Applicable law and our own best practice principles are the yardstick that we as a company apply to all our actions and business decisions. This makes us a trustworthy and reliable partner for our employees, customers, business partners and shareholders. Contravening applicable laws can cause serious and long-term damage to the company. We have therefore established a compliance management system to actively safeguard against risk factors such as bribery and corruption, giving or accepting of undue advantage, embezzlement and collusion against the rules of fair competition. In order to ensure that this preventive approach is effective across the entire organization, we prioritize educating our employees.
Responsibility for compliance matters lies with the central Legal, Insurance & GRC (Governance, Risk, Compliance) department, whose head reports directly to the Chief Compliance Officer, our CEO. We do not tolerate any form of corruption, do not permit discrimination and attach great importance to occupational health and safety. We utilize resources responsibly and regard fair competition as an indispensable prerequisite for a free market. In the reporting year, no violations of the law were documented that resulted in or could result in the issuing of fines.
Our regulations, monitoring and reporting systems
Ongoing development of our compliance strategy, including a regular review of the system’s effectiveness, is the responsibility of the compliance officer appointed by the Board of Management. Both are done in close consultation with the Chief Compliance Officer, to whom regular reports are made. In addition, the Supervisory Board is informed once a year about all compliance-related issues, processes and incidents. As a further link in the chain, our Internal Audit department also regularly checks for compliance violations. In the reporting year, no critical concerns were brought to the attention of the Board of Management.
In day-to-day operations, the compliance officer is the first neutral point of contact for our employees and is happy to receive tip-offs, answer questions and offer advice – also of a preventive nature – in the event of possible legal violations. Employees as well as third parties also have the possibility of reporting suspected compliance violations to an externally appointed and therefore independent and impartial ombudsperson – anonymously if they wish. All contact details are available on our website and are also published in the relevant policy guidelines. In the reporting year, the existing complaints procedure was again revised and a corresponding procedural regulation was published. This combines the obligations to set up reporting systems under the German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG) and the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG).
Our principle
When exercising their duties, no BLG employee may offer, promise or accept incentives, preferential treatment or other benefits that are intended to influence fair, objec-tive and proper decisions, or that even appear to do so.
Our Board of Management and senior executives have a responsibility to lead by example and are tasked with ensuring that the employees they supervise are informed about and comply with all corresponding rules. In addition, each and every individual at BLG LOGISTICS, regardless of position, is obligated to point out grievances or suspected violations of the law. It is therefore all the more important to make employees aware of the inherent risks of corruption. Furthermore, in practice the dual control principle that is established in all relevant business processes protects both them and the company as a whole.
Our Code of Conduct and compliance policy are key elements of our compliance management system. In addition to our requirements relating to working conditions, environmental and climate protection, the Code of Conduct contains in particular guidelines for legally and ethically irreproachable dealings with business partners, competitors and authorities. It also regulates the arrangement of donations and sponsorships as well as conduct in the event of conflicts of interest. The compliance policy contains essential rules of conduct for the prevention of compliance risks typically encountered in globally operating companies and sets out the associated processes, including the Know Your Customer principle. Like all internal guidelines and policies, both documents apply to all companies in which we have a direct or indirect shareholding of more than 50 percent or in which BLG LOGISTICS is responsible for management, and are binding for all internal and external employees as well as consultants acting for us. In companies that are subject to foreign law, the guidelines in accordance with that law must be implemented. New BLG employees receive the Code of Conduct in their welcome pack; temporary workers are made aware of it during their onboarding. Like the compliance policy, the Code of Conduct is posted on the intranet. The intranet also contains information on our compliance system, the Code of Conduct and relevant contacts. At our international locations, the policies are available in English.
Raising awareness, education and information
As BLG LOGISTICS, we can only ensure compliance if everyone gets on board. To achieve this, we sensitize our decision-makers and managers, inform them about the relevant topics and keep them up to date on an ongoing basis. Mandatory training courses on compliance, antitrust and competition law were held in 2023 for the Board of Management, employees on management levels 1-3 and all employees in Purchasing and Sales. The existing target to ensure that at least 90 percent of employees on management levels 1-3 receive corresponding training within a three-year cycle was slightly exceeded in 2023 at 90.8 percent. It was not possible to expand this to cover mandatory annual training on all levels in the reporting year due to a system-based cutover to a new training methodology. As part of the revision of our sustainability targets, a fixed target for compliance was agreed. From 2024, 90 percent of managers on levels 0-3 at our German and foreign locations should have a valid training certificate each year.
