Compliance and Responsibility
In responding to the demands of the capital market, its customers, and other stakeholders, the KION Group is committed to upholding its company values of integrity, collaboration, courage, and excellence, as well as the principles outlined in the Group-wide KION Group Code of Compliance (KGCC).
As part of the KION Group, STILL shares these values and is committed to ensuring complete compliance with all legislation, regulations, and codes of conduct. STILL’s comprehensive compliance management system is based on the KGCC, which sets out guidelines for ethical, value-driven, and lawful business conduct. The KGCC also provides a binding framework for interactions between colleagues, as well as with customers, business partners, and the public.
As a German business, the KION Group AG is primarily subject to German law. At the same time, the KION Group must comply with any national legislation in force at its sites around the world. In cases where national law differs from German law, the KGCC defines the appropriate course of action. The Group’s compliance and legal departments are also available as the designated point of contact for all legal questions.
The KGCC is published in 24 languages and is updated as necessary—including with new topics and new priorities—in order to best reflect the prevailing legal and business situation. External parties can access the KGCC on the KION Group website.
Responsibility for the Group-wide compliance management system lies with the Executive Board of KION Group AG. The Chief Compliance Officer heads up the compliance department and works together with the compliance team to improve the compliance management system, provide advice and information on compliance matters, resolve compliance breaches, and organize appropriate training. Each Operating Unit has a dedicated full-time compliance officer, who reports directly to the Chief Compliance Officer and supports the management of the relevant Operating Unit in meeting compliance standards. Local and regional compliance officers are appointed to ensure that the subsidiaries conduct their operations in line with legislative and regulatory requirements.
Effective Compliance Management System
The compliance management system is continually reviewed and refined to ensure it remains fit for purpose. It is based on the IDW PS 980 auditing standard developed by the Institute of Public Auditors in Germany (IDW) and focuses on the prevention of compliance breaches. It also includes an anti-corruption element designed to prevent, uncover, track, and sanction all forms of corruption within the company. Under the system, the Group audit department conducts regular audits and ad-hoc checks to ensure that compliance standards are being upheld across the KION Group AG and its consolidated subsidiaries.
In the 2022 reporting year, the compliance management system and its anti-corruption element underwent an external audit in accordance with the IDW PS 980 auditing standard and ISO 19600. In addition to evaluating the effectiveness of the system, this audit also looked at the design and whether it remained fit for purpose. The 2022 audit confirmed that the measures in place, together with the underlying principles, were effective in preventing non-compliance and in identifying any risks of materialnon-compliance in good time and with sufficient assurance.
As in previous years, the topics of anti-corruption, data protection and IT security, foreign trade and export controls, action against money laundering, fraud prevention—notably in relation to cybercrime—D&O liability, and management responsibility remained key focal areas in 2022. In addition, the reporting year saw a continued focus on efforts to integrate compliance measures into the internal control system, as well as whistle-blower protection and anti-discrimination.
The KION Group is committed to combating all forms of corruption and bribery. To this end, it follows a ‘prevent, detect, respond’ approach. In the reporting year, no confirmed cases of anti-competitive or anti-trust behavior were registered and there were no confirmed cases of active corruption by KION Group employees.
| 2022 | 2021 | 2020 |
|---|---|---|
| 0 | 0 | 0 |
Multiple Reporting Channels
Actual or suspected cases of non-compliance can be reported in person, by telephone, mail, or email, or via an online form. All KION Group employees—as well as external stakeholders—also have access to a 24h whistleblowing tool or hotline where they can report potential compliance breaches, including anonymously if they so wish. The whistleblower system is available worldwide, but is also designed to be as local as possible. Reports submitted via the system are monitored and processed by the compliance department and ultimately the compliance committee, which includes the Chief Compliance Officer and members of the audit and legal departments. Following the implementation of the EU Whistleblower Directive into German law, the KION Group’s whistleblower system will be updated accordingly.
