Applicable law and our own principles of conduct are the basis for our actions and all the decisions we make as a company. This makes us a trustworthy, reliable partner for employees, customers, business partners and shareholders. Violations of the law can cause significant long-term damage to the company. Therefore, our compliance management system actively prevents risk factors such as bribery and corruption, acceptance of advantages, embezzlement and collusion against fair competition. In order for this preventive approach to be effective throughout the organization, we attach particular importance to raising awareness among our employees and providing regular and comprehensive information.
Responsibility for compliance matters lies with the Corporate Legal, Insurance & GRC (Governance, Risk, Compliance) department, whose management reports directly to the Chief Compliance Officer, our CEO. We do not tolerate corruption, we do not permit discrimination and we attach great importance to occupational health and safety. We use resources responsibly and regard fair competition as an indispensable prerequisite for a free market. In the reporting year, no violations of the law were documented that resulted or could result in fines.
Our regulations, monitoring and reporting systems
The Compliance Officer appointed by the Board of Management is responsible for the implementation and further development of the BLG-wide compliance strategy. An essential part of this involves regularly reviewing whether existing systems are effective. The results are reported to the Chief Compliance Officer on a regular basis. Once a year, the Supervisory Board is informed about all compliance-related issues, processes and events.
The Compliance Officer regularly informs the Labor Relations Director in the Compliance Committee and the Head of Internal Auditing on current issues. If measures need to be implemented, they are drawn up in the Compliance Committee and then implemented within the company.
In day-to-day business, the Compliance Officer is the point of contact for our employees: they receive information, answer questions and give advice – also preventively – on possible violations of the law. In addition, our ombudsman was an independent and impartial point of contact for employees and third parties during the reporting year. Any suspected cases can also be reported to them anonymously. All contact details can be found on our website and are also published in our relevant guidelines.
Our principle
When exercising their duties, no BLG employee may offer, promise or accept incentives, preferential treatment or other benefits that are intended to influence fair, objective and proper decisions, or even give the appearance of doing so.
In addition, the BLG Integrity Line was introduced in the reporting year. The digital platform makes it easy, secure and completely anonymous to report abuse, risks and misconduct in connection with professional activities, but also in connection with human rights and environmental obligations within the meaning of the Supply Chain Due Diligence Act (LkSG). Information is recorded in encrypted form and processed confidentially in order to give whistleblowers even better protection. The BLG Integrity Line is a powerful symbol to ensure transparency and protection of our corporate values in the long term.
In the reporting year, information relevant to the LkSG was received regarding a direct supplier of BLG LOGISTICS. The information was reviewed by the Legal, Insurance & GRC department and then remedies were defined and implemented with relevant specialist departments in BLG LOGISTICS.
When implementing our compliance strategy, our Board of Management and our senior executives are role models. They are responsible within their business area for providing information on and complying with the relevant rules. Each and every individual at BLG LOGISTICS is also obligated, regardless of their position, to point out any wrongdoings or suspected violations of the law. This makes it all the more important for us to raise awareness among our employees of the dangers of corruption. In addition, the dual-control principle, which is established in all relevant business processes, protects both employees and the company as a whole in practice.
Our Code of Conduct and compliance policy are central components of our compliance management system. In addition to our requirements with regard to working conditions, the environment and climate protection, the Code of Conduct contains requirements for dealing with business partners, competitors and authorities in a way that is legally and ethically correct. It also governs the arrangement of donations and sponsorships as well as conduct in the event of any conflicts of interest. The compliance policy contains important rules of conduct to avoid typical compliance risks in global companies and describes the associated processes, such as the “know-your-customer” principle. Like all internal company guidelines and policies, both documents apply to all companies in which we directly or indirectly hold more than a 50 percent of the shares or for which BLG LOGISTICS is in charge of corporate management. They are therefore binding for all our own employees and external staff, as well as for consultants working for us. In companies governed by foreign law, the guidelines must be implemented accordingly. Newcomers at BLG receive the Code of Conduct with their welcome folder, and temporary agency workers are informed at their initial briefing. Both the compliance policy and the Code of Conduct can be found on the intranet. Information on the compliance system, the Code of Conduct and relevant contact persons can also be publicly accessed on the Internet. Guidelines and policies are available in English at our international locations.
