Corporate governance
Compliance
MTU sets great store by compliance and integrity. They form the foundation for our business activities. A compliance management system and a corporate culture based on ethical principles provide orientation in day-to-day business and create trust in the collaboration with our stakeholders.
MTU’s long-term success is founded on compliance with laws, regulations, and internal guidelines. The company condemns corruption of any kind as well as all other forms of white-collar crime. A Group-wide framework of compliance rules obliges employees and management to act with responsibility and integrity. These obligations include adhering to statutory requirements and internal regulations. The overarching MTU Principles help the company to act consistently, reliably, and with integrity. Other regulations, such as the MTU standard on donations, sponsorship, and customer events, contain detailed requirements and also serve to prevent corruption.
Our commitments in the area of compliance
We have committed to the principles of the UN Global Compact (UNGC), one of which is preventing corruption within our company → Principle 10 of the UNGC. In the interests of maintaining sustainable corporate leadership, we take our lead from the German Corporate Governance Code, whose requirements we comply with fully (MTU’s Declaration of Conformity for 2023), and from international compliance standards, such as the Good Practice Guidance on Internal Controls, Ethics, and Compliance issued by the Organization for Economic Cooperation and Development (OECD). Our commitment to fighting corruption extends beyond the company as well; we are also a member of the TRACE International anti-corruption initiative. Through the German Aerospace Industries Association (BDLI), we are represented in the Aerospace and Defense Industries Association of Europe (ASD), and we are a signatory to their standards against corruption and bribery and in support of equal and fair competition.
MTU’s compliance system and its principles
MTU’s compliance system is based on three pillars: prevention, recognition, and response. Instruments and actions have been implemented for each of these pillars. Taking an integrated approach ensures, for instance, that insights from processing and resolving cases of suspected corruption (respond) also flow into prevention efforts. The focus of our activities is on prevention.
Code of Conduct for clear standards and rules
Integrity and responsible conduct are core values of our corporate culture and are embedded in the MTU Code of Conduct, which is binding for all employees, managers, and members of the Executive Board. The Code of Conduct addresses key compliance issues such as preventing corruption or dealing with conflicts of interest. It also defines clear standards for dealing with stakeholders such as customers, suppliers, authorities, and partners.
The MTU Code of Conduct
→ MTU’s Code of Conduct in multiple languages
All employees must be familiar with and comply with the legal provisions and company regulations relevant to their work. Managers have a particular responsibility to uphold these requirements and regulations and to act as role models.
A separate Code of Conduct for MTU’s suppliers
We also expect our business partners to fully comply with all applicable laws. A separate Code of Conduct applies for suppliers, which we agree on with our suppliers. → Code of Code of Conduct for Suppliers
Integrity in day-to-day business
As the final decision-making authority, the CEO holds responsibility for the company’s business ethics and anti-corruption policy. The core functions responsible for ensuring ethical and correct conduct are a Group-wide Compliance Board and a Compliance Officer. The Compliance Officer is responsible primarily for the further development of MTU’s compliance system with regard to the prevention of corruption. He or she works in close coordination with the Compliance Board. The Compliance Board holds regular meetings as well as meetings at the request of the Compliance Officer. The Compliance Officer provides quarterly updates to the full Executive Board and the Supervisory Board’s Audit Committee, which for its part informs the plenary meetings of the Supervisory Board. The Supervisory Board’s Audit Committee oversees the Executive Board’s compliance activities. In addition, the Compliance Officer has a regular direct reporting line to the CEO.
MTU’s Compliance organization
The core functions responsible for ensuring ethical and correct conduct at the company are a Compliance Board and a Compliance Officer.
The managing directors of the sites must ensure that all compliance-relevant provisions and regulations are adhered to within their areas of responsibility, and they must see to it that compliance is appropriately embedded in the local organization.
Effective compliance
We do not tolerate any kind of unlawful conduct. We respond to reports immediately and appropriately, and take disciplinary action in the event of detected violations. In such cases, MTU applies a principle of zero tolerance, which includes labor law measures as well as civil or criminal proceedings. There were no confirmed cases of corruption in the reporting year. As in previous years, no legal proceedings due to anti-competitive behavior or violations concerning antitrust or monopoly practices were pending in the reporting period. No significant fines or non-monetary sanctions were levied against MTU for breaches of applicable laws.
Risk-based approach
We have put various control mechanisms in place to ensure compliance throughout the company and to minimize risk. All fully consolidated sites are reviewed for corruption risks and regularly queried on compliance-relevant issues. The 2023 query identified no significant corruption risk for any site. For compliance and governance risks, see the 2023 Annual Report, p. 85 The Compliance Officer additionally inspects all sales support consulting contracts for possible corruption risks before they are placed or renewed, and found no indications of corruption in 2023. Potential sales consultants are also subject to an assessment by an independent provider of due diligence services. The contracts with the sales consultants require them to stipulate that the ASD anti-corruption standards are binding. The Corporate Audit unit reviews the effectiveness, efficiency, and appropriateness of MTU’s internal control system as part of the audits it conducts.
In addition, our dialogue with the political sphere is governed by certain rules. More about our exchange with policymakers in the chapter Stakeholder dialogue
Safe, secure, and confidential: MTU’s global whistleblower system
Our global whistleblower system allows employees and external stakeholders to report suspected instances of unlawful conduct to the Compliance Officer. Tips can also be submitted anonymously via the web-based iTrust reporting system, which is available in several languages. → iTrust The Compliance Officer reviews all submitted reports. If any are found to be credible, the Compliance Officer initiates the investigative steps necessary. The ways we have established for reporting non-compliance are communicated to employees through internal media channels and explained to external stakeholders in writing or on our website.