We are continuously updating, expanding and broadening our training system in this area and will roll out additional new e-learning refresher courses on the Code of Conduct and the fundamentals of compliance in 2024. Our central Tutorize training platform offers the possibility to complete all modules independently of time and place, with each completed course being documented by the system.
Training for the aforementioned groups will continue to be mandatory on a yearly basis. Managers below the above-mentioned levels will additionally receive appropriate training. We also use various communication channels to inform all other employees about compliance-related issues on a regular and need-to-know basis.
Assuming responsibility along the supply chain
Compliance also impacts our collaboration with our business partners and is communicated in our upstream and downstream supply chains. In our General Terms and Conditions of Contract and Purchase, we require our suppliers and service providers along the entire supply chain to comply with the applicable regulations as well as with our Supplier Code of Conduct. www.blg-logistics.com/agbo
Information security plays an important role
Information technology permeates all our processes, and our business relies on secure systems that are functional at all times. Our customers, suppliers and employees also trust in this. We are therefore constantly working to embed IT security in our projects, in our day-to-day business and in the mindset of the entire organization. We ensure a consistently high level of security through the application of our information security management system (ISMS), which is based on the international standards ISO 27001 and ISO 27002. The maturity and effectiveness of our measures are regularly reviewed internally and externally. In the reporting year, BLG LOGISTICS was successfully audited for 14 locations according to the automotive industry standard “Trusted Information Security Assessment Exchange – TISAX”. Consideration is given to all information assets of BLG, particularly those relating to our IT systems. We also attach great importance to securing our operational technologies and to business continuity management (BCM). Our information security policy provides the framework for all aspects that are relevant in this context. This policy applies to BLG LOGISTICS including all majority shareholdings, as well as to non-controlling interests that utilize our IT systems, and is also binding for contractual partners and suppliers subject to deviating regulations. When working with service providers, we ensure compliance with all relevant certifications such as ISO 20000, ISO 27001 and ISO 22301, and review these regularly.
Due to the increasing threat posed by cyberattacks, we not only constantly review all existing organizational and technical measures to secure our information and IT environment, but also implement new ones on an ongoing basis to ensure that installed systems always stay leading edge. This safeguards the business continuity of the company and also meets the requirements of our customers. This process is supplemented by a continuous awareness program designed to sensitize and train our employees. In the reporting year, a company-wide “phishing campaign” specifically addressed the threat level regarding email and ransomware.
Overall responsibility for all matters relating to information security lies with the Information Security Officer (ISO) within the Information Security Management department, who reports directly to the head of the central Legal, Insurance & GRC department. The tasks of the ISO include the operation and continuous development of the BLG LOGISTICS information security system, issuing advice on information security issues, in-depth risk analysis, the implementation of awareness-raising and training measures, and emergency preparedness. Our employees can also report to them anonymously in the event of security incidents or suspected breaches. As a matter of principle, our ISO must be involved in all security-relevant processes Group-wide.
Focus on data protection
The central Legal, Insurance & GRC department is responsible for matters relating to data privacy at BLG LOGISTICS. Our internal guidelines are based in part on the requirements of the GDPR relating to the processing of personal data. Regular and systematic on-site checks serve to verify compliance with coordinated processes, identify possible deviations and potential for optimization, thus ensuring a uniformly high level of data protection implementation across the organization. In 2023, we were able to conduct 28 checks with the support of officers on site.
An online training course has been developed to raise awareness of data privacy among our employees. All commercial employees receive refresher training every two years. We additionally take advantage of events such as the European Data Protection Day to raise awareness of this important topic in-house. In the event of questions or suspected privacy breaches, our external data protection officer can be contacted at any time and also accepts reports of suspected data privacy violations anonymously. Their contact details are publicly available on our website. Processes are documented using a centrally managed tool that maps interfaces with IT and Information Security. We thus achieve a level of documentation that even in the case of very short-term events or requests from supervisory authorities allows us to respond quickly and reliably.