Governance

 

Business Conduct

 

G1-4 Confirmed incidents of corruption or bribery

[G1-4-24a] NORMA Group takes a stand against corruption and bribery and reports transparently on confirmed incidents. In the 2024 fiscal year, there were no convictions and no fines for violations of corruption and bribery regulations. These key figures are collected by the legal department, which obtains information from the CFOs of the individual companies. These report on fines and convictions of the individual companies, which are then consolidated across the Group. The fines are allocated to the reporting year in which the decisions became legally binding. One limitation is that reporting persons may not fully disclose fines. The information collected is processed internally within NORMA Group and is not subject to any additional validations by external bodies that go beyond the legal requirements. [G1-4-24b] To prevent bribery and corruption, NORMA Group has introduced an anti-bribery and anti-corruption policy that contains detailed procedures and standards as described in the chapter G1 GOVERNANCE.

 

G1-1 Corporate culture and business conduct policies

[G1-1-9] NORMA Group’s corporate culture is based on the corporate vision and mission and is further defined by the corporate values (Core Values). By integrating the corporate values into training courses for employees and line managers and embedding them in HR processes, they form the guiding principles for the further development of the corporate culture.

NORMA Group’s vision is based on committed collaboration and excellent global performance that creates sustainable solutions. The company promotes teamwork, values diversity and relies on transparent communication to build trusting relationships. The focus is on efficiency, continuous improvement, sustainability and resource conservation, supported by digitalization and automation while complying with global quality standards.

NORMA Group’s mission is to be a reliable partner, exceeding customer expectations with efficient solutions and building long-term relationships. Sustainable growth is to be driven by innovation and the highest quality standards in order to solve customers' challenges.

The mission, vision and corporate values are intended to promote employee loyalty to the company, but also to increase the perception and attractiveness of NORMA Group as an employer.

[G1-1-10a] This understanding of NORMA Group’s values forms the basis for business policy decisions and measures. In particular, the global focus of the company makes worldwide implementation and compliance with codes of conduct especially important. Compliance frameworks define rules clearly and transparently. NORMA Group’s central guidelines include:

• the Code of Conduct

• the Whistleblower Protection Guideline

• the Whistleblower System

• the Anti-corruption Guideline and

• the Supplier Code of Conduct.

The guidelines are related to the positive impacts and opportunities identified as material. NORMA Group has a positive impact on corporate culture through training and a solid legal compliance framework that improves employee recruitment and retention as well as the corporate image.

Compliance with guidelines also had a positive impact in the area of corruption and bribery. No material risks were identified. These guidelines are regularly reviewed and updated in order to meet the relevant requirements.

The Management Board of NORMA Group is responsible for maintaining an effective compliance management system. Group-wide compliance activities are coordinated by NORMA Group’s Integrity Director. This person reports to the Vice President Integrity and, if necessary, directly to the Chairman of the Management Board. In addition to the central Compliance department at Group level, there are also Local Compliance Delegates at regional level in the EMEA, Americas and Asia-Pacific regions, as well as in all individual operating companies. The Local Compliance Delegates report to the respective Regional Compliance Delegates, who in turn report to NORMA Group’s central Compliance department.

Every member of NORMA Group’s compliance organization is available to answer questions and concerns about compliance. The Compliance department works closely with the company’s own legal department to continuously integrate new or changed legal requirements into the compliance risk analyses and the compliance program. In addition, coordination takes place with Internal Audit in order to take current developments into account. With the founding of the Compliance Committee, a body was formally established in which current compliance issues are discussed and necessary measures are coordinated. Permanent members of the Compliance Committee are representatives of Compliance, Legal and Internal Audit & Risk Management. The Compliance Committee generally meets at least quarterly and on an ad hoc basis if necessary. With the Human Rights Committee, a format has also been established in which potential violations of human rights are discussed. In addition to the members of the Compliance Committee, representatives from Human Resources and Corporate Responsibility are permanent members of the Human Rights Committee. The Human Rights Committee usually meets every six months and on an ad hoc basis as required.

