Business ethics
and human rights

The nonfinancial aspects of corporate governance, compliance, particularly combating corruption and bribery, antitrust law and respect for human rights are outlined below. All of the aforementioned points have responsibility and risk minimization in common.

As a global enterprise with a 140-year history, Vossloh has a social responsibility toward its customers, employees, partners, investors and the public. From this responsibility, Vossloh derives the requirement that the company and its employees adhere to the laws as applicable, respect basic ethical values and act in an exemplary fashion at all times and in all scenarios. This requirement is set out in writing in the Vossloh Code of Conduct. The Code of Conduct, which all employees sign when they join the company, is designed to help them living up to this responsibility.

Good corporate governance

As a German stock corporation, Vossloh AG has a dual management and monitoring structure as reflected in the two bodies the Executive Board and the Supervisory Board. Both bodies have an obligation toward the company’s well-being and the interests of the shareholders. The Annual General Meeting, as the third body, is responsible for the company’s key fundamental decisions.

Compliance with legal and regulatory requirements

Preventing violations of the law of any kind, in particular corruption and anticompetitive behavior, is a key concern of the Vossloh Executive Board for the entire Group. The Executive Board has also unequivocally summed this up in its Compliance Commitment, which states: “Compliance with the law has absolute priority over closing a deal or achieving internal goals. We would rather forgo a business opportunity than violate the law. We do not tolerate any violation of the law or of our internal guidelines and policies and will sanction any such behavior (zero tolerance policy).” (see > “Investor Relations” > “Corporate Governance” > “ Compliance ”). The area of Compliance is overseen within the Executive Board by the Chief Executive Officer (CEO).

To implement and monitor compliance regulations, the Executive Board has set up a compliance organization and defined its structure, the responsibilities and tasks of the individual compliance functions and their reporting channels in “Rules of Procedure for Compliance“. The Vossloh Compliance organization consists of the Chief Compliance Officer (supported by a Compliance Office) and the Group Compliance Committee at Vossloh AG level, Compliance Officers and Compliance Committees in the business units as well as Local Compliance Officers in the operating companies. Vossloh‘s compliance management system is designed to identify risks arising from compliance violations and to minimize these risks through appropriate measures in order to prevent damage to Vossloh and its employees. The prevention of corruption and strict compliance with competition law regulations are a particular focus.

Since 2007, Vossloh‘s Compliance Management System has been based on the Vossloh Code of Conduct, which specifies the value of integrity and is binding for the entire Group and all company employees. It is currently available in 15 languages. There are also guidelines on the prevention of corruption, conduct in compliance with antitrust law and the involvement of intermediaries as well as a Data Protection Policy, an Export Control Policy and an Insider Trading Policy (for more information on compliance at Vossloh, see > “Investor Relations“ > “Corporate Governance“ > “ Compliance “).

Compliance as part of business activities constitutes part of regular classroom training held at all Vossloh companies. The teaching requirements and the participants are identified and selected by the Compliance Officers within the business units and the Local Compliance Officers on the basis of the Vossloh Compliance Training Concept. The Compliance Office headed by the Chief Compliance Officer keeps a record of the classroom training sessions held. In 2022, Vossloh conducted compliance training around the world with a total of 653 participants (2022: 1,283).

Compliance training is also given in the form of e-Learning, which was revised from the ground up in 2021. The “Code of Conduct – Compliance Basics” module is aimed at all employees who work at a computer workstation. In addition, there are two modules for all managerial staff and employees with external contact that focus on competition law and anticorruption measures. These are also the target audience of the “ refresher” module on anticorruption, competition law and foreign trade law. All new employees are gradually taken through the e-Learning program. The Local Compliance Officers systematically record the employees’ attendance and send them reminders to attend, if need be. The training rate was 97.1 % as of December 31, 2023 (2022: 96.3 %).

Compliance audits are performed – usually with the assistance of external audit firms – in order to verify that the Compliance Management System rules are being adhered to within the individual operating units. These audits are carried out on both an ad hoc and scheduled basis. In 2023, including a date planned for 2022 and made up for in 2023, four compliance audits were carried out regardless of cause. Compliance issues are also audited as part of the internal audit process. The company also has its Compliance Management System regularly reviewed by external experts and receives recommendations for further development and improvement. The last comprehensive effectiveness review to date took place in 2017; the audit report is published on the website > “Investor Relations“ > “Corporate Governance“ > “Compliance“. Where findings and recommendations for compliance work were made, they have been and will be implemented as part of the continuous development and improvement of the Compliance Management System. A review of compliance risks carried out in the 2023 financial year with external support, including a survey on the effectiveness and acceptance of the Compliance Management System with 128 representatively selected managers and employees, primarily from management, sales and purchasing, once again confirmed the previous risk assessment and the high effectiveness and acceptance of the Compliance Management System. The subject of this risk inventory was the Group-wide determination of the Vossloh Group‘s compliance risks in the areas of antitrust law, anti-corruption and export control, taking into account existing compliance rules and measures. The appropriateness and high level of acceptance of the existing Compliance Management System continued to be confirmed overall.

