189 BMW Group Report 2024 To Our Stakeholders Combined Management Report Group Financial Statements Responsibility Statement and Auditor’s Report Remuneration Report Other Information Sustainability Statement COMBATING CORRUPTION AND BRIBERY Material impacts, risks and opportunities Type Stage of the value chain Policies Targets Specific actions Having a clear selection and communication of core values and beliefs for employees (e. g. the BMW Group Code of Conduct) and trainings in place avoids negative environmental and social behaviour and strengthens the individual sense of responsibility of the employees, especially with regard to corruption prevention. Positive Impact − BMW Group Compliance Manage- ment System (CMS) » Compliance Management System (CMS) − Rate of completion of the manda- tory “Compliance Essentials” web- based training course − Internal compliance regulations − Internal communications activities and case-by-case consultation by Compliance − Regular monitoring, including re- porting to management Upstream material Own Operations material Downstream material Preventing, detecting and combating corruption and bribery The BMW Group’s corporate culture is based on values and fun- damental beliefs, founded on trust, mutual respect and tolerance. The Code of Conduct transposes the BMW Group’s corporate values into essential guiding principles for all employees. This boosts employees’ sense of individual responsibility. In this con- text, they are also supported by a Compliance organisation and a regulatory framework to ensure that the Company acts within the law at all organisational levels. The CMS comprises measures to combat corruption and bribery, thereby reinforcing a culture of integrity and compliance. In particular, it helps to re- duce sanction and liability risks, as well as risks arising from other (non-)financial disadvantages such as reputational risks. Clear assignment of roles and responsibilities is also essential. The CMS applies to all affiliated companies in which the BMW Group holds a majority interest of more than 50%, in par- ticular fully consolidated affiliated companies of the BMW Group, whereby BBA maintains its own CMS with the same level of ef- fectiveness as the Group’s CMS. Non-controlling interests and 50:50 joint ventures are not part of the BMW Group’s compli- ance organisation and are not covered by the CMS. These com- panies are required to set up and implement their own adequate and effective compliance programmes, by taking a risk-based approach, and to report on these to the BMW Group. This also applies to joint operation Spotlight Automotive Ltd. In exercising the rights as a shareholder of non-controlling interests with stra- tegic relevance, BMW AG seeks to ensure effective compliance (ongoing development of a risk-adequate CMS and its proper im- plementation). As a shareholder, BMW AG receives reports on CMS-related topics and information as required. Further infor- mation on the CMS can be found in the Compliance section. » Compliance Management System (CMS), » Compliance as a corporate function The central Group Compliance function sets out the basic struc- ture of the CMS, including the anti-corruption compliance pro- gramme. The key components of the programme include a spe- cific and Company-wide risk analysis, instructions containing specific guidance on how to act in situations where there is a risk of corruption, training courses, communications and case-by- case consultations. In addition, employees are provided with support in day-to-day situations via IT systems. Regular moni- toring is also carried out to ensure compliance with requirements. The BMW Group has set up a notification system to handle que- ries and notifications on compliance-related issues, including corruption and bribery. For more information on the notification system, please refer to the Compliance section. » Compliance and notification systems As part of the Detect function of central Group Compliance, com- pliance investigations are conducted on an ad hoc or non-ad hoc basis and where necessary, action measures are derived. Any infringements are immediately remedied, with an emphasis on reducing the risk of repeat offences as far as possible. Where in- fringements can be traced to an individual, that person will be appropriately sanctioned, in accordance with the processes de- fined for this purpose. This applies to all areas covered by the CMS, including combating corruption. For information on the monitoring and control mechanisms of the CMS, see the Compli- ance section. » CMS monitoring and controls Avoiding conflicts of interest in compliance investigations Compliance investigations are generally performed by the local Compliance functions in consultation with central Group Compli- ance, provided the issues are not of a Company-wide nature and there are no indications of conflicts of interest on the part of the local function. Compliance investigations with a company-wide impact are performed by Group Compliance. Should any suspi- cion arise in connection with the central Group Compliance func- tion, Group Corporate Audit assumes responsibility for investi- gating the matter. This means that the committee conducting the investigation is kept separate from the line management in- volved.