All reports of suspected non-compliance are systematically verified and confirmed cases are followed up through effective control mechanisms such as regular or special audits. Disciplinary action is taken in all cases where misconduct is identified. If necessary, the compliance management system is also updated to prevent further breaches in future.
In 2021, STILL introduced compliance committees at its sites across Germany to serve as independent and reliable points of contact for reporting purposes. Anyone that experiences or observes any form of discrimination or harassment can report this behavior to their designated committee—including in complete confidence. Similar contact points are also available at sites across the EMEA region in line with relevant national regulations. Compliance representatives are in place at all STILL locations worldwide and can be contacted at any time.
| 2022 | 2021 | 2020 |
|---|---|---|
| 27 | 34 | 14 |
Training
In addition to clear compliance policies, STILL also offers extensive information, advice, and training. STILL’s compliance officer and representatives work hard to ensure that the company’s staff are always up-to-date and fully informed about compliance matters and understand the importance of upholding the company’s values. On joining the KION Group, all new employees are required to complete mandatory training in the KION Group Code of Compliance, either online or in-person in the case of staff without access to a work PC. Employees who are exposed to particular compliance risks due to their role, e.g. sales staff, also attend regular in-person training sessions on specialist topics.
| Classroom training (KION Group Code of Compliance, anti-corruption, anti-discrimination, anti-money laundering, conflicts of interest) |
|---|
| E-learning course: KION Group Code of Compliance |
| E-learning course: Avoiding Corruption in the KION Group—the General Principles of the ABC Policy |
| E-learning course: Professional Conduct at KION—Promoting a Respectful Working Environment |
| E-learning course: Preventing Money Laundering and Fraud at KION |
| E-learning course: Avoiding Conflicts of Interest at KION |
| E-learning course: KION Group—Preventing Anti-Competitive Practice |
| E-learning course: General Data Protection |
| E-learning course: Information Security Employee Awareness Training |
The aim is to ensure that all KION Group employees receive regular training on the most critical topics (i.e. anti-corruption, avoiding conflicts of interest, antitrust and competition law, anti-money laundering, data protection, IT security, and human rights). Changes to legislation or internal regulations are also communicated through in-person training sessions, as are any lessons learned from the compliance management system. The compliance training program was expanded in 2021 to include a new e-learning course on respectful workplace culture (anti-discrimination), conflicts of interest, whistleblower protection, and fraud, with a particular focus on money laundering. Also new to the program are e-learning courses on cybersecurity and antitrust law.
| 2022 | 2021 | 2020 |
|---|---|---|
| 100% | 100% | 84% |
Compliance Auditing for Business Partners
Before the KION Group enters into a new business relationship, external business partners must be audited and relevant documentation secured. The audit process establishes and verifies the financial background of the potential business partner and identifies any arguments against entering into a business relationship, e.g. the business appears on a sanction list or is the subject of negative reporting. In case of doubts, the KION Group may choose not to pursue its business dealings with a particular partner. External partner audits at the KION Group are, wherever possible, conducted on the basis of a risk assessment.
The basic audit is conducted using the Group’s business partner tool, which is maintained by the compliance department and designed to check customers and suppliers against compliance watch lists. The compliance department is responsible for running these checks, assessing the results, and taking any necessary action. In the case of external sales partners where the potential for corruption is higher—e.g. dealers, importers, distributors, agents, or integrators—the responsible compliance officer will conduct a multi-stage due diligence assessment prior to the start of a new business relationship. This assessment is based on responses to due diligence questionnaires completed by sales partners, checks using the aforementioned business partner tool, and/or information gained from external due diligence providers. The results of the due diligence assessment are subsequently communicated to the responsible teams, e.g. senior management, along with any recommended actions, such as tighter contractual terms including a right to audit clause or additional monitoring of payment streams.
