257 BMW Group Report 2024 To Our Stakeholders Combined Management Report Group Financial Statements Responsibility Statement and Auditor’s Report Remuneration Report Other Information Compliance and Human Rights COMPLIANCE Compliance lays the foundation for the long-term success of the BMW Group. Compliance builds trust in our products and brands and shapes our public image. Compliance means much more to the BMW Group than simply observing applicable laws and Group directives around the globe. It forms part of our identity, our understanding of leadership, and our living culture of integ- rity. Compliance creates a binding framework for all our business activities. Compliance as a corporate function* » Compliance is the managerial responsibility of the Board of Management of BMW AG, executed by creating an appropriate regulatory and supervisory framework, as well as through regular and ad-hoc reporting, accompanied by clear communications. This approach is based on the core belief that compliance with applicable laws and related internal regulations is the responsi- bility of all employees. As role models, managers are tasked with anchoring compliance culture in their area of responsibility and ensuring compliance requirements and processes are imple- mented accordingly. In addition to being responsible for the Group-wide Compliance Management System, the BMW Group’s Chief Compliance Of- ficer also manages the Group Compliance division and briefs the Board of Management and Supervisory Board of BMW AG at regular intervals. « Compliance Management System (CMS)* » The BMW Group’s Company-wide Compliance Management System (CMS) reinforces the culture of compliance and integrity and helps reduce sanction and liability risks, as well as risks aris- ing from other (non-)financial disadvantages, such as reputa- tional risks. The CMS focuses on adequacy and effectiveness and is based on the Prevent, Detect, Respond model, which de- fines specific preventive, monitoring, control and response measures. Clear assignment of roles and responsibilities is also essential. The CMS is tailored to the Group’s risk situation and addresses all relevant compliance topics. Group-wide, these include Anti- Corruption and Fraud Prevention, Anti-Money Laundering, Anti- trust and Human Rights Compliance, Export Control Compliance, Data Privacy, Product Compliance, External Workforce Compli- ance and Compliance for regulated Financial Services units. Re- sponsibility for Data Privacy, Product Compliance, External Work- force Compliance and Compliance for Regulated Financial Ser- vices Units outside Group Compliance lies with independent de- partments. « Further development of CMS The CMS is reviewed on a regular basis and refined as needed. This primarily involves evaluating strategic focus topics, legal and regulatory requirements and trends, best practices as well as industry standards, all of which are taken into account from a risk perspective. The objective is to consistently improve the CMS. The BMW Group is an active member of various associa- tions and interest groups, including the German Institute for Compliance e. V. (DICO), at Board level. Priority areas in the reporting period were export control due to the war in Ukraine, and anti-money-laundering, due to the in- crease in legislative initiatives. One component of the CMS is the Data Privacy Protection com- pliance programme, which is the responsibility of Group Data Pri- vacy Protection. This is based on the Privacy Corporate Rules and the Binding Corporate Rules, which contractually protect the transfer of employee data within the Group. Implementation of the programme is validated through regular reporting by affili- ated companies and independent audits carried out by Group Data Privacy Protection. The Quality Management department is responsible for product compliance as part of the CMS. with a focus on preventing in- fringements of product-related laws and official regulations as well as ensuring compliance with directly associated requirements for products within the BMW Group’s Automotive and Motorcycles segments. In the reporting year, the Product Compliance Programme’s entire working method was specified in terms of its self-image, systems and processes, and the Ger- man Association of the Automotive Industry (VDA)’s Product Compliance System was incorporated as a new external orienta- tion framework. With a focus on prevention, product compliance audits further strengthened the Detect processes, and extensive communication measures strengthened compliance awareness. As part of the CMS, the Group’s HR department oversees the Ex- ternal Workforce Compliance programme. This is designed to safeguard the Group from the repercussions of collaborations with employees of external entities that are not compliant with labour law. In the reporting period, External Workforce Compli- ance was expanded with the aim of ensuring the requirements for compliant contracts for work and labour are even more firmly rooted in the Company with regard to the procurement of ser- vices and cooperation with service providers. The compliance programme for the specific requirements of reg- ulated Financial Services Units takes into account the particular- ities of the financial services business and the risks and regula- tions involved. The specific focus of the programme – in addition to the proper implementation of other compliance topics – is on legislative and regulatory monitoring, consumer protection and the implementation of financial services supervisory require- ments. * This section contains disclosures in line with ESRS G1-3.18a).