Governance

Corporate governance as practiced by Knorr‑Bremse aims, without exception, to adhere to responsible business practices and principles. We believe that increasingly and continuously integrating aspects of sustainability into our organization and business processes drives innovation and is a critical factor for success. Our approach of applying predictive risk and opportunity management can yield information that is vital to the company’s future.

Responsible Corporate Governance

Knorr‑Bremse responds to industry trends such as connectivity, e-mobility and sustainability with innovative, long-term, system-based solutions. In doing so, we act as a driving force to help our global customers in the rail and commercial vehicle industries to develop their sustainable mobility solutions and achieve digital transformation. Our systems for the reliable, safe and efficient transportation of goods and passengers are designed to add value for our customers and make a positive contribution to society.

We take the responsibility associated with our entrepreneurial activities very seriously. We apply responsible corporate governance that observes laws, strengthens our image and creates trust in Knorr‑Bremse among our shareholders, the capital market, customers, business partners, employees and the general public. Each goal set and activity undertaken by Knorr‑Bremse must always reflect our company values: entrepreneurship, technological excellence, reliability, passion and responsibility. We believe that these company values are the foundation of long-term success.

Our governance structures support our commitment to responsible corporate governance and ensure transparency as well as clear leadership and responsibilities. They apply to the entire leadership and monitoring systems at the company and include Knorr‑Bremse’s organizational structures, business policy principles, guidelines and internal and external management and monitoring mechanisms. We adhere largely to the recommendations of the German Corporate Governance Code. More information about Knorr‑Bremse’s implementation of these recommendations can be found on our website (Corporate Governance) and in our Corporate Governance Statement.

Our commitment to sustainability is an integral part of our business activity. The Boost 2026 corporate strategy published in 2023 further underscored the importance of putting this commitment into practice. The sustainable direction for corporate governance has been firmly integrated into Knorr‑Bremse’s organizational structures as well as its allocation of responsibilities and business processes through sustainability management (Sustainability Management). The Executive Board has defined a set of key performance indicators that are designed to help plan and steer the sustainable direction of Knorr‑Bremse. A selection of KPIs are linked to the remuneration system for management levels 0 to 2 (Executive Board, senior management and heads of department) as ESG criteria. 20% of the short-term variable remuneration (short-term incentive) is linked to the achievement of sustainability targets on climate protection and occupational safety (Compensation Report). There are plans to extend this to other management levels in the medium term. In the long-term variable remuneration (long-term incentive), 20% of the achievement of targets from fiscal year 2024 onward is also tied to the achievement of specific sustainability targets (currently a reduction of Scope 1 and 2 CO2e emissions and an increase in employee satisfaction). This link between remuneration and ESG criteria embeds the spirit of sustainability throughout the company’s management team even more strongly and thus in the day-to-day conduct of the company’s managers and workforce as well.

Integrity and Compliance

Compliance management is guided by our aspiration of always complying with laws, internal regulations and voluntary commitments. This is because only as a reliable business partner will we gain the trust of employees, customers and business partners needed for sustainable growth and thus shareholder value. We therefore place great emphasis on dealing with our stakeholders with integrity and responsibility. Combating corruption and bribery is an important part of corporate responsibility and one of the key topics in compliance management at Knorr‑Bremse. We do not tolerate any form of corruption or other unfair business practices and expect the same of our business partners. Conflicts of interest, including and especially in dealing with our business partners, must be avoided. We have also established the respective compliance policies.

Our compliance requirements across the entire supply chain are set out in a Group-wide Code of Conduct. On the basis of Knorr‑Bremse’s corporate values and the principles of the UN Global Compact, the code defines the principles for Group-wide responsible business conduct, including a prohibition of corruption in any form. These principles of action and rules are binding for all the Group’s employees and are a component of the written employment contracts for new employees around the world. We have given concrete expression to these principles through further Group-wide compliance policies:

Dealing with Gifts and Invitations
Donations and Sponsoring
Corruption Prevention
Conflicts of Interest
Screening of Business Partners
Fair Competition

Moreover, we have developed compliance guidelines for our suppliers. Our mandatory Group-wide Code of Conduct for Suppliers defines our expectations regarding responsible working relationships with these suppliers. The code is a way to combat corruption and addresses a wide range of issues, including human rights and environmental protection (Sustainability in the Supply Chain).

Relevant compliance risks are compiled and assessed in the Compliance Management System (CMS). The CMS’s main goal is to effectively anchor compliance in business processes. For example, we want to ensure that employees comply with the law and internal regulations, prevent systematic misconduct and detect and remedy breaches.

Corruption prevention, ensuring fair competition and avoiding conflicts of interest are defined as the focus issues for Knorr‑Bremse’s CMS. The basis of this decision is a compliance risk analysis which is carried out each year and involves selected business areas and markets. As part of a worldwide compliance risk assessment, possible compliance risks were compiled and assessed on the basis of risk scenarios.