The Compliance Office and Corporate Controlling also conduct annual risk dialogs with selected Vossloh Group companies to review the effectiveness of the Compliance Management System with a view to identifying material risks. One risk dialogue was held in 2023 (2022: two dialogues).

Vossloh has set up a whistle-blower hotline together with an international law firm. In addition to the option of contacting the Compliance Office directly, this allows company employees and external whistle-blowers to report possible misconduct to an independent external contact (ombudsperson) in their native language. The whistleblower hotline has so far been set up for 24 countries. As such, the main regions and the languages spoken within the Vossloh Group are essentially covered. The ombudspersons were contacted once in 2023 (2022: twice). All resulting investigations into possible compliance violations were completed.

Vossloh has also taken special precautions to ensure compliance with foreign trade regulations, notably export control and embargo legislation. Beyond the obvious need to comply with applicable legal provisions, Vossloh shares the security objectives pursued by foreign trade legislation, especially the strengthening of international peace efforts and the non-proliferation of weapons of mass destruction. An export control policy for the entire Group and which is based on applicable law creates a binding framework for the entire Vossloh Group and all its employees to ensure compliance with the respective legal requirements. The framework requirements of this policy are supplemented by more extensive regulations in the form of work and organizational instructions, process descriptions, etc. The policy states that each operational unit must appoint an Export Officer and a Trade Compliance Officer (TCO). In cooperation with the respective HR departments, they develop training concepts and ensure that all employees working in areas relevant to foreign trade receive the appropriate training. Vossloh’s central compliance e-learning tool also includes the module “Foreign trade law.”

The Vossloh Group also expects its suppliers and service providers to act in accordance with the rules and demonstrate lawful conduct. This is verified and controlled in specific cases as well as on an ad hoc basis. Group-wide “Guidelines on the Involvement of Intermediaries” apply to business dealings with commercial agents, agencies, distributors and consultants in the sales area. Their purpose is to prevent the risk of unfair practices on the part of contracted third parties and to minimize the risks for the company and its employees.

Vossloh has maintained a Group-wide register of associations as part of its Compliance Management System, in which all company and private memberships in industry associations are recorded. Vossloh AG’s primary association memberships are as follows:

  • The Railway Industry in Germany (VDB)
  • Association of the European Rail Industry (UNIFE)
  • Deutsches Verkehrsforum (DVF)
  • Institut fur Bahntechnik GmbH (IfB)
  • Pro-Rail Alliance
  • Association of German Transport Companies (VDV)

Vossloh does not make any donations to political parties or similar institutions.

Respect for human and labor rights

The Vossloh Group endeavors to respect internationally recognized human rights in its business activities and has codified this in the Vossloh Code of Conduct under point 10 (“Protection of human and employee rights“), which is binding for all employees. The Code of Conduct is publicly available on the website > “Investor Relations“ > “Corporate Governance“ > “ Compliance “.

To minimize the risk of child labor, Vossloh, as a rule, does not employ anyone under the age of 14 or 15 (depending on the legal provisions in the different countries). In addition, the majority of Vossloh’s production facilities are located in Europe. Employees under the age of 18 are usually apprentices. The instructors responsible for them are duty-bound to observe all the relevant labor law and occupational safety rules and provisions. A whistle-blower hotline is available in order for possible misconduct to be reported. No human rights violations were reported in the 2023 fiscal year (2022: also no reports).

More recent major partnership contracts such as joint venture agreements generally already include the Vossloh Code of Conduct and, therefore, also its human rights aspects as mandatory conduct rules. The same applies to contracts with intermediaries (e.g. commercial agents and distributors). Strategic suppliers are required to recognize the Vossloh Code of Conduct for Business Partners, which has been available in revised form since 2023 and also includes significant obligations to protect human and employee rights.

The various Vossloh companies subject their suppliers and intermediaries to intensive preliminary checks before concluding a contract with them. Here the company has so far not had cause to check compliance with human rights. This result was confirmed in 2022 in a risk assessment of the supplier portfolio in 15 Vossloh units supervised by an independent auditing firm.

Adherence to local laws and standards (for example, minimum wage or fundamental labor law conditions) is an integral part of Vossloh’s compliance obligations. The European Works Council, the Group Works Council, the Executive Board and Corporate Human Resources regularly communicate at Vossloh in order to guarantee the flow of information, discuss scope for improvements, address new issues together and tackle these in projects.

Data protection and privacy

The protection of personal data is a matter of importance to Vossloh. The company revised its data protection management system to comply with the European General Data Protection Regulation (GDPR) and adjusted the organization in accordance with the new legal requirements. It is binding for all Vossloh companies and all staff worldwide, even outside the European Union. Compliance with the Vossloh Data Protection Policy is monitored by appointed data protection officers and data protection coordinators, as well as a data protection committee at the Vossloh AG level that meets regularly.