Integrity and compliance management

We’re committed to leading with integrity in our industry. It’s one of our three core values for doing business. We continue to further advance and expand our Integrity and Compliance program to help ensure compliance with laws and regulations, empower and enable our employees to make fair and honest decisions and bring integrity to life.

Below is a summary of the 2021 priorities and key activities, and the outcomes thereof, as required pursuant to the Dutch Decree on the publication of non-financial information.

Governance and organization

The Executive Committee is responsible for maintaining a culture of integrity and ensuring an effective Integrity and Compliance program and control framework. The Supervisory Board’s Audit Committee oversees this respon-sibility. The Executive Committee has delegated certain responsibilities to the following working committees.

Integrity and Compliance governance committees

We’ve redesigned the Integrity and Compliance governance model and have Integrity and Compliance governance committees in place in all eight business units, Global Manufacturing, Global Supply Chain and our key countries. These committees consist of business unit leadership and key corporate function leaders, including the Integrity and Compliance Manager. The Integrity and Compliance governance committees identify, discuss and address trends, risks and best practices, and drive the operationalization of the Integrity and Compliance program into the organization, with a strong focus on prevention. All committees meet at least on a quarterly basis.

Integrity and Compliance SpeakUp! Committee

Reviews investigations into SpeakUp! reports involving alleged violations of the and material violations of laws and regulations. Also decides on disciplinary measures and control improvement actions, as well as monitoring and responding to any trends or irregularities identified in investigations. By submitting these cases through a central Integrity and Compliance SpeakUp! Committee, the company ensures transparency and consistency of measures throughout the organization. There have been no individual matters or disciplinary actions discussed with the Integrity and Compliance SpeakUp! Committee that would warrant separate disclosure in the annual report. Should there be material compliance matters, or material internal control weaknesses or improvements in the future, these would be addressed through the RCCs (see below) and discussed with the Audit Committee and external auditor, and where appropriate disclosed in accordance with the applicable legal requirements.

Visit the SpeakUp! reporting website

Risk, Control and Compliance Committees (RCC)

Responsible for supervising the effectiveness of the control environment and reviewing weaknesses in this environment, as well as progress on improvement actions. There are eight business unit RCCs and seven functional RCCs, in addition to a group RCC. They each met quarterly in 2021.

Human Rights Committee

Responsible for supervising the company’s human rights control framework and driving further expansion of the human rights program. We have strengthened the governance of our human rights program. For more information on our human rights framework and program, see the Sustainability statements.

Privacy Committee

Responsible for supervising the company’s privacy control framework and driving further expansion of the data privacy program. Several critical projects were successfully delivered in 2021. These included the introduction of a new program for the international transfer of personal data in order to comply with the Schrems II verdict of the EU Court of Justice, and the creation and submission of stand-alone Binding Corporate Rules for the UK due to Brexit. Throughout the year, a lot of work was carried out on digital privacy compliance – e.g. cookie compliance and social media (marketing) activities – as well as the implementation of new local privacy laws, such as in Brazil, South Africa and more recently in Saudi Arabia and China.

Integrity and Compliance function

Day-to-day management of our Integrity and Compliance program is delegated to the Integrity and Compliance team. The function is led by the Director of Integrity and Compliance, who reports to the General Counsel. This team includes experts in integrity and compliance program design, legal experts in the field of competition law, anti-bribery and anti-corruption, export control and sanctions, data privacy and human rights, and the regional Integrity and Compliance managers in all regions driving the implementation of the program.

To ensure the company maintains and strengthens its culture of integrity, the Integrity and Compliance team – together with various other functions and stakeholders across the organization – focuses its efforts on the following key areas:

  • Help leaders set a strong tone at the top and lead by example
  • Drive awareness and ownership of all employees through effective policy management, training and communication
  • Design and implement effective controls
  • Risk management
  • Investigations of SpeakUp! matters, focused on identifying control action items and sharing lessons learned

The regional Integrity and Compliance managers contribute to further strengthening the culture of integrity. This includes identifying and addressing local risks and cooperating with the businesses and functions to tailor the program to local needs, monitor controls and follow up on SpeakUp! cases. In 2021, the heads of Integrity and Compliance, Internal Control and Internal Audit met at least quarterly to discuss findings and trends, and to align actions.

Risk management

Every year, each business unit and major function identifies its key compliance risks and defines actions to mitigate these risks. These actions form part of the business unit/function integrity and compliance plan, which in turn forms part of a larger BU/function legal plan.

Policy management

We continued to improve and expand our Policy Portal, a one-stop-shop for key policies, rules and procedures relating to our global processes and key topic areas. By reducing complexity and increasing transparency and consistency, it’s easier for employees to access and understand which rules apply to their job. As part of our policy lifecycle management, we revised, for example, rules and procedures on various anti-bribery and anti-corruption risks. We also distributed business-friendly practical guidance, one pagers and do’s and don’ts, for example regarding conflicts of interest, customer incentive programs and pricing. Our policies and supporting tools drive awareness and knowledge within the broader organization; no major risks or issues have been identified in the aforementioned compliance fields.

