259 BMW Group Report 2024 To Our Stakeholders Combined Management Report Group Financial Statements Responsibility Statement and Auditor’s Report Remuneration Report Other Information Compliance and Human Rights Compliance training Compliance training opportunities are continuously refined for specific target groups. The online training courses with case studies and test questions, repeated every two years, strength- ens the compliance culture and reinforces compliant behaviour. This offering is supplemented by target-group-specific class- room training on antitrust compliance in addition to online train- ing courses on data privacy and product compliance. Digitalisation supports compliance IT-based compliance systems are used for transparent and effi- cient documentation, assessment and approval of compliance- relevant matters Group-wide. This includes topics such as money laundering and sanctions lists, exchange activities with competitors, business partner due diligence and verifying the le- gal admissibility of benefits in kind. The data collected in this way forms the basis for the compliance risk assessment. Compliance and notification systems1 » Employees with questions or concerns relating to compliance can discuss these matters with their managers or relevant de- partments and, specifically, with the Compliance functions. The Compliance contact serves as a further point of contact for both employees and external parties. Reports of potential compliance violations can also be submitted anonymously and confidentially in several languages via the BMW Group SpeakUP Line notification system or via the ombud- sperson. Incoming information is addressed in accordance with the BMW Group guideline “Indications of compliance violations”. The BMW Group protects information providers in two ways: first, individuals may provide information without disclosing their identity; second, no one providing information faces retaliatory action. All queries and concerns relating to compliance are doc- umented and processed using a Group-wide electronic case management system. If necessary, Corporate Audit, Corporate Security, the legal departments or the Works Council are brought in. « CMS monitoring and controls2 » The CMS provides differentiated monitoring levels for review- ing observance and implementation of compliance rules and pro- cesses at regular intervals. In addition to the direct checks per- formed by Compliance Responsibles as business managers, risks are further reduced by additional measures integrated into business processes, which generally form part of the ↗ Internal Control System. Compliance investigations are carried out when the need arises or ad hoc as part of the Detect function of central Group Compli- ance. These include internal investigations in connection with of- ficial investigations, which serve to clarify the facts internally. Risk-based compliance audits aimed at identifying specific com- pliance risks are focused on antitrust law as well as on the issues of export control and money laundering prevention. Corporate Audit also monitors adherence to compliance requirements by business managers, as well as selected elements of the CMS. All control checks are geared towards reducing compliance risks. Any infringements are immediately remedied, with an emphasis on reducing the risk of repeat offences as far as possible. Where infringements can be traced to an individual, that person will be appropriately sanctioned, in accordance with the processes de- fined for this purpose. As part of the annual internal review of the BMW Group CMS, its appropriateness and effectiveness are assessed on the basis of defined criteria. In addition to the assessment of the Compliance Responsibles, the measurement also takes into account the as- sessment of compliance and other governance functions. Our overall statement on the adequacy and effectiveness of the In- ternal Control and Risk Management System, including the CMS, can be found in the section ↗ Adequacy and effectiveness of the Internal Control System and Risk Management System. « Regular compliance reporting to the Board of Management and Supervisory Board The Board of Management and Supervisory Board of BMW AG, the Audit Committee (a committee of the Supervisory Board) and the company’s other executive committees are briefed regularly (at least twice a year), as well as on a case-by-case basis, by the CCO. 1 This section contains disclosures in line with ESRS S1-3.33; ESRS S2-3.27; ESRS S4-1.16b); ESRS G1-1.10a), e); ESRS G1-3.18a). 2 This section contains disclosures in line with ESRS G1-3.18a).