Reporting 2021

Compliance

Compliance is an important basis for our business activities. We apply our ethical standards along the entire supply chain.

Applicable laws and guidelines as well as our own ethical principles are the yardstick that we as a company apply to all our day-to-day activities and business decisions. This unwavering benchmark makes us a partner that our employees, customers, business partners and shareholders can rely on at all times. We are aware that contravening applicable laws can cause serious and long-term damage to the company. That is why we have established a compliance management system that reliably safeguards against risk factors such as bribery and corruption, giving or accepting of undue advantage, embezzlement and agreements that violate the rules of fair competition. Our compliance management system is designed to prevent these risks while educating and bringing the entire organization on board.

The basic framework: our compliance management system

Responsibility for compliance matters lies with the central Legal, Compliance & Insurance department. The head of this department reports directly to the Chief Compliance Officer, our CEO. The overall concept was recently reviewed with the aim of creating an integrated compliance management system. As part of this realignment we revised numerous guidelines, imposed stricter requirements on our suppliers and redefined underlying processes. Now as before, we do not tolerate any form of corruption, do not permit discrimination and give top priority to occupational health and safety. We utilize resources responsibly and regard fair competition as an indispensable prerequisite for a free market.

Organization: our regulatory, monitoring, and reporting systems

The compliance officer appointed by the Board of Management is responsible for the ongoing development of our compliance strategy, including a regular review of the system’s effectiveness. Both are done in close consultation with the Chief Compliance Officer, to whom regular reports are made. Once a year, the Supervisory Board is also informed about all compliance-related issues, processes and incidents. In day-to-day operations, the compliance officer is the first neutral point of contact for our employees. They receive tip-offs, answer questions and offer advice in the event of legal violations. As a second point of contact, an externally appointed ombudsman also offers employees as well as third parties the possibility of anonymously reporting compliance violations. In addition, our Internal Audit department regularly checks for possible compliance violations.

Our Board of Management and senior executives have a responsibility to lead by example and are tasked with ensuring that the employees they supervise are informed about compliance-related rules and observe them. In turn, each and every individual at BLG, regardless of position, is obligated to point out grievances or suspected violations of the law. It is therefore all the more important to make employees aware of the inherent risks of corruption and to address the issue openly. This is also why the dual control principle is mandatory for all relevant business processes – for their own protection as well as that of the company.

Our principle

When exercising their duties, no BLG employee may offer, promise or accept incentives, preferential treatment or other benefits that are intended to influence fair, objective and proper decisions, or that even seem to do so.

Our Code of Conduct and Compliance Policy are key elements of our compliance management system. Like all internal guidelines, these apply to all companies in which we have a direct or indirect shareholding of more than 50 percent or in which BLG LOGISTICS is responsible for management. They are binding for all internal and external employees and consultants acting for us. Companies that are subject to foreign law must apply the guidelines in accordance with that law.

All employees received a copy of our Code of Conduct when it was introduced. New employees receive it in their welcome pack; temporary workers are made aware of it during their onboarding. Like the Anti-Corruption Policy and the Compliance Policy, the Code of Conduct is also accessible on the intranet. The internet also contains information on our compliance system, the Code of Conduct and relevant contact persons. At the international locations, the policies are available in English.

Raising awareness and imparting knowledge

Compliance concerns us all and can only be ensured if we all work together. It is particularly important not only to sensitize our decision-makers and managers to the relevant issues, but also to keep them up to date on an ongoing basis. Mandatory training courses are therefore held for the Board of Management, employees on management levels 1–3 as well as all employees in Purchasing and Sales. Regular training courses on compliance, antitrust and competition law were also held in the reporting year. To date, our goal has been to ensure that at least 95 percent of the relevant employees from each of the management levels 1–3 are trained within a three-year cycle. At 89.3 percent, the figure for the reporting year is once again someway short of this mark. The reason for this lies in ongoing restrictions related to the coronavirus pandemic, and the fact that some of the employees to be trained are on parental leave or have left the company in the meantime.

