Compliance

      voestalpine requires its companies and all of its employees to comply with absolutely all applicable laws in all of the countries in which it operates. For voestalpine, however, Compliance means more than just acting legally and in accordance with other external requirements. It is the expression of a culture that is also rooted in ethical and moral principles. The principles of this corporate culture as it relates to the treatment of customers, suppliers, other business partners, and employees are expressly spelled out in the voestalpine Code of Conduct. Likewise, voestalpine requires its suppliers to comply, without limitation, with all applicable laws in the respective country and, in particular, to respect and uphold human rights as fundamental values.

      The Code of Conduct

      The voestalpine Code of Conduct was enshrined in writing in 2009. It is the result of numerous conversations and discussions at the level of the Management Board as well as among the managing directors and department heads of the voestalpine Group. It is based on the Group’s corporate values and provides the basis for ethically and legally sound conduct on the part of all of the Group’s employees. The Code of Conduct is evaluated on an ongoing basis and adapted where necessary in order to take account of growing social requirements and at the same time to further develop voestalpine’s value system in a sustainable manner. Most recently for instance, implementation of the EU Directive on protection for whistleblowers and changes required in connection with supply chain management were anchored within the voestalpine Code of Conduct. The Code of Conduct has been published in more than 20 languages and may be downloaded from the Internet: Compliance

      The voestalpine Code of Conduct covers the following areas:

      Compliance and responsible corporate governance

      • Compliance with laws and other regulations
      • Competition and antitrust law
      • Corruption, bribery, and acceptance of gifts
      • Money laundering
      • Conflicts of interest
      • Prohibition of abuses of insider information
      • Data privacy and protection
      • Trade restrictions and sanctions
      • Conflict minerals
      • Secrecy of confidential information
      • Intellectual property
      • Protection of corporate property and IT usage
      • Corporate communications

      Social responsibility

      • Respect for human rights and working conditions
      • Prohibition of child labor
      • Prohibition of forced and compulsory labor, human trafficking, and modern slavery
      • Collective bargaining and the right to freedom of association
      • Diversity, equal opportunities, and ban on discrimination
      • Remuneration
      • Working hours
      • Local communities and indigenous peoples
      • Security personnel
      • Donations and sponsorships
      • Workplace protections
      • Human Rights in the Supply Chain
      • Environmental protection and climate action
      • Reporting of misconduct

      The Code of Conduct applies to all members of the management boards, the managing directors, and the non-executive employees of all entities in which voestalpine AG has a direct or indirect interest of at least 50% or which it controls in some other way. As regards all other companies in which voestalpine AG has a direct or indirect stake of at least 25% but does not control them, the Code of Conduct is brought to their attention with the request that they enforce it by having their corporate decision-making bodies recognize it of their own volition.

      Disciplinary consequences can be expected if they violate statutory provisions, internal guidelines, regulations, and instructions, or the provisions of the voestalpine Code of Conduct. Moreover, violations may also have consequences under criminal and/or civil law, e.g., claims to compensation and claims for damages.

      voestalpine aims to have the Code of Conduct apply throughout its sphere of influence. Suppliers and consultants are required to comply with the Code of Conduct for Business Partners. Additionally, Group companies are urged to bring the Code of Conduct to the attention of their customers and to strongly encourage them to commit to compliance therewith. All of voestalpine’s business partners are also requested to reasonably promote adherence to the Code of Conduct among their own business partners along the supply chain.

      voestalpine AG has adopted several Group guidelines that serve as a helpful tool for employees in applying the Code of Conduct. The Compliance rules and regulations associated with the voestalpine Code of Conduct currently comprise the following:

      Business Conduct

      These guidelines supplement and flesh out the Code of Conduct with respect to issues of corruption, bribery, acceptance of gifts, and conflicts of interest. For example, they regulate the permissibility of gifts, invitations, and other benefits; donations and sponsoring; secondary employment as well as the private purchase of goods and services by voestalpine employees from customers and suppliers. The section entitled “Business Conduct” also addresses the prohibition of political contributions. The voestalpine Group does not allow donations to politicians, political parties, organizations affiliated with political parties, or political front organizations. This does not apply to political precursor organizations that are devoted solely to social issues and have been individually approved by the Management Board of voestalpine AG.

