GOVERNANCE WITH CLEAR RULES
We act with integrity in our working and business relationships—in other words, in accordance with applicable law and our internal body of rules and regulations. A key benchmark for our behavior in the company, toward our business partners and in society is a Group-wide Code of Conduct that provides all of us with binding guidelines.
Compliance is essential for us and for the collaboration with our stakeholders, and serves as the foundation for the long-term success of our company. MTU conducts its business as a fair employer, business partner and customer, and advocates transparent competition where all parties are on an equal footing. Integrity and responsible conduct are core values of our corporate culture and are embedded in the MTU Code of Conduct, which is binding for all employees, managers and members of the Executive Board.
MTU condemns corruption of any kind as well as all other forms of white-collar crime. We do not tolerate immoral practices such as bribing or accepting advantages in business transactions. This is why preventing bribery and corruption are stated goals of our compliance activities.
MTU’s compliance system is based on three pillars: prevention, recognition and response. Instruments and actions have been implemented for each of these pillars. Taking an integrated approach ensures, for instance, that insights from processing and resolving cases of suspected corruption (respond) also flow into prevention efforts. The focus of our activities is on prevention.
MTU’s compliance system
Clear rules for integrity in everyday work and business life
MTU’s Code of Conduct addresses central compliance topics such as preventing corruption and dealing with conflicts of interest. The Code defines clear standards for working with stakeholders such as customers, suppliers, authorities and partners. As such, it is an important tool for implementing responsible business practices.
MTU’s Code of Conduct
All employees must be familiar with and comply with the legal provisions and company regulations relevant to their work. Managers have a particular responsibility to uphold these requirements and regulations and to act as role models. We also expect our business partners to fully comply with all applicable laws. A separate Code of Conduct covering compliance topics applies for suppliers. → Code of Conduct for Suppliers The MTU Principles (“We shape the future of aviation”) are an integral part of our corporate culture; they help us act in a consistent and reliable manner.
External standards and memberships
We have committed to the principles of the UN Global Compact (UNGC), one of which is preventing corruption within our company → Principle 10 of the UNGC. In the interests of maintaining sustainable corporate leadership, we take our lead from the German Corporate Governance Code, whose requirements we comply with fully (MTU’s Declaration of Conformity for 2022), and from international compliance standards, such as the Good Practice Guidance on Internal Controls, Ethics, and Compliance issued by the Organization for Economic Cooperation and Development (OECD). Our commitment to fighting corruption extends beyond the company as well; we are also a member of the TRACE International anti-corruption initiative. Through the German Aerospace Industries Association (BDLI), we are represented in the Aerospace and Defense Industries Association of Europe (ASD), and we are a signatory to their standards against corruption and bribery and in support of equal and fair competition.
Compliance is teamwork
As the final decision-making authority, the CEO holds responsibility for the company’s business ethics and anti-corruption policy. The core functions responsible for ensuring ethical and correct conduct are a Compliance Board and a Compliance Officer. Both the Compliance Board, whose members are top managers from various departments, and the Compliance Officer hold Group-wide responsibility. The Compliance Officer’s duties include conducting preventive measures, investigating incidents of white-collar crime, and collaborating closely with the Compliance Board in further developing the compliance system. The Compliance Board holds regular and ad hoc meetings, the latter at the request of the Compliance Officer. The Compliance Officer provides quarterly updates to the Supervisory Board’s Audit Committee, which for its part informs the plenary meetings of the Supervisory Board. The Supervisory Board’s Audit Committee oversees the Executive Board’s compliance activities. In addition, the Compliance Officer has a regular direct reporting line to the CEO.
The managing directors of the sites must ensure that all compliance-relevant provisions and regulations are adhered to within their areas of responsibility, and they must see to it that compliance is appropriately embedded in the local organization.
MTU’s compliance organization
Safety brooks no compromise
We want to prevent compliance violations and ensure that business decisions are made with integrity. We do not tolerate any kind of conduct that violates laws or regulations. We respond to reports immediately and appropriately, and take disciplinary action in the event of detected violations. In such cases, MTU applies a principle of zero tolerance, which includes labor law measures as well as civil or criminal proceedings. There were no confirmed cases of corruption in the reporting year. No significant fines or non-monetary sanctions were levied against MTU for breaches of applicable laws, and it faced no legal action stemming from corruption or due to antitrust or anticompetitive practices.
Global whistleblower system
Our global whistleblower system allows employees and external stakeholders to report suspected instances of unlawful conduct to the Compliance Officer. Tips can also be submitted anonymously via the web-based iTrust reporting system, which is available in several languages. → iTrust The Compliance Officer reviews all submitted reports. If any are found to be credible, the Compliance Officer initiates the investigative steps necessary. The ways we have established for reporting non-compliance are communicated to employees through internal media channels and explained to external stakeholders in writing or on our website.
We treat the identity of the whistleblower and the information they impart as confidential—even if the suspicion turns out to be unfounded. This is ensured by means of an internal regulation. We wish to make it clear that whistleblowers acting in good faith shall not be penalized or disadvantaged by the company in any way—which is also ensured by means of an internal regulation. In addition, employees can confide in their superiors, the legal department or HR.
In the 2022 financial year, various tips regarding suspected misconduct were reported to the Compliance Officer via the reporting channels offered. However, in applicable cases—i.e. where misconduct could be proven—none of the tips related to violations severe enough to be significant for the company.
