Business ethics
and human rights

The nonfinancial aspects of corporate governance, compliance, particularly combating corruption and bribery, antitrust law and respect for human rights are outlined below. All of the above points have responsibility and risk minimization in common.

As a global enterprise with a 140-year history, Vossloh has a social responsibility toward its customers, employees, partners, investors and the public. From this responsibility, Vossloh derives the requirement that the company and its employees adhere to the laws as applicable, respect basic ethical values and act in an exemplary fashion at all times and in all scenarios. This requirement is set out in writing in the Vossloh Code of Conduct. The Code of Conduct, which all employees sign when they join the company, is designed to help them live up to this responsibility.

Good corporate governance

As a German stock corporation, Vossloh AG has a dual management and monitoring structure as reflected in the two bodies the Executive Board and the Supervisory Board. Both bodies have an obligation toward the company’s well-being and the interests of the shareholders. The Annual General Meeting, as the third body, is responsible for the company’s key fundamental decisions.

Compliance with legal and regulatory requirements

Preventing violations of the law of any kind, in particular corruption and anticompetitive behavior, is a key concern of the Vossloh Executive Board for the entire Group. The Executive Board has also unequivocally summed this up in its Compliance Commitment, which states: “Compliance with the law has absolute priority over closing a deal or achieving internal goals. We would rather forgo a business opportunity than violate the law.

We do not tolerate any violation of the law or of our internal guidelines and policies and will sanction any such behavior (zero tolerance policy).” (see www.vossloh.com > “Investor Relations” > “Corporate Governance” > “ Compliance ”). The area of Compliance is overseen within the Executive Board by the Chief Executive Officer (CEO).

The Executive Board of the Vossloh Group has established a Compliance Management System. The Vossloh Group’s Rules of Procedure of the Compliance Organization govern the Compliance Organization, the assignment of responsibilities among officeholders and the reporting duties of all the different company levels. The Compliance Organization comprises the Chief Compliance Officer (supported by a Compliance Office), the Group Compliance Committee at Vossloh AG, compliance officers and compliance committees within the business units and local compliance officers within the operating companies.

The Compliance Management System is designed to identify compliance violation risks and to minimize them in order to prevent Vossloh and its employees from incurring damage and liability risks. Bribery in business transactions and breaches of competition law were identified as key compliance risks in a risk inventory conducted with external support in 2016 and last updated in 2021. This relates in particular to sales and all the sales-promoting activities, including intermediaries. The Compliance Management System addresses these risks and minimizes them with the help of suitable processes and measures.

Since 2007, Vossloh’s Compliance Management System has been based on the Vossloh Code of Conduct. The Code stipulates and precisely defines the values of integrity and upstanding business conduct, and interprets them as clear and straightforward rules and principles. It is currently available in 15 languages and is mandatory for all company employees. It was most recently completely revised and further developed in 2016. There are also guidelines on the prevention of corruption, antitrust law-compliant conduct and the introduction of intermediaries as well as data protection, export control and insider guidelines (for more information on Compliance at Vossloh, see: www.vossloh.com >“Investor Relations” > “Corporate Governance” >“ Compliance ”).

Compliance as part of business activities constitutes part of regular classroom training held at all Vossloh companies. The teaching requirements and the participants are identified and selected by the Compliance Officers within the business units and the Local Compliance Officers on the basis of the Vossloh Compliance Training Concept. The Compliance Office headed by the Chief Compliance Officer keeps a record of the classroom training sessions held. In 2022, Vossloh conducted compliance training around the world for a total of 1,283 participants (2021: 723).

Compliance training is also given in the form of e-Learning, which was revised from the ground up in 2021. The “Code of Conduct – Compliance Basics” module is aimed at all employees who work at a computer workstation. In addition, there are two modules for all managerial staff and employees with external contact that focus on competition law and anticorruption measures. These are also the target audience of the “refresher” module on anticorruption, competition law and foreign trade law. All new employees are gradually taken through the e-Learning program. The Local Compliance Officers systematically record the employees’ attendance and send them reminders to attend, if need be. As of December 31, 2022, the training rate stood at 96.3 percent (2021: 95.0 percent).

Compliance audits are performed – usually with the assistance of external audit firms – in order to verify that the Compliance Management System rules are being adhered to within the individual operating units. These audits are carried out on both an ad hoc and scheduled basis. In 2022, three ad hoc compliance audits were carried out, of which one audit started in 2022 was only completed in 2023. Further, compliance issues were also audited as part of the internal audit process. Additionally, the company regularly has its Compliance Management System reviewed by external experts and has them make recommendations regarding its further development and improvement.