We treat the identity of the whistleblower and the information they impart as confidential—even if the suspicion turns out to be unfounded. This is ensured by means of an internal regulation. We wish to make it clear that whistleblowers acting in good faith shall not be penalized or disadvantaged by the company in any way—this is also ensured by means of an internal regulation. In addition, employees can confide in their superiors, the legal department or HR. The reporting channels and procedures are described in detail on our website.
In 2023, various tips regarding suspected misconduct were reported to the Compliance Officer via the reporting channels offered. However, in applicable cases—i.e. where misconduct could be proven—a qualitative examination of each violation revealed that none was severe enough to be material to the company.
To raise awareness and inform: Our compliance training courses
To ensure a functional compliance culture, MTU puts a high priority on investigating possible forms of misconduct as well as communicating and raising awareness of compliance issues among employees. When new employees are taken on, we inform them about our Code of Conduct and require them to sign a declaration to uphold it. We regularly train our employees and managers across all hierarchies on the Code of Conduct and on specific compliance-relevant topics, such as antitrust law.
One way MTU chooses to raise awareness is with a training document on the Code of Conduct for all employees. The training courses for teaching the content of the Code of Conduct were continued in 2023; a total of 2,523 employees at the fully consolidated sites took part in them during the reporting period. These courses have now been added to the regular training portfolio and employees can participate on a voluntary basis.
In addition, we continuously provide information about and raise awareness of individual compliance issues, such as data protection, in a way suitable for each target group. The Compliance Officer and the legal department can also advise employees and managers as needed.
employees were trained on the Code of Conduct alone in 2023. Communication, education, and raising awareness form the basis of our compliance culture.
Customs law and export control
Another key compliance topic for us is observance of international trade law, also known as trade compliance. Customs and export control laws govern which products, services and technical data we are permitted to sell or provide and to where, to whom and for what purpose. This regulatory framework is binding for all the company’s divisions, affiliates, and employees worldwide. The need to comply with the applicable regulations is also specified in the MTU Code of Conduct. → Export control law is outlined in the non-financial statement in the 2023 Annual Report (p. 112ff.)
MTU has its own organizational unit dedicated to ensuring effective trade compliance: the international trade compliance department provides the internal framework for implementing uniform process standards throughout the company. These include a review of existing approval requirements, e.g. before shipping documents, software, or components, as well as controls relating to bidding procedures vis-à-vis sensitive countries. The international trade compliance department has cross-divisional authority to issue certain directions, which extends to the right to stop deliveries. In addition, the department’s head reports directly to the person in charge of exports at MTU (CEO).
Mandatory training for all employees affected by export control regulations continued during the reporting year with an established concept. Called the Internal Compliance Program, this concept was adapted in line with the legal framework applicable for the reporting year.
Responsible handling of data
MTU takes care to provide comprehensive data protection in its business activities. The protection of personal data in accordance with applicable statutory regulations is covered in our Code of Conduct and internal guidelines on data protection and is binding.
We have established a management system for data protection and expect all employees to comply with its regulations, a requirement that is also set out in the Code of Conduct. The Group’s data protection guidelines ensure a uniform level with a standard that applies worldwide. We have appointed data protection officers or coordinators in all our Group companies, and they are informed of all relevant regulations. The aim is to achieve uniform data protection and data security standards for the handling of personal data throughout the Group that meet the requirements both of the EU General Data Protection Regulation (GDPR) and of the national legislation applicable at each site, such as the German Federal Data Protection Act (BDSG). The Executive Board is briefed on data protection once a month. Regular audits and checks are carried out on workflows that process personal information, especially in the course of processing orders. In addition, data protection is part of our ongoing information and training offers for employees, targeted to the needs of different groups.
Once again for 2023, we have no reportable violations.
Protecting IT systems
Given that all of MTU’s key business processes have a highly advanced level of digitalization, ensuring the high availability and integrity of IT systems is a prerequisite for seamless business operations. MTU generates, maintains, and processes large amounts of data with special confidentiality requirements—especially for but not limited to military business.
MTU has an IT security management system based on ISO 27001 and implements appropriate protective measures on a technical and organizational level to ensure its IT systems are stable and secure. The aim is to minimize damage caused by cyberattacks on the company and to safeguard corporate data and expertise. In addition, it is important to protect data and systems when collaborating and networking with business partners.
Global and local regulations lay out binding rules for all employees and managers governing the confidentiality of operational and business secrets, the protection of electronic data, and how to work with IT systems and data media.
A dedicated central team is responsible for IT security, serving as point of contact within the Group. IT security officers in the centers and in legally independent associations act as local contacts for IT issues and implement IT security guidelines and requirements on-site. The MTU Executive Board receives regular reports from the IT security officers regarding the company’s external situation, current developments, and current and future defensive measures.
We invest heavily and continuously in technological and organizational actions to ensure the availability, confidentiality, and integrity of the IT systems that we use and operate. We continuously reassess the risks associated with IT. The two risks deemed most critical are, first, system failures due to technical error and, second, cyberattacks that result in the non-availability of systems, unauthorized publication of information, or the permanent loss of data. MTU’s IT security management covers technical and organizational actions to limit the negative effects of such occurrences for the company. During the reporting period, there were no cyberattacks and no failures that resulted in significant or severe consequences for MTU.
