Compliance and Responsibility
With its company values of integrity, collaboration, courage, and excellence and the principles of the Group-wide KION Group Code of Compliance (KGCC), the KION Group is responding to the demanding expectations of the capital market, customers, and other stakeholders.
As part of the KION Group, Linde MH shares these values and is committed to full compliance with all applicable legal regulations, guidelines, and codes of conduct. Linde MH’s comprehensive compliance management system is based on the KGCC, which defines guidelines for ethical, value-oriented, legally compliant conduct in business. The KGCC also provides a binding framework for engaging with colleagues, customer and partner companies, and the public.
As a German company, the KION Group is primarily subject to German law. At the same time, the KION Group is required to comply with the respective national laws at its locations. In the event that these national laws deviate from German law, the KGCC defines the procedure to follow within the Group. The point of contact in any case of legal doubt is the Compliance or Legal department.
The KGCC is available in 24 languages and is updated as required, with new topics and focus areas added to reflect the current legal situation and the current circumstances in the company. External parties can view the KGCC on the KION Group website.
Responsibility for the Group-wide compliance management system lies with the Executive Board of KION GROUP AG. The Chief Compliance Officer leads the department and, together with the Compliance team, is responsible for further developing the compliance management system, providing advice and information on compliance issues, resolving cases of non-compliance, and providing appropriate training. Each Operating Unit has a full-time Compliance Officer who reports directly to the Chief Compliance Officer and supports the management of the respective Operating Unit with the implementation of compliance requirements. Local and regional compliance officers ensure that the activities in the subsidiaries comply with the law and regulations.
Effective Compliance Management System
The effectiveness of the compliance management system is continually reviewed and refined. The system is based on the model of the IDW PS 980 auditing standard of the Institute of Public Auditors in Germany, and focuses on preventing compliance violations. The anti-corruption section states that the aim is to prevent, detect, track, and penalize corruption within the company. As part of its regular checks and short-notice audits, the Group Audit department checks adherence to the compliance requirements in KION GROUP AG and its consolidated subsidiaries.
In the year under review, the external audit of the compliance management system in the anti-corruption section was completed in accordance with IDW PS 980, based on ISO 19600. As well as assessing the effectiveness of the compliance management system, the audit also focused on the appropriateness and design of the system. In 2022, it was confirmed that the measures are effective, in accordance with the principles applied, in identifying risks of material non-compliance with reasonable assurance in a timely manner as well as preventing non-compliance.
As in previous years, work continued in 2022 in the areas of anti-corruption, data protection and IT security, foreign trade and export control, combating money laundering, fraud prevention (particularly in cybercrime), D&O liability, and the responsibility of the executives. The integration of compliance aspects into the internal control system, whistleblower protection, and anti-discrimination also remained a focus in the year under review.
The KION Group expressly supports the fight against all forms of corruption and bribery. To this end, it follows the approach of “prevent, detect, respond.” No confirmed cases of competition or antitrust violations were recorded in the reporting year. There were also no confirmed cases of active corruption by employees.
| 2022 | 2021 | 2020 |
|---|---|---|
| 0 | 0 | 0 |
Multiple Reporting Channels
Actual or suspected violations can be reported in person, by phone, mail, email, or via an online form. All KION Group employees—as well as external stakeholders—can report potential compliance violations around the clock via a whistleblowing tool and a dedicated hotline, anonymously if they wish. The whistleblowing system is available worldwide, but is tailored as closely as possible to local conditions. The reports made via the system are monitored and processed by the compliance organization and ultimately by the Compliance Committee, which includes the Chief Compliance Officer and the Audit and Legal departments. The KION Group’s whistleblowing system has been adapted to take account of the transposition of the EU Whistleblowing Directive into German legislation.
All reported suspected cases are systematically reviewed and any detected violations are investigated using effective control measures, for example regular or special audits. Any cases of misconduct are subject to disciplinary action. If necessary, the compliance management system is adjusted to prevent future violations.
The Linde MH Compliance Committees established in Germany in 2021 provide a new independent, trustworthy point of contact. If anyone experiences or observes discrimination or harassment, they can get in touch with their responsible committee—and it goes without saying that this is in complete confidence. Similar bodies exist throughout the EMEA in accordance with national regulations. Compliance representatives are available to provide assistance at any time in all Linde MH countries.
| 2022 | 2021 | 2020 |
|---|---|---|
| 57 | 55 | 16 |
Training
As well as clear guidelines, there is also a wealth of information and a wide range of advisory services and training courses available. Through the work of compliance officers and representatives, Linde MH ensures that staff are always kept fully informed and up to date about all compliance issues and are aware of the importance of acting in a value-oriented manner. All new employees of the KION Group are required to complete mandatory training on the KION Group Code of Compliance—either via e-learning or, for employees who do not have a work PC, via in-person training. In addition, employees with compliance-critical tasks, for example in sales, regularly receive targeted live training.
| In-person training courses (KION Group Code of Compliance, anti-corruption, anti-discrimination, anti-money laundering, conflicts of interest) |
|---|
| E-learning courses: KION Group Code of Compliance |
| E-learning courses: Preventing Corruption in the KION Group—the General Rules of the ABC Policy |
| E-learning courses: Professional Conduct at KION: Respect in the Workplace |
| E-learning courses: Preventing Money Laundering and Fraud at KION |
| E-learning courses: Avoiding Conflicts of Interest at KION |
| E-learning courses: KION Group—Preventing Anti-competitive Behavior |
| E-learning courses: General Data Protection |
| E-learning courses: Information Security Employee Awareness Training |
The aim is to provide all KION Group employees with regular training on the most important topics (anti-corruption, avoiding conflicts of interest, antitrust and competition law, anti-money laundering, data protection, IT security, and human rights). Changes in legislation or internal regulations are also incorporated into in-person training courses, as are any new findings from the compliance management system. The training program was expanded in 2021 to include e-learning courses on respect in the workplace (anti-discrimination), conflicts of interest, whistleblower protection, and fraud with a focus on money laundering. E-learning courses on cybersecurity and antitrust law have also been added.
| 2022 | 2021 | 2020 |
|---|---|---|
| 100% | 98% | 92% |
Compliance Audit of Business Partners
Before KION enters into a new business relationship, external business partners must be assessed and appropriate documents must be provided. The business partner’s economic background is checked and it is determined whether there are any other reasons not to establish a business relationship, for example because the business partner is on a sanctions list or there have been negative reports about them. In case of doubt, KION may refrain from doing business with this partner. KION also audits external partners based on a risk assessment.
