claim

Compliance Management System

Functional Structure

To provide support for questions and challenges in connection with Compliance, Rheinmetall has introduced its own Compliance Organization under the functional management of the Chief Compliance Officer. Rheinmetall Compliance Management System helps the employees, senior managers and further stakeholders by establishing suitable rules, structures and processes, clarifying rule violations and providing serviceoriented advice on avoiding potential Compliance risks in daily operational business as effectively as possible.

Rheinmetall's Compliance Management System was audited by an external auditor as part of a certification procedure based on the IDW AS 980 assurance standard ("Principles for the reasonable auditing of Compliance management systems").

Allocation of functions and tasks within the Rheinmetall Compliance Organization

Allocation of functions and tasks within the Rheinmetall Compliance Organization

CMS Audits

On the basis of a risk-oriented audit plan approved by the Rheinmetall Group Board, the central Internal Audit department examines processes, structures and procedures annually for compliance, effectiveness and efficiency. A key component and focus of the audit plan is the regular review of the Compliance Management Systems of the individual companies and management units in order to ensure that the Company and its employees behave in accordance with the rules.

The audit content is based on the clear requirements and standards of a Compliance management system based on IDW PS 980 and assesses the suitability and effectiveness of all basic elements of the Compliance management system. In addition, the application of and Compliance with the relevant Compliance guidelines are checked as part of a random sample evaluation, which includes the procedures of the business partner audit, the grant guidelines and the donations. On the one hand, a final report contains an assessment of the implemented CMS basic elements and their suitability for identifying and preventing significant risks and violations; on the other hand, the final report identifies measures and potential for improvement, the timely implementation of which is monitored by Internal Audit as part of a defined follow-up process.

CMS audit approach based on the basic elements of the IDW PS 980 standard

CMS audit approach based on the basic elements of the IDW PS 980 standard

Organizational Structure

The Rheinmetall Compliance Organsation consists of the Corporate Compliance Office on headquarter level. It is headed by the Chief Compliance Officer and subdivided into further the sub-departments Prevention, Investigation, Policy Management & Reporting and Data Protection.

Below central level are Compliance Teams on all operational levels in the DACH region as well as in the sales regions EMEA, South Africa, Brazil, India, China, Japan and NAFTA. Therefore, the Rheinmetall Compliance Organization's area of responsibility extends to all companies in which Rheinmetall AG holds a majority interest (see also Annual Report pages 195-199)

Compliance Training

Training employees on Compliance-relevant topics is an integral part of a comprehensive Compliance Management System.

The Rheinmetall Group regularly offers various training formats for this purpose. These range from general Compliance Awareness presence trainings, to risk-group-specific presence trainings (e.g. for senior management, Sales or Purchasing), to extensive E-Learning / WBT programs on topics such as anti-corruption, antitrust law or data protection.

Participation in training courses is monitored and promoted by the HR organization. A review of training figures takes place on a continous basis and is reported regularly to the Management Board and once a year to the Supervisory Board.

Strong Role Model Function

The factors of integrity, role model function and understanding of Compliance are specifically evaluated within the framework of the Employee Competence Model, which is part of the Group's overarching human resources development strategy. A positive assessment of the employee against these criteria is a prerequisite for his or her personal suitability as part of Rheinmetall's senior management team.

Compliance Reporting

Reporting within the Compliance Organization and to statutory bodies such as the Supervisory Board, the Management Board and the management boards as well as to the management of the matrix organization takes place in a standardized form.

Essentially, reports are submitted annually to the Supervisory Board's Audit Committee and monthly to Rheinmetall AG's Executive Board and the divisional executive boards within the matrix organization. Irrespective of this, the Compliance Organization is structurally and personnel-wise in a position to report at any time on request or in the event of unforeseen events.