Governance, business ethics & transparency
Sustainability Review Board
INNIO’s sustainability governance, including all relevant ESG material topics, are integrated into the INNIO Group’s enterprise governance structure and are regularly accounted for in business considerations and decisions and are part of INNIO’s day-to-day operational and management processes.
The highest decision-making body after INNIO’s Executive Board is the Sustainability Review Board (SRB). Chaired by the VP Sustainability, the SRB reports on a monthly basis to the Executive Board. Furthermore, the SRB meets on a bi-weekly basis and comprises 16 members. Members include business leaders from Operations, Procurement, Engineering, Digital & R&D, Sales, Product Management, HR, Diversity, Equity and Inclusion and Communications.
Some of the tasks the SRB is responsible for are:
- Ensuring compliance with existing and future ESG-related frameworks and regulations such as the EU Taxonomy, the Non-Financial Reporting Directive (NFRD), Corporate Sustainability Reporting Directive (CSRD), and others
- Collaborating in sustainability networks to exchange best practices and experiences and increase awareness across businesses and society
- Establishing goals such as those surrounding the environmental impact of INNIO’s own activities and those from the life-cycles of our products, development of climate-neutral products, building a diverse and inclusive workforce, a responsible procurement and circular economy, constant engagement with societies, and other initiatives where INNIO can provide material support and maintain transparent governance and business conduct
- Reviewing initiatives and progress toward identified goals, including review of KPIs, challenges to resolve, risk, and opportunities resulting from changing environment
- Assigning initiatives and work groups for specific projects that enable fulfilment of ESG goals and/or improvement of operational sustainable standards
- Developing awareness campaigns and stakeholder engagement activities among the INNIO workforce or with customers and/or suppliers
- Collaborating on ESG disclosures and progress reports
Responsible business conduct
As a signatory of the UN Global Compact, we act in accordance with the highest ethical standards on an international level in all places we operate. Through our Code of Conduct (CoC) we define common rules and provide guidance for all employees as regards responsible business practices. The key areas of the Code of Conduct include compliance with laws, business ethics, anti-corruption, anti-fraud, transparency and continuous stakeholder dialogue, cybersecurity and data privacy, respect for human and labor rights, occupational health and safety, and fair employment practices, among others. Our Code of Conduct is available on INNIO’s website and intranet in English, German, and other languages.
To make sure the active and continuous application of our Code of Conduct, we promote its implementation through continuous and effective communication, and a variety of annual mandatory training courses, available in INNIO’s learning platform, for all employees & contractors.
Our Code of Conduct as well as additional specific anti-corruption policies require the full compliance with anti-corruption laws of the countries in which we do or intend to do business and prohibit the company and our employees from offering or accepting any kind of benefit considered to be a bribe and from taking actions that could give rise to a conflict of interest.
Before we engage with new business partners, INNIO conducts exhaustive due diligence assessments. Such assessments involve the potential business partner and its direct and indirect shareholders, investors, and directly or indirectly involved legal entities. For this reason, we perform checks on counterparties to obtain information focused on corruption, money laundering, other criminal conduct, and related sanctions as per the Group’s standardized know-your-customer (KYC) and know-your-supplier (KYS) process. Key red flags are connections to government officials and companies referred to in high-attention media reports related to political and corruption cases, sanctioned entities, or any other suspected involvement in criminal conduct.
Whistleblower programs—SPEAK UP!
We expect from all employees who observe or become aware of potential or actual misconduct or violation of internal rules or statutory regulations— committed by other employees or business partners—to report these incidents in SPEAK UP!, our dedicated whistleblower platform. This platform is available to all internal and external stakeholders, since we believe that all stakeholders represent a valuable source of information that can help identify breaches of ethical standards. The SPEAK UP! platform is available in two languages, English and German.
All stakeholders can report an incident fully anonymously, if desired, without fear of harassment, retaliation, or adverse employment consequences. All reports are analyzed with the utmost discretion by INNIO’s dedicated compliance experts, and the SPEAK UP! data is treated with the highest confidentiality.
INNIO strives to always implement the highest standards of corporate governance and transparency, gaining the trust and respect of our stakeholders. In this context, as described also in our Code of Conduct, INNIO forbids any support of—or donations to—political parties. INNIO follows or is a member of several initiatives in areas such as energy, environment, and climate change. We are determined to remain fully transparent about our participation in different associations, and we remain compliant with reporting obligations and transparency requirements.
At the beginning of 2022, INNIO published our revised Lobbying Policy which is intended to ensure that INNIO always acts within the framework of applicable laws.
A mandatory eTraining about Lobbying is also required to be completed annually by employees who have specific points of contact in these areas or a certain role in the organization.