The basic inspection is carried out using the business partner tool, which is managed by Corporate Compliance. The process involves checking customers and suppliers for certain indicators based on compliance lists. Corporate Compliance is responsible for performing this check against the relevant lists, as well as for evaluating the results and instigating any necessary measures. For external sales partners with a higher risk of corruption, such as dealers, importers, distributors, agents, or integrators, a multi-stage due diligence assessment is carried out by the responsible compliance officer before establishing the business relationship. For this assessment, information is obtained from the sales partners via due diligence questionnaires, through audits conducted using the business partner tool, and/or via external due diligence providers. The results of the due diligence assessment and the recommended measures, which may include stricter contractual clauses with inspection rights or additional monitoring of the cash flows, are communicated to the responsible bodies, such as the management.
Periodic Risk Analysis
As part of a systematic analysis, the KION Group records and evaluates corruption and bribery risks on a regular basis throughout the Group. Money laundering risks and the risks of non-compliance with antitrust laws, tax compliance and human rights are also assessed. Non-financial risks that arise on an ongoing basis are screened, evaluated, and managed. Adequate measures are subsequently derived to eliminate both process and control weaknesses. The characteristics of the corruption perception index for the respective country, the size and structure of the local procurement or sales organization, and contact with public officials play an important role in the risk assessment. The analysis has already been completed for all Linde MH subsidiaries. There continued to be no significant compliance risks.
| 2022 | 2021 | 2020 |
|---|---|---|
| 100% | 100% | 100% |
Data Protection and Information Security
Data protection and information security are top priorities at Linde MH and are governed by guidelines applicable to the entire KION Group. The Data Protection Policy aims to implement technical and organizational measures to protect personal data, while the KION Information Security Policy focuses on safeguarding the confidentiality, integrity, and availability of information, aiming to protect the KION Group from related attacks. A range of Group works agreements and mandatory standards on topics such as IT security in the workplace and the management of IT systems, email, and the Internet are also in place. Samples and templates for the day-to-day handling of personal data and sensitive business information are also available. The Operating Units are responsible for implementing the central requirements. Those responsible for data protection and its coordination in the individual subsidiaries report to their respective management. At Group level, the Group Data Protection Officer reports to the Chief Compliance Officer, and the KION Group Chief Information Security Officer reports to the KION Group’s Chief Information Officer who reports to the Executive Board of KION GROUP AG.
Protecting sensitive, personal data is a big responsibility. That is why appropriate, reliable processes and measures have been defined to protect this data and to comply with statutory provisions. Training programs and regular reports on the Social Intranet ensure that every single employee is familiar with the basic principles of data protection, reporting obligations, and the Group-wide compliance reporting system, and that they receive ongoing training in these areas.
Every year, there are around 100 million attacks on the KION Group’s IT network, all of which have so far been averted. An important factor in this success is the continuous scanning for vulnerabilities across the entire IT and operational technology infrastructure. Regular training on IT security, global anti-phishing campaigns, a monthly video series on the Social Intranet, and instructions on how to secure the IT infrastructure also support IT security.
Information Security Management System
At the end of 2022, KION started implementing an information security management system (ISMS) to ensure that sensitive information remains protected and the Group maintains its competitive position in the industry. The KION Group ISMS is based on ISO 27001 requirements (establishment, implementation, maintenance, and continuous improvement of documented security management processes) for the entire Group. A documentation framework has been established that sets out the requirements for information security.
In this context, the KION Group regularly analyzes potential or existing risks to information security. Where the risk analysis identifies an IT security risk or where there is deviation from a KION Group security standard, the risk is described and appropriate action is set out. Once the residual risk has been assessed, the risk owner decides on whether to accept the residual risk. It must then be reassessed regularly and safeguarded by means of renewed risk acceptance.
The Group Audit department regularly carries out special IT audits, which also cover information security.
In April and May 2023, the KION Group headquarters in Frankfurt am Main and the Linde Material Handling headquarters in Aschaffenburg were the first sites to undergo the TISAX1 assessment. Both sites successfully passed the audit and are now officially TISAX certified for the next three years.
A maturity level of 2.8 was achieved in the audit (2.1 is required to obtain a provisional label and 2.7 to obtain a permanent label). As part of the assessment, the auditor had to be provided with around 200 different pieces of evidence, including information security standards, standard operating procedures, security concepts, KPIs, and more.
In addition to the work underway at other sites that are set to be included in the ISMS scope in the course of the year, the focus will now also be on maintaining this established high level of information security and on ensuring that the building blocks of the system run smoothly in day-to-day business, for example, the performance of regular internal audits and reviews, information security risk management, and the planning and implementation of improvements.
| 2022 | 2021 | 2020 |
|---|---|---|
| 1 | 0 | 0 |
[1] TISAX® is a cross-company assessment and exchange mechanism for information security in the automotive industry. The aim is to protect data and its integrity and availability in the manufacturing process and in the operation of trucks.