“By conducting business according to ethical, professional, and legal standards we are a sound and dedicated business partner.”
Business ethics and compliance
KAEFER Energy strives to adhere to the highest standards of ethical behaviour in all our operations across the entire value chain. We are committed to acting ethically, responsibly and in compliance with applicable laws, rules, and regulations, as well as internationally accepted guidelines, conventions or similar standards relating to corruption, money laundering, fraud, modern slavery, forced and child labour, environment, human rights, financial accountability, or similar activities.
KAEFER Energy performs integrity due diligence assessments (IDD) of our customers and suppliers. KAEFER Energy uses active measures to prevent trading with "blacklisted" companies. All employees / new employees, new partners and all customers are subject to a continuous sanction screening.
Policies and commitments
The core policies, procedures and rules listed below represents KAEFER Energy’s governing documents for corporate governance. We complement those documents with additional procedures, guidelines, and reporting routines.
- Code of Business Conduct
- Anti-corruption policy + ESG Policy and SCoC
- Anti-corruption Rule
- Antitrust Law Rule
- Conflicts of Interest Rule
- Fraud Prevention and Detection Rule
- Sponsoring and Donations Rule
- Whistleblowing Rule
- Business Partner Due Diligence Rule
- Trade Compliance Rule
- IT Governance Rule
The KAEFER group has appointed a Local Compliance Officer for KAEFER Energy. The Local Compliance Officer aims to ensure compliance with applicable laws and group-wide internal compliance rules.
Our employees carry out regular on-line training in Code of Business Conduct, Antitrust, Anti-Corruption, Conflicts of Interest and Fraud.
KAEFER Rules System Structure
Recognizing that inappropriate conditions may occur in any organization, KAEFER Energy has prepared procedures to prevent, identify and rectify any censurable conditions. We have several anonymous whistleblowing channels to ensure that there is a low-threshold reporting arena. In addition to reporting directly to the line manager, chief safety delegate, Occupational Health Service (Avonova), department for human resources, and the Local Compliance Officer, whistleblowers can use the KAEFER Compliance Helpline. The KAEFER Compliance Helpline is operated by an external provider and can be used by employees, suppliers, customers and other third parties. It is available worldwide in different languages and offers anonymous reporting and communication. The whistleblower is always protected against reprisals.
KAEFER Energy strive to mitigate impacts related to governance issues such as corruption and data privacy violations. With approximately 500 suppliers in our supply chain, it is crucial to manage this network in a responsible manner.
Our main suppliers are competent and reliable. In addition, we expect our ethical guidelines, including our standards for health and safety, human and labour rights, the environment, quality management, business integrity and social responsibility, to be adhered according to our SCoC.
KAEFER Energy also conducts risk-based audits of suppliers. The audit program is set by the management team with input from the HSEQ & Sustainability department, the Purchasing department, the projects, HR, customers, and other stakeholders. Audit objects are selected based on:
The categorization of suppliers (criticality)
- Scope of deliveries
- Previous challenges with the object
- Lack of feedback on previous audit findings
- New suppliers
- Criticality of internal processes
- Deviations, recorded adverse events, observations
- Risk of human rights violations
Implementation of both external and internal audits is based on principles from ISO 19011: 2018. The lead auditor is selected by the Head of HSEQ & Sustainability as needed (usually a certified lead auditor). Sustainability has long been in focus during our audits and will be even more emphasized in the future. All audit findings are registered and followed-up in our non-conformance management system. Audit findings are assessed annually in the management's review.
At the end of 2022, 94 % of our employees had completed training in Code of Business Conduct. 94 % or more of all white collars had also completed other mandatory compliance trainings (Anti-Corruption, Antitrust, Conflict of Interest and Fraud Prevention). We also conducted three audits of suppliers with no severe audit findings.
In 2023 we will continue our focus on increasing the training coverage in Compliance. We will also focus on communication campaigns to increase awareness of compliance related issues.
KAEFER Energy is dependent on access to data and IT systems to provide services to our customers. In addition, we responsibly process data about our employees (GDPR regulations), contractors, clients, projects, and partners. We protect their privacy and handle their data securely. Therefore, data security has a high priority.
How we work internally with data security
All employees comply with the company's procedure for acceptable use of IT equipment and carry out mandatory training in cybersecurity awareness.
Within Data Security, we work on three fronts – our IT infrastructure, raising awareness among our employees, and cyber security risk management. We have implemented Zero Trust as a strategic approach to cyber security. Zero Trust architecture is a security model based on maintaining strict access controls and trusting no one by default. To increase awareness of IT security, we carry out frequent IT security campaigns with training. Topics addressed are measures to secure e-mail, improve the ability to identify ongoing malicious activities and increase employee awareness of cyber threats, etc. Phishing tests are also carried out and we inform about current events and about events that appear in the media. Furthermore, we use our risk management system PIMS to identify, mitigate and communicate our risks related to Cyber security internally.
When it comes to Cyber security, 12 risks have been identified and managed. Some preventive measures have been identified and already implemented.
In 2022, neither personal data protection breaches nor malicious activities have been reported.
75% of all active users have completed the training in cybersecurity awareness.
In 2023 we continue the focused work for data security as in 2022.
Participation at training in cybersecurity awareness