INNIO supports tax policies and incentives that encourage enterprise innovation and foster economic growth. For this reason, the Group aims to be transparent about its tax approach disclosure. INNIO’s business activities generate a substantial amount and variety of taxes. INNIO Group pays corporate federal, state, and local income taxes, stamp duties and a variety of other taxes. In addition, we collect and remit not only payroll taxes but also indirect taxes such as excise duties and VAT.
The taxes we collect and pay represent a significant part of our economic contribution to the countries in which we do business. We are committed to always acting in compliance with applicable laws and regulations, be transparent in our financial reporting disclosures, and developing strong, mutually respectful relationships with tax authorities based on transparency and trust. INNIO files a country-by-country report for the Group with the Austrian tax authorities in accordance with the Sec. 3 Transfer pricing documentation act and Action 13 of OECD’S Base Erosion and Profit Shifting Action Plan. This report breaks down among others from the consolidated financial statements the annual tax payments INNIO has made in the countries in which INNIO owns a legal presence.
Cybersecurity & data privacy
Data protection under the standards of GDPR and other applicable jurisdictions and the protection of confidential information including but not limited to proprietary business information are commitments from the INNIO Group to our stakeholders, including customers, employees, and providers of capital. The Group’s Chief Information Security Officer (CISO) and the Information Security Team together with the Legal Team and the external Data Protection Officer oversee data privacy, information security, policy formulation and implementation, risk management, and security audits.
The Information Security Team together with the Legal Team meets regularly to review and resolve guidelines and policies and carry out adequate measures. The Executive Board, which is responsible for monitoring our corporate information security and cybersecurity management mechanisms, receive reports and updates on a regular basis. State-of-the-art technologies and services are used to achieve the expected high level of internal and external security. In addition, organizational measures are implemented such as annual mandatory security awareness training, data privacy trainings, and security alerts for employees as well as phishing simulations.
The Group uses numerous security tools to prevent and respond to all types of attacks and block intrusion attempts. Some of these tools include adaptive security appliances such as firewalls, anti-virus, intrusion protection and VPN capabilities, artificial intelligence systems that predict and prevent threats in real-time, and cloud and endpoint security platforms designed to help enterprise networks investigate and respond to advanced threats. Additionally, INNIO has multifactor authentication (MFA) deployed for all employees to further prevent intrusion attempts. In relation to data privacy the Group has implemented a data privacy lifecycle management.
Vulnerability Review Board
The Group has continuous vulnerability management programs in place, including scheduled vulnerability scanning and patching. These programs review systems, networks, and applications for updates that remediate security vulnerabilities. INNIO also runs a weekly vulnerability Review Board where vulnerability status across all estates is reviewed by the Board to ensure remediation is happening and to assist with any issues faced.
Respect of labor and human rights
Human rights are inextricably linked to our corporate values. We respect human rights as described in the Universal Declaration of Human Rights, the International Labor Organization (ILO), and other internationally recognized treaties. We commit to upholding labor rights, including decent wages, working hours, employee representation, and provisions against forced labor, child labor, and human trafficking. We are determined to advance these rights throughout our value chain, contributing to a more fair and inclusive future for all people.
Human rights governance
INNIO’s Labor & Human Rights Policy, together with our Code of Conduct and applicable laws, guides us in the planning, execution, review, and action for human rights-related governance in the organization. Managers from the HR, Supply Chain, and Legal & Compliance departments are responsible for taking charge of human rights topics and reporting regularly to the members of the Executive Board.
- The HR team is responsible for managing human rights topics that have daily relevance to INNIO employees in accordance with INNIO’s Human Resources management system and formal internal control procedures. The team conducts internal labor and human rights audits, trains employees around these topics, and reports directly to the Chief Human Resources Officer (CHRO), who is a member of the Executive Board.
- INNIO’s Supply Chain team is responsible for human rights topics related to suppliers. All relationships with suppliers are formulated and implemented in compliance with INNIO’s Code of Conduct and the UN Global Compact to help ensure compliance and transparency in supplier management.
- The Legal & Compliance team provides daily advisory to our business activities, monitors potential cases of human rights risks or violations, conducts investigations to assess these cases, and takes appropriate action.
Human Rights Risk Management
INNIO conducts due diligence in compliance with international standards and regulations that helps us evaluate the effectiveness of our processes, identify and assess actual or potential adverse human rights impacts that may occur through our own activities or are directly linked to our business relationships, and integrate the findings in our overall corporate processes.
INNIO conducts human rights assessments for our own operations with the help of third-party organizations. So far, the results of these assessments show that our processes are effective, and no human rights issues occur our operations or business relationships.
Labor & Human Rights Training
INNIO provides mandatory trainings for labor and human rights issues for all employees. Every employee is required to complete these trainings annually.
2 Definition of bribe: the offering, giving, soliciting, or receiving of any item of value as a means of influencing the actions of an individual holding a public or legal duty.