The most recent extensive review took place in 2017; the audit report has been published on www.vossloh.com under “Corporate Governance” > “ Compliance ” in the “Investor Relations” section. Insofar as findings and recommendations were stated regarding compliance work, these have been and will be implemented in the course of the ongoing development and improvement of the Compliance Management System. Vossloh also performed a stocktaking and survey of managers and employees of the Group in 2018 which confirmed the effectiveness of the established Compliance Management System in particular. In the fiscal year 2021, another Group-wide compliance risk assessment was carried out with the support of an auditing firm. The purpose of this risk assessment was to determine the Vossloh Group’s compliance risks in the areas of antitrust law, anti-corruption, and export control, taking into account existing compliance rules and measures (see „Legal risks and opportunities“ on page 70). The appropriateness of the existing Compliance Management System was further validated overall. The Compliance Office and Corporate Controlling conduct annual risk dialogues withselected companies of the Vossloh Group in order to monitor the effectiveness of the Compliance Management System and document material risks; two risk dialogues were held in 2022.

Vossloh has set up a whistle-blower hotline together with an international law firm. In addition to the option of contacting the Compliance Office directly, this allows company employees and external whistle-blowers to report possible misconduct to an independent external contact (ombudsperson) in their native language. The whistleblower hotline has so far been set up for 24 countries. As such, the main regions and the languages spoken within the Vossloh Group are essentially covered. The ombudspersons were contacted on two occasions in 2022 (2021: three occasions). All resulting investigations into possible compliance violations were concluded.

Vossloh has also taken special precautions to ensure compliance with foreign trade regulations, notably export control and embargo legislation. Beyond the obvious need to comply with applicable legal provisions, Vossloh shares the security objectives pursued by foreign trade legislation, especially the strengthening of international peace efforts and the non-proliferation of weapons of mass destruction. An export control policy for the entire Group and which is based on applicable law creates a binding framework for the entire Vossloh Group and all its employees to ensure compliance with the respective legal requirements. The framework requirements of this policy are supplemented by more extensive regulations in the form of work and organizational instructions, process descriptions, etc. The policy states that each operational unit must appoint an Export Officer and a Trade Compliance Officer (TCO). In cooperation with the respective HR departments, they develop training concepts and ensure that all employees working in areas relevant to foreign trade receive the appropriate training. Vossloh’s central compliance e-learning tool also includes the module “Foreign trade law.”

The Vossloh Group also expects its suppliers and service providers to act in accordance with the rules and demonstrate lawful conduct. This is verified and controlled in specific cases as well as on an ad hoc basis. Group-wide “Guidelines on the Involvement of Intermediaries” apply to business dealings with commercial agents, agencies, distributors and consultants in the sales area. Their purpose is to prevent the risk of unfair practices on the part of contracted third parties and to minimize the risks for the company and its employees.

Vossloh has maintained a Group-wide register of associations as part of its Compliance Management System, in which all company and private memberships in industry associations are recorded. Vossloh AG’s primary association memberships are as follows:

  • The Railway Industry in Germany (VDB)
  • Association of the European Rail Industry (UNIFE)
  • Deutsches Verkehrsforum (DVF)
  • Institut für Bahntechnik GmbH (IfB)
  • Pro-Rail Alliance
  • Association of German Transport Companies (VDV)

Vossloh does not make donations to political parties or similar institutions.

Human and employees‘ rights

Vossloh respects internationally recognized human rights in its business activities, and these are codified as binding rules for all the employees in Section 10 of the Vossloh Code of Conduct (“Protection of human and labor rights”). The Code of Conduct can be found under www.vossloh.com > „Investor Relations“ > „Corporate Governance“ > „ Compliance “.

To minimize the risk of child labor, Vossloh, as a rule, does not employ anyone under the age of 14 or 15 (depending on the legal provisions in the different countries). In addition, the majority of Vossloh’s production facilities are located in Europe. Employees under the age of 18 are usually apprentices. The instructors responsible for them are duty-bound to observe all the relevant labor law and occupational safety rules and provisions. A whistle-blower hotline is available in order for possible misconduct to be reported. No human rights violations were reported in the 2022 fiscal year (2021: also no reports).

More recent major partnership contracts such as joint venture agreements generally already include the Vossloh Code of Conduct and, therefore, also its human rights aspects as mandatory conduct rules. The same applies to contracts with intermediaries (e.g. commercial agents and distributors).

The various Vossloh companies subject their suppliers and intermediaries to intensive preliminary checks before concluding a contract with them. Here the company has so far not had cause to check compliance with human rights.

Adherence to local laws and standards (for example, minimum wage or fundamental labor law conditions) is an integral part of Vossloh’s compliance obligations. The European Works Council, the Group Works Council, the Executive Board and Corporate Human Resources regularly communicate at Vossloh in order to guarantee the flow of information, discuss scope for improvements, address new issues together and tackle these in projects.

Data security and privacy

The protection of personal data is a matter of importance to Vossloh. The company revised its data protection management system to comply with the European General Data Protection Regulation (GDPR) and adjusted the organization in accordance with the new legal requirements. It is binding for all Vossloh companies and all staff worldwide, even outside the European Union. Compliance with the Vossloh Data Protection Policy is monitored by appointed data protection officers and data protection coordinators, as well as a data protection committee at the Vossloh AG level that meets regularly.