Periodic risk analysis
The KION Group regularly conducts a systematic risk analysis to identify and evaluate corruption and bribery risks throughout the Group. Money laundering, tax compliance, and human rights risks are also assessed, as are the risks of non-compliance with competition laws. Non-financial risks that arise on an ongoing basis are also screened, evaluated, and managed. Based on the results of this analysis, the Group devises suitable actions to eliminate any weaknesses in the relevant processes and control mechanisms. Key factors used in the risk analysis include the corruption perception index for the respective country, the size and structure of the local procurement or sales organization, and any contacts with public officials. The risk analysis has been completed for all STILL subsidiaries, with no significant compliance risks identified.
| 2022 | 2021 | 2020 |
|---|---|---|
| 100% | 100% | 100% |
Data Protection and Information Security
Data protection and information security are both top priorities at STILL and the company complies with the relevant policies in place across the KION Group. This includes the Data Protection Policy, which sets out technical and organizational measures to protect personal data, and the KION Information Security Policy, which focuses on safeguarding the confidentiality, integrity, and availability of information, as well as protecting the KION Group against related attacks. There are also a series of Group-wide operating agreements and mandatory standards in place covering topics such as IT security in the workplace and the management of IT systems, email, and internet usage. Samples and templates to facilitate the day-to-day handling of personal data and sensitive business information are also available. The Operating Units are each responsible for implementing the central requirements of these policies and standards. Staff members responsible for data protection and the coordination of data protection activities in the individual subsidiaries report to their respective senior management team. At Group level, the Group Data Protection Officer reports to the Chief Compliance Officer, and the KION Group Chief Information Security Officer reports to the KION Group Chief Information Officer who reports to the Executive Board of KION Group AG.
Protecting sensitive personal data is an important responsibility, which is why secure and effective processes and systems have been put in place to protect this data and ensure compliance with the relevant legislation. All staff are given training and receive regular updates via the Group intranet to ensure that they understand and remain up to date with basic data protection principles, their reporting obligations, and the Group-wide compliance reporting system.
Every year, there are about 100 million attacks on the KION Group’s IT network, all of which have so far been averted. Key to this success are continual efforts to identify vulnerabilities across the Group’s IT and operational technology infrastructure. Regular training on IT security issues, global anti-phishing campaigns, a monthly video series published on the Group intranet, and instructions for keeping IT infrastructure secure also play an important role in maintaining IT security standards.
Information Security Management System
At the end of 2022, the KION Group began the rollout of an Information Security Management System (ISMS), with the aim of further protecting sensitive information and ensuring the Group remains competitive in the industry. The ISMS is based on the standards set out in ISO 27001 (for the establishment, implementation, maintenance, and continuous improvement of documented information security management processes) and applies across the Group. A documentation policy has also been drawn up, which sets out the requirements for maintaining information security standards.
The KION Group regularly analyzes potential or existing threats to its information security. Where these risk analyses identify an IT security risk or deviation from KION Group security standards, the risk is described and an appropriate course of action defined. The residual risk is also assessed and, on this basis, the risk owner decides whether or not to accept this risk. Residual risks continue to be reassessed on a regular basis and the decision to accept them reaffirmed.
The Group audit department conducts regular IT audits, including information security checks.
In April and May 2023, the KION Group headquarters in Frankfurt am Main, Germany, also became the first Group location to complete a TISAX1 assessment. The site passed the audit and is now officially TISAX certified for the next three years.
The auditors awarded the KION Group headquarters a score of 2.8 (a score of 2.1 is required for a temporary label and 2.7 for a permanent label). As part of the assessment process, the site had to provide the auditors with around 200 different pieces of evidence, including information security standards, standard procedures, security plans, KPIs, and more.
The aim now—alongside plans to incorporate further sites into the ISMS over the course of the year—is to maintain these high information security standards and ensure that the system components continue to prove effective in day-to-day operations, e.g. by conducting regular internal audits and checks, managing information security risks, and planning and introducing improvements.
| 2022 | 2021 | 2020 |
|---|---|---|
| 0 | 1 | 0 |