The compliance programme, which is firmly anchored in the Group-wide management and supervisory structures, is part of our management culture. It comprises the entire compliance organization within the Group, the set-up of guidelines, and the verification of compliance with these guidelines. The compliance management addresses all compliance topics that Heidelberg Materials has identified as relevant in the compliance risk assessment. These include, in particular, competition law, anti-corruption, and human rights.

The compliance organization is under the authority of the Chairman of the Managing Board, to whom the Director Group Legal & Compliance reports directly. Each country has its own compliance officer with a direct reporting line to the country manager. However, responsibility for ensuring that employees’ conduct complies with the law and regulations lies with all managers and, of course, with the employees themselves.

We have implemented an integrated compliance programme across the Group to achieve conduct that is compliant both with the law and with regulations. A central element of this programme is the self-commitment made by the Group management not to tolerate violations of applicable laws and to impose sanctions. The programme also includes internal guidelines and measures that express the legal provisions in concrete terms. In addition to regular communication of these guidelines, there are compliance letters to the management and the entire workforce, such as the annual letter from the Chairman of the Managing Board and ad hoc circulars on current issues, to raise awareness of the topic of compliance.

We also offer the internet- and telephone-based reporting system “SpeakUp”, which replaced the existing reporting system “MySafeWorkplace” on 1 January 2020, and employee training that makes use of modern media, such as electronic learning modules. The range of electronic courses, which must be completed by specified groups of employees, covers topics such as the Code of Business Conduct (e.g. discrimination and harassment at the workplace), competition legislation, and the prevention of corruption.

The entire compliance programme is reviewed on an ongoing basis for any necessary adjustments with regard to current legal and social developments, and it is improved and developed accordingly. Violations of applicable laws and internal guidelines will be sanctioned. In addition, suitable corrective and preventive measures are taken to help prevent similar incidents in the future. 

Group-wide implementation of the compliance programme is monitored by regular and special audits by Group Internal Audit as well as via special half-yearly compliance reporting by the Director Group Legal & Compliance to the Managing Board and the Audit Committee of the Supervisory Board. The latter monitors the effectiveness of the compliance programme and verifies in particular whether it adequately satisfies the legal requirements and recognised compliance standards. An additional quarterly report regularly informs the Managing Board members with regional responsibility about the most important compliance incidents in their Group areas.

Every three years, we conduct a comprehensive analysis to assess and prevent corruption risks and possible conflicts of interest. A rolling approach ensures that different countries are analysed each year as part of this cycle. First, the potential risks within a country organization are assessed. Then, the measures already in place to limit these risks are evaluated, and finally, we examine whether further measures are needed. On the basis of this assessment, an action plan is drawn up for each country, and its implementation is monitored by the Group Legal & Compliance department.

In the area of competition legislation, we have a comprehensive cartel reporting system on cartel investigation proceedings. An annual competition legislation update takes place at the level of the Managing Board and of the employees who report directly to the members of the Managing Board with responsibility for sales. Furthermore, annual qualitative assessments of the cartel risks take place in the countries. A regular external audit of the Antitrust Compliance Programme by a specialist law firm is conducted every three years.

In 2017, we launched a risk analysis for human rights. Among other issues, this explicitly examines the risk of violating the rights of indigenous peoples. By the end of 2020, we had carried out a human rights risk evaluation in almost all  our country organizations. This included identifying potential risks and existing measures as well as determining additional measures to be implemented. The aim is to repeat these risk assessments regularly at an interval of approximately three years. Our suppliers must subscribe to fundamental human rights relevant in the business context, such as the prohibition of child and forced labour, fair and safe work conditions, freedom of association, and a ban on discrimination.

In 2020, we continued to further roll out the central supplier management system across the Group. Additional local and global measures to evaluate suppliers from a sustainability perspective were incorporated into an updated version of the global purchasing policy at the end of 2019. In 2021, we will continue to gradually introduce these measures in the various countries.

Heidelberg Materials' Compliance Management System includes as essential component various risk assessments. On the one hand, compliance risks are regularly evaluated for likelihood and impact on Heidelberg Materials Group in order to review if the Group’s Compliance Management System covers all relevant compliance topics and sets the right focus of compliance work. On the other hand, risk assessments are performed on specific compliance themes like competition law, corruption and human rights and regularly updated. These specific compliance risk assessments are conducted on the level of the country organizations. This is in line with the organizational setup of Heidelberg Materials Group and reflects the different legal requirement in each jurisdiction.

Within each country organization, specifics of different operating lines and potential regional differences need to be taken into account. However, we do not prepare these compliance risk assessments on plant level. Minor differences between individual locations do not justify the significant additional work effort and having different assessments for about 3,000 locations would make an appropriate follow-up difficult and would therefore jeopardise the effectiveness of the entire process.

Methodology Corruption and Human Rights Risk Assessments

For both, corruption and human rights, our risk assessment methodology starts with defining risk types which the company may be exposed to. For corruption these include active and passive corruption, corruption involving public officials, indirect bribery and conflict of interest, for human rights these are risks of discrimination, child or forced labour and risks to freedom of association and collective bargaining, fair and safe labour conditions as well as peoples’ right of self-determination and rights of indigenous peoples. These risks are analysed from different functional views including operations, procurement, sales, human resources and investment project teams. This means that potential risks in the supply chain – downstream and upstream - are as well an essential part of the assessment. Risks and functional views are defined by Group experts to have the same comparable structures for all countries.

After establishing the above explained structure the assessment starts with collecting information that forms the basis for assumptions that determine the gross risk. The local compliance team reviews the legal environment of the respective country, the enforcement of law by authorities and external evaluations such as the Corruption Perception Index of Transparency International or the Global Slavery Index of the Walk Free Foundation. Further, the occurrence of historical statistics of compliance violations in the local organization is analysed. Besides these rather objective criteria the compliance team collects information from their expert colleagues from different departments and operating lines how they perceive the specific compliance risks in the building materials industry based on their experience, observations and real-life events. With all this input the gross risk is assessed in a qualitative way as high, medium or low.

The next step is a review of the already existing risk mitigation measures in the organization. Mitigation measures may include guidelines, trainings, process controls etc. Taking these measures into account results in the net risk that the organisation is effectively exposed to. Based on this the risk assessment continues with setting up an action plan that defines single action items including responsibility and deadline targeting further net risk reduction.

The entire risk assessment including action plan is reviewed by Group experts and finally must be approved by the responsible Country General Manager. The action plan is followed up by the compliance staff and subject to regular top management review. The entire assessment process is scheduled to be updated after a cycle of about three years.

As part of Heidelberg Materials Group’s workflow processes for compliance incident reporting and case management all reported incidents are classified in categories including employee relations, harassment, discrimination, corruption, conflict of interest, theft, fraud, etc. 

In 2022, a total of 233 incidents were reported in our case management system and investigated under the supervision of compliance employees in the country organisation or by Group Compliance. Most of the reports received concerned employee relations. Other reports related to health and safety; fraud, theft or embezzlement; and corruption or conflicts of interest. Other categories of cases accounted for lower percentages of the total.

Of the 233 incidents reported, around half proved to be unfounded, while for 20%, no final investigation result had been determined by the editorial deadline of our annual and sustainability report. For just under 28% of the incidents, the investigations revealed that they were at least partially substantiated. None of the substantiated incident reports had a material impact on the consolidated financial statements. For all substantiated cases, measures were taken, ranging from root cause analysis, changes to policies and processes, and communication and training through to disciplinary action (such as a written warning or dismissal). In 42% of the substantiated cases, sanctions are imposed and for 81% of these incidents, preventive measures are implemented.