At Bosch, compliance with the law is an integral part of the company’s values
The aim of our globally applicable rules of business conduct is to protect our associates and company as well as our customers and partners.
As our “We are Bosch” mission statement says, “We promise only what we can deliver, accept agreements as binding, and respect and observe the law in all our business transactions.” To underscore the importance of this principle, we have summed up our position with regard to legal requirements and ethical issues in our globally applicable Code of Business Conduct. The Code of Business Conduct serves as a guideline for how to do business.
Bosch has a global compliance system headed by a chief compliance officer who reports directly to the board of management. There is also a corporate compliance department and compliance officers in all divisions and regions.
Prevention and inspection measures including the dual-control principle, job rotation in sensitive areas, as well as regular audits are designed to support our values-based compliance system. We also have a mandatory compliance training programme for our associates. In addition, we have established a “Compliance Dialogue,” which allows compliance-related topics and experience to be discussed among our executives, associates, and compliance officers.
The compliance system also includes a reporting hotline, which associates, business partners, and third parties can use to report irregularities at any time. Responsible and legally compliant behavior does not stop at company boundaries. With this in mind, we have established a Code of Conduct for suppliers, which defines the principles and requirements for collaborating with Bosch. We conduct regular audits to ensure that our suppliers comply with these principles. In such a fast moving environment, we continuously review our compliance system to be able to quickly adapt our rules and processes to new legal and technical developments.
In the long term, an honest and fair approach to doing business will always be the most profitable.
Frequently asked questions
What do we mean by compliance?
Compliance means observing laws and company regulations. In other words, all business activities of the Bosch Group and its associates must comply with all legal requirements, the Code of Business Conduct, and any applicable guidelines and central directives that relate to this topic in any way (“compliance principle”).
The topic of compliance is one that concerns all associates, as everyone is affected — directly or indirectly — by violations: on the one hand, violations of the law may lead to criminal prosecution, depending on the seriousness of the case. On the other hand, violations of the compliance principle can cause the company pecuniary harm, as well as damaging its reputation. The result is a deterioration in the company’s business efficiency, and thus in its success. Compliance also concerns business relations between Bosch and third parties: Bosch does not want to be involved in other parties’ violations of the compliance principle.
What should be done if the Compliance requirement is violated?
It is up to all associates to report possible violations of the compliance principle, and in this way to help limit the consequences of such violations and prevent similar misconduct happening in the future. This also applies to business partners and third parties.
Who can report violations of the compliance principle?
• Any associate, including interns and Ph.D students
• Externally employed persons such as subcontracted workers or associates working for external service providers
• Any business partner, such as suppliers, customers, or joint venture partners
• Any third party
What violations should be reported?
It is important that matters be reported that indicate a criminal offense has been committed — such as theft, fraud, or bribery — or that there has been a systematic violation of legal or company-internal regulations, such as the deliberate and sustained non-compliance with quality or safety standards or with the Code of Business Conduct.
Suspicion, but no proof — should a report be made?
Yes. Compliance officers are responsible for conducting investigations, gathering evidence that will stand up in court, and instituting any proceedings that may be necessary. They receive support from experts in the specialist departments who have the required training and relevant authority.
Do people who report violations have to fear repercussions?
People who report possible compliance issues to the best of their knowledge and in good faith do not have to fear being disadvantaged by the company as a result of their actions.
Is it possible to submit anonymous reports?
Yes, reports can be submitted anonymously via the Bosch compliance hotline. It is possible to set up a secure mailbox within the hotline to interact anonymously with the responsible compliance officer.
What exactly happens to a report?
The compliance officer is responsible for launching an investigation into the reported violations and ensuring the matter is properly resolved (if necessary with the support of Bosch specialist departments or external specialists).
Documentation and transparency
Every report of possible violations as well as the measures subsequently taken must be documented by the compliance officer. Taking into account the legitimate interests of the parties involved, the person reporting the matter may inquire about the status of the investigation. If the investigation of a matter is dropped because no relevant misconduct has been found, the individual concerned will be informed accordingly, provided they were asked to comment in the course of the investigation or requested such information.
Any report of possible compliance violations will normally involve the disclosure of personal data. The receipt and processing of such reports therefore requires that the people making reports confirm they have been informed of their rights under data privacy laws, and consent to their personal data being used in the course of the investigation of the compliance matter. In the case of a report submitted anonymously, this does not apply.