Compliance Management System

Functional Structure

To provide support for questions and challenges in connection with Compliance, Rheinmetall has introduced its own Compliance Organization under the functional management of the Chief Compliance Officer. Rheinmetall Compliance Management System helps the employees, senior managers and further stakeholders by establishing suitable rules, structures and processes, clarifying rule violations and providing serviceoriented advice on avoiding potential Compliance risks in daily operational business as effectively as possible.

Rheinmetall's Compliance Management System was audited by an external auditor as part of a certification procedure based on the IDW AS 980 assurance standard ("Principles for the reasonable auditing of Compliance management systems").

Allocation of functions and tasks within the Rheinmetall Compliance Organization

Allocation of functions and tasks within the Rheinmetall Compliance Organization

CMS Audits

On the basis of a risk-oriented audit plan approved by the Rheinmetall Group Board, the central Internal Audit department examines processes, structures and procedures annually for compliance, effectiveness and efficiency. A key component and focus of the audit plan is the regular review of the Compliance Management Systems of the individual companies and management units in order to ensure that the Company and its employees behave in accordance with the rules.

The audit content is based on the clear requirements and standards of a Compliance management system based on IDW PS 980 and assesses the suitability and effectiveness of all basic elements of the Compliance management system. In addition, the application of and Compliance with the relevant Compliance guidelines are checked as part of a random sample evaluation, which includes the procedures of the business partner audit, the grant guidelines and the donations. On the one hand, a final report contains an assessment of the implemented CMS basic elements and their suitability for identifying and preventing significant risks and violations; on the other hand, the final report identifies measures and potential for improvement, the timely implementation of which is monitored by Internal Audit as part of a defined follow-up process.

CMS audit approach based on the basic elements of the IDW PS 980 standard

CMS audit approach based on the basic elements of the IDW PS 980 standard

CMS audits focusing on all aspects of Rheinmetall’s Compliance Framework are at least performed 4-5 times per year. These contain in-depth reviews of our strict ABC Compliance regulations (i.e. Gift Policy, Business Partner Policy, Sponsoring & Donations Policy, AML Policy and Code of Conduct.

Also see updated information in the new Annual Report 2014 (p. 120).

Annual Report 2014

Organizational Structure

The Rheinmetall Compliance Organsation consists of the Corporate Compliance Office on headquarter level. It is headed by the Chief Compliance Officer and subdivided into further the sub-departments Prevention, Investigation, Policy Management & Reporting and Data Protection.

Below central level are Compliance Teams on all operational levels in the DACH region as well as in the sales regions EMEA, South Africa, Brazil, India, China, Japan and NAFTA. Therefore, the Rheinmetall Compliance Organization's area of responsibility extends to all companies in which Rheinmetall AG holds a majority interest (see also Annual Report 2018 , section "Shareholdings", pages 200-204).

Compliance Training

Training employees on Compliance-relevant topics is an integral part of a comprehensive Compliance Management System.

The Rheinmetall Group regularly offers various training formats for this purpose. These range from general Compliance Awareness presence trainings, to risk-group-specific presence trainings (e.g. for senior management, Sales or Purchasing), to extensive E-Learning / WBT programs on topics such as anti-corruption, antitrust law or data protection.

Participation in training courses is monitored and promoted by the HR organization. A review of training figures takes place on a continous basis and is reported regularly to the Management Board and once a year to the Supervisory Board.

The Rheinmetall Compliance Organization has provided a multitude of classroom trainings to all levels of management and staff especially focusing on ABC Compliance issues across the Rheinmetall Defence world over the last few years. Although the general company language outside of Germany for training people is English, many classroom trainings were fully or partly held in local languages in our subsidiaries in Italy, Mexico, the Netherlands, Poland, UAE, KSA and Norway by or with the help of local supporters.

An assortment of the presentations used for the corresponding training material can be found in the collage shown below.

For classroom trainings, we follow a tailoring approach in order to properly address the different functional areas and management levels of our audiences. The Compliance Trainings Matrix (part of the Compliance Trainings Guideline) can provide further insights on how we focus our different trainings throughout topics and audiences.

Also see information in the Annual Report 2012 (p. 64) and the Annual Report 2019 (p. 122).

The Corporate Compliance department and the local Compliance teams ensure the quality of their trainings by regular surveys and bilateral discussions amongst management and staff. The consolidated results of the training efforts are reported to the Supervisory Board by the Chief Compliance Officer.

Also see information in the Annual Report 2014 (p. 120).

Strong Role Model Function

The factors integrity, role model function and understanding of Compliance are specifically evaluated within the framework of the Employee Competence Model, which is part of the Group's overarching human resources development strategy. A positive assessment of the employee against these criteria is a prerequisite for his or her personal suitability as part of Rheinmetall's senior management team.

The Employee Competence Model, which is part of the Group's overarching human resources development strategy, consists of four different focus areas including “Empower People”. Here, the sub-factor “Integrity” requires elevated skills in self-awareness, role model function and compliance behaviour from our employees. Amongst the 13 different criteria of the Competence Model “Integrity” is one of only four so-called “critical incidents” meaning that you must fulfil this requirement in order to proof your personal suitability to climb the ranks to Rheinmetall's senior management team. The following graphic depicts the Competence Model in more detail.

Click the link below to receive further information about the Competence Model on the website of the Rheinmetall HR Development Department:

Rheinmetall HR Development Department

Compliance Reporting

Reporting within the Compliance Organization and to statutory bodies such as the Supervisory Board, the Management Board and the management boards as well as to the management of the matrix organization takes place in a standardized form.

Essentially, reports are submitted annually to the Supervisory Board's Audit Committee and monthly to Rheinmetall AG's Executive Board and the divisional executive boards within the matrix organization. Irrespective of this, the Compliance Organization is structurally and personnel-wise in a position to report at any time on request or in the event of unforeseen events.