The effectiveness of the compliance organization established by the Management Board is monitored by the Supervisory Board of NORMA Group, which is informed of compliance-related matters as needed.

[G1-1-10g] To ensure the effectiveness of NORMA Group’s compliance management system, all employees must be familiar with the relevant legal requirements as well as the internal compliance guidelines. The goal is for all employees of NORMA Group to be familiar with the applicable compliance rules, as well as the relevant contact persons and reporting channels. The basis for this is NORMA Group’s compliance training, which is mainly carried out in the form of online training and, if necessary, as classroom training. The training courses to be completed are assigned to employees according to their job and responsibility profile. In these training courses, employees are given specific guidance on how to behave in accordance with the compliance guidelines. They then have the opportunity to apply and test their knowledge on the basis of practical questions and case studies. The fundamental training courses, which are mandatory as basic training for all NORMA Group employees with a PC workstation, include the online courses “Code of Conduct & Compliance Basics” and “Anti-corruption.” Depending on the area of activity, specific focus training, such as “Antitrust and Competition Law,” may also be required. Employees’ knowledge is continuously updated and deepened through refresher training. In the 2024 fiscal year, the “Speak Up!” training course was rolled out with important information on whistleblowing. For non-commercial employees, especially in the production area, who generally do not have a PC workstation, for example, compliance safety cards or posters are made available in all relevant languages and clearly communicate the most important compliance topics. Training requirements are reviewed where necessary, while an internal reporting system documents the progress and status of compliance training. Compliance-relevant topics are also communicated via various communication channels, such as posters, brochures, compliance safety cards with compact summaries of key compliance topics, emails and intranet articles.

[MDR-P-65] Code of Conduct

NORMA Group’s Code of Conduct is a document that summarizes the ethical and legal standards expected of employees and managers in their dealings with each other and with third parties. It provides a guide for behavior and decision-making in the professional environment and helps to promote a positive, respectful and law-abiding work environment. NORMA Group expects its employees to conduct themselves at all times in accordance with its corporate values and commitment to ethical behavior. In addition, they are expected to conduct NORMA Group’s business at all times in accordance with applicable national, regional, local and foreign laws and NORMA Group’s internal guidelines. The Code of Conduct covers topics such as personal integrity, corporate integrity, human rights and the handling of NORMA Group’s assets. In the event of suspected violations of the Code of Conduct, NORMA Group employees can contact Human Resources, Management or the Compliance Organization. They also have access to reporting channels through which they can provide information – anonymously if they wish.

[MDR-P-65] Whistleblower system

[G1-1-10ci] NORMA Group encourages its employees to report violations of regulations and internal guidelines – including across hierarchical levels if necessary. Employees have various reporting channels at their disposal for this purpose, including an electronic whistleblower system. This whistleblower system allows internal and external whistleblowers to report suspicious cases to NORMA Group’s Compliance organization and, if necessary, to maintain their anonymity. Additionally, NORMA Group offers other appropriate reporting channels, such as personal reporting to NORMA Group Compliance. In addition to the central internal reporting channel, which can be accessed electronically or in person, NORMA Group provides supplementary or alternative reporting channels at all locations where local laws require them. Additionally, every member of NORMA Group’s compliance organization can be contacted regarding any questions or issues related to compliance.

Both the suitability and adequacy of the reporting system are regularly reviewed by NORMA Group Compliance – for example, with regard to the requirements of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons reporting breaches of Union law (commonly known as the Whistleblower Protection Directive) as well as the respective implementing laws of the member states, for example. The system is adapted if necessary. In view of the partial contradictions between the national implementation laws and the EU Directive in certain member states where NORMA Group also operates reporting channels, NORMA Group is closely monitoring further developments. Necessary adjustments are made if required.

