Integrity and compliance management

Below is a summary of the 2022 priorities and key activities, and the outcomes thereof, as required pursuant to the Dutch Decree on the publication of non-financial information.

Governance and ­organization

The Executive Committee is responsible for maintaining a culture of integrity and ensuring an effective Integrity and Compliance program and control framework. The Supervisory Board’s Audit Committee oversees this responsibility. The Executive Committee has delegated certain responsibilities to the following working committees and Integrity and Compliance team:

Integrity and Compliance governance committees

The Integrity and Compliance governance committees are at the core of our Integrity and Compliance governance model. We assess the need for committees depending on organizational changes, changes in the risk profile of business units and regulatory and legislative changes. In 2022, we had committees in place in all eight business units, the Integrated Supply Chain organization and our key countries. The committees consist of business unit leadership and key corporate function leaders, including the Integrity and Compliance managers. The committees drive the operationalization of the Integrity and Compliance program into the organization, with a strong focus on prevention. The committees discuss trends, identify and address risks and share learnings from investigations in order to drive continuous improvement. The committees meet at least on a quarterly basis.

Integrity and Compliance SpeakUp! Committee

This committee reviews investigations into SpeakUp! reports involving alleged violations of our Code of Conduct and applicable laws. The committee also decides on discipline and control improvement actions, as well as monitoring and responding to any trends identified in investigations. The Integrity and Compliance SpeakUp! Committee refers for decision to the Executive Committee all cases that involve senior management, that are over a specific monetary value, or otherwise, as identified by the Director of Integrity and Compliance. The centrally established Integrity and Compliance SpeakUp! Committee ensures transparency and consistency of disciplinary actions throughout the organization. In 2022, there were no individual matters or disciplinary actions discussed with the committee that would warrant separate disclosure in the annual report. Should there be material compliance matters, or material internal control weaknesses or improvements in the future, these will be addressed through the Risk, Control and Compliance Committees (see below) and discussed with the Audit Committee and external auditor, and where appropriate disclosed in accordance with the applicable legal requirements.

Risk, Control and Compliance Committees (RCC)

The RCCs are responsible for supervising the effectiveness of the control environment and reviewing weaknesses in this environment, as well as progress on improvement actions. There are eight business unit RCCs and seven functional RCCs, in addition to a group RCC. They each met quarterly in 2022.

Human Rights Committee

Responsible for supervising the company’s human rights framework and driving the further expansion of the human rights program. We reconfirmed, and continued to address, the issues identified during our second in-depth salient human rights issues assessment in 2021. For more information on our human rights framework and program, see the Sustainability statements.

Privacy Committee

Responsible for supervising the company’s privacy framework and driving the further improvement of the privacy program. For more information on our key privacy activities, see the Privacy program paragraph.

Integrity and Compliance team

The Integrity and Compliance team is led by the Director of Integrity and Compliance, who reports to the General Counsel. The team includes experts in integrity and compliance program design, legal experts in the field of competition law, anti-bribery and anti-corruption, data privacy and human rights, as well as our Integrity and Compliance managers in all regions driving the implementation of the program.

To ensure the company maintains and strengthens its culture of integrity, the Integrity and Compliance team – together with various other functions and stakeholders across the organization – focuses its efforts on the following key areas:

• Help leaders set a strong tone at the top and lead by example
• Drive awareness and ownership of all employees through effective policy management, training and communication
• Design and implement effective controls
• Risk management
• Investigations of SpeakUp! matters with a focus on identifying control action items and sharing lessons learned

The regional Integrity and Compliance managers contribute to further strengthening the culture of integrity. This includes identifying and addressing local risks and cooperating with the business and functional teams to tailor the program to local needs and follow-up on internal audit findings and SpeakUp! cases. In 2022, the heads of Integrity and Compliance, Internal Control and Internal Audit met at least quarterly to discuss findings and trends, and to align actions. The Director of Integrity and Compliance also met at least quarterly with the Export Control and Sanctions team to discuss the priorities in this area and the impact of the geo-political developments.

Risk management

We have redefined our risk management approach to enable the Integrity and Compliance governance committees to play a key role in integrity and compliance risk assessments moving forward. A new integrity and compliance risk assessment process will be rolled out in 2023, whereby the Integrity and Compliance governance committees will be asked to identify and prioritize key risks and define action plans and owners to mitigate these risks.

