Corporate culture
As a responsible company, HHLA conducts its actions on the basis of lawfulness and integrity as a basic principle. Accordingly, as a listed European company, HHLA respects and adheres to the laws and regulations of all the countries where it operates as a matter of course when conducting its business activities. In HHLA’s view and in the context of its business activities, these include, in particular: laws and regulations with regard to environmental issues, anti-corruption, data protection, information security, sanctions and embargoes, and tax matters as well as competition law, the German Securities Acquisition and Takeover Act (WpÜG) and the German Securities Trading Act (WpHG). Likewise, important issues for HHLA employees, such as freedom of association or the structuring of co-determination at work (including notification periods), are regulated by legislation in the German Works Constitution Act (BetrVG), which HHLA complies with.
To effectively counteract the risk of non-compliance with legislation, requirements and regulations, HHLA has established a comprehensive compliance management system (CMS). One core element is the Code of Conduct, which was developed while taking into account or involving the key stakeholders, such as the works council, employees and suppliers.
Together with other internal Group documents, the HHLA Code of Conduct sets out mandatory guidelines for business activities, thereby helping to ensure that internationally recognised standards are observed and adhered to. In addition it embodies the corporate culture that HHLA strives to uphold, which is characterised by openness and fairness. The HHLA Code of Conduct is available online at https://hhla.de/en/company/compliance.
Alongside the Code of Conduct, the compliance guideline provides a central set of rules within HHLA’s compliance management system. The guideline describes the compliance organisation as well as compliance-relevant tasks and responsibilities within the HHLA Group. The guideline basically defines the tasks and responsibilities of the various corporate functions (in particular compliance officers, the Supervisory Board, Executive Board, process owners, compliance contacts). The HHLA Code of Conduct is also formally enshrined in the compliance guideline.
In addition to the compliance guideline, guidelines have been developed for the relevant risk areas, i.e. competition and anti-corruption. The compliance guidelines for the relevant risk areas specify in detail what sort of conduct is permitted and what is not.
The HHLA anti-corruption guidelines are designed to assist senior executives and employees with assessing and managing their conduct in situations where corruption may arise. This makes an effective contribution to the prevention of corrupt practices and the avoidance of violations of the law and their consequences. Further details on anti-corruption can be found on the section entitled “Combating corruption and bribery”.
The competition guidelines set out easy-to-understand conduct requirements based on competition law that are intended to raise awareness of the key prohibitions under competition law and point out permissible behaviour, in order to avoid violations. The guideline serves to prevent competition law violations and anti-competitive behaviour at HHLA and its affiliates, also by involving the Legal and Compliance functions in a timely manner.
Moreover, there is also the guideline for the verification of business partners, which defines the processes for tool-based business partner screening. In addition to ensuring legal compliance, the objective of this guideline is to subject existing and potential business partners to a verification and risk assessment to create a basis for assessing and deciding whether to establish or maintain business relationships.
All internal guidelines and procedures are available to relevant internal stakeholders via internal channels, such as the intranet and to external stakeholders in the form of a summary description via the HHLA website. Any amendments to the compliance guidelines are coordinated with the member of the Executive Board responsible for compliance, adopted by the full Executive Board and then communicated to those responsible for the processes concerned.
The HHLA CMS aims to ensure compliance with legal requirements and internal company guidelines. The CMS is reviewed and enhanced on an ongoing basis. It has also set itself the goal of identifying key compliance risks, assessing them on an ongoing basis, and minimising them by implementing suitable measures and processes. Furthermore, the CMS aims to raise awareness among HHLA Group employees regarding the need to comply with both the legal requirements relevant to their work and internal guidelines. By doing so, it sets out to foster an appropriate level of risk awareness among employees. Within this context, HHLA has developed a training concept covering the contents outlined in the Code of Conduct and other topics. In the reporting period, the Code of Conduct training session was updated and delivered as an e-learning course. The course covers all topics addressed by the Code of Conduct, with a deep dive into three rotating focus areas: diversity & respect, preventing corruption, handling confidential information. All employees of the HHLA Group are required to complete training on the Code of Conduct as a matter of principle. A distinction is made between employees who have a fixed PC workstation and a corporate email address and those who do not. Commercial employees who do not have a PC workstation or a corporate email address should receive face-to-face training at least every four years. Employees who have a PC workstation and an own corporate email address should receive training every two to three years via e-learning or face-to-face.
There are also additional in-depth trainings on preventing corruption and on competitive behaviour. The target group for these trainings includes employees whose duties put them in contact with business partners or public officials, as well as employees whose duties put them in contact with competitors or who have access to information that is relevant from a competition law perspective (e.g. at industry association level).
HHLA holds its own onboarding days for new employees and new trainees. Specific training is provided on compliance and data protection as part of the induction days. with a view to preventing compliance violations.
The Compliance Department carries out the functions in HHLA’s CMS centrally under the leadership of the Group Compliance Officer. They report to the Executive Board member responsible for compliance – currently the Chief Human Resources Officer – and the Supervisory Board’s Audit Committee, The Executive Board bears overall responsibility for compliance and ensures the implementation and monitoring of the CMS.
Local compliance contact partners and officers fulfil the functions on a local level and report to the Group Compliance Officer. Any concerns regarding unlawful conduct or conduct that violates the Code of Conduct or similar internal rules are identified using means such as the internal control system (ICS), Internal Audit, the whistleblower system, a culture of error management, accessible options for contacting the Compliance Department and employee appraisals. Reports of violations are investigated by the Compliance department and forwarded to the responsible Executive Board member as part of the regular (quarterly) compliance reporting process. Ad hoc reports are prepared in cases involving significant violations.
Where there is evidence of a compliance violation, the compliance guidelines set out which measures/steps are to be reviewed and/or initiated. In addition, they explain which steps the Executive Board may have to be involved in. This happens, for example, in cases requiring decisions on further measures (e.g. internal investigations by the central Compliance department or local compliance officers) and also when defining the scope of an investigation involving the Internal Audit department. The direct reporting line to the Executive Board ensures easy-access communication with the Executive Board throughout the entire review process. Management also makes the final decision on sanctions. The digital whistleblower system is available to all internal and external stakeholders who wish to report potential compliance risks and violations digitally, either anonymously or otherwise. Reports can be submitted at any time with the help of a secure application hosted by a specialised provider. The reporting channels are designed so that the identities of the whistleblowers – if they choose to remain anonymous – and third parties mentioned in the report are always kept confidential and unauthorised employees have no access to that information.
Training on the use of the new digital HHLA whistleblower portal was conducted for all HHLA compliance officers in the reporting period. Employees are informed using means such as notices displayed at the terminals, posts on the intranet and during compliance trainings on the available reporting channels.