Screening and monitoring
We use several processes and tools to screen employees, business partners, activities and acquisition targets, supported by technology where possible. In 2016, we introduced an export control and sanctions screening tool across our businesses. This alerts us in the event of potentially sanctioned parties, sanctioned use or export license requirements. Use of this tool was expanded in 2017.
We also introduced a business partner screening process and tool in 2017. This requires high risk business partners – including key suppliers, parties in sanctioned countries, agents and toll manufacturers – to be screened for past violations and misconduct. Using the same tool, we also introduced a standardized process for the compliance screening and due diligence of acquisition targets and joint arrangement partners. In addition, we introduced a process and tool for assessing personal data processing activities for privacy compliance and documenting these activities in anticipation of the EU General Data Protection Regulation (GDPR), which comes into force in 2018.
Compliance of our operations and business partners is monitored in several ways. As part of the annual internal control self-assessment, compliance controls are tested and deficiencies are reported to higher management through the Internal Control Self-Assessment tool. In 2017, we enhanced the compliance controls in this tool and improved the logging and tracking of compliance-related actions. As a member of the Together for Sustainability platform, our key suppliers are monitored through the Ecovadis self-assessment program and through audits. We implemented amnesty programs for the acquired BASF Industrial Coatings and Disa Technology businesses, providing training to employees and urging them to inform us about past potential competition law violations.