Policy management

The Policy portal is our one-stop-shop for key policies, rules and procedures relating to our global processes and key topic areas. Maintenance of the portal and improvement of the user-friendliness, as well as the quality of the documents hosted on the Policy portal, is an ongoing process.

Communication

We have reshaped our communication program by simplifying and shortening our messages to reach more colleagues and raise greater awareness. To continuously ensure a strong tone from the top, we initiated a core values update in our regular CEO webcast to highlight key integrity topics. Although no major risks or issues were identified in the SpeakUp! cases, we launched SpeakUp! Insights, a quarterly case-sharing program through which we ask our leaders to discuss the learnings with their teams and encourage speaking up. Focusing on the same theme, we also introduced a monthly SpeakUp! story program, where we use a storytelling approach to share cases with the broader organization through various communication channels. In addition, a focused SpeakUp! campaign was launched to encourage employees to speak up if they see any wrongdoing around them.

Training and education

Dedicated training on key integrity and compliance topics continued to be delivered on a largely remote/virtual basis, although we’re slowly moving back to more face-to-face trainings. The training we offered covered various topics, including our Code of Conduct, anti-bribery and anti-corruption, operating a diverse and respectful workplace, competition law, export control, and information security and data privacy. As part of the integration of Grupo Orbis, we conducted Code of Conduct training for all their employees, as well as specific training on key risks to targeted audiences. We also updated our mandatory compliance training curriculum and focused on improving the deployment process of mandatory training and audience selection to ensure employees are trained on topics of special relevance to them.

Competition law program

Compliance with competition law and competing fairly remains a key topic within the company. A particular focus has been business-facing communications relating to fair competition, aspects of pricing initiatives and risks around information exchange. Proposed strategic initiatives and commercial developments, especially in key markets, have been carefully reviewed from a competition perspective. The competition law aspects of M&A activity, and subsequent integrations, continue to be a focus area.

Privacy program

Digital privacy compliance remains a key topic, with special focus on privacy compliance on websites and customer consent. In 2022, a new (and partly automated) process for handling customer data subject requests was piloted.

Anti-bribery and anti-corruption program

We don’t make, offer, or authorize bribes or conduct any other form of unethical business practice. We developed special training and guidance materials, as well as redesigning and piloting our gift and conflict of interest tool (including a pre-approval workflow), to strengthen controls, data gathering and data analysis.

Monitoring

We have several processes to monitor compliance with our rules and procedures by employees and business partners. Employees are informed about this through the Employee Privacy Statement. Managers are also required to self-assess and confirm compliance with company rules and procedures as part of the internal control self-assessment. Our supplier performance is monitored through the EcoVadis self-assessments and on-site third-party audits that we carry out via the Together for Sustainability initiative. From a competition law perspective, we also ran amnesty programs for newly acquired businesses as part of the integration process into the wider group.

The Internal Audit function performs numerous audits on our operations. Their audit plan is risk-based and takes account of prior compliance and internal control findings. Internal audits were also held or covered specific risks – at the request of the Integrity and Compliance function – to validate compliance with our rules and procedures in certain units, or on certain risk areas.

Grievance and investigation

Our SpeakUp! grievance mechanism offers employees and third parties a means to raise concerns relating to compliance with our Code of Conduct and violations of applicable laws and regulations.

Our dedicated investigation team follows an investigation protocol which adheres to strict principles of confidentiality, respect for anonymity, non-retaliation, objectivity and the right to be heard. The investigation program has been updated to reflect the EU Whistle-blower Directive, as transposed into national laws. In 2022, the total number of reports across all channels increased slightly. This was driven by several factors, including increased communication on the SpeakUp! process, and use of the system to report concerns or general enquiries unrelated to the Code of Conduct, which are referred to the appropriate subject matter expert. All reports and alerts led to 25 dismissals and various other disciplinary measures and control improvements, confirming the value of the company’s grievance framework.

Reporting

During 2022, the Director of Integrity and Compliance reported four times to the Executive Committee and three times to the Audit Committee of the Supervisory Board on the status of the Integrity and Compliance program, material developments and initiatives, as well as material cases. Material investigation matters, if any, are also discussed with our external auditor on a quarterly basis.

There were no individual matters or disciplinary actions discussed with the Integrity and Compliance SpeakUp! Committee that would warrant separate disclosure in the annual report. Should there be material compliance matters or material internal control weaknesses or improvements in the future, these will be addressed through the RCCs and discussed with the Audit Committee – as well as with the external auditor – and, where appropriate, disclosed in accordance with the applicable legal requirements.