[G1-1-10e] The Compliance Organization investigates reports of compliance violations. The procedures and protective measures for whistleblowers are detailed in the Whistleblower Protection Guideline. This is publicly accessible both on the intranet and on NORMA Group website and is aimed at both internal and external potential whistleblowers.

[G1-1-11][G1-1-10cii] NORMA Group’s Whistleblower Protection Guideline is committed to protecting whistleblowers who act in good faith from retaliation, dismissal, demotion and other forms of retaliation, ensuring that whistleblowers are not subject to labor, disciplinary, criminal or civil sanctions and that they are protected from retaliation for reporting. Any form of discrimination against whistleblowers will not be tolerated and NORMA Group will take necessary measures to ensure the safety and protection of whistleblowers. Discriminatory behavior towards whistleblowers is strictly prohibited and will be prosecuted through disciplinary measures.

The suitability and adequacy of the reporting system are reviewed on a case-by-case basis, particularly with regard to the requirements of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons reporting breaches of Union law (commonly known as the Whistleblower Protection Directive) as well as the respective implementing laws of the member states, for example. If necessary, adjustments are made to ensure that all requirements are always met.

In light of the partially divergent implementation of the directive into national laws in certain member states where NORMA Group also operates reporting systems, the company is closely monitoring developments. If necessary, adjustments are made to ensure legal compliance and the protection of whistleblowers. [G1-1-10d]

[MDR-P-65] Supplier Code of Conduct

NORMA Group strives to fulfill its responsibility along the entire value chain and therefore expects its suppliers to act in accordance with the Supplier Code of Conduct. This means that suppliers must conduct their business in strict compliance with the law and ethical principles. In addition, they should respect human rights and comply with the applicable standards in the areas of occupational safety and environmental protection. Further details can be found in the chapter S2 WORKERS IN THE UPSTREAM VALUE CHAIN.

[MDR-P-65] Anti-corruption Guideline

NORMA Group attaches the utmost importance to complying with its anti-corruption obligations in accordance with applicable legal requirements. Corruption promotes poverty, hunger, disease and crime and hinders economic and social development by preventing societies and individuals from realizing their full potential. It is also an obstacle to the rule of law and fair market practices, which NORMA Group and other responsible companies make an indispensable foundation for their actions.

NORMA Group has therefore established the Anti-corruption Guideline as a sub-guideline of the Code of Conduct and thus an elementary component of the Compliance Management System. The aim of the guideline is to prevent corrupt behavior and establish clear rules of conduct. It is intended to strengthen confidence in the integrity of the organization and avoid legal risks from corrupt practices. The guideline provides basic knowledge about corruption, corruption risks and risky transactions as well as NORMA Group’s measures to reduce corruption risks. This guideline applies throughout the Group. It contains binding requirements regarding the granting and acceptance of benefits in the context of business relationships with third parties (i.e. persons who are not employed by NORMA Group). The guideline explicitly defines prohibited practices and specifies which benefits are subject to a mandatory prior check and therefore require approval.

NORMA Group employees and external third parties can anonymously report any actual or alleged misconduct in relation to NORMA Group via the whistleblower system. A report must not lead to disadvantages for the reporting person. NORMA Group’s compliance organization follows up on indications of compliance violations. [G1-1-10b] NORMA Group is currently unable to state whether the Anti-corruption Guideline is fully compliant with the United Nations Convention against Corruption. A detailed reconciliation is to be carried out in the coming fiscal year. NORMA Group has not developed a plan to revise the guideline. [G1-1-10h] The functions within NORMA Group that are most vulnerable to corruption and bribery include commercial employees.

 

G1-3 Prevention and detection of corruption and bribery

[G1-3-18a] NORMA Group has implemented procedures to prevent, detect and appropriately deal with incidents of corruption and bribery. These procedures include an Anti-corruption Guideline that defines clear guidelines and behavior. This is supplemented by mandatory training for all commercial employees. In addition, violations can be reported to NORMA Group Compliance via the defined reporting channels – also anonymously. Detailed information on this can be found in the chapter G1 GOVERNANCE.

