Compliance Management System
To provide support for questions and challenges in connection with Compliance, Rheinmetall has introduced its own Compliance Organization under the functional management of the Chief Compliance Officer. Rheinmetall Compliance Management System helps the employees, senior managers and further stakeholders by establishing suitable rules, structures and processes, clarifying rule violations and providing serviceoriented advice on avoiding potential Compliance risks in daily operational business as effectively as possible.
Rheinmetall's Compliance Management System was audited by an external auditor as part of a certification procedure based on the IDW AS 980 assurance standard ("Principles for the reasonable auditing of Compliance management systems").
On the basis of a risk-oriented audit plan approved by the Rheinmetall Group Board, the central Internal Audit department examines processes, structures and procedures annually for compliance, effectiveness and efficiency. A key component and focus of the audit plan is the regular review of the Compliance Management Systems of the individual companies and management units in order to ensure that the Company and its employees behave in accordance with the rules.
The audit content is based on the clear requirements and standards of a Compliance management system based on IDW PS 980 and assesses the suitability and effectiveness of all basic elements of the Compliance management system. In addition, the application of and Compliance with the relevant Compliance guidelines are checked as part of a random sample evaluation, which includes the procedures of the business partner audit, the grant guidelines and the donations. On the one hand, a final report contains an assessment of the implemented CMS basic elements and their suitability for identifying and preventing significant risks and violations; on the other hand, the final report identifies measures and potential for improvement, the timely implementation of which is monitored by Internal Audit as part of a defined follow-up process.
CMS audits focusing on all aspects of Rheinmetall’s Compliance Framework are at least performed 4-5 times per year. These contain in-depth reviews of our strict ABC Compliance regulations (i.e. Gift Policy, Business Partner Policy, Sponsoring & Donations Policy, AML Policy and Code of Conduct.
Also see updated information in the new Annual Report 2014 (p. 120).
The Rheinmetall Compliance Organisation under the overall management of the Chief Compliance Officer relies on three main pillars:
The central Corporate Compliance Office under the leadership of the Head of Corporate Compliance bundles all central functions related to the Compliance Program (Prevention, Regulation and Business Partners) as well as Compliance Operations (Investigation and Bids & Acquisitions).
Group Data Privacy provides advice, process design, project management and case handling in all data privacy matters and houses the Group Data Privacy Officer with his own reporting line, who ensures Group-wide monitoring of compliance with legal requirements.
The Compliance Field Organization is made up of the five Divisional Compliance teams, the Regional Compliance Officers abroad and the central Holding Support. A dedicated Compliance Officer Eastern Europe has been established centrally to oversee the increasingly important major projects in Eastern Europe.
Training employees on Compliance-relevant topics is an integral part of a comprehensive Compliance Management System.
The Rheinmetall Group regularly offers various training formats for this purpose. These range from general Compliance Awareness presence trainings, to risk-group-specific presence trainings (e.g. for senior management, Sales or Purchasing), to extensive E-Learning / WBT programs on topics such as anti-corruption, antitrust law or data protection.
Participation in training courses is monitored and promoted by the HR organization. A review of training figures takes place on a continous basis and is reported regularly to the Management Board and once a year to the Supervisory Board.
The Rheinmetall Compliance Organization has provided a multitude of classroom trainings to all levels of management and staff especially focusing on ABC Compliance issues across the Rheinmetall Defence world over the last few years. Although the general company language outside of Germany for training people is English, many classroom trainings were fully or partly held in local languages in our subsidiaries in Italy, Mexico, the Netherlands, Poland, UAE, KSA and Norway by or with the help of local supporters.
An assortment of the presentations used for the corresponding training material can be found in the collage shown below.
For classroom trainings, we follow a tailoring approach in order to properly address the different functional areas and management levels of our audiences. The Compliance Trainings Matrix (part of the Compliance Trainings Guideline) can provide further insights on how we focus our different trainings throughout topics and audiences.
Also see information in the Annual Report 2012 (p. 64) and the Annual Report 2019 (p. 122).
The Corporate Compliance department and the local Compliance teams ensure the quality of their trainings by regular surveys and bilateral discussions amongst management and staff. The consolidated results of the training efforts are reported to the Supervisory Board by the Chief Compliance Officer.
Also see information in the Annual Report 2014 (p. 120).
The factors integrity, role model function and understanding of Compliance are specifically evaluated within the framework of the Employee Competence Model, which is part of the Group's overarching human resources development strategy. A positive assessment of the employee against these criteria is a prerequisite for his or her personal suitability as part of Rheinmetall's senior management team.
The Employee Competence Model, which is part of the Group's overarching human resources development strategy, consists of four different focus areas including “Empower People”. Here, the sub-factor “Integrity” requires elevated skills in self-awareness, role model function and compliance behaviour from our employees. Amongst the 13 different criteria of the Competence Model “Integrity” is one of only four so-called “critical incidents” meaning that you must fulfil this requirement in order to proof your personal suitability to climb the ranks to Rheinmetall's senior management team. The following graphic depicts the Competence Model in more detail.
Click the link below to receive further information about the Competence Model on the website of the Rheinmetall HR Development Department:
Reporting within the Compliance Organization and to statutory bodies such as the Supervisory Board, the Management Board and the management boards as well as to the management of the matrix organization takes place in a standardized form.
Essentially, reports are submitted annually to the Supervisory Board's Audit Committee and monthly to Rheinmetall AG's Executive Board and the divisional executive boards within the matrix organization. Irrespective of this, the Compliance Organization is structurally and personnel-wise in a position to report at any time on request or in the event of unforeseen events.