Compliance at Vossloh

Vossloh considers compliance to be conduct in line with all the applicable laws and internal guidelines. As a global enterprise with a 140-year history, Vossloh has a social responsibility toward its customers, partners, employees, investors and the public. This social responsibility involves Vossloh and all its employees adhering to the applicable laws, respecting basic ethical values and acting in an exemplary fashion at all times and in all situations in the course of their work.

The Executive Board of Vossloh AG has unequivocally summed up these principles in its Compliance Commitment, which states: “Compliance with the law has absolute priority over closing a deal or achieving internal targets. We would rather forgo a business opportunity than violate the law. We will not tolerate any violation of the law or of our internal guidelines and policies and will sanction any such behavior (zero tolerance policy).” The Executive Board of Vossloh AG has put a Compliance Management System in place for the Vossloh Group. The Vossloh Compliance Management System is designed to identify compliance violation risks and to minimize these risks in order to prevent Vossloh and its employees from incurring damage. Anti-corruption and the strict observance of antitrust regulations play a particularly important role.

Since 2007, the Vossloh Compliance-Management-System has been based on the Vossloh Code of Conduct, which stipulates the value of integrity and is mandatory for the entire Group and all employees. The Code of Conduct was comprehensively revised and enhanced in 2016. With this and the compliance guidelines, which apply equally throughout the Group, all the employees have a canon of rules that serves as a yardstick for their daily work and helps them make good and lawful decisions. The compliance rules are available in the Group’s main languages and have been distributed to all Vossloh Group employees around the world. Based on a compliance training concept, all employees receive regular training on compliance issues tailored to their target group. Vossloh has also established a compliance eLearning program for all employees with a computer workstation.

To implement and monitor compliance, the Executive Board established the Compliance Organization, stipulating its structure, responsibilities and tasks of the individual compliance positions, and their reporting channels in the “Rules of Procedure of the Compliance Organization.” The Vossloh Compliance Organization comprises the Chief Compliance Officer (supported by a Compliance Office), the Group Compliance Committee at Vossloh AG, Compliance Officers and Compliance Committees within the business units and Local Compliance Officers within the operating companies. The Chief Compliance Officer regularly reports to the Executive Board and Supervisory Board.

Vossloh set up a whistleblower hotline in partnership with an international law firm in order to uncover potential Compliance violations. The whistleblower hotline allows company employees and external whistleblowers to report possible misconduct to an independent external contact (ombudsperson). The whistleblower hotline has so far been set up for 24 countries. As such, the main regions and the languages spoken within the Vossloh Group are essentially covered. The Chief Compliance Officer follows up all reports and implements appropriate measures where necessary. The same applies to reports which employees can make internally, for example they can contact Vossloh AG's Compliance Office directly.

The Chief Compliance Officer and the Group Compliance Committee review continuously the Group-wide appropriateness and effectiveness of the Compliance Management System. In the fiscal year 2024, the Executive Board decided to subject the Compliance Management System to another external review — in relation to the subsections of antitrust law and anti-corruption — in accordance with IDW PS 980 as amended (2022) following the last external review and confirmation by KPMG AG Wirtschaftsprüfungsgesellschaft in the fiscal year 2017. KPMG AG Wirtschaftsprüfungsgesellschaft was commissioned again for this purpose. This audit was started with the Readiness Check in the fiscal year 2024 and will be completed with the Adequacy and Effectiveness Audit in 2025.

The Group Compliance Committee regularly performs incident-unrelated audits, usually with the assistance of external auditors, and conducted risk dialogs in recent years up to the end of the reporting year in order to check the adequacy and effectiveness of the Compliance Management System within the Group companies and to identify new or changed risks and any scope for improvement. At the end of the fiscal year 2024, the Group Compliance Committee decided to discontinue the previous risk dialogs and have replaced them with a software-based risk assessment for all Group companies. The software-supported query was initiated for the first time at the end of 2024.

If you have questions, suggestions or would like to make a notification with regard to the Vossloh Compliance Management System, please contact the Compliance Office of Vossloh AG:

Phone: +49 (0)2392 /52-723
E-Mail: compliance@vossloh.com

• Compliance Commitment by the Management Board of Vossloh AG
• Vossloh Code of Conduct
• Vossloh Whistleblower Hotline
• KPMG audit report