Integrity and compliance management

We’re committed to leading with integrity in our industry. It’s one of our three core values. We continue to further advance and expand our Integrity and Compliance program to help ensure compliance with laws and regulations and guide our employees to make fair and honest decisions every day.

Below is a summary of the 2020 priorities and activities, and the outcomes thereof, as required pursuant to the Dutch Decree on the publication of non-financial information.

Governance and organization

The Executive Committee is responsible for maintaining a culture of integrity and ensuring an effective compliance control framework. The Supervisory Board’s Audit Committee oversees this responsibility. The Executive Committee has delegated certain responsibilities to the following committees (for more details visit our website):

Integrity and Compliance Committee

Reviews investigations into material violations of laws, regulations and internal rules, and SpeakUp! reports. Also decides on disciplinary measures and control improvement actions, and monitoring and responding to any trends or irregularities. By submitting these cases through a central Integrity and Compliance Committee, we ensure transparency and consistency of measures throughout the organization.

Risk, Control and Compliance Committees (RCC)

Responsible for supervising the effectiveness of the control environment and reviewing weaknesses in this environment, as well as progress on improvement actions. There are eight Business Unit RCCs and four Functional RCCs, in addition to a Group RCC. They each met quarterly in 2020.

Human Rights Committee

Responsible for supervising our Human Rights Control Framework and driving further expansion of the human rights program. To learn more, including details of how our approach to human rights helped our EcoVadis rating improve, see Note 4 of the Sustainability statements.

Privacy Committee

Responsible for supervising the company’s Privacy Control Framework and driving further expansion of the data privacy program. In 2020, several critical projects were delivered. These included the launch of a new tool for cookie compliance, which helps to ensure required consent is given by website visitors before cookies are used for analytics and other marketing purposes. We also introduced automated workflows for handling data subject requests to ensure they are handled in line with applicable privacy laws.

Integrity and Compliance function

Day-to-day management of our Integrity and Compliance Framework is delegated to the Integrity and Compliance team, led by the Director of Integrity and Compliance, who reports to the General Counsel. The team includes legal experts in competition law; anti-bribery and anti-corruption; export control and sanctions; data privacy; and human rights.

To ensure we maintain and strengthen our culture of integrity, the Integrity and Compliance team – together with various functions and stakeholders – focuses efforts on three key areas:

  • Help leaders to lead by example
  • Build capabilities through training
  • Build awareness through communication campaigns

The Integrity and Compliance managers contribute to further strengthening the culture of integrity by identifying and addressing local risks and cooperating with other functions to monitor controls and follow up on SpeakUp! cases. In 2020, the heads of Integrity and Compliance, Internal Control and Internal Audit met monthly to discuss findings and actions.

Risk management

Every year, each business unit (BU) and major function identifies its key compliance risks and defines actions to mitigate these risks. These actions form part of the BU/function integrity and compliance plan, which in turn forms part of a larger BU/function legal plan.

Policy management

In 2020, we continued to expand our Policy Portal, a one-stop-shop for key policies, rules and procedures relating to our global processes. By reducing complexity and increasing transparency, it’s easier for employees to access and understand which rules apply to their job. For example, during the year we issued rules and procedures on who has authority to approve certain decisions, receiving or offering gifts, and hospitality events. We also distributed business-friendly do’s and don’ts, for example regarding parallel imports in Europe and e-commerce globally. Our policies and supporting tools increase awareness and knowledge across the company. No major risks or issues have been identified in these compliance fields.

Awareness and education

In 2020, we continued to counsel and educate employees on integrity and compliance rules and controls through e-learnings and in-person sessions. Business-friendly do’s and don’ts were also issued to designated employees in specific compliance fields.

Communication campaigns

Employees are regularly informed about compliance risks and duties. For example, in 2020, we ran campaigns to educate employees about external fraud threats, hospitality and gifts compliance and our internal reporting system. We also focus on a different aspect of integrity every month to help employees make fair and honest decisions every day. In November, a global Integrity Week was held focused on protecting company data.


Employees are required to follow mandatory e-learnings on various subjects, including our , Life-Saving Rules, operating a diverse and respectful workplace, fraud, competition law, export control, information security and data privacy.

Training sessions

A number of face-to-face and virtual trainings are provided on integrity and compliance related topics. Due to the challenges posed by COVID-19, video conference trainings (including polls and Q&As) were offered to help increase employee engagement.

Due diligence

We have processes in place to perform due diligence screenings on M&A targets and business partners. During 2020, we automated the screening of customers, suppliers and transactions in the area of export control and sanctions.


We have several processes to monitor compliance with our rules by employees and business partners. Managers are also required to self-assess and confirm compliance with company rules as part of the internal control self-assessment. Supplier performance is monitored through the EcoVadis self-assessment and Together for Sustainability audits. We also periodically screen high risk business partners registered in the third party compliance management tool.

During 2020, we launched our annual Code of Conduct declaration to senior leadership, with a 100% completion rate in two weeks. All our employees were then asked to reconfirm compliance.

Internal Audit performs numerous audits on our operations. Their audit plan is risk-based and takes account of prior compliance and internal control findings. In 2020, several internal audits were held to validate compliance with our rules in certain units; and we advanced our Gift, Hospitality and Conflict of Interest Register for more transparency on gifts received and provided, and on potential conflicts between the company’s interests and personal interests.

Grievance and investigation

Our whistleblowing framework was named #1 out of all top companies in the Netherlands by Transparency International NL. Our SpeakUp! grievance mechanism enables employees and third parties to raise concerns about compliance with our Code of Conduct. Strict principles of confidentiality, respect for anonymity, non-retaliation, objectivity and the right to be heard are applied. A strict protocol means investigators must follow certain planning, investigation and reporting steps to ensure the right quality and speed.

In 2020, the total number of reports increased slightly, partly due to COVID-19 related concerns. We continue to see higher levels of reporting through our SpeakUp! hotline and online (180 SpeakUp! vs 70 direct reporting). All reports and alerts led to 35 dismissals and various other disciplinary measures and control improvements, confirming the value of our grievance framework.

For more details, visit

SpeakUp! reports





Total reports and alerts registered




Reports received through SpeakUp!
















Dismissals resulting from SpeakUp! reports




Conclusions SpeakUp! reports:












Other (e.g. referred)




In 2020, 56 reports and alerts were received outside our SpeakUp! mechanism, 43 of which were unsubstantiated, leading to 29 dismissals.


During 2020, the Director of Integrity and Compliance reported twice to the Executive Committee and the Audit Committee of the Supervisory Board on material developments of the Integrity and Compliance Program. Should there be any material investigation matters, these are discussed with our external auditor on a quarterly basis. No individual matters or disciplinary actions have been discussed with the Integrity and Compliance Committee that would warrant separate disclosure in this annual report. Should there be any material compliance matters or material internal control weaknesses or improvements in the future, these will be addressed through the RCCs and discussed with the Audit Committee and external auditor and, where appropriate, disclosed in accordance with the applicable legal requirements.

Code of Conduct

Defines our core principles and how we work. It incorporates fundamental principles on issues such as business integrity, labor relations, human rights, health, safety, environment and security and community involvement.