Corporate governance with clear rules
We act with integrity in our working and business relationships—in other words, in accordance with applicable law and our internal body of rules and regulations. A key benchmark for our behavior in the company, toward our business partners and in society is a Group-wide Code of Conduct that provides all of us with binding guidelines.
Compliance is essential for the long-term success of our company and for collaboration with our stakeholders. MTU conducts its business as a fair employer, business partner and customer, and advocates transparent competition where all parties are on an equal footing. Integrity and responsible conduct are core values of our corporate culture and are embedded in the MTU Code of Conduct, which is binding for all employees, managers and members of the Executive Board. Adherence to ethical and legal conduct is a key part of MTU’s corporate responsibility in society.
MTU condemns corruption of any kind as well as all other forms of white-collar crime. We do not tolerate immoral practices such as bribing or accepting advantages in business transactions. This is why preventing bribery and corruption are stated goals of our compliance activities.
MTU has installed a compliance system that rests on three pillars: prevent, detect, respond. Instruments and actions have been implemented for each of these pillars. Taking an integrated approach ensures, for instance, that insights from processing and resolving cases of suspected corruption (respond) also flow into prevention efforts. The focus of activities is on prevention.
MTU’s compliance system
We act according to clear rules with orientation from standards
MTU’s Code of Conduct addresses central compliance topics such as preventing corruption and dealing with conflicts of interest. The Code defines clear standards for working with stakeholders such as customers, suppliers, authorities and partners. As such, it is an important tool for implementing responsible business practices.
Key topics of the Code of Conduct
All employees must be familiar with and comply with the legal provisions and company regulations relevant to their work. Managers have a particular responsibility to uphold these requirements and regulations and to act as role models. We also expect our business partners to fully comply with all applicable laws. A separate Code of Conduct covering compliance topics applies for suppliers. → Code of Conduct for Suppliers The MTU Principles (“We shape the future of aviation”) are an integral part of our corporate culture; they help us act in a consistent and reliable manner.
External standards and memberships
As a signatory to the UN Global Compact (UNGC), one cause we have committed ourselves to is preventing corruption within our company → Principle 10 of the UNGC. In the interests of maintaining sustainable corporate leadership, we take our lead from the German Corporate Governance Code, whose requirements we comply with fully, and from international compliance standards, such as the Good Practice Guidance on Internal Controls, Ethics, and Compliance issued by the Organization for Economic Cooperation and Development (OECD). Our commitment to fighting corruption extends beyond the company as well; we are also a member of the TRACE International anti-corruption initiative. Through the German Aerospace Industries Association (BDLI), we are represented in the Aerospace and Defense Industries Association of Europe (ASD), and we are a signatory to ASD’s standards against corruption and bribery and in support of equal and fair competition.
As the final decision-making authority, the CEO holds responsibility for the company’s business ethics and anti-corruption policy. The core functions responsible for ensuring ethical and correct conduct are a Compliance Board and a Compliance Officer. Both the Compliance Board, whose members are top managers from various departments, and the Compliance Officer hold Group-wide responsibility. The Compliance Officer’s duties include conducting preventive measures, investigating incidents of white-collar crime, and collaborating closely with the Compliance Board in further developing the compliance system. The Compliance Board holds regular and ad hoc meetings, the latter at the request of the Compliance Officer. The Compliance Officer provides quarterly updates to the full Executive Board and the Supervisory Board’s Audit Committee, which for its part informs the plenary meetings of the Supervisory Board. The Supervisory Board’s Audit Committee oversees the Executive Board’s compliance activities. In addition, the Compliance Officer has a regular direct reporting line to the CEO.
The managing directors of the sites must ensure that all compliance-relevant provisions and regulations are adhered to within their areas of responsibility, and they must see to it that compliance is appropriately embedded in the local organization.
MTU’s compliance organization
Zero-tolerance approach to violations
We want to prevent compliance violations and ensure that business decisions are made with integrity. We do not tolerate any kind of conduct that violates laws or regulations. We respond to reports immediately and appropriately, and take disciplinary action in the event of detected violations. In such cases, MTU applies a principle of zero tolerance, which includes labor law measures as well as civil or criminal proceedings. As in previous years, we did not confirm any suspected instances of corruption in the reporting year. We also did not receive any formal complaints regarding corruption. No significant fines were levied against MTU for breaches of applicable laws, and it faced no legal action stemming from corruption or due to antitrust or anticompetitive practices.
Open-access reporting system for all stakeholders
We have set up a global whistleblower system that allows employees and external stakeholders to report instances of unlawful conduct to the Compliance Officer. Tips can also be submitted anonymously via the web-based iTrust reporting system, which is available in several languages. → iTrust The Compliance Officer reviews all submitted reports. If any are found to be credible, the Compliance Officer initiates the investigative steps necessary. The ways we have established for reporting non-compliance are communicated to employees through internal media channels and explained to external stakeholders in writing or on our website.
We treat the identity of the whistleblower and the information they impart as confidential—even if the suspicion turns out to be unfounded. This is ensured by means of an internal regulation. We wish to make it clear that whistleblowers acting in good faith shall not be penalized or disadvantaged by the company in any way—as ensured by means of an internal regulation. In addition, employees can confide in their superiors, the legal department or HR.
cases of corruption at MTU. In 2021, there were no confirmed cases of corruption nor any suspected cases.
