Compliance Management System
OMV has set up a comprehensive Compliance Management System based on the requirements of IDW PS 980, including policies, audits, and training particularly to prevent, detect, monitor, and address allegations or incidents of corruption and bribery. The system aims to anchor OMV’s business ethics policies throughout the organization and to ensure their correct implementation. The design and implementation of OMV’s Compliance Management System have been externally audited for adequacy and effectiveness. The result of each audit was that OMV’s system is appropriately designed and effectively implemented to prevent, detect, and respond to systematic misconduct in the legal areas of business ethics/anti-corruption, capital market law, competition law, and trade sanctions. The most recent audit was conducted in 2023 by Ernst & Young (EY) in accordance with the Auditing Standard (PS) 980 of the Institute of Public Auditors in Germany (IDW), confirming that OMV operates an ambitious, well-established, and mature compliance program that is appropriately designed for all compliance areas and effectively implemented across the OMV Group. In addition, in 2024 Borealis was recertified under ISO 37301 (Compliance Management) and ISO 37001 (Anti-Bribery Management Systems) and replaced and updated existing compliance policies including the Ethics Policy and the Investigation and Disciplinary Procedure. It furthermore strengthened efforts and made investments in integrating newly acquired companies in Bulgaria and Italy.
Compliance topics, including any allegations on corruption and bribery incidents, are regularly reported and addressed during regular scheduled and ad hoc meetings. These sessions involve either the entire Executive Board, individual members of the Executive Board, regular Audit Committee meetings with the Supervisory Board, and meetings with the chairman of the Supervisory Board.
Addressing Misconduct
OMV has established a strict zero-tolerance policy for violations of the rules stipulated in the Code of Business Ethics. Results of compliance investigations are assessed based on this principle. Should an investigation reveal that an employee has actually engaged in misconduct, potential labor law measures will be discussed with management and Human Resources and will depend on the nature and severity of the offence and take into account all circumstances of the individual case. Compliance-related matters are regularly discussed and reported at regular meetings with either the entire Executive Board and with each individual member, regular Audit Committee meetings with the Supervisory Board, and meetings with the Chairman of the Supervisory Board.
Risk Management
Both external and internal risk factors, in particular changes to the regulatory framework and recent developments or incidents, are monitored on an ongoing basis to evaluate their possible impact on OMV’s current risk exposure. This ongoing risk analysis also includes an institutionalized semi-annual risk analysis, which is part of OMV’s Enterprise-Wide Risk Management (EWRM). If new risks are identified, OMV undertakes measures to address them.
Before we launch activities in a new country, we perform an analysis of business ethics and sanction law issues in that country. The Business Ethics Entry Assessment includes an analysis of the Corruption Perceptions Index assigned by Transparency International to a given country. Based on the outcome of the assessment, corporate governance in local operations is adapted to assure compliance with OMV’s ethical standards. OMV has implemented a process for screening both potential new and existing business partners using EU and US sanction lists. In addition to these sanction checks, more exhaustive due diligence assessments are conducted prior to engaging with a business partner or during the business relationship as needed. Critically, counterparties in M&A transactions, strategic partnerships, or business partners that have been in the media spotlight in the context of illegal conduct are assessed in greater depth. This type of assessment involves the potential business partner, their direct and indirect shareholders, other investors, and the ultimate beneficiaries of directly or indirectly involved legal entities.
The main red flags are connections to government officials, other individuals, and companies referred to in high-attention media reports on political and corruption cases, sanctioned entities, or any other suspected involvement in illegal conduct. In cases where intermediaries, lobbyists, or consultants are engaged, we use a third-party service provider to carry out comprehensive research, including source inquiries. Furthermore, vendor assessments are conducted by the OMV Procurement department.
Training
It is important for us to make sure that every single employee is fully aware of our ethical values and principles. Training is an essential element in informing employees about our rules on anti-corruption and anti-bribery and raising awareness of ethical issues. Business ethics training focuses in particular on anti-bribery and corruption and includes training employees on dealing with invitations, gifts, and potential conflicts of interest, as well as the expectation of employees to factor in the Ethics & Integrity Principles in their daily work and decision-making. In addition, employees are trained on the topics of donations and sponsorships, as well as the requirements for dealing with intermediaries and lobbyists. All compliance training programs are part of and governed by our comprehensive Compliance Management System and are mandatory for those employees identified as being in a respective training target group.
The online training module in business ethics, which is rolled out biannually is aimed at all employees (including full-time and part-time employees) of the OMV Group, while participants in classroom training courses are selected according to risk-specific criteria, such as employees working in the Sales or Procurement departments. The training we provide on antitrust law focuses on the rules for dealing with competitors, customers, and suppliers. Participants in online and face-to-face training sessions are selected and invited to attend a regular training cycle according to risk-specific criteria (e.g., budget responsibility, decision-making authority regarding third parties, and exposed functions, like procurement and sales).
