Compliance

Clear understanding of values embedded in globally applicable guidelines

NORMA Group’s understanding of values forms the basis for all business decisions and activities in the Group. In particular, the global focus of the Company makes worldwide implementation and compliance with codes of conduct especially important.

The implementation of compliance-specific frameworks sets rules clearly and transparently. The main compliance guidelines at NORMA Group are

the CODE OF CONDUCT,

the ANTI-CORRUPTION POLICY and

the SUPPLIER CODE OF CONDUCT.

Requirements on HUMAN RIGHTS (regarding freedom of association, forced labor, child labor and anti-discrimination, among others) form an integral part of the compliance guidelines. The guidelines are regularly reviewed with regard to the need for updates and adapted as required.

NORMA Group’s compliance management system is aimed at ensuring that its values and rules are lived throughout the Group. Concrete steps are determined, implemented and tracked in a Compliance Action Plan.

Group-wide compliance management

The Management Board of NORMA Group is responsible for an effective compliance management system. The organizational structure of the ‘Risk, Compliance & Internal Audit’ department was redefined in 2021. Compliance now forms an integral part of the overarching ‘Integrity’ department, which – in addition to compliance – addresses the topics of data protection and information security. This bundling not only takes into account the growing importance of these topics, but also adequately reflects their increasing interlinking in terms of content.

The Chief Compliance Officer manages the Group-wide compliance activities and is able to report directly to the Management Board if necessary. CORPORATE GOVERNANCE REPORT Besides the main compliance department at Group level, Compliance Delegates are appointed at the level of the regions EMEA, Americas and Asia-Pacific, as well as at operationally active individual entities. The Compliance Delegates of the individual Group companies are in regular contact with the other local departments and regularly report to the respective Regional Compliance Delegates, who in turn report to NORMA Group Compliance.

Any member of NORMA Group’s compliance organization can be contacted at any time on any compliance issue. The compliance department is in close communication with the legal department of NORMA Group in order to continuously take into account new or changed legal requirements in the compliance risk analyses and in the compliance program.

The effectiveness of the compliance organization set up by the Management Board is monitored by the Supervisory Board of NORMA Group SE, which is regularly informed about compliance matters.

As part of the continuous development of NORMA Group’s compliance management system, the integration of compliance-related processes in IT systems - in addition to the further updating of the formal framework conditions - was further advanced in the past fiscal year, with users receiving training on these systems.

Close risk monitoring and control

The systematic and regular identification and assessment of relevant compliance risks forms an important basis for the compliance program. NORMA Group carries out the respective risk analyses at regular intervals.

The risks to which NORMA Group is exposed form the basis for determining the compliance program and the respective measures. Implementing these measures and adhering to the compliance rules are also regular audit tasks of internal auditing.

Systematic, demand-oriented training of employees

To ensure the effectiveness of NORMA Group’s compliance management system, all employees must be familiar with the relevant legal requirements and internal compliance guidelines. The goal is for all employees of NORMA Group to know the compliance rules, as well as the contact persons and reporting channels.

The compliance training that NORMA Group offers serves as the basis for this. It takes place in the form of face-to-face and online training sessions. Depending on the job and responsibility profile of an employee, the training courses to be completed are assigned as needed. During training, the employees receive concrete support on which behavior is in line with the compliance guidelines and can test their knowledge in practical assessments and case studies. Based on the revision of the training concept in the previous fiscal year, employees were trained in the past fiscal year with a view to the updated training content. The training courses of fundamental importance that must be completed as basic training by every employee of NORMA Group, include the online training courses ‘Code of Conduct & Compliance Basics’ and ‘Anti-Corruption’. Depending on the job profile, employees must attend specific focus training sessions (including ‘Antitrust law’). Furthermore, NORMA Group has developed a concept to refresh the learning content so that the knowledge of employees on essential and basic compliance topics is updated and extended regularly through refresher courses. ‘Compliance Safety Cards’ were developed for employees without a PC workstation, especially those who work in production, in the past fiscal year. In the future, these will be made available in all of the necessary languages and clearly communicate relevant compliance topics.

In fiscal year 2021, 1,114 employees (2020: 2,091) received in online compliance training. In this context, training courses totaling 1,283 hours (2020: 3,432) were conducted. The decrease in both the number of employees trained and the number of training hours compared to the previous year is mainly due to non-recurring effects in 2020. For instance, there was full re-enrollment in completely revised training courses in 2020. Employees who are unable to participate in online training for language or technical reasons, especially industrial employees, are informed about the content relevant to them via other formats and media (such as face-to-face training by the Local Compliance Representatives, or written information, such as Compliance Safety Cards).

The need for training is checked regularly. Internal reporting records the status of compliance training. Compliance-related topics are also communicated via additional channels such as posters, brochures and Compliance Safety Cards that summarize key compliance topics in condensed form, as well as e-mails and intranet articles.

Various ways of reporting violations

NORMA Group encourages its employees to report violations of rules and internal policies, even across hierarchical levels. Besides personally approaching supervisors, the human resources department or Compliance Delegates, NORMA Group’s internet-based whistleblower system enables anonymous reporting of matters by internal or external whistleblowers. The employees of the compliance organization always follow up on indications of possible compliance violations. Further information on the whistleblower system can be found in the CORPORATE GOVERNANCE REPORT.

In cases in which the electronic whistleblower system is more difficult for employees to use for technical or organizational reasons (a lack of PC access by employees in production, for example), NORMA Group offers other appropriate reporting channels, such as notice boxes at the plants or reporting directly to NORMA Group Compliance by e-mail or by meeting in person, for instance.

The suitability and appropriateness of the reporting system is reviewed regularly – for example, with regard to the requirements of ‘DIRECTIVE (EU) 2019/1937 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of October 23, 2019, on the protection of persons who report infringements of Union law’ (known as the ‘Whistleblower Protection Directive’) – and the system is adapted if necessary. In view of the fact that the Whistleblower Protection Directive has not yet been fully transposed into the national law of all Member States, further developments will continue to be monitored closely and any changes necessary will be made.