Compliance

The compliance programme, which is firmly anchored in the Group-wide management and supervisory structures, is part of our management culture. It comprises the entire compliance organization within the Group, the set-up of guidelines, and the verification of compliance with these guidelines. The compliance management addresses all compliance topics that Heidelberg Materials has identified as relevant in the compliance risk assessment. These include, in particular, competition law, anti-corruption, and human rights.

The compliance organization is under the authority of the Chairman of the Managing Board, to whom the Director Group Legal & Compliance reports directly. Each country has its own compliance officer with a direct reporting line to the country manager. However, responsibility for ensuring that employees’ conduct complies with the law and regulations lies with all managers and, of course, with the employees themselves.

We have implemented an integrated compliance programme across the Group to achieve conduct that is compliant both with the law and with regulations. A central element of this programme is the self-commitment made by the Group management not to tolerate violations of applicable laws and to impose sanctions. The programme also includes internal policies and measures that express the legal provisions in concrete terms. In addition to regular communication of these policies, there are compliance letters to the management and the entire workforce, such as the annual letter from the Chairman of the Managing Board and ad hoc circulars on current issues, to raise awareness of the topic of compliance.

We offer the internet- and telephone-based reporting system “SpeakUp” and employee training that makes use of modern media, such as electronic learning modules. The range of electronic courses, which must be completed by specified groups of employees, covers topics such as the Code of Business Conduct (e.g. discrimination and harassment at the workplace), competition legislation, and the prevention of corruption.

The entire compliance programme is reviewed on an ongoing basis for any necessary adjustments with regard to current legal and social developments, and it is improved and accordingly. Violations of applicable laws and internal policies are sanctioned. In addition, suitable corrective and preventive measures are taken to help prevent similar incidents in the future. 

Group-wide implementation of the compliance programme is monitored by regular and special audits by Group Internal Audit as well as via special half-yearly compliance reporting by the Director Group Legal & Compliance to the Managing Board and the Audit Committee of the Supervisory Board. The latter monitors the effectiveness of the compliance programme and verifies in particular whether it adequately satisfies the legal requirements and recognised compliance standards. An additional quarterly report regularly informs the Managing Board members with regional responsibility about the most important compliance incidents in their Group areas.

Every two years, we conduct a comprehensive analysis to assess and prevent corruption risks and possible conflicts of interest. A rolling approach ensures that different countries are analysed each year as part of this cycle. First, the potential risks within a country organization are assessed. Then, the measures already in place to limit these risks are evaluated to assess the net risk, and finally, we examine whether further measures are needed. On the basis of this assessment, an action plan is drawn up for each country, and its implementation is monitored by the Group Legal & Compliance department.

In the area of competition legislation, we have a comprehensive cartel reporting system on cartel investigation proceedings. An annual competition legislation update takes place at the level of the Managing Board and of the employees who report directly to the members of the Managing Board with responsibility for sales. Furthermore, annual qualitative assessments of the cartel risks take place in the countries. A regular external audit of the Antitrust Compliance Programme by a specialist law firm is conducted every three years.

Heidelberg Materials' Compliance Management System includes as essential component various risk assessments. On the one hand, compliance risks are regularly evaluated for likelihood and impact on Heidelberg Materials Group in order to review if the Group’s Compliance Management System covers all relevant compliance topics and sets the right focus of compliance work. On the other hand, risk assessments are performed on specific compliance themes like competition law, corruption and human rights and are regularly updated. These specific compliance risk assessments are conducted on the level of the country organizations and monitored by Group Compliance. This is in line with the organizational setup of Heidelberg Materials Group and reflects the different legal requirement in each jurisdiction.
Within each country organization, specifics of different operating lines and potential regional differences need to be taken into account. 

Methodology Corruption Risk Assessments

Our risk assessment methodology starts with defining risk types which the company may be exposed to. For corruption these include active and passive corruption, corruption involving public officials, indirect bribery and conflict of interest. These risks are analysed from different functional views including operations, procurement, sales, human resources and investment project teams. Risks and functional views are defined by Group Compliance experts to have the same comparable structures for all countries.

After establishing the above explained structure the assessment starts with collecting information that forms the basis for assumptions that determine the gross risk. The local compliance team reviews the legal environment of the respective country, the enforcement of law by authorities and external evaluations such as the Corruption Perception Index of Transparency International. Further, the occurrence of historical statistics of compliance violations in the local organization is analysed. Besides these rather objective criteria the compliance team collects information from their expert colleagues from different departments and operating lines how they perceive the specific compliance risks in the building materials industry based on their experience, observations and real-life events. With this input the gross risk is assessed in a qualitative way as high, medium or low.

The next step is a review of the already existing risk mitigation measures in the organization. Mitigation measures may include policies, trainings, process controls etc. Taking these measures into account results in the net risk that the organization is effectively exposed to. Based on this the risk assessment continues with setting up an action plan that defines single action items including responsibility and deadline targeting further net risk reduction.

The entire risk assessment including action plan is reviewed by Group Compliance experts and finally must be approved by the responsible Country General Manager. The action plan is followed up by the compliance staff and subject to regular top management review. The entire assessment process is scheduled to be updated after a cycle of about two years.

All data listed below is taken from the SpeakUp case management system. Qualified case management personnel determine which case category a report belongs to. There are 20 case categories in the case management system. The qualified personnel base their categorisation on the definitions defined in the Group Compliance Incident Reporting & Case Management Policy.

Incidents reported via case management system 2024

Compliance incidents reported via case management system

Year	2023	2024
Employee relations	39%	35%
Corruption or conflicts of interest	10%	9%
Health and safety	8%	11%
Fraud, theft, or embezzlement	8%	6%
Discrimination or harassment	5%	12%
Other	30%	27%

In 2024, a total of 339 incidents were reported in our case management system and investigated under the supervision of compliance employees in the country organisation or by the Group Compliance department. Most of the reports received concerned employee relations. Other reports related to discrimination and harassment; health and safety; fraud, theft, or embezzlement; and corruption or conflicts of interest. Other categories of cases accounted for lower percentages of the total, including data protection cases, which accounted for just under 1 % of the total. Of the 339 incidents reported, 49 % proved to be unfounded, while for 26 %, either no final investigation result had been determined by the editorial deadline or no assessment was possible at the time of writing. In the case of 25 % of the incidents, the investigations revealed that they were at least partially substantiated. In the category of corruption or conflicts of interest, 32 cases were recorded in 2024. Of these, 17 were classified as corruption cases, and one of these cases was confirmed.

Looking into further details for incident types of interest for sustainability ratings we received reports for 17 cases of the category corruption or bribery of which nine turned out to be unsubstantiated, one was substantiated and the other seven were still under investigation. We registered 15 cases of conflict of interest of which ten were unsubstantiated, three were substantiated and two under investigation. No reports were noticed for the categories money laundering or insider trading. The protection and security of personal data is of great importance to us. Our statistics show no cases where sensitive customer data was affected.