We have put various control mechanisms in place to ensure compliance throughout the company and to minimize risk. All fully consolidated sites are reviewed for corruption risks and regularly queried on compliance-relevant issues. The 2022 query revealed no significant incidents reported, and no significant corruption risk has been identified for any site. For compliance and governance risks, see Annual Report 2022, p. 85 The Compliance Officer additionally inspects all sales support consulting contracts for possible corruption risks before they are placed or renewed, and found no indications of corruption in 2022. Potential sales consultants are also subject to an assessment by an independent provider of due diligence services. The contracts require the sales consultants to stipulate that the ASD anti-corruption standards are binding. The corporate audit department conducts regular audits in which it checks business processes and procedures for conformity to legal requirements and adherence to internal guidelines.
In addition, our dialogue with the political sphere is governed by certain rules. More about our exchange with policymakers in the chapter Stakeholder dialogue
Activities focus on prevention
To ensure a functional compliance culture, MTU puts a high priority on investigating possible forms of misconduct as well as communicating and raising awareness of compliance issues among employees. When new employees are taken on, we inform them about our Code of Conduct and require them to sign a declaration to uphold it. We regularly train our employees and managers across all hierarchies on the Code of Conduct and on specific compliance-relevant topics, such as antitrust law.
Training concept for compliance topics
One way MTU chose to raise awareness of compliance topics among all its employees was with a training document for the Code of Conduct. We continued the training sessions in the reporting year. In 2022, a total of 3,131 employees had taken part. In addition, managers and employees who hold special functions, for instance in sales, attend regular mandatory anti-corruption training. In the reporting year, such corruption prevention training sessions were held regularly for the relevant employees in maintenance sales and at MTU Aero Engines Polska. In addition, we continuously provide information about and raise awareness of individual compliance issues, such as data protection, in a way suitable for each target group. The Compliance Officer and the legal department can also advise employees and managers as needed.
employees were trained on the Code of Conduct in 2022 alone.
Responsible international trade
Another key compliance topic for us is observance of international trade law, also known as trade compliance. Customs and export control laws govern which products, services and technical data we are permitted to sell or provide and to where, to whom and for what purpose. This regulatory framework is binding for all the company’s divisions, affiliates and employees worldwide. The need to comply with the applicable regulations is also specified in the MTU Code of Conduct. → Statutory export control regulations are outlined in the non-financial statement in the 2022 Annual Report (p. 112ff)
MTU has its own organizational unit dedicated to ensuring effective trade compliance: the international trade compliance department provides the internal framework for implementing uniform process standards throughout the company. These include a review of existing approval requirements, e.g. before shipping documents, software or components, as well as controls relating to bidding procedures vis-à-vis sensitive countries. The international trade compliance department has cross-divisional authority to issue certain directions, which extends to the right to stop deliveries. In addition, the department’s head reports directly to the person in charge of exports at MTU (Executive Board).
Mandatory training for all employees affected by export control regulations continued during the reporting year with a new concept that was launched in 2020. Called the Internal Compliance Program, this concept was adapted in line with the legal framework applicable for the reporting year.
In times of advancing digitalization, we seek to ensure comprehensive data protection. The protection of personal data in accordance with applicable legal provisions is laid out in the MTU Code of Conduct and is binding. When using digital applications, we were able to fully ensure that our employees’ personal data was protected.
We have established a management system for data protection and expect all employees to comply with its regulations, a requirement that is also set out in the Code of Conduct. The Group’s data protection guidelines ensure a uniform level with a standard that applies worldwide. We have appointed data protection officers or coordinators in all our Group companies, and they are instructed in all relevant regulations. The aim is to achieve uniform data protection and data security standards for the handling of personal data throughout the Group that meet the requirements both of the EU General Data Protection Regulation (GDPR) and of the national legislation applicable at each site, such as the German Federal Data Protection Act (BDSG). The Executive Board is briefed on data protection once a month. Regular audits and checks are carried out on workflows that process personal information, especially in the course of processing orders.
Data protection is part of our ongoing information and training offers for employees, targeted to the needs of different groups.
Once again in 2022, we had no reportable breaches related to customer data protection.
Given that all of MTU’s key business processes have a highly advanced level of digitalization, ensuring the high availability and integrity of IT systems is a prerequisite for seamless business operations. MTU generates, maintains and processes large amounts of data with special confidentiality requirements—especially for but not limited to military business.
MTU has an IT security management system oriented at ISO 27001 and implements appropriate protective measures on a technical and organizational level to ensure its IT systems are stable and secure. The aim is to minimize damage caused by cyberattacks on the company and to safeguard corporate data and expertise. In addition, it is important to protect data and systems when collaborating and networking with business partners.
Global and local regulations lay out binding rules for all employees and managers governing the confidentiality of operational and business secrets, the protection of electronic data and how to work with IT systems and data media.
A dedicated central team is responsible for IT security, serving as point of contact within the Group. IT security officers in the centers and in legally independent associations act as local contacts for IT issues and implement IT security guidelines and requirements on-site. MTU management receives regular reports from the IT security officers regarding the company’s external situation, current developments, and current and future defensive measures.
We invest heavily and continuously in technological and organizational actions to ensure the availability, confidentiality and integrity of the IT systems that we use and operate. We continuously reassess the risks associated with IT. The two risks deemed most critical are system failures due to technical error, and cyberattacks that result in the non-availability of systems, unauthorized publication of information or the permanent loss of data. MTU’s IT security management covers technical and organizational actions to limit the negative effects of such occurrences for the company. During the reporting period, there were no cyberattacks and no failures that resulted in significant or severe consequences for MTU.