[G1-3-18b] Suspicious cases are handled by NORMA Group Compliance, which decides on further action on a case-by-case basis and, if necessary, with the involvement of the Compliance Committee. Where appropriate and necessary, the specific investigation of suspected cases may be delegated by NORMA Group Compliance to Internal Audit or external third parties.

[G1-3-18c] If necessary, indications of compliance violations are discussed by the Compliance Committee in accordance with the criteria defined in the Compliance Committee Charter and a decision is made on how to proceed. The reporting channels are defined and fixed – irrespective of the actual implementation of an investigation. NORMA Group Compliance reports exclusively to the Management Board member responsible for this area.

In addition to defined regular reporting, the criteria for any ad hoc reporting to the Management Board member responsible for the area are also defined. The Compliance Committee decides whether ad hoc reporting is required if defined materiality thresholds are potentially exceeded.

[G1-3-20] NORMA Group ensures that its guidelines are accessible and understandable to all relevant parties: Employees can view the compliance guidelines at any time on the intranet site. The Code of Conduct is attached to the employment contracts and is covered in the compliance training sessions. The guidelines are available in up to eleven languages to ensure global comprehensibility.

Interested stakeholders can transparently view the compliance guidelines on the NORMA website.

Suppliers receive the Supplier Code of Conduct as part of onboarding and updates to ensure that they understand and comply with NORMA Group’s standards.

[G1-3-21a] NORMA Group’s training curriculum also covers the topics of corruption and bribery. Basic corruption is already covered in the e-learning on the Code of Conduct. The “Anti-Corruption” training course provides more detailed and in-depth coverage of the subject matter. The training content is closely aligned with the underlying Code of Conduct and Anti-corruption Guideline. All commercial employees are obliged to complete the two training courses. Additional training and updates are offered as required to keep knowledge up to date. The “Gifts & Invitations” brochure is also available on the intranet site and contains important information on handling gifts, invitations and other benefits.

[G1-3-21b] These training programs are designed to cover 100 % of the employees in the functions identified by NORMA Group Compliance as being at risk with regard to corruption. In the 2024 fiscal year, 96.0 % of the corresponding training courses were completed. NORMA employees in the “salaried” employee class have been classified as high-risk roles. [G1-3-21c] Training is mandatory for all employees in the “salaried” employee class, including managers and members of the Management Board. In addition, members of the Compliance Organization receive special onboarding training, which also includes anti-corruption content.

 

Information Security

 

Completion rate of ‘Information Security’ training per year and employee, taking into account the TISAX-certified locations

[MDR-M-75][MDR-M-76][MDR-M-77] NORMA Group uses a company-specific metric to measure the progress of the defined targets in the area of information security. This metric records the ratio of completed e-learning courses on information security in relation to the total number of enrolments. Completion of the e-learning course is mandatory for all commercial employees who work for a company within the scope of TISAX certification. In the 2024 fiscal year, 88.0 % of the corresponding training courses were completed.

 

Policies in relation to Information Security

[MDR-P-65] The company relies on resilient and secure systems, processes and procedures to continuously guarantee the confidentiality, integrity and availability of information – information security is therefore a central foundation for all business activities and operational security. NORMA Group pursues an active safety culture that is promoted through training and employee involvement. The company is aware of its positive and negative impacts as well as the opportunities that arise. NORMA Group has a negative impact on the security and protection of employee and customer information due to region-specific differences in the implementation of regulations and data protection. On the other hand, transparent and application-oriented regulations, training and continuous improvement and risk management are positive. There is also an opportunity to reduce the probability of damage occurring and its impact by systematically and effectively strengthening the information security management system in the long term, thereby not only minimizing financial losses but also creating trust among stakeholders. NORMA Group maintains an information security management system (ISMS) that is based on the requirements of the “Trusted Information Security Assessment Exchange” (TISAX) standard of the German Association of the Automotive Industry (VDA) as well as other recognized best practices and international standards (e.g. ISO 27001). This ISMS aims to ensure information security through systematic planning, implementation, maintenance, review and continuous improvement.

