258 BMW Group Report 2024 To Our Stakeholders Combined Management Report Group Financial Statements Responsibility Statement and Auditor’s Report Remuneration Report Other Information Compliance and Human Rights Three-stage approach of the Compliance Management System The Financial Services segment has established its own dedi- cated risk management unit, which works closely with the central Group Compliance function as part of the CMS. On the basis of an annual analysis, it identifies the possible need for adjustments and defines appropriate measures. Group-wide implementation by the BMW Group’s financial services companies is continu- ously reviewed and reported on to the management of the Fi- nancial Services segment on a quarterly basis. A management system also supports the early identification of risks arising from non-compliance with internal and external reg- ulations. In 2024, an external audit of the CMS was conducted with a fo- cus on the Anti-Corruption and Antitrust Compliance pro- grammes in accordance with the auditing standard of the Insti- tute of Public Auditors in Germany (IDW PS 980). This was con- cluded with an unqualified audit opinion. Group-wide compliance network Relevant compliance risks are identified in the business depart- ments on the basis of internal guidelines; an initial assessment is then made and measures taken to mitigate them. Group-wide, around 180 managers perform these tasks for their areas of re- sponsibility as operational Compliance Responsibles. Specialist departments worldwide are supported in their work by the central Group Compliance function, as well as the network of business unit and division Compliance Officers (heads of relevant compliance functions), supplemented by around 80 local Com- pliance Officers (heads of local compliance functions) at BMW AG’s international subsidiaries. Every Compliance Officer is tasked with implementing the CMS and compliance pro- grammes for defined topics in their area of activity, as well as identifying and realising division-specific compliance measures. Compliance risk assessment Code of Conduct and compliance regulations Risk-reducing compliance measures including sanctions Compliance communication and training 1 2 3 4 5 6 7 8 10 Compliance IT systems and processes Compliance reporting 9 Notification system COMPLIANCE ORGANISATION Compliance investigations Compliance monitoring Compliance consulting COMPLIANCE CULTURE