Limiting risks of non-compliance
We have put various control mechanisms in place to ensure compliance throughout the company and to minimize risk. All fully consolidated sites are regularly surveyed about compliance-relevant incidents, and 2021 was no exception. No significant incidents were reported here during that year. The Compliance Officer additionally inspects all sales support consulting contracts for possible corruption risks before they are placed or renewed, 2021 included, and found no indications of corruption. Potential consultants are also subject to an assessment by an independent provider of due diligence services. The contracts require the sales consultants to stipulate that the ASD anti-corruption standards are binding. The corporate audit department conducts regular audits in which it checks business processes and procedures for conformity to legal requirements and adherence to internal guidelines.
In addition, our dialogue with the political sphere is governed by certain rules. More about our exchange with policymakers in the chapter Stakeholder dialogue
Our focus is on prevention
To ensure a functional compliance culture, MTU puts a high priority on investigating possible forms of misconduct as well as communicating and raising awareness of compliance issues among employees. When new employees are taken on, we inform them about our Code of Conduct and require them to sign a declaration to uphold it. We also present and discuss the Code of Conduct at the introductory event for new employees. We regularly train our employees and managers across all hierarchies on the Code of Conduct and on specific compliance-relevant topics such as antitrust law. This applies in particular to all new hires.
Training concept for compliance topics
In the reporting year, a new training document for the Code of Conduct was drafted to raise awareness of compliance topics among all employees. In addition, managers and employees who hold special functions, for instance in sales, attend regular mandatory anti-corruption training. In the reporting year, such corruption prevention training events were held successively for relevant employees at MTU sites in North America. Corruption prevention training at sites in Germany mainly took the form of the updated training on the Code of Conduct. In this way, we trained almost 4,100 employees across all MTU sites on compliance topics in the reporting year. In addition, we continuously provide information about and raise awareness of individual compliance issues, such as data protection, in a way suitable for each target group. The Compliance Officer and the legal department can also advise employees and managers as needed.
employees from various areas completed training courses on compliance topics in 2021. The focus was on our new online training course on the revised Code of Conduct.
Responsible international trade
Another key compliance topic for us is observance of international trade law, also known as trade compliance. Customs and export control laws govern which products, services and technical data we are permitted to sell or provide and to where, to whom and for what purpose. This regulatory framework is binding for all the company’s divisions, affiliates and employees worldwide. The need to comply with the applicable regulations is also specified in the MTU Code of Conduct. → Export control law is outlined in the non-financial statement in the 2020 Annual Report (p. 105)
MTU has its own organizational unit dedicated to ensuring effective trade compliance: the international trade compliance department provides the internal framework for implementing uniform process standards throughout the company. These include a review of existing approval requirements, e.g. before shipping documents, software or components, as well as controls relating to bidding procedures vis-à-vis sensitive countries. The international trade compliance department has cross-divisional authority to issue certain directions, which extends to the right to stop deliveries. In addition, the department’s head reports directly to the Chief Operating Officer in the latter’s capacity as the person in charge of exports at MTU Aero Engines AG.
Mandatory training for all employees affected by export control regulations continued with a new concept during the reporting year. This was developed according to the Internal Compliance Program.
In our business activities, we take care to provide comprehensive data protection.Given the increasing levels of digitalization in society and the world of work, such protection is of considerable importance. The protection of personal data in accordance with applicable legal provisions is laid out in the MTU Code of Conduct and is binding. When using digital applications, for instance to gather data to combat the coronavirus pandemic, we were able to fully ensure that our employees’ personal data was protected.
We have established a management system for data protection and expect all employees to comply with its regulations, a requirement that is also set out in the Code of Conduct. The Group’s data protection guidelines ensure a uniform level with a standard that applies across MTU worldwide. We have appointed data protection officers or coordinators in all of our Group companies, who are instructed in all relevant regulations. The aim is to achieve uniform data protection and data security standards for the handling of personal data throughout the Group that meet the requirements both of the EU General Data Protection Regulation (GDPR) and of the national legislation applicable at each location, such as the German Federal Data Protection Act (BDSG). The Executive Board is briefed on data protection once a month. Regular audits and checks are carried out on workflows that process personal information, especially in the course of processing orders.
We offer a range of information and training events aimed at specific target groups so as to continuously update our employees’ knowledge and awareness of aspects relating to data protection.
In 2021 as in previous years, we had no reportable violations regarding data protection.
Given that all of MTU’s key business processes have a highly advanced level of digitalization, ensuring the high availability and integrity of IT systems is a prerequisite for seamless business operations. MTU generates, maintains and processes large amounts of data with special confidentiality requirements—especially for but not limited to military business.
MTU has an IT security management system based on ISO 27001 in place and implements appropriate protective measures on a technical and organizational level to ensure its IT systems are stable and secure. The aim is to minimize damage caused by cyberattacks on the company and to safeguard corporate data and expertise. In addition, it is important to protect data and systems when collaborating and networking with business partners.
Global and local regulations lay out binding rules for all employees and managers governing the confidentiality of operational and business secrets, the protection of electronic data and how to work with IT systems and data media.
A dedicated central team is responsible for IT security, serving as point of contact within the Group. IT security officers in the centers and in legally independent associations act as local contacts for IT issues and implement IT security guidelines and requirements on-site. MTU management receives regular reports from the IT security officers regarding the company’s external situation, current developments, and current and future defensive measures.
We invest heavily and continuously in technological and organizational actions to ensure the availability, confidentiality and integrity of the IT systems that we use and operate. We continuously reassess the risks associated with IT. The two risks deemed most critical are system failures due to technical error, and cyberattacks that result in the non-availability of systems, unauthorized publication of information or the permanent loss of data. Our IT security management covers technical and organizational actions to limit the negative effects of such occurrences for the company. During the reporting period, there were no cyberattacks and no failures that resulted in significant or severe consequences for MTU.
By practicing good corporate governance, we can help achieve the following Sustainable Development Goal: