Annual Report and Sustainability Report 2020

SUSTAINABILITY

Zero tolerance for corruption

Ethics, integrity and compliance

“For KONGSBERG, maintaining a high ethical standard in our daily operations is very important. We experience a constantly changing world, with an increased focus on compliance with laws, rules and sanctions. This places great demands on an international business. We work systematically on improvements to our processes and routines so that they meet applicable requirements; to ensure our “licence to operate”. We ensure implementation of our processes through training and we follow up through reporting and audits to make sure we comply with applicable requirements.”

Geir Håøy, President and CEO

Our position

Business Ethics

Our Code of Ethics and Business Conduct is regularly updated in line with national and international developments. It expresses our basic attitudes and indicates how we shall relate to colleagues, customers, shareholders  and society in general.

Tone at the top

The Board of Directors and management of KONGSBERG set requirements for periodic external evaluation of the compliance programme. They assess and approve risk assessments and actions plans for Responsible Business Conduct on yearly basis. The Chief Compliance Officer reports status every quarter to the Corporate Management, the Audit Committee and the Board.

Our Code of Ethics and Business Conduct is the backbone for how we conduct our operations, and the code applies regardless of where, when and which of our employees is doing business.
Anti-corruption

KONGSBERG has zero tolerance for corruption. By that, we mean that we will never permit sales to be achieved through corruption. Meanwhile, we recognise that doing business in vulnerable parts of the world may involve greater risks for corruption. For our business partners, zero tolerance in practice means requiring that any historical situations are regularised, that an approved anti-­corruption programme is implemented and complied with, and that corruption is clearly denounced through words and actions. Our attitude is expressed explicit through our Code of Ethics and Business Conduct, and our endorsement of the UN Global Compact, the OECD’s Guidelines for Multinational Enterprises and our membership of Transparency International, The International Forum on Business Ethical Conduct (IFBEC) and Maritime Anti-Corruption Network (MACN). The Board and Corporate Management Team devote considerable attention to this work.

Our Code of Ethics and Business Conduct is the backbone for how we conduct our operations, and the code applies regardless of where, when and which of our employees is doing business. This Code is communicated and implemented to ensure a clear understanding throughout the Group, and as such shall contribute to a strong business culture, working in a preventive manner against the occurrence of errors and irregularities. Well-integrated values and the Code of Ethics and Business Conduct make up an important element of our risk management.

Before we enter into an agreement with a business partner (customer, supplier, market representative, joint venture partner, other collaboration partner, recipient of sponsorship or charitable contributions), we must be certain that the business partner has satisfactory ethical standards in place. We use a risk-based approach, which includes compliance Due Diligence investigations.

We carry out compliance Due Diligence investigations in accordance with internationally recognised standards. The level at which these investigations are conducted depends on the business partner and the risks concerned, and we carry out screening using recognised screening tools. The risk assessments are regularly revised and updated. We have incorporated requirements regarding ethics and corporate social responsibility into our standard agreements with business partners and carry out risk-based audits.

We perform annually a comprehensive compliance and risk assessment for the entire Group, including all subsidiaries and partly owned companies and partnerships.

Notification of alleged misconduct

The Group has procedures for notification of any breach of the Code of Ethics and Business Conduct. Employees will always have the right to issue alerts about circumstances worthy of criticism and are under a duty to do so if there is a question of a violation of laws, rules or our Code of Ethics and Business Conduct. KONGSBERG will not tolerate a whistleblower being subject to reprisals or negative reactions. The Group has two ombudsmen who can provide advice and receive alerts from employees. Internal and external questions about ethics, whistleblowing, etc., can be directed to the Chief Compliance Officer by sending an e-mail to: ethics@kongsberg.com or to our global web-based notification channel. Our notification channel ensures that everyone can report concerns and ensure that this is treated in a confidential manner and in line with applicable laws.

Our notification procedures have been updated in 2020 to ensure compliance with the new changes to the Working Environment Act (Norway).

In 2020 we have processed 29 cases internally, mainly concerning the work environment and financial irregularities of a personal character. All issues are considered in accordance with our procedures, and the majority of these issues were closed during 2020.

Exports and sanctions

KONGSBERG is committed to complying with all applicable laws regarding exports, imports, transit and trade in all countries in which we operate. These include laws on export bans, sanctions, customs, product/country of origin labelling and anti-boycotts.

There is a particular focus on the export of defence systems and other military equipment, along with associated technology and services. In Norway, and in most countries, KONGSBERG operates in, services and technology subject to export controls can only be exported subject to an export licence from the authorities. Sanctions may apply regardless of export classification. Customers and parties involved in the transactions must be checked with respect to sanctions and export bans. Customers and parties involved in the transactions must be checked with respect to sanctions and export bans. We have also invested in new tools to ensure compliance with the regulations.