Embedding compliance within the company
A functioning compliance system is only possible if it is practiced by the workforce. To this end, we raise awareness among our decision-makers and senior executives, inform them about the issues and keep them up to date with the latest developments. In 2024, corresponding mandatory training courses on compliance, antitrust and competition law were conducted for the Board of Management, senior executives at levels 1-3 and all staff in Purchasing and Sales. The target of training at least 90 percent of employees in top management levels 1-3 was exceeded in 2024, with 100 percent of senior executives in Germany and 100 percent of senior executives at consolidated sites abroad receiving training. This target figure was integrated into quarterly reporting to the Board of Management and senior executives in the reporting year, for targeted management during the year.
Target:
We are continually improving, expanding and broadening our training system in this area and in 2024, we developed a refresher e-learning course. This refresher course builds on the comprehensive basic compliance course and repeats specific content on anti-corruption, conflicts of interest, and competition and antitrust law. All modules can be completed anywhere and anytime using our Tutorize central training platform, and each completion is recorded by the system. Managers below the above-mentioned levels also receive appropriate training. We also inform all other employees about topics relevant to compliance using various communication channels on a regular basis and when the situation demands it.
Responsibility along the supply chain
Compliance also shapes how we cooperate with our business partners and is passed on along supply chains. We require our suppliers and service providers along the supply chain to comply with the applicable legal framework and our Supplier Code of Conduct, as laid down in our General Terms and Conditions of Contract and Purchase. Further information on our supply chain management is described in the Sustainable Supply Chain section.
www.blg-logistics.com/en/gtc
Information security as a core building block
Information technology is involved in all of our processes, and our business depends on systems that are always functional and secure. Our customers, suppliers and staff also rely on this. We are therefore constantly working to anchor IT security in our projects, in our day-to-day business and in how our entire organization thinks. We ensure a uniformly high level by running our Information Security Management System (ISMS), which is based on the ISO 27001 and ISO 27002 international standards. The maturity and effectiveness of our measures are regularly reviewed both internally and externally. BLG LOGISTICS has already been successfully audited at 14 sites in accordance with the automotive industry standard “Trusted Information Security Assessment Exchange – TISAX” and is currently extending the certification for an additional ten sites. The focus is on all BLG information assets, with particular regard to our IT systems. We also attach great importance to safeguarding our operational technology and business continuity management (BCM). Our policies on information security and business continuity management provide the framework for all relevant aspects in this regard. These regulations apply to BLG LOGISTICS including all majority shareholdings, as well as to minority shareholdings that use our IT systems, and are also binding on contractual partners and suppliers subject to deviating regulations. When working with service providers, we ensure compliance with all relevant certifications, such as ISO 20000, ISO 27001 and ISO 22301, and regularly review this.
Due to the increasing threat posed by cyberattacks, we constantly review all existing organizational and technical measures for safeguarding our information and IT environment and continually implement new ones in order to be up to date at all times. This safeguards the business continuity of the company and also meets our customers’ requirements. This process is complemented by a continuous awareness program to raise awareness and train our employees.
Our Corporate Information Security Officer (CISO) with the Information Security Management department, who reports to head of the Legal, Insurance & GRC department, is primarily responsible for all matters relating to information security. Among other things, the CISO is responsible for the operation and continuous development of the BLG LOGISTICS Information Security System, giving advice on information security issues, conducting a strict risk analysis, implementing awareness-raising and training measures, and ensuring emergency prevention. In the event of security incidents or suspected cases, our employees can also inform the CISO anonymously. Our CISO is to be involved in all safety-relevant processes across the organization.
Focus on data protection
The Legal, Insurance & GRC department is responsible for data protection at BLG LOGISTICS. Our internal guidelines are based, among other things, on the requirements laid down in the GDPR for the handling of personal data. Regular, systematic site checks serve to check compliance with coordinated processes, identify possible deviations and potential for optimization, and ensure that a uniformly high level of data protection is implemented throughout the organization.
In order to make our employees more aware of data protection, an online training course was developed. All employees in business roles receive refresher training every two years. In addition, events such as the European Data Protection Day used to raise awareness internally of this important issue. In the event of questions or suspicious cases, our external data protection officer is available at any time and also accepts anonymous reports about suspected data breaches. Their contact details are publicly available on our website. A centrally managed tool is used for documentation, and this maps interfaces with IT and information security. In this way, we achieve a depth of documentation that allows us to react quickly and safely even in the event of very short-term events or inquiries from supervisory authorities.