The structure and elements of the ISMS are defined by the Information Security Guideline, which was approved by the CEO in 2024. This guideline forms the basis for the strategic orientation and operational measures in the area of information security. It defines the key principles, objectives and rules that control the implementation and continuous improvement of the ISMS. The guideline – like the ISMS as a whole – aims to ensure that all relevant security aspects are integrated into daily processes. NORMA Group has not identified any material risks in this context.

The Information Security Guideline applies to NORMA Group and all subsidiaries as well as to all employees, including executives, managers, temporary workers and freelancers, and relevant external parties such as partners and suppliers. The Management Board and local management bear overall responsibility for information security and support the implementation of the guideline and the measures derived from it.

 

Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities

[MDR-T-79][MDR-T-80] NORMA Group has defined clear targets for information security, which are anchored in the information security management system. The Group Information Security Officer makes the guidelines available to relevant employees and external partners, e.g. via the intranet page, the website or by email.

In order to demonstrably and verifiably introduce the standards of the information security management system at relevant NORMA Group sites, the units defined as relevant provide evidence in accordance with the TISAX standard and have an external audit carried out. The certification requirements and scope are closely coordinated with the customer.

In addition, the aim is for 100 % of commercial employees in the units defined as relevant to successfully complete the “Information Security Basics” e-learning course each year. NORMA Group monitors and measures progress in achieving the targets.

 

Taking action on material impacts on value chain workers, and approaches to managing material risks and pursuing material opportunities related to value chain workers, and effectiveness of those actions

[MDR-A-68][MDR-A-69] NORMA Group has implemented targeted measures to achieve its information security goals and actively manage both risks and opportunities in the area of information security. Although no material risks were identified in the area of information security in accordance with the definition of materiality, it remains a key task of information security to identify, assess and actively manage potential risks. As part of the conceptualization of information security, risks were identified according to the assessment criteria defined at the time. The measures already underway and implemented may have resulted in no further material risks being identified in the 2023 materiality analysis. The following measures are implemented in the area of information security: The process for auditing in accordance with the TISAX standard of the German Association of the Automotive Industry (VDA) includes careful preparation and implementation of the necessary steps. As part of the information security management system, threats and risks are analyzed in detail and measures are taken to mitigate or eliminate them. Continuous monitoring and review of information security takes into account IT infrastructure, processes, technologies and structures, among other things. The respective activities are carried out in coordination between NORMA Group Information Security and NORMA Group IT, among others. The aim of this approach is to provide effective protection against security breaches and to safeguard the integrity of the company’s assets. In addition, rules of conduct and structural improvements are implemented to mitigate risks such as cyber attacks or natural disasters. The Group Information Security Officer continuously monitors the status of information security and the measures implemented to ensure the protection of confidentiality, integrity and availability.

 

Product Quality

 

Key figures on product quality

[MDR-M-75][MDR-M-76][MDR-M-77]

NORMA Group uses two metrics to measure the progress of the defined targets: The number of confirmed defective parts per year (survey for the production sites) and the number of accepted monthly customer complaints (survey for the production sites and distribution sites).

 

Number of defective parts per million parts produced (ppm: parts per million)

The first metric measures the number of confirmed defective parts per million parts delivered. The metric is calculated by dividing the number of confirmed defective parts by the total number of parts delivered and multiplying by one million. In the 2024 fiscal year, NORMA Group’s parts per million value was 3.2. Accordingly, NORMA Group has achieved the target value of less than 4.5 defective parts per million in the 2024 fiscal year. This key figure is recorded continuously and reported to the Management Board on a monthly basis. At the same time, root cause analyses and countermeasures are initiated at plant level. As an established key performance indicator in the automotive industry, the parts per million value is used to measure quality performance. In addition, the quality indicator is audited and verified annually by an accredited International Automotive Task Force registrar and therefore externally validated.

