COMPOSICIÓN Y ESTRUCTURA DE LOS EPSs

The Groupwide compliance program focusing on anti-corruption policies and antitrust law with its three pillars “inform”, “identify” and “report and act” was rigorously continued in the 2013/2014 fiscal year. Intensive measures aimed at developing the program further were also resolved and in part implemented. The special audit carried out by BDO AG Wirtschaftsprüfungsgesellschaft and Prof. Dr. Hans-Joachim Böcking up to November 2013 confirmed that above all the further development of the compliance-relevant internal control system is well advanced and the compliance function is professionally organized and appropriately staffed. Based on this, a wide range of further measures was defined and implemented, such as a Groupwide bottom-up risk analysis and a comprehensive project to determine a compliance strategy for the coming years up to 2020.

New Executive Board member for Compliance and Legal

Dr. Donatus Kaufmann joined the Executive Board of ThyssenKrupp AG on February 01, 2014 and took charge of the new Compliance and Legal directorate. Consequently there have been changes to responsibilities and reporting channels; the Chief Compliance Officer now reports directly to Dr. Kaufmann.

Further development of the compliance program

We once again continuously developed our compliance program in the reporting year. For example, the compliance organization was adjusted in line with the new Group structure resulting from the ACT project. Work continued in particular on increasing the number of compliance staff. Most compliance officer positions at corporate and business area level have now been filled. Regional compliance officers will be appointed in line with progress in the regionalization of the Group. The compliance officers and regional compliance officers advise, inform and educate employees around the world about important legal requirements and internal policies; among other things they carry out proactive compliance audits and investigate suspected cases of non-compliance. In the business areas and Group companies they are supported by a network of around 320 compliance managers – generally managing directors of Group companies – who ensure the compliance program is implemented at operating level in their areas of responsibility.

The findings of the aforementioned special audit also show that we are moving in the right direction. Cooperation with the auditors and their recommendations also provided further impetus for the continuous development of the compliance program.

Groupwide risk assessment

We carried out a Groupwide bottom-up risk assessment in the reporting period with a significantly wider scope than the previous top-down assessment. Based on a detailed questionnaire we analyzed objective risks at Group company level in the areas of antitrust law and corruption prevention as well as in other risk areas (export controls, sanctions lists, money laundering) and the degree of implementation of the compliance program at the individual Group companies. In a second step, workshops were held at over 100 Group companies on the basis of the identified risks to develop measures to manage them.

The risk analysis is having a positive impact at various levels of the Group. From the Group perspective and for the regions it enables compliance activities to be managed in a significantly more targeted and efficient way. In addition, the business areas can include the results of the risk analysis in their strategies and manage their business activities according to the risks identified. At operating level, the risk analysis helps local officers perform their duties with greater focus and reduce compliance risks in their operations directly by introducing mitigating measures.

78 Combined management report−Compliance

Compliance Strategy 2020

Based on the current status of our compliance program, the findings of the special audit and in particular the insights gained from the Groupwide risk assessment, the compliance organization carried out a project under the strategic leadership of the new Executive Board member for Compliance and Legal to determine ThyssenKrupp’s future compliance strategy up to 2020.

The starting point for the Compliance Strategy 2020 is the establishment of a holistic understanding of compliance in the Group. This means that in addition to the core topics of the compliance program – antitrust law and corruption prevention – compliance will be seen as a cross-functional endeavor for the Group in the future; the aim is to ensure full compliance with all laws and internal policies.

In this connection, the Executive Board has decided to include the areas of combating money laundering, data protection, and the Italian compliance law 231 alongside the existing core topics of antitrust law and corruption prevention. The compliance function will continue its intensive compliance activities in the area of existential core risks – with full content management, consultation and monitoring authority – in accordance with the defined compliance program. The new areas have been added because they are closely related to the previous core tasks and will generate synergies through the use of the existing compliance organization. The establishment and implementation of compliance measures in these new areas will therefore be a key area of Corporate Function Compliance’s work in fiscal year 2014/2015.

In line with the holistic view of compliance in the Group, additional topics (e.g. export controls and sanctions lists) have been identified which are to be managed fully and systematically on a risk-oriented basis in the future. The aim is to ensure the observance of compliance-related organizational and oversight duties and minimize material risks. In each case, responsibility for compliance (centralized or local) remains with the competent corporate function or business area, with Corporate Function Compliance acting as advisor, coordinator and consolidator. Some of these additional areas were included in the risk analysis. In the future, reporting to the Executive Board will be consolidated to take in all identified areas. This holistic view will facilitate the sharing of knowledge and allow greater synergies in organization, processes and methods.