We are currently updating, expanding and broadening our training system in this area: In the future, it will be possible to complete compliance training courses regardless of location and time using the e-learning tool Tutorize, and each completed course will also be documented by the system. Training for the aforementioned groups will continue to be mandatory, but at the same time will take place at more frequent yearly intervals. In addition, managers below the above-mentioned levels will also receive appropriate training. In order to reach as many employees as possible, we are in parallel strengthening our compliance communications to ensure that everyone is aware of the relevant topics throughout the year.

Responsibility along the entire supply chain

Our General Terms and Conditions of Contract and Purchase also give consideration to compliance. We require our suppliers and service providers along the entire supply chain to comply with the applicable regulations as well as our Supplier Code of Conduct. This essentially encompasses the protection of international human rights, the right to collective bargaining, the abolition of forced labor and child labor, the elimination of discrimination in hiring and employment practices, responsibility for the environment and the prevention of corruption. www.blg-logistics.com/en/general-terms-and-conditions

We are committed to respecting human rights – both within our own company and along the supply chain. We communicate this position clearly, internally as well as externally.

View SDG Story

Focus on information security

Information technology now permeates all our processes, and our business relies on secure systems that are functional at all times. Our customers, suppliers and employees also trust in this. We are therefore constantly working to embed IT security in our projects, in our day-to-day business and in the mindset of the entire organization. We ensure a uniformly high level of security with the help of measures based on the recommendations of the German Federal Office for Information Security (BSI). Our corresponding management system is oriented toward international standards such as ISO 27001 and ISO 27002. We also have the maturity and effectiveness of our measures reviewed externally on a regular basis. In the process, we not only look at our IT systems, but also attach great importance to securing our operational technologies. Our IT Security Policy provides the framework for all aspects relevant in this context. This applies to BLG LOGISTICS including all subsidiaries in which we hold at least 50 percent of the shares, as well as to minority interests that utilize our IT systems, and is also binding for contractual partners and suppliers subject to deviating regulations. When working with service providers, we ensure compliance with all relevant certifications such as ISO 20000 for secure IT operations, ISO 27001 for the information security management system, and ISO 22301 for IT emergency management, and review these regularly.

Due to the increasing threat posed by cyberattacks, we not only constantly review all existing organizational and technical measures to secure our IT environment, but also implement new ones on an ongoing basis to ensure that installed systems always stay leading edge. This not only safeguards the company’s ability to function, but also meets the requirements of our customers.

Overall responsibility for all matters relating to IT security lies with the IT security officer, who reports to the head of IT Services. The tasks of the IT security officer include the operation and continuous development of the IT security organization, issuing advice on IT security issues, in-depth risk analysis, the implementation of awareness-raising and training measures, and emergency preparedness. They are also a point of contact for our employees to anonymously report security incidents or suspicious circumstances. They must be involved in all IT security-relevant processes Group-wide.

Data protection as a central task

The central Legal, Compliance & Insurance department is responsible for matters relating to data protection. Our internal guidelines among other things take the requirements of the GDPR into account when it comes to processing personal data. Regular and systematic on-site checks serve to monitor compliance with coordinated processes and identify possible deviations as well as optimization potential. This ensures a uniformly high level of data protection implementation across the organization. Despite the continuing difficult conditions caused by the pandemic, we were able to conduct eight checks in the reporting year via online conferences and with the support of officers on site. We also use these checks to train employees at the locations on topics relevant to data privacy. Our recently launched e-learning offering via our learning platform is playing an increasingly important role here – particularly under pandemic conditions, but also with a view to the future. From now on, all commercial employees will receive annual refresher training on data privacy via a corresponding module. The first step was taken by employees in the central departments – after the first few days, almost 50 percent of users had already successfully completed the Data Protection foundation course. The next step will be to extend the program to all companies and locations. We also take advantage of events such as the European Data Protection Day to raise awareness of this important topic among everyone at BLG LOGISTICS. In the event of questions or suspected privacy breaches, our external data protection officer can be contacted at any time and also accepts reports of suspected data privacy violations anonymously. Their contact details are publicly available on our website.

Processes are documented using a centrally managed tool that maps numerous interfaces with IT and Information Security. We thus achieve a level of documentation that allows us to respond quickly and reliably even to very short-term incidents or inquiries from supervisory authorities.

Implementation of the Sustainable Development Goals

More about BLG’s fields of action, SDGs and sustainability strategy.


To SDG Stories