Business ethics and human rights

The nonfinancial aspects of corporate governance, particularly combating corruption and bribery, compliance with antitrust law and respect for human rights are outlined below. All of the above points have responsibility and risk minimization in common.

As a global enterprise with a more than 135-year history, Vossloh has a social responsibility toward its customers, employees, partners, investors and the public. From this responsibility, Vossloh derives the requirement that the Company and its employees adhere to the laws as applicable, respect basic ethical values and act in an exemplary fashion at all times and in all scenarios. This requirement is set out in writing in the Vossloh Code of Conduct. The Code of Conduct, which all employees sign when they join the Company, is designed to help them live up to this responsibility.

As a German stock corporation, Vossloh AG has a dual management and monitoring structure as reflected in the two bodies the Executive Board and the Supervisory Board. Both bodies have an obligation toward the Company’s well-being and the interests of the shareholders. The Annual General Meeting, as the third body, is responsible for the Company’s key fundamental decisions (see Corporate Governance Report on pages 30).

Preventing violations of the law of any kind, in particular corruption and anticompetitive behavior, is a key concern of the Vossloh Executive Board for the entire Group. The Executive Board has also unequivocally summed this up in its Compliance Commitment, which states: “Compliance with the law has absolute priority over closing a deal or achieving internal goals. We would rather forgo a business opportunity than violate the law. We do not tolerate any violation of the law or of our internal guidelines and policies and will sanction any such behavior (zero tolerance policy)” (see www.vossloh.com > “Investor Relations” > “Corporate Governance” > “ Compliance ”). The area of Compliance is overseen within the Executive Board by the Chief Executive Officer (CEO).

The Executive Board of the Vossloh Group has established a Compliance Management System. The Vossloh Group’s Rules of Procedure of the Compliance Organization govern the Compliance Organization, the assignment of responsibilities to officeholders and the reporting duties of all the different company levels. The Compliance Organization comprises the Chief Compliance Officer (supported by a Compliance Office), the Group Compliance Committee at Vossloh AG, compliance officers and compliance committees within the business units and local compliance officers within the operating companies.

The Compliance-Management-System is designed to identify compliance violation risks and to minimize them in order to prevent Vossloh and its employees from incurring damage and liability risks. Bribery in business transactions and breaches of competition law were identified as key compliance risks in a risk inventory conducted with external support in 2016 and last updated in 2021. This relates in particular to sales and all the sales-promoting activities, including intermediaries. The Compliance-Management-System addresses these risks and minimizes them with the help of suitable processes and measures.

Since 2007, Vossloh’s Compliance-Management-System has been based on the Vossloh Code of Conduct. The Code of Conduct stipulates and precisely defines the values of integrity and upstanding business conduct, and interprets them as clear and straightforward rules and principles. It is currently available in 15 languages and is mandatory for all Company employees. It was most recently completely revised and further developed in 2016. There are also guidelines on the prevention of corruption, antitrust law-compliant conduct and the introduction of intermediaries as well as data protection, export control and insider guidelines (for more information on Compliance at Vossloh, see: www.vossloh.com >“Investor Relations” > “Corporate Governance” >“Compliance”).

Compliance as part of business activities constitutes part of regular classroom training held at all Vossloh companies. The teaching requirements and the participants are identified and selected by the Compliance Officers within the business units and the Local Compliance Officers on the basis of the Vossloh Compliance Training Concept. The Compliance Office headed by the Chief Compliance Officer keeps a record of the classroom training sessions held. In 2021, Vossloh conducted compliance training around the world for a total of 723 participants (2020: 309).

Compliance training is also provided in the form of e-learning, which was rolled out again in a fundamentally updated form in early 2021. The “Code of Conduct – Compliance Basics” module is aimed at all employees who work at a computer workstation. In addition, there are two modules for all managerial staff and employees with external contact that focus on competition law and anticorruption measures. These are also the target audience of the “refresher” module on anticorruption, competition law and foreign trade law. All new employees are gradually taken through the e-Learning program. The Local Compliance Officers systematically record the employees’ attendance and send them reminders to attend, if need be. As of December 31, 2021, the training rate stood at 95.0 percent (2020: 96.4 percent).