KONGSBERG has a comprehensive programme for internal control and training in connection with our export activities. Several employees are “Certified Export Control Managers” for both defence materials and dual use goods. This practise will be continued in 2021 to build further expertise.

In 2019, a Trade Compliance project was established in collaboration with Patria. The main objective for the project is to improve processes and routines, interaction and competence building. We have conducted extensive internal audits in 2020 to map and focus on this. This work will continue in 2021.

The UN and the EU are the two most important international institutions making decisions on the imposing or lifting of sanctions. Decisions of the UN and EU largely determine which sanctions Norway implements. In addition, countries such as the USA have imposed further sanctions against countries and parties that are more comprehensive than those of the UN or EU. KONGSBERG has guidelines and procedures which are regularly updated in order to address this.

Data privacy at KONGSBERG

The EU General Data Protection Regulation (GDPR) came into effect from May 2018. Over the last years, KONGSBERG has undertaken work on data privacy in order to comply with the new requirements in the regulation. KONGSBERG had its Binding Corporate Rules (BCR) approved in February 2018 (updated in 2019). This is the legal basis for the processing of personal data within the Group. This framework forms the basis for how KONGSBERG shall ensure that the personal data of our employees, customers and partners is treated in accordance with these requirements.

A separate privacy organisation has been set up in the Group and in the business areas with overall responsibility for ensuring and coordinating the establishment of internal processes and procedures, to ensure compliance. KONGSBERG has focus on IT security, and it is an important part of securing personal data processed in the company for our own employees, customers and other partners. In 2020, efforts have been done to improve processes for dealing with potential data protection law violations.

KONGSBERG has not identified leakages, thefts or loss of customer data. Neither have we received any substantive complaints about breaches of data privacy from outside parties or from regulatory bodies.

We participate in a network with focus on privacy with other large Norwegian companies, with purpose to share experiences and best practices. The status of privacy is reported annually as part of the overall compliance report to the Group Management and the Board.

Our privacy statement is available on kongsberg.com/privacy, together with a public version of our BCR as well as an overview of the companies which are part of it.

In-house training

All our new employees go through a training programme that deals with the Group’s Code of Ethics and Business Conduct. The programme is updated regularly, and consists of e-learning courses and classroom courses for new employees and managers. In addition, a complex training programme has been further developed in the field of ethics, business-related behaviour and special topics for exposed target groups, including a general introduction to our notification rules.

Training in our Code of Ethics and Business Conduct is the backbone for how we conduct our operations.



Our challenges

We perform risk assessments in all our business areas and facilitate action plans to reduce identified risk. KONGSBERG operates in both the defence industry and the oil and gas industry, which, according to Transparency International, are two of the sectors most susceptible to corruption.

Our activities involve the use of market representatives. The use of third-parties is generally known to imply a high risk of corruption, so we pay particular attention to that aspect of our anti-corruption programme. We have drawn up and implemented comprehensive internal regulations for signing, auditing and following up agreements with market representatives. The regulations include assessments of a market representative’s ethical standards and reputation. Further, risk is assessed based on industry, country and company, and approval procedures have been introduced for the use of standard terms of business and verification of payments, as well as for follow-up during the agreement period and including training and external audits.

We carry out periodic evaluation of our compliance and anti-corruption programme

In 2020, we conducted an external audit of our anti-corruption programme by an internationally recognized law firm in the United States, against the FCPA regulation, with very good results. In 2017, we conducted an external evaluation of our anti-corruption compliance system against ISO 37001 “Anti-bribery Management Systems”.

Law violations in 2020

None of the companies in KONGSBERG were sanctioned due to law violations related to business ethics in 2020.

Organisation 

KONGSBERG strengthened our compliance organisation through the addition of three new employees in 2020. At the beginning of 2021 it makes a total of 12 people spread across the Group and business areas. Chief Compliance Officer reports direct to the CEO and Audit Comittee as well as administratively to the CFO.

Goals and acitivites

Goals:
Every aspect of our business activities shall be conducted in an ethical and responsible manner
  • Goals for 2020 – what did we say?

    • Auditing the anti-­corruption programme against local and international regulations.
  • Goals for 2020 – what did we say?

    • Implementation of revised governance documents.
    • Develop and maintain internal governance documents.
  • Goals for 2020 – what did we say?

    • Carry out risk analyses, internal controls and audits to confirm compliance with legislation, rules and internal procedures. 
    • Implement risk reduction measures as needed.
    • Reinforce internal control function in our compliance department. 
  • Goals for 2020 – what did we say?

    • Further develop and carry out continuous training.
  • Goals for 2020 – what did we say?

    • Maintain and further develop good forms of cooperation with business partners and other external. 
  • Goals for 2020 – what did we say?

    • Develop incentives and KPIs for ethics, as well as internal rules and procedures for reactions and sanctions for undesirable business conduct.
  • Goals for 2020 – what did we say?

    • Communicate a clear and distinct “Tone at the Top” to all managers at all levels.
To the top