Communication

We launched a new tagline for Integrity and Compliance – Bring integrity to life – as it’s everyone’s responsibility to do business the right way. In order to increase awareness and ownership among all employees on integrity and compliance topics, we redesigned the Integrity and Compliance monthly communication campaigns to address a specific topic through a quiz, reflecting lessons learned from real-life cases. We also launched “3P Guidance (Purpose, Process and Perception)” to help the organization think through the ethical dilemmas shared on a quarterly basis through our Integrity and Compliance governance committee meetings, and through various other channels. In addition, we celebrated another global Integrity Week, with the 2021 theme being: “Conflict of interest – Be an open book”.

Training and education

We continued to counsel and educate employees on integrity and compliance rules and controls through e-learnings and in-person sessions. Due to the challenges posed by COVID-19, only a limited number of face-to-face trainings took place. Virtual and video conference trainings were offered to help increase employee engagement. Employees are also required to follow mandatory role-based and risk-based e-learnings. Training included our Code of Conduct, fraud, operating a diverse and respectful workplace, competition law, export control, information security and data privacy. We focused in particular on our blue collar workers, as we designed a new, short and interactive Code of Conduct training covering topics of special relevance to them, leading to >90% completion rates.

Third party risk management program

We conducted a current state assessment to establish the maturity of our current third party risk management program and all related processes. In addition, we completed an assessment of our current in-use technology. We further expanded the scope of our third party screening to address recent regulatory developments. For example, in line with new legislation in Colombia, we put in place risk-based screening of our business partners in order to prevent money laundering, financing of terrorism, and financing of proliferation of weapons of mass destruction (in addition to bribery and corruption).

Monitoring

We have several processes to monitor compliance by employees and business partners with our rules and procedures. Managers are also required to self-assess and confirm compliance with company rules and procedures as part of the internal control self-assessment. Our supplier performance is monitored through the EcoVadis self-assessments and on-site third party audits that we carry out via the Together for Sustainability initiative. From a competition law perspective, we also ran amnesty programs for newly acquired businesses as part of the integration process into the wider group.

The Internal Audit function performs numerous audits on our operations. Their audit plan is risk-based and takes account of prior compliance and internal control findings. Several internal audits were held at the request of the Integrity and Compliance function to validate compliance with our rules and procedures in certain units or on certain risk areas. We have also further advanced our Gift and Conflict of Interest Register, and designed automated key anti-bribery and anti-corruption controls to increase control efficiency.

Grievance and investigation

SpeakUp! reports

 

2019

2020

2021

Total reports and alerts registered

222

250

305

Reports received through SpeakUp!

164

180

232

Integrity

59

61

94

Safety

5

21

17

Sustainability

100

98

121

Dismissals resulting from SpeakUp! reports

6

6

Conclusions to SpeakUp! reports closed in calendar year 2021:

 

 

 

Substantiated

28

27

33

Unsubstantiated

82

70

50

Other (e.g. referred)

54

46

106

The number of dismissals from investigations was not centrally tracked in 2019.

We were highlighted by Transparency International NL as having the number one whistleblowing framework in its most recent study of top companies in the Netherlands. Our SpeakUp! grievance mechanism offers employees and third parties a means to raise concerns relating to compliance with our Code of Conduct. In 2021, we created a dedicated investigation team, who follow an investigation protocol which adheres to strict principles of confidentiality, respect for anonymity, non-retaliation, objectivity and the right to be heard. The investigation program is being evaluated to reflect the EU Whistle-blower Directive as transposed into national laws.

In 2021, the total number of reports across all channels increased slightly, driven by a number of factors, including increased communication on the SpeakUp! process, COVID-19 related concerns and use of the system to make general enquiries unrelated to the . We continue to see higher levels of reporting through our SpeakUp! hotline, web portal and mailboxes, as opposed to reports to/by management. All reports and alerts led to 19 dismissals and various other disciplinary measures and control improvements, confirming the value of the company’s grievance framework.

Reporting

During 2021, the Director of Integrity and Compliance reported every four months to the Executive Committee and the Audit Committee of the Supervisory Board on material developments of the Integrity and Compliance program. Should there be any material investigation matters, these are discussed with the external auditor on a quarterly basis.

There have been no individual matters or disciplinary actions discussed with the Integrity and Compliance SpeakUp! Committee that would warrant separate disclosure in the annual report. Should there be material compliance matters or material internal control weaknesses or improvements in the future, these would be addressed through the RCCs and discussed with the Audit Committee and external auditor, and where appropriate, disclosed in accordance with the applicable legal requirements.

Code of Conduct

Defines our core values and how we work. It incorporates fundamental principles on issues such as business integrity, labor relations, human rights, health, safety, environment and security and community involvement.

Code of Conduct

Defines our core values and how we work. It incorporates fundamental principles on issues such as business integrity, labor relations, human rights, health, safety, environment and security and community involvement.