Managing risks with the precautionary principle

As a company in the plastic and foam industry with production and distribution facilities in more than 30 countries worldwide, compliance with the law is our goal and what we demand of ourselves. Our work thus focuses on preventing violations of statutory and internal company regulations.

To guarantee this, a standardized group-wide risk management system is in place as a precautionary principle. This records and assesses risks at regular intervals and, most importantly, systematically. Based on this, risks can be managed. Relevant management and supervisory bodies are informed of the company’s current risk situation regularly and in detail. The aim of our precautionary approach is to avoid any potential negative effects or damage from the outset, despite not knowing the type, extent or probability of these risks.

Of course, this applies to economic damage, environmental damage and risks for people. This is why we have established very different management systems in the areas of quality, environment, energy and occupational safety. Applying the precautionary principle helps us reduce or avoid negative environmental impact. Expanding these management systems to our sites worldwide is one of our main company goals. As part of this precautionary approach, Greiner AG regularly monitors key environmental indicators so that it can measure and reduce environmental impact. Environmental indicators are used for all production sites and are also to be expanded to distribution facilities in the near future.

Putting fundamental values into practice in everyday business

Compliance is a key topic at Greiner. Our compliance policies are not merely about adhering to statutory provisions and internal guidelines; they are also intended to raise awareness of our own fundamental values and put these into practice in our everyday business. To reinforce this aspiration, back in 2016 all Austrian Greiner companies were certified according to ISO 19600. In 2020, this certification was extended to cover all Greiner companies around the world. ISO 19600 is an international standard and contains guidelines for using compliance management systems. These systems help to identify the risks of non-compliant behavior, to understand them, and to respond quickly.

Compliant behavior on the basis of defined values is the aim of our Code of Conduct. The Greiner Code of Conduct is intended to safeguard the long-term integrity of our conduct, securing and reinforcing our company values. The Greiner Code of Conduct establishes the fundamental principles of our work and provides guidelines for proper conduct. We aim to maintain our values and behave in line with legal and ethical limits. A whistleblowing platform was also launched in 2017, providing a space to report breaches of the Code of Conduct. Our employees, customers and business partners can report any violations of this Code on the website tell-greiner.com.

“In respect to compliance we leave nothing to chance. As a result, the Greiner Code of Conduct is the focus of our communication with employees.”

By doing so, we emphasized that we wish to be informed of any breaches of the Code of Conduct by Greiner employees so that we can clear up and put a stop to these. We therefore encourage our employees, customers and business partners to alert us of any indications of such breaches or any suspicions they may have, by using the whistleblower system. They have the option to do so anonymously. Promoting this platform is one of our main tasks, and new promotional materials are used for this every year.

A detailed Compliance Handbook also describes the responsibilities, internal processes and regular review of the risk analysis. For example, the compliance risk analysis, which was conducted for the first time in 2016, is regularly reviewed, revised where needed and communicated to the compliance organization. Any resulting changes to the risk prioritization are taken into account when determining the focus of the compliance management system. A “Local Compliance Officer” is appointed for each Greiner company, a “Division Compliance Officer” for each division and a “Group Compliance Officer” for the company as a whole. Our employees also attend regular compliance training. A compliance induction is also an integral part of new colleagues’ onboarding.

Minimizing corruption risks

Anti-corruption guidelines were introduced across Greiner in 2018. The aim of these guidelines is to explain the terms of anti-corruption laws, to preventively tackle corruption and to provide specific instructions and examples for different topic areas. Their contents are applicable globally. As the countries in which Greiner operates have different laws, country-specific additions or adjustments may be necessary. These must be clarified with the Group Compliance Officer in advance and are binding only if approved by the Group Compliance Officer. This also applies to exemptions or specifications for individual cases. Since 2015 more than 80 locations, i.e. over 60 percent of Greiner companies have been assessed for corruption risks (as at the end of 2020). All locations are audited on a regular basis, i.e. at least once every four years. Corruption risks cover a wide range of topics, such as embezzlement, e.g. purchasing goods at inflated prices. Corruption could also involve paying fake invoices (to get money out of the company), designing tenders/specifications to attract certain suppliers (to gain an advantage for oneself). Other examples include incorrectly classifying/assigning/booking costs for events, sponsorships, consulting or expenses to circumvent approval processes or disguise the basis for payments and create leeway for unlawful use.

