Compliance

Clear understanding of values embedded in globally applicable guidelines

NORMA Group’s understanding of values forms the basis for all business decisions and activities in the Group. In particular, the global focus of the company makes worldwide implementation and compliance with codes of conduct especially important.

The implementation of compliance-specific frameworks sets rules clearly and transparently. The main compliance guidelines at NORMA Group are

•the   CODE OF CONDUCT,

•the   ANTI-CORRUPTION POLICY and

•the   SUPPLIER CODE OF CONDUCT.

The compliance guidelines also include requirements in the area of HUMAN RIGHTS (including freedom of association, forced and child labor, and anti-discrimination).

The guidelines are regularly reviewed regarding the need for updates and adapted as required. In fiscal year 2023, the “Whistleblower Protection” policy was published, which provides employees and external parties with comprehensive and detailed information on the whistleblowing process, reporting channels and the mechanisms in place to protect whistleblowers.

NORMA Group’s compliance management system is aimed at ensuring that its values and rules are lived throughout the Group. Concrete steps are determined, implemented, and tracked in a Compliance Action Plan.

Group-wide compliance management

The Management Board of NORMA Group is responsible for an effective compliance management system. Compliance forms an integral part of the overarching “Integrity” department, which – in addition to compliance – addresses the topics of data protection and information security. This bundling not only considers the growing importance of these topics, but also adequately reflects their increasing interlinking in terms of content.

Group-wide compliance activities are managed by the Director Integrity of NORMA Group SE, who regularly reports to the Vice President Integrity and is able to report directly to the Chairman of the Management Board  CORPORATE GOVERNANCE REPORT. In addition to the main compliance department at Group level, Compliance Delegates are appointed at the level of the regions EMEA, Americas and Asia-Pacific, as well as at operationally active individual entities. The Compliance Delegates of the individual Group companies are in regular contact with the other local departments and regularly report to the respective Regional Compliance Delegates, who in turn report to NORMA Group Compliance.

Any member of NORMA Group’s compliance organization can be contacted at any time on any compliance issue. The compliance department is in close communication with the legal department of NORMA Group in order to continuously take into account new or changed legal requirements in the compliance risk analyses and in the compliance program. In addition, close contact is maintained with Internal Audit for updates on recent developments.

The effectiveness of the compliance organization set up by the Management Board is monitored by the Supervisory Board of NORMA Group SE, which is informed about compliance matters as needed.

Close risk monitoring and control

The identification and assessment of relevant compliance risks forms an important basis for the compliance program and therefore for the compliance management system as a whole. NORMA Group carries out the respective risk analyses and is in close contact with relevant departments (e.g. Internal Audit, Risk Management).

The risks to which NORMA Group is exposed form the basis for determining the compliance program and the respective measures. Implementing these measures and adhering to the compliance rules are also regular audit tasks of internal auditing.

Systematic, demand-oriented training of employees

To ensure the effectiveness of NORMA Group’s compliance management system, all employees must be familiar with the relevant legal requirements and internal compliance guidelines. The goal is for all employees of NORMA Group to know the compliance rules, as well as the contact persons and reporting channels.

The compliance training that NORMA Group offers serves as the basis for this. It mainly takes place in form of online training sessions and as face-to-face sessions if necessary. Depending on the job and responsibility profile of an employee, the training courses to be completed are assigned as needed. During training, the employees receive concrete support on which behavior is in line with the compliance guidelines and can test their knowledge in practical assessments and case studies. They can then review their conduct on the basis of practical questions and case studies. The training courses of fundamental importance, which must be completed as basic training by all NORMA Group employees with a PC workstation, include the online training courses “Code of Conduct & Compliance Basics” and “Anti-Corruption.” Depending on the job profile, employees must attend specific focus

training sessions (including “Antitrust law”). Furthermore, the knowledge of employees is updated and extended as required through refresher courses. “Compliance Safety Cards” were handed out to employees without a PC workstation, especially those who work in production. They are available in all the necessary languages and clearly communicate relevant compliance topics.

In fiscal year 2023, 1,264 employees (2022: 2,080) received online compliance training. In this context, training courses totaling 1,864 hours (2022: 2,535) were conducted. The decrease in both the number of employees trained and the number of training hours compared to the previous year is due in particular to the fact that in 2022 there was a full re-enrollment in the revised and updated “Anti-Corruption” training. In fiscal year 2023, the Integrity department also provided training on data protection and information security. Employees completed a further 3,459 hours of training in these subject areas.

The need for training is checked regularly. Internal reporting records the status of compliance training. Compliance-related topics are also communicated via additional channels such as posters, brochures and Compliance Safety Cards that summarize key compliance topics in condensed form, as well as e-mails and intranet articles.

Various ways of reporting violations

NORMA Group encourages its employees to report violations of rules and internal policies, even across hierarchical levels. Besides personally approaching supervisors, the Human Resources department or Compliance Delegates, NORMA Group’s INTERNET-BASED WHISTLEBLOWER SYSTEM enables anonymous reporting of incidents by internal or external whistleblowers. The compliance organization follows up on reports of compliance violations. The reporting process and mechanisms in place to protect whistleblowers are described in the policy 4 WHISTLEBLOWER PROTECTION. Further information on the whistleblower system can be found in the CORPORATE GOVERNANCE REPORT.

In cases in which the electronic whistleblower system is more difficult for employees to use for technical or organizational reasons (a lack of PC access by employees in production, for example), NORMA Group offers other appropriate reporting channels, such as notice boxes at the plants or reporting directly to NORMA Group Compliance by e-mail or by meeting in person, for instance. Besides the main electronic whistleblower channel, NORMA Group offers supplementary or alternative reporting channels at all sites at which local laws require these channels to be made available.

Both the suitability and the appropriateness of the reporting system are reviewed on a regular basis – with regard to the requirements of the “Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report infringements of Union law” ( “Whistleblower Protection Directive”) as well as the respective implementing laws of the member states, for example. The system is adapted if necessary. NORMA Group is closely monitoring further developments with regard to the implementation in national laws by individual member states in which NORMA Group also operates reporting channels, which in some cases contradicts the EU Directive. Necessary adjustments are made if required.