Ethics and compliance
Elopak’s vision is to be “chosen by people, packaged by nature”. How we deliver is therefore just as important as what we deliver. This means that we are committed to acting responsibly and with integrity everywhere we operate and to ensure that we comply with applicable laws and regulations. Responsible business conduct is the foundation for our license to operate and the basis for earning the trust of our stakeholders. In 2022, Elopak focused on strengthening the compliance governance model (read more here) and the global compliance program elements, with an emphasis on corruption and human rights.
Approach
Elopak has a risk-based approach to compliance. An annual compliance risk assessment is conducted for our operations, where identified risks are evaluated and mitigated where appropriate. Types of risks taken into consideration are bribery and corruption, business partner integrity, sanctions, fair competition, and human rights.
The compliance risk assessment is continuously monitored and updated when there are changes to the risk situation. The annual compliance risk assessment is based on input from the previous risk assessment, events affecting Elopak, existing legislation and trends in legislation, workshops with local stakeholders and business partners, workshops with the Compliance Network, types of reported concerns, input from internal ethics and compliance surveys, including other internal and external input. The risk assessment is conducted by the Compliance Network and reviewed by the Ethics & Compliance Council, as well as the executive management team, before being presented to and approved by the Board of Directors. The company’s risk management approach is further described here.
Elopak’s Code of Conduct is approved by the Board of Directors and represents the framework for managing our ethics and compliance risks. It incorporates our commitments, requirements and our responsibilities regarding workplace, personal and business conduct, including expectations to our business partners.
The Code of Conduct sets out key principles within various ethics and compliance areas and is supplemented by policies and procedures outlining how these principles are operationalized in the organization. Supporting documentation is included for anti-corruption, facilitation payments, business partner integrity, human rights, conflict of interest, gifts and hospitality, anti-money laundering, fair competition, insider trading and sanctions and trade compliance.
The Code of Conduct and supporting policies and procedures are implemented in our business through Elopak’s global compliance program. The purpose of this program is to promote a culture of ethical and responsible business conduct. It is risk-based and designed to prevent, detect, and respond to breaches of laws, regulations, or internal policies, for example non-compliances and misconduct. Elopak’s compliance program is managed by Group Legal & Compliance and led by the Chief Legal & Compliance Officer, who has a direct and independent reporting line to the Board Audit and Sustainability Committee. Our compliance governance model is further described here.
Country risk and business partner integrity
Elopak has operating legal entities in more than 30 countries, of which many have scores on internationally recognized indexes that indicate high inherent corruption risk. Corruption risks are managed through compliance and ethics mandatory training and process for integrity due diligence (IDD) of our business partners. Incorporated in this process are country risk assessments, including evaluation of sanctions and trade compliance, corruption, rule of law, and human rights.
Transparency International’s Corruption Perceptions Index (CPI) measures how corrupt each country’s public sector is perceived to be, according to experts and business executives. The CPI is the most widely used global corruption ranking in the world. The CPI scores for the countries in which Elopak is present are outlined in the map and figure below. Key findings from our corruption risk assessment in 2022 illustrated the need for specific follow-up of new entities and partnerships and facilitation of appropriate training and awareness building.
Approach – speaking up and reporting concerns
Elopak is committed to building a culture of trust where employees are comfortable to ask questions and report any suspected breaches of our Code of Conduct, internal policies and procedures, and/or laws and regulations. Our Whistleblower and Internal Investigation Procedure establishes guidelines and responsibilities for reporting and investigating concerns. Confidentiality and protection of the individuals reporting concerns, incidents, violations, or suspected violations are critical to building and maintaining this trust. Normally, concerns should be raised through the employee’s line manager. In the case the employee is uncomfortable reporting concerns to their line manager, they can also raise concerns to members of Human Resources or Group Legal & Compliance.
Elopak’s whistleblower helpline allows anyone (including externals) to report concerns. The whistleblower helpline describes how one can report via phone, e-mail or online, and accommodates anonymous reporting. The online form is available in eight languages. Elopak does not tolerate retaliation against anyone who speaks up in good faith.
Approach – Data privacy and protection
Elopak takes data protection seriously and has worked out various processing of personal data standards and adopted appropriate security measures to protect personal data against loss, misuse, unauthorized access, theft, alteration, disclosure or destruction. The operational responsibility for data protection has been delegated to the Global Data Protection Officer (privacy@elopak.com) and Local Data Protection Coordinators in cooperation with General Managers of the legal units for ensuring compliance and to avoid unacceptable risks. Read our privacy statement here.