In addition to identifying areas to be covered, the Compliance Strategy 2020 project has also developed a vision for compliance at ThyssenKrupp with a “roadmap” for the coming years up to 2020. The project involved not only all employees from the compliance function but also the compliance managers and staff from various other functions and the business areas. The project was also based on an extensive benchmarking study carried out with comparable companies and with the involvement of external compliance consultants.

The aim of the compliance strategy is to develop measures under seven main strategic objectives that will help anchor compliance systemically in the Group. In addition to the aforementioned holistic compliance approach, the main strategic objectives include the creation of a sustainable integrity and compliance culture. Particular emphasis here is placed on the importance of personal integrity and individual responsibility for compliance with rules and laws. We want to create an open compliance culture in which it is possible to admit to mistakes and learn from them. A further objective is to focus more strongly on the strategic value added by compliance. The compliance function is to be established and seen as a strategic business partner and for example involved in relevant strategic decisions by the businesses. This calls for a

needs-based organization and a comprehensive compliance program; this includes a clearer allocation of roles and

responsibilities, effective and efficient program management with appropriate staff levels, and in particular an organization and allocation of tasks structured in line with the needs of the Group.

79 Combined management report−Compliance

If these goals are to be achieved, the personal commitment of our employees is essential. Compliance must speak to employees on both an emotional and a rational level, for example through suitable communications measures. By implementing all measures from the compliance program throughout the Group and integrating compliance into business processes, the aim is to maximize the penetration of the compliance culture in the Group. At the same time, there should be a greater focus on practice-based, understandable and solution-oriented activities, for example taking specific business, regional and cultural requirements into consideration.

To achieve these main strategic objectives, numerous individual measures have been defined that will be implemented gradually in line with risks and resources. These measures will impact all levels of the compliance program, e.g. to focus the role of compliance managers, tailor communications to addressees – especially for the regions – and strengthen cross- functional cooperation.

Continuous implementation of the compliance program

In parallel with the Compliance Strategy 2020 project, the existing compliance activities were also implemented continuously. A key role in this was played by the antitrust and corruption prevention training courses held by the compliance officers to educate our employees about compliance requirements and risks as well as possible sanctions; they are a central component of the “inform” pillar of the compliance program. Compliance requirements in the form of Groupwide policies are based on applicable laws and also help implement international standards. They are continuously adapted in line with legal changes. In the reporting year, almost 6,000 employees worldwide attended classroom courses on antitrust law and corruption prevention. As part of the third cycle of the compliance e-learning program initiated in August 2012, almost 45,000 employees (anticorruption) and over 38,000 employees (antitrust) had successfully completed the training courses as of the end of the reporting year. Based on a cut-off point of eight weeks after registration, the program has currently been completed by 98.3% of those registered. Our subsidiaries in the USA and Canada have their own programs.

We also provide compliance advice on key business transactions, e.g. in connection with major projects and M&A projects or on the engagement of intermediaries. For this the employees can contact their compliance officers in the business areas, regions and at Corporate or call our central hotline. The compliance officers advise the operating units on integrating compliance into their business processes.

The “identify” pillar of the compliance program focuses on regularly reviewing critical business operations based on a risk- oriented, structured audit process. An additional element in the identification of compliance risks is our whistleblower system. Alongside the options of directly contacting a supervisor or the compliance department, this provides employees with a further channel for reporting possible infringements of laws or policies without revealing their identity. The system was presented in detail in the 2012/2013 Annual Report.

The third pillar “report and act” signifies intensive compliance reporting in all three dimensions of the ThyssenKrupp matrix. In the event of proven antitrust law infringements or corruption, we systematically impose sanctions on the employees concerned.

The basis for successfully implementing the compliance program is a corporate culture that stands for values such as openness, transparency and credibility. Our employees bear personal responsibility and our managers also bear corporate responsibility for compliance and base their actions on these values. The further development of our compliance strategy described here ultimately also serves to support the change required in the mindset and behavior of our employees and so contribute to establishing an even stronger compliance culture throughout the Group. Only in this way can we sustainably implement our clear commitment to ensuring that violations at ThyssenKrupp, particularly violations of antitrust and anticorruption rules, are not tolerated under any circumstances (zero tolerance).

80 Combined management report − Employees