection with the core compliance matters of antitrust law, corruption prevention, money laundering, data compliance and trade compliance. The goal is to identify risks at an early stage and to review the effectiveness of the compliance management system.

Violations may be reported via various channels including a publicly accessible, electronic whistleblower system, hotlines, emails or compliance contacts; if legally permissible, reports may also be submitted anonymously. All reports must be treated in confidence. Whistleblowers are protected from possible disadvantages. If violations are identified, actions are initiated and their implementation monitored. We also work closely with those responsible for compliance in the group segments, especially in respect of local authority proceedings. Information on ongoing and completed proceedings is recorded centrally, processed for internal quarterly and annual reporting and then reported.

The compliance managers of the thyssenkrupp companies are notified of binding new compliance guidelines (policies, group regulations and group operating instructions), supporting documents and updates, which are made available centrally via the tk documentdesk, a groupwide IT platform. The implementation and communication of the compliance guidelines is the decentral responsibility of the compliance managers. Implementation of the compliance guidelines must be confirmed in the annual ICS process. Our compliance guidelines are also a feature of compliance e-learning courses, in which the participants confirm that they have been made aware of the guidelines.

The Compliance@thyssenkrupp e-learning course teaches basic knowledge about the thyssenkrupp Code of Conduct and compliance, including corruption prevention in the group, information on our whistleblower system and the contacts for whistleblowers. The course is automatically assigned to all employees with an email address. In addition, a specific e-learning course on corruption prevention is available for use in a risk-based approach. This course communicates content such as conflicts of interest, dealings with public officials, the appropriateness of invitations, gifts, delegation trips and donations, and general corruption risks; the knowledge acquired is reviewed in a concluding test. Our e-learning courses are complemented by classroom-based training for specific target groups and risks. These also communicate content in the area of corruption prevention, for example, dealings with business partners, conflicts of interest, donations and sponsorship, invitations and gifts. Current training data can be found in the subsection headed “Compliance.”

The members of executive boards, management teams and other management bodies, as well as thyssenkrupp employees who are delegated to the supervisory boards or comparable supervisory bodies of other thyssenkrupp group companies or investments are required to participate in binding training programs on preventing corruption and bribery. In the reporting year, the members of the Supervisory Board of thyssenkrupp AG received instruction on corruption prevention and bribery by way of a written document.

On the basis of risk aspects, employees with purchasing and sales responsibility or with direct or indirect influence on the corresponding processes, employees in administrative functions with external contact – especially with customers, suppliers, service providers and authorities – members of executive boards and management teams, group executives, managers with human resources responsibility and participants in industry and association events are especially relevant in respect of corruption and bribery. In the past three years, around 90% of these employees received training in e-learning or classroom-based courses.