      Dealings with Brokers and Consultants

      This guideline provides additional information on the topics of corruption, bribery, and the acceptance of gifts. It defines the procedure to be complied with prior to engaging sales representatives, agents, and other marketing consultants. An objective analysis of business partners’ environment and scope of activities before establishing business relationships with them serves to ensure that the business partners also comply with both applicable law and the voestalpine Code of Conduct.

      Antitrust law

      This guideline describes the prohibition of agreements restricting competition, establishes rules for dealing and interacting with industry associations, professional associations, and/or other sector organizations, and defines particular rules of conduct for employees of the voestalpine Group. Additionally, manuals have been developed with respect to issues of information sharing and benchmarking, procurement alliances, and supplier relationships with competitors, which provide employees with information on these topics from an antitrust perspective.

      Compliance Manual and Compliance Violation Prevention Program

      These rules and regulations provide information on the Group’s compliance strategy and compliance structure. They also provide information on steps taken to prevent and identify Compliance violations as well as on the potential reactions and sanctions such violations may trigger. Information on the web-based whistleblower system, which allows compliance violations to be reported anonymously, can be found in the Compliance Manual.

      Code of Conduct for voestalpine’s Business Partners

      These rules and regulations that are directed toward suppliers of goods and services as well as toward brokers, consultants, and other business partners define the principles and requirements for doing business with voestalpine and were most recently comprehensively revised and expanded in the business year 2022/23. Among others, voestalpine requires its business partners to respect and comply with human rights as fundamental values in accordance with the International Bill of Human Rights, the UN Guiding Principles (UNGPs) on Business and Human Rights, and the Core Labor Conventions of the International Labor Organization (ILO). In particular, this applies to the prohibition of child and forced labor; the prohibition of human trafficking in any way, shape, or form; the equal treatment of employees; and the right to employee representation and collective bargaining. Business partners must also undertake to comply with environmental protection standards and to set scientifically verifiable targets for reducing their CO2 footprint. In fact, the business partners must abide by their commitments not just in their own sphere of activity; they must also require their own suppliers to act accordingly and must verify compliance with these commitments in the supply chain.

      Code of Conduct for voestalpine’s Lobbyists (Lobbying Code of Conduct)

      voestalpine’s Lobbying Code of Conduct regulates dealings with stakeholders in Austria as well as in Europe and internationally in accordance with the Austrian Lobbying and Advocacy Transparency Act in order to provide a clear and transparent framework for lobbying activities. Just as with the general Code of Conduct, the Lobbying Code of Conduct is also binding on all members of the Management Board, the managing directors, and the non-executive employees of all entities in which voestalpine AG has a direct or indirect interest of at least 50% or which it controls in some other way. Care must be taken to ensure in cases where voestalpine’s lobbying activities are supported by third parties that the latter commit to compliance with the Lobbying Code of Conduct.

      COMPLIANCE ORGANIZATION

      Responsibility for adherence to Compliance regulations rests with the respective management. The voestalpine Group comprises a Compliance organization to help management fulfill this responsibility and set up the processes required to that end. Aside from a Group Compliance Officer, a Divisional Compliance Officer has been appointed for each division; additional Compliance Officers are appointed in particular divisional sub-units. The Group Compliance Officer reports directly to the Chairman of the Management Board and is not bound by instructions. The Divisional Compliance Officers report to both the Group Compliance Officer and the respective division heads who are members of the Management Board.