Compliance audits are performed – usually with the assistance of external audit firms – in order to verify that the Compliance-Management-System rules are being adhered to within the individual operating units. These are performed both ad hoc and without there being any specific suspicions. In 2021, three compliance audits were performed. Further, compliance issues were also audited as part of the internal audit process. Additionally, the Company regularly has its Compliance-Management-System reviewed by external experts and has them make recommendations regarding its further development and improvement. The most recent review took place in 2017; the audit report has been published on www.vossloh.com under “Corporate Governance” > “Compliance” in the “Investor Relations” section. Insofar as findings and recommendations were stated regarding compliance work, these have been and will be implemented in the course of the ongoing development and improvement of the Compliance-Management-System. Vossloh also performed a stocktaking and survey of 215 managers and other employees of the Vossloh Group in 2018 which confirmed the effectiveness of the established Compliance-Management-System as well as high levels of awareness and acceptance of compliance within the Vossloh Group. In the fiscal year 2021, another Group-wide compliance risk assessment was carried out with the support of an auditing firm. The purpose of this risk assessment was to determine the Vossloh Group’s compliance risks in the areas of antitrust law, anti-corruption, and export control, taking into account existing compliance rules and measures. The appropriateness of the existing Compliance-Management-System was further validated overall.

Together with an international law firm, Vossloh set up a whistle-blower hotline. In addition to the option of contacting the Compliance Office directly, this allows company employees and external whistle-blowers to report possible misconduct to an independent external contact (ombudsperson) in their native language. The whistleblower hotline has so far been set up for 24 countries. As such, the main regions and the languages spoken within the Vossloh Group are essentially covered. The ombudspersons were contacted on three occasions in 2021 (2020: five occasions). All resulting investigations into possible compliance violations were concluded.

Vossloh has also taken special precautions to ensure compliance with foreign trade regulations, notably export control and embargo legislation. Beyond the obvious need to comply with applicable legal provisions, Vossloh shares the security objectives pursued by foreign trade legislation, especially the strengthening of international peace efforts and the non-proliferation of weapons of mass destruction. An export control policy for the entire Group and which is based on applicable law creates a binding framework for the entire Vossloh Group and all its employees to ensure compliance with the respective legal requirements. The framework requirements of this policy are supplemented by more extensive regulations in the form of work and organizational instructions, process descriptions, etc. The policy states that each operational unit must appoint an Export Officer and a Trade Compliance Officer (TCO). In cooperation with the respective HR departments, they develop training concepts and ensure that all employees working in areas relevant to foreign trade receive the appropriate training. Vossloh’s central compliance e-learning tool also includes the module “Foreign trade law.”

The Vossloh Group also expects its suppliers and service providers to act in accordance with the rules and demonstrate lawful conduct. This is verified and controlled in specific cases as well as on an ad hoc basis. Group-wide “Guidelines on the Involvement of Intermediaries” apply to business dealings with commercial agents, agencies, distributors and consultants in the sales area. Their purpose is to prevent the risk of unfair practices on the part of contracted third parties and to minimize the risks for the Company and its employees.

Vossloh has maintained a Group-wide register of associations as part of its Compliance-Management-System, in which all company and private memberships in industry associations are recorded. Vossloh AG’s primary association memberships are as follows:

Vossloh does not make donations to political parties or similar institutions.

Vossloh respects internationally recognized human rights in its business activities, and these are codified as binding rules for all the employees in Section 10 of the Vossloh Code of Conduct (“Protection of human and labor rights”). The Code of Conduct can be found under www.vossloh.com > „Investor Relations“ > „Corporate Governance“ > „ Compliance “. Risks that may result from the violation of human rights are recorded under “Nonfinancial risks and opportunities” on page 71.

To minimize the risk of child labor, Vossloh, as a rule, does not employ anyone under the age of 14 or 15 (depending on the legal provisions in the different countries). In addition, the majority of Vossloh’s production facilities are located in Europe. Employees under the age of 18 are usually apprentices. The instructors responsible for them are duty-bound to observe all the relevant labor law and occupational safety rules and provisions. A whistle-blower hotline is available in order for possible misconduct to be reported. No human rights violations were reported in the 2021 fiscal year (2020: also no reports).

More recent major partnership contracts such as joint venture agreements generally already include the Vossloh Code of Conduct and, therefore, also its human rights aspects as mandatory conduct rules. The same applies to contracts with intermediaries (e.g. commercial agents and distributors).

The various Vossloh companies subject their suppliers and intermediaries to intensive preliminary checks before concluding a contract with them. Here the Company has so far not had cause to check compliance with human rights.

Adherence to local laws and standards (for example, minimum wage or fundamental labor law conditions) is an integral part of Vossloh’s compliance obligations. The European Works Council, the Group Works Council, the Executive Board and Corporate Human Resources regularly communicate at Vossloh in order to guarantee the flow of information, discuss the scope for improvements, address new issues together and tackle these in projects.

The protection of personal data is a matter of importance to Vossloh. The Company revised its data protection management system to comply with the European General Data Protection Regulation (GDPR) and adjusted the organization in accordance with the new legal requirements. It is binding for all Vossloh companies and all staff worldwide, even outside the European Union. Compliance with the Vossloh Data Protection Policy is monitored by appointed data protection officers and data protection coordinators, as well as a data protection committee at the Vossloh AG level that meets regularly.