“The principles set out in our Code of Conduct serve as a guide to uphold the integrity and ethical foundation of Elopak, protect the environment, the communities we work with and ensure that our stakeholders are not put at risk.”
Elisabet Døsen Grohshennig, Chief Legal & Compliance Officer
Performance
Target
All Elopak employees to understand overall compliance risks and requirements for expected behavior.
*Excludes employees on long term absence.
KPIs | KPI reference | Status 2022 |
a) % completed COC training b) # reported concerns per category | GRI 205-2 GRI 205-3 GRI 406-1 | a) 93% total*, 98% line managers, 98% level 2 management and 100% top management b) 6 reported concerns |
Risk management
Throughout 2022, Elopak strengthened the main elements of the global compliance program. We conducted in-depth reviews in five risk areas: human rights, joint venture partners, sanctions, bribery and corruption, and agents and intermediaries. The compliance reviews of our joint venture partners comprised of a workshop with key stakeholders to review main compliance topics. For our agents, we reviewed our agreements to ensure alignment with Elopak standard templates and clauses. Key findings from the compliance review of the joint ventures identified that post-merger integration of the new joint venture in India is important.
With Russia’s invasion of Ukraine, Elopak closed, and ultimately sold, the production plant and market unit in Russia. We continuously monitored sanctions and trade restrictions and conducted additional sanction screening of third parties to identify any direct and indirect sanction exposure. The sanctions screening of the customers in Russia and customers and suppliers with indirect sanction exposure did not identify significant exposure to Elopak. The review was conducted by an external third party through our compliance risk database.
Ethics and compliance training, awareness, and communication
Training, awareness, and communication are key elements of Elopak’s compliance program to ensure our employees know what to do and how to respond in risk-related situations. In 2022, our efforts included:
• Revision of Elopak’s Code of Conduct in 2022 (available in eight languages).
• New training material was developed to reflect the updated content. In addition to the e-learning module, in-person training was conducted with local management in the newly acquired entities in MENA.
• 93% of Elopak’s employees conducted the Code of Conduct e-learning course or in-person training session. This is a significant improvement from 2021, where 68% of employees in Elopak completed the ethics training. Through the new training, employees confirm compliance to the principles outlined in the Code of Conduct. The e-learning and in-person training cover topics such as anti-corruption, working with business partners, human rights, speaking up and reporting concerns. Our Board of Directors also completed the training.
• Our ethics and compliance intranet pages ensure clear guidelines for compliance topics to all employees. The intranet was used to share news and insights on compliance topics (Code of Conduct, human rights, policies and procedure) and awareness, such as raising awareness on UN’s Anti-Corruption Day or UN’s Human Rights Day. The Group Legal & Compliance team also took part in an internal compliance podcast to build awareness on compliance and how the department supports the business.
• Two days in-person compliance training session with an internal group of Compliance Champions, reviewing compliance topics, policies and procedures and learning to train others. This training allowed us to strengthen knowledge and awareness internally, which ultimately will allow us to better guide and support the organization on compliance related topics.
Speaking up and reporting ethical misconduct
In 2022, we introduced the employees to the Speak Up Policy outlining how and what to speak up about, and the Whistleblower and Internal Investigation Procedure, which are guidelines for investigating reported concerns. In the mandatory Code of Conduct training in 2022 we included a section focusing on speaking up and reporting unethical behavior.
The number of concerns reported through the Elopak whistleblower helpline in 2022 was 6, which is 0.28 reports per 100 employees.
Data privacy and protection
Elopak has not received any complaints from data subjects nor any notifications of complaints related to Elopak’s processing of personal data from local supervisory authorities.
All registered personal data breaches are related to the personal data of employees, and not the personal data of customers. We have in total received 26 inquiries in 2022 through our Global Data Protection Officer and the mailbox privacy@elopak.com.
Category of inquiry | # of inquiries |
Data subjects right to information | 2 |
Personal data breaches | 3 |
Mapping of processing of personal data | 1 |
Lawfulness of processing of personal data | 6 |
Lawfulness of accessing an employee’s mailbox or personal file storage area | 10 |
Inquiries regarding vendors and data processing agreements | 4 |
Moving forward
In 2023, we will continue to focus on responsible business conduct and promoting a culture based on integrity and high ethical standards throughout the company, emphasizing our new entities and the new subsidiary in India. Throughout 2023, we will continue the implementation of compliance through targeted risk-based training on compliance topics.
It is imperative that our employees trust our reporting channels and our internal investigation procedure. Thus, in 2023 we will work systematically to create a stronger speak up culture and build faith in our internal reporting channels and whistleblower helpline. In 2023, we aim to track reported concerns from additional sources than that of our helpline.