      Compliance system (organizational chart)

      Compliance officers are responsible for the following areas:

      • Antitrust law
      • Corruption
      • Compliance with capital market regulations
      • Fraud (internal cases of theft, fraud, misappropriation, or embezzlement)
      • Conflicts of interest
      • Special topics assigned to the Compliance organization by the Management Board of voestalpine AG (e.g., in connection with issues related to UN or EU sanctions)

      All other Compliance issues—e.g., environmental law, taxes, accounting, labor law, protection of employees, or data privacy—do not fall under the purview of the Compliance Officers’ powers. Other organizational units are responsible for these Compliance issues.

      PREVENTIVE MEASURES

      As part of its Compliance activities, voestalpine places particular importance on preventive measures. Employees’ knowledge of ethical values and principles is of strategic importance to voestalpine. Employees learn how to deal with issues that include invitations, gifts, and potential conflicts of interest in training courses, training sessions, and management meetings on the topic of business ethics (compliance training). Employees are also trained in dealing with business intermediaries. The voestalpine Group already introduced e-learning courses on the subject of Compliance back in 2009. This e-learning curriculum is available in 15 languages and has been repeatedly revised and expanded over time. In addition to the learning units, they now also present case studies and require a final test.

      Key E-learning Topic: “Compliance basics”

      Key E-Learning topic: “Compliance Basics” (organizational chart)

      Key E-learning Topic: “Fair competition”

      Key E-Learning topic: “Fair Competition” (organizational chart)

      Key E-learning Topic: “Recap – Fair competition”

      Key E-Learning topic: “Recap – Fair Competition” (organizational chart)

      Key E-learning Topic: “Protection against corruption”

      Key E-Learning topic: “Protection against corruption” (organizational chart)

      The e-learning training course Compliance Basics (business ethics) must be completed as mandatory for all employees (white collar workers). A total of 19,031 employees, or 96.7% of active employees, had successfully completed this training as of the reporting date of March 31, 2024.

      Participants in the e-learning training course on antitrust law offered by voestalpine are selected based on risk-specific criteria. In addition to all managers, employees in sales and marketing departments, this training must also be completed by employees who represent the company in trade associations and employees who come into contact with competitors. The two refresher courses must be repeated by the relevant employees in a particular training cycle. The allocation of training courses and the allocation within the training cycle are carried out centrally on a weekly basis by the learning management system used in the voestalpine Group.

      The learning management system also monitors the implementation of the e-learning training courses. This ensures that employees receive comprehensive and regular training on compliance and antitrust law.

      The e-learning courses are continually supplemented Group-wide by face-to-face and online training tailored to target groups, particularly sales and purchasing personnel. This training is generally focused on adherence to the law and internal guidelines as well as on (anti)corruption and antitrust law as it applies to the participants’ respective sphere of activity. Compliance training is mandatory for young executives: Six to seven face-to-face training sessions are conducted per year for up to 40 employees each. Face-to-face training on issues of compliance with capital market regulations is also provided to employees of voestalpine AG.

      Compliance is a regular topic in Group communications and is addressed repeatedly—including by top management—during major employee events at the level of the Group and the divisions.

      REPORTING COMPLIANCE VIOLATIONS

      Reports of Compliance violations should be made openly for the most part, i.e., divulging the whistleblower’s name. Pursuant to the Code of Conduct, such reports may be addressed to the individual’s direct supervisor; the appropriate legal or human resources department; the management of the respective Group company; the Internal Audit and risk management departments of voestalpine AG; the Group Compliance Officer; or one of the Divisional Compliance Officers. Upon request, whistleblowers are ensured of absolute confidentiality.

      An option to anonymously report violations via a Web-based whistleblower system has been available since 2012. Initially, only a few issues could be reported through this whistleblower system; since the business year 2022/23, however, reports may be filed with respect to all of the following:

      • Antitrust, corruption, fraud, conflicts of interest, capital market compliance
      • Discrimination, sexual harassment, bullying, human rights
      • Data privacy and protection
      • Technical compliance, in particular compliance with technical standards and certifications in production processes; IT security
      • Environment
      • health & safety
      • Violations in other areas

      The system enables communication with whistleblowers while maintaining absolute anonymity.