Number of customer complaints

 

The second key figure relates to customer complaints. These complaints are an important key figure in the automotive industry for measuring quality performance and record the complaints per month and business unit. Customer complaints are recorded at the point of origin. If the cause of the complaint is due to the manufacturing process, it is counted at the production site; if the problem is due to shipping, packaging or logistics errors, it is recorded at the distribution center. The customer reports the complaint to the supplying business unit of NORMA Group. The calculation method for this indicator is based on the number of accepted complaints reported in a calendar month divided by the number of production and distribution sites. To avoid double counting, a complaint is only counted for the location that caused it. Customer complaints are not subject to any limits and are reviewed and validated annually as part of the International Automotive Task Force audits and thus validated externally. In the 2024 fiscal year, the number of customer complaints accepted by NORMA Group was 2.8. NORMA Group achieved the target value of 5.0 customer complaints on average.

 

Policies regarding product quality

[MDR-P-65] Product quality is the top priority in NORMA Group’s divisions. Since the products can be functionally critical for the direct customers as connecting elements of various individual parts, even a single malfunction can impair the function and safety of the entire application. This is why NORMA Group and its brands focus on maximum reliability in order to maintain and further strengthen customer confidence in its products and services. The quality of the products and the fulfillment of customer requirements are closely linked.

In the 2020 fiscal year, the Chief Operating Officer and the Vice President for Quality, Environment, Health and Safety adopted a Group-wide quality guideline that applies to the entire company. This underlines NORMA Group’s understanding of management and its commitment to the following principle: NORMA Group pursues a zero-defect mindset, which means that NORMA Group strives to make no mistakes in production and business processes. Constant improvements are supported by the NORMA Business System, which continuously promotes the further development of all processes. Compliance with relevant standards and legal requirements is another important principle of the quality guideline. Decisions are made at all levels of the company on the basis of data by monitoring the two key performance indicators “number of defective parts” and “number of customer complaints” and using them as the basis for decisions. In addition, minor investments are made in technologies to ensure process capability.

The quality guideline is publicly accessible to all interested stakeholders and highlights the positive impacts and opportunities for NORMA Group. The company’s actions have a positive impact on product quality thanks to its high quality and safety standards. This quality offers financial opportunities to increase sales and profitability. No material risks were identified in connection with product quality.

 

Targets related to addressing material negative impacts, promoting positive impacts and dealing with material risks and opportunities

[MDR-T-79][MDR-T-80] To ensure the quality of its products, NORMA Group has set itself two clear and measurable targets for the 2024 fiscal year. In terms of product output, the target is a number of defective parts of less than 4.5 parts per million. The measurement is carried out in “parts per million” (PPM). With regard to customer feedback, the aim is to ensure that the number of customer complaints does not exceed an average of 5.0 per month and business unit. Both target values are validated and defined annually, tracked on a monthly basis and reported to the COO during the operational (OPS) review. The targets were adopted by NORMA Group’s Management Board for the 2024 fiscal year.

Targets have also been formulated for the 2025 fiscal year. The target for the number of defective parts is less than 4.3 parts per million. The target for customer feedback in the 2025 fiscal year is an average of less than 4.8 per month and business unit.

Taking actions regarding material impacts and approaches to managing material risks and exploiting material opportunities related to product quality, as well as the effectiveness of these actions and approaches

[MDR-A-68][MDR-A-69] NORMA Group implemented several targeted actions in the 2024 fiscal year to achieve the product quality targets set and to ensure that the positive impacts and opportunities continue in the future.

One of the actions implemented with regard to product quality is the implementation of QASQ-it at NORMA production sites. This platform consists of several modules that enable NORMA Group to track the process capability index (Cpk) of processes, the timeliness of production part approval process (PPAP) submissions to customers and the handling of complaints. In this way, NORMA Group will further improve its agility towards customers and further increase customer satisfaction. This introduction will take the next two to three years and a special team will focus on it.