The employees who are being assigned a compliance training (i.e., training target groups) are defined at the beginning of the training cycle based on the existing organization and the level of their risk exposure, and include members of the Executive Board, Senior Vice Presidents, Vice Presidents, and department heads. Furthermore, target groups also comprise all employees who report directly to members of the above-mentioned management functions. In addition, all employees from the Procurement department are required to participate in mandatory business ethics training. Organizational and personnel changes that occur during a training cycle are taken into account on a rolling basis. In 2024, Compliance consistently further embedded the Ethics & Integrity Policy within the Group through additional training activities. Bespoke in-person workshops and training sessions were held with leadership teams and staff at 14 local branch offices to present to them the Ethics & Integrity principles. Compliance also engaged with local staff during meetings on compliance-related matters and priorities. In the future, OMV will integrate OMV’s expectations of Ethics & Integrity standards into ongoing key strategic supplier meetings.
Consulting
All employees of OMV have the opportunity to receive advice on compliance topics. Consultations complement the training sessions. Training raises awareness among employees so that they are in a position to identify potential risks and seek further advice. The task of consulting is to assess compliance-critical situations and to offer legally compliant solutions. For advice, employees can either contact the local compliance officers on site or the staff in the Compliance department at OMV headquarters directly.
Integration in Business Processes
Another preventive measure is the implementation of compliance checks in business processes. The design and degree of automation of these compliance checks vary depending on the compliance area. For example, in the area of trade sanctions, the fully automated screening against sanctions lists of all data contained in the master data systems is carried out on a daily basis. In certain countries where OMV operates, an automated integrity check of business partners is carried out. In other areas, the compliance check is carried out by explicitly involving the Compliance Organization due to process requirements defined in the Code of Business Ethics. Examples of this are checks and approvals of gifts, invitations, and sponsorship and donation activities, the performance of background investigations before engaging sensitive business partners (e.g., intermediaries), and new country entry checks. In addition to the processes stipulated in the Code of Business Ethics, the Compliance Organization is brought in on an ad hoc basis in cases such as the development of new business strategies, business models, or the implementation of (major) projects. This means projects benefit from a compliance check at an early stage.
Raising Awareness
It is of strategic importance for OMV to make sure that every single employee is fully aware of OMV’s ethical values and principles and the underlying policies. Training is an essential element in informing employees about our rules and policies on business ethics, anti-corruption and bribery and raising awareness of ethical issues. In addition, there is a dedicated Compliance section on the intranet where OMV employees can find detailed information, guidance, and policies related to all compliance areas and in particular referring to business ethics and anti-corruption matters. Moreover, compliance-related topics such as whistleblowing and whistleblower protection, speaking up, and business ethics-related topics are recurrently the subject of internal communication measures published on the intranet. For more details, refer to Metrics.
Furthermore, OMV has launched a compliance application that employees can use on their cell phones, providing easy access to resources, policies, and related tools for all compliance-related matters. Employees can submit inquiries on all ethics topics, for instance gifts, invitations, or conflicts of interest, have their sponsorships or donations checked and registered, have new business partners checked against trade sanction and embargo lists, learn how to deal with inside information and file for trading approval, submit inquiries with regard to antitrust matters and obtain guidance, retrieve useful guidance on all ethics topics, and submit reports on ethical misconduct via the secure Integrity Platform messaging service.
Borealis
At Borealis, all new employees must complete a mandatory 30-minute e-learning course on the company’s values and ethics. Tailored classroom or virtual training sessions on ethics and compliance are provided by the Borealis Ethics & Compliance function or local Ethics Ambassadors. Additionally, tailored training sessions are offered to employees exposed to specific ethical risks, such as corruption and bribery, competition law, data privacy regulations, and issuer compliance related to the misuse of inside information. Functions within Borealis that are most at risk in respect of corruption and bribery are identified by the line manager and include Procurement, Sales, Customer Service, Logistics Sourcing, the Customs team, the Legal team, the Location Leaders, the Dispatch Leaders, the Treasury team, the Hydrocarbons Risk Officer, Group Tax, and the Executive and Senior Management. For these employees, Borealis has developed a mandatory anti-bribery and anti-corruption e-learning course. This course offers an overview of the global anti-corruption landscape, emphasizing key aspects of international anti-bribery laws. Through interactive exercises and real-world scenarios, learners gain insights into best practices for combating bribery and maintaining integrity in international business. For more details, please see the Borealis Group Annual Report 2024 – Group Management Report – Non-financial Statement.
All Borealis employees are responsible for adhering to the Borealis Ethics Policy and the Group’s anti-bribery and anti-corruption guidelines, which outline the fundamental elements and framework of Borealis’ compliance rules in these areas. Business partners that violate anti-bribery or anti-corruption laws can expose Borealis to reputational damage, fines, and penalties. Therefore, Borealis investigates potential infringements in the same manner as ethics cases. This process involves whistleblowing or reporting suspected violations, case intake, investigation, and, where necessary, disciplinary action and remediation. Investigators handling corruption or bribery reports are part of the Ethics & Compliance department and are independent of the management chain involved in the matter. To prevent and mitigate conflicts of interest, the process outlined in the Borealis Ethics Policy ensures that investigators’ interests do not interfere with their duty to act in Borealis’ best interests.
The Ethics Policy guides Borealis employees in complying with anti-corruption and anti-bribery laws. Additionally, the annual mandatory general ethics training for all employees includes a section on preventing corruption. This mandatory e-learning for all employees raises awareness of bribery and corruption within Borealis, highlighting Borealis’ risks, including loss of stakeholder trust, reputational damage, fines, legal claims, etc. For more details, please see the Borealis Group Annual Report 2024 – Group Management Report – Non-financial Statement.