Compliance Management System
OMV has set up a comprehensive Compliance Management System based on the requirements of IDW PS 980, including policies, audits, and training designed to prevent, detect, monitor, and address allegations or incidents of corruption and bribery. The system aims to anchor OMV’s business ethics policies throughout the organization and to ensure their correct implementation. The design and application of OMV’s Compliance Management System have been externally audited for adequacy and effectiveness. The result of each audit was that OMV’s system is appropriately designed and effectively implemented to prevent, detect, and respond to systematic misconduct in the legal areas of business ethics/anti-corruption, capital market law, competition law, and trade sanctions. The most recent audit was conducted in 2023 by Ernst & Young (EY) in accordance with the Auditing Standard (PS) 980 of the Institute of Public Auditors in Germany (IDW), confirming that OMV operates an ambitious, well-established, and mature compliance program that is appropriately designed for all compliance areas and effectively implemented across the OMV Group.
Addressing Misconduct
Employees are encouraged to come forward with information on misconduct. To this end, the possibility to submit anonymous reports, the protection of the identity of whistleblowers, and the assurance of confidentiality, plus specific whistleblower protection against retaliatory measures, are stipulated in OMV’s internal Whistleblowing Directive. All whistleblowing reports are treated with the strictest confidence, carefully checked in all regards, and further handled by the Whistleblowing Committee, which includes members of senior management and is separate from the chain of management involved in the matter. Information on the Integrity Platform, the underlying processes, and whistleblower protection can be found on the Integrity Platform itself, in a dedicated information section on the intranet, and in the Compliance app.
OMV has established a strict zero-tolerance policy for violations of the rules stipulated in the Code of Business Ethics. Results of compliance investigations are assessed based on this principle. Should an investigation reveal that an employee has actually engaged in misconduct, potential labor law measures will be discussed with management and Human Resources and will depend on the nature and severity of the offence and take into account all circumstances of the individual case. Compliance-related matters are discussed and reported at regular meetings with either the entire Executive Board or with each individual member, regular Audit Committee meetings with the Supervisory Board, and meetings with the Chairman of the Supervisory Board.
Risk Management
Both external and internal risk factors, in particular changes to the regulatory framework and recent developments or incidents, are monitored on an ongoing basis to evaluate their possible impact on OMV’s current risk exposure. This ongoing risk analysis also includes an institutionalized semi-annual risk analysis, which is part of OMV’s Enterprise-Wide Risk Management (EWRM) system. If new risks are identified, OMV undertakes measures to address them. Before we launch activities in a new country, we perform an analysis of business ethics and sanction law issues in that country. The Business Ethics Entry Assessment includes an analysis of the Corruption Perceptions Index assigned by Transparency International to a given country.
Based on the outcome of the assessment, corporate governance in local operations is adapted to assure compliance with OMV’s ethical standards. OMV has implemented a process for screening both potential new and existing business partners using EU and US sanction lists. In addition to these sanction checks, more exhaustive due diligence assessments are conducted prior to engaging with a business partner or during the business relationship as needed. Critically, counterparties in M&A transactions, strategic partnerships, or business partners that have been in the media spotlight in the context of illegal conduct are assessed in greater depth. This type of assessment involves the potential business partner, their direct and indirect shareholders, other investors, and the ultimate beneficiaries of directly or indirectly involved legal entities.
The main red flags are connections to government officials, other individuals and companies referred to in high-attention media reports on political and corruption cases, sanctioned entities, or any other suspected involvement in illegal conduct. In cases where intermediaries, lobbyists, or consultants are engaged, we use a third-party service provider to carry out comprehensive research, including source inquiries. Furthermore, vendor assessments are conducted by the OMV Procurement department.
Training
Business ethics training focuses in particular on anti-bribery and anti-corruption and involves training employees on dealing with invitations, gifts, and potential conflicts of interest, as well as the expectation of employees to factor in the Ethics & Integrity Principles in their daily work and decision-making. In addition, employees are trained on the topics of donations and sponsorships, as well as the requirements for dealing with intermediaries and lobbyists. All compliance training programs are part of and governed by our comprehensive Compliance Management System and are mandatory for those employees identified as being in a respective training target group. For the extent to which training is given to members of the administrative, management, and supervisory bodies, see data tables under G1-4 Incidents of Corruption and Bribery.
The online training module on business ethics, which is rolled out biennially, is aimed at all employees (including full-time and part-time employees) of the OMV Group, while participants in classroom training courses are selected according to risk-specific criteria, such as employees working in the Sales or Procurement departments. The training we provide on antitrust law focuses on the rules for dealing with competitors, customers, and suppliers. Participants in online and face-to-face training sessions are selected and invited to attend a regular training cycle according to risk-specific criteria (e.g., budget responsibility, decision-making authority regarding third parties, and exposed functions, like Procurement and Sales).
Consulting
All employees of OMV have the opportunity to receive advice on compliance topics. Consultations complement the training sessions, which raise awareness among employees so that they are in a position to identify potential risks and seek further advice. The task of consulting is to assess compliance-critical situations and to offer legally compliant solutions. For advice, employees can either contact the local compliance officers on-site or the staff in the Compliance department at OMV headquarters directly.
Integration in Business Processes
Another preventive measure is the implementation of compliance checks in business processes. The design and degree of automation of these compliance checks vary depending on the compliance area. For example, in the area of trade sanctions, the fully automated screening against sanctions lists of all data contained in the master data systems is carried out on a daily basis. In certain countries where OMV operates, an automated integrity check of business partners is carried out. In other areas, the compliance check is carried out by explicitly involving the Compliance organization due to process requirements defined in the Code of Business Ethics. Examples of this are checks and approvals of gifts, invitations, and sponsorship and donation activities, the performance of background investigations before engaging sensitive business partners (e.g., intermediaries), and new country entry checks. In addition to the processes stipulated in the Code of Business Ethics, the Compliance organization is brought in on an ad hoc basis in cases such as the development of new business strategies, business models, or the implementation of (major) projects. This means projects benefit from a compliance check at an early stage.
Raising Awareness
It is of strategic importance for OMV to make sure that every single employee is fully aware of the Company’s ethical values and principles and the underlying policies. Training is an essential element in informing employees about our rules and policies on business ethics, anti-corruption and anti-bribery, and raising awareness of ethical issues. In addition, there is a dedicated Compliance section on the intranet where OMV employees can find detailed information, guidance, and policies related to all compliance areas and in particular referring to business ethics and anti-corruption matters. Moreover, compliance-related topics such as whistleblowing and whistleblower protection, speaking up, and business ethics-related topics are recurrently the subject of internal communication measures published on the intranet. For more details, refer to Metrics.
Furthermore, OMV has launched a Compliance app that employees can use on their cell phones, providing easy access to resources, policies, and related tools for all compliance-related matters. Employees can submit inquiries on all ethics topics, for instance gifts, invitations, or conflicts of interest, have their sponsorships or donations checked and registered, have new business partners checked against trade sanction and embargo lists, learn how to deal with inside information and file for trading approval, submit inquiries with regard to antitrust matters and obtain guidance, retrieve useful guidance on all ethics topics, and submit reports on ethical misconduct via the secure Integrity Platform messaging service.