Corruption also affects other areas: To receive a job, customers require that certain partners be commissioned. Public officials demand a fee not specified by law for successfully processing an application. Gifts/invitations that could be seen as bribes (given so that a decision is made that benefits the benefactor or simply as business courtesies) are another example. Compliance risk in the narrower sense: Guidelines that are not suitably specific, practical or known to employees; process are not practical, known or suitable (dual control etc.). No sufficient awareness of corruption risks among employees and, in particular, managers (e.g. recognizing conspicuous behavior patterns, bringing up issues in work meetings). To avoid all these cases and tackle them effectively, our communication and training on guidelines and corruption processes are a key anti-corruption pillar at Greiner. Since 2016, the Greiner compliance training system has also included online training. As of December 31, 2020, 21 percent of employees and 98 percent of employees with jobs related to compliance, i.e. 2,400 employees, had received training.

Through regular reporting, supervisory board members receive information on the compliance management system from the Group Compliance Officer. No breaches were reported within the reporting period. Furthermore, no fines or non-monetary sanctions were imposed for failure to comply with the law and/or regulations.

Greiner AG considers supply chain sustainability a vital aspect of our corporate responsibility. For us, sustainability covers the entire procurement process of materials, products and services. Under our holistic approach, sustainability criteria such as environmental protection and occupational safety as well as compliance with human rights are taken into account when selecting, evaluating and developing our suppliers. With this as a basis, we at Greiner AG developed this Code of Conduct.

As part of our Code of Conduct for suppliers, we also commit to upholding the International Labor Organization (ILO) Minimum Age Convention. We do not have any operations at significant risk for incidents of child labor. We were not made aware in the reporting period of any non-compliance with laws and regulations in the social and economic area and/or incidents of non-compliance concerning the health and safety impacts of products and services or non-compliance with environmental laws and regulations.

Prioritizing data security & privacy protection

Greiner pools various supplementary initiatives to train all employees to exercise caution online, in the company and when handling (personal) data under the term Privacy and Security Awareness. This is because Greiner places great value on protecting and ensuring the security of own and third-party information (including personal information), an issue that affects all areas of the company.

The Security Awareness Initiative combines multiple measures intended to prevent employees and, in turn, the company and partner companies from falling victim to various cyber attacks. Ultimately, the reliable, efficient and secure use of information technology at the company is the basis for protecting our data and information and that of third parties. At Greiner, all past, present and future employees, business partners, suppliers and other contractual parties and affected parties can be confident that their privacy rights and business and trade secrets are protected.

At the same time, each and every employee plays a key role in Greiner’s security strategy. Group-wide guidelines for the use of information technology have been in place for our employees since 2017 and group-wide data protection guidelines since 2020. These guidelines chiefly regulate the reliable, efficient and secure use of information technology at the company, social media and principles of communication, what to do in the event of data breaches and IT security incidents and the personal use of internet-enabled devices. They also set out rules for correctly handling data (especially personal data) in all aspects of the data lifecycle – from creating and saving it, to transferring and using it right up to retaining and deleting or disposing of the data. The guidelines should help optimize the use of information and data for business purposes while also ensuring that we meet our statutory and contractual obligations. Special emphasis is placed on compliance with laws on data protection, copyright law and criminal law (such as the ban on all forms of glorification of violence, discrimination, sexism, political radicalism, bullying, pornography and gambling etc.).

The main aim of our Privacy and Security Awareness initiative is to create a safe environment – safe by choice, not by chance. The result is employees who are less likely to become victims of various forms of cyber and social engineering attack and who practice active data protection.

Structured risk analysis, evaluation and management keeps Greiner AG fit for the future. The management is supported in this by a risk manager who defines the group-wide guidelines, as well as by four risk officers from the operating divisions.

Greiner AG uses the internationally recognized four step risk management cycle to efficiently identify and assess risks:

• Risk identification: Risks from the Greiner Risk Universe are identified through regular discussions between the management and experts. This comprises nine parent risk categories as well as 38 detailed risk fields from strategy, market development, operating activities, human relations and sustainability. This holistic approach ensures an integrated evaluation of possible losses relating to the environment, natural disasters and reputation.
• Risk assessment: In the second step, the potential impact and probability of occurrence for the risks identified are assessed and included in the Greiner risk matrix. This assessment is performed using standard group-wide criteria, which account for both financial indicators and potential non-monetary losses.
• Risk management: The Greiner risk matrix sets out the situations in which risk mitigation measures are required. The risk manager and experts collaborate to define these measures, timelines for implementation and responsibilities and document these in the risk management software Avedos.
• Risk monitoring: Greiner’s risk reporting is based on the identification and assessment of risks and the establishment of measures. The top risks are defined together with management once a year. An ongoing process ensures that potential risks are under constant scrutiny and that risk mitigation is regularly reviewed.

Close collaboration between management, experts, the Greiner risk manager and the company’s supervisory bodies ensures that Greiner risk management is effective. The supervisory board and the Greiner audit committee are informed in full of the status of risk management at least once a year.