Establishing a Compliance Organization

The Chief Compliance Officer (CCO) is responsible for implementing the CMS, except in the area of antitrust and competition law, where the Legal department is responsible for the CMS. The CCO reports to the member of the Executive Board responsible for Integrity, Legal, IP, Data Protection and Human Resources. Compliance topics are also a regular agenda item at Executive Board meetings. The Supervisory Board and the Audit Committee are also regularly informed about the status of the CMS. Along with the global heads of Knorr‑Bremse’s Controlling, Human Resources, Accounting, Legal and Internal Audit departments, the CCO is a member of the Compliance Committee. The Compliance Committee advises on initiatives and strategies for developing the CMS, on current compliance topics, and on focuses of compliance activities. In the Knorr‑Bremse regions, regional compliance officers take on the role of advising and training employees, processing compliance cases and identifying local risks. The compliance organization’s headcount was even increased in 2023. Business activities in Brazil, China, India, South Africa, and the US are now supervised by full-time compliance officers. Local compliance officers are additionally assigned to nearly all Knorr‑Bremse companies and are involved in the local implementation of the Compliance Management System.

The internal Group audit department supports the Executive Board in its monitoring function through independent and objective audit procedures. These are geared toward improving business processes and uncovering any breaches of laws or internal rules or guidelines. The Internal Control System (ICS), which comprises compliance-specific controls, further serves to verify adherence to compliance guidelines. Knorr‑Bremse sites must also conduct spot checks to prove that they are effectively implementing the guideline requirements. In addition, the audit firm PwC was engaged to review the appropriateness and effectiveness of the CMS in accordance with IDW AuS 980 for the period from May 1 through October 31, 2023. An unqualified certification was issued for this review on March 7.

Well-Developed Complaint Management

Employees, business partners, and external individuals can report information on any possible compliance breach to the compliance organization by email, directly through the compliance organization or online through an independent and anonymous whistleblower system. This globally accessible portal operated by an external service provider allows for information on any compliance breaches to be reported in 31 different countries and in 20 languages (Knorr‑Bremse Compliance). The whistleblower system was extended in fiscal year 2023 by commissioning an external ombudsman service, which will serve as an additional point of contact for receiving information and complaints. The external ombudsman service will then pass the information and complaints on to us. Information about the system is communicated internally and during training events and via the Group-wide intranet. In addition, the Incident Notification and Alarm Services (INAS) system is used for non-anonymous reporting of time- and safety-critical events from the areas of compliance, data protection, information security and Group security. Events classifiable as critical reach the responsible area of the Group directly via the system.

Whistleblowers gain knowledge of suspected reportable action

Report is received via various reporting channels – including anonymously if desired

Clarification of open points and consultation with the whistleblowers (where possible)
Clarification of whether a direct remedy is possible
Clarification of internal responsibilities

Internal forwarding
Complaint is forwarded to the relevant body within the Group

Assessment by the relevant body

Assessment of the report’s subject matter and of potential damage
Consultation with the whistleblowers, where possible
Consultation with other parties involved
Proposal for next steps

Decision on the investigation

Report is substantiated
The matter can be clarified using the available means in a legally compliant way

Examination

Interviews, document review, site visits, etc.
Final report with recommendations for action

The management decides on
sanctions and remediation

Remediation, e.g.,

Disciplinary measures
Adjustment of processes
Training & communication
Compensation & reimbursement
Adjustment of risk analysis

Implementation by the local management or relevant body

Rules of procedure for dealing with whistleblower information and complaints have been agreed by the Executive Board and govern the process, responsibilities and the rights of whistleblowers and the individuals concerned. Key principles include the protection of whistleblowers from disadvantages, the fairness and confidentiality of the process, the independence of investigations and the safeguarding of data privacy. We follow up on every suspicious activity report or forward it on to the respective departments for further investigation. Where the initial suspicion is substantiated, investigations are carried out. When rules are found to be violated, the causes are remedied. Any proven misconduct is penalized.

In the year under review, 112 reports were recorded in our Group-wide whistleblower system (2022: 90; 2021: 45). The number of reports thus rose compared to the previous year. We attribute this increase to greater employee awareness with regard to compliance and integrity. 44 reports (2022: 29; 2021: 10) concerned information on discrimination or other workplace-related topics (Due Diligence Process for Human Rights). Nine reports (2022: 9; 2021: 2) concerned allegations of corruption. The allegations were unable to be confirmed in four of the cases closed during the reporting period. Accordingly, no disciplinary actions were taken against employees regarding these. Internal investigations are still ongoing in the other five cases. There were no lawsuits, judgments or fines due to corruption offenses in the reporting period. There were no reports made in connection with child labor, forced labor, or modern slavery.

Category	2023
Discrimination and harassment	32
Other working conditions	12
Conflicts of interest, theft, equipment misuse, fraud, embezzlement	28
Corruption	9
Data protection, IT security, trade secrets	6
Child labor, forced labor, modern slavery	0
Other	25
Total	112

Prevention through Training and Communication

To prevent compliance breaches, Knorr‑Bremse relies on transparent communication and employee training. In the year under review, the Executive Board confirmed its commitment to integrity and communicated its expectations of managers and employees clearly on the intranet and at various manager events and employee meetings.

A global e-learning module on our Code of Conduct is available in 13 languages and needs to be completed online every two years. Another e-learning course on the topic of preventing corruption is aimed at employees in purchasing or sales as well as managers. This training, too, must be repeated every two years. In December 2023, around 98% (2022: 96%; 2021: 98%) of the 17,385 employees with access to e-learning platforms (approximately 52% of the entire workforce) had a valid certificate for the training on the Code of Conduct. 5,396 employees were enrolled in anti-corruption training, of which 97% had obtained a valid certificate by the end of December 2023.

In addition to e-learning, live training (face-to-face events and webinars) is held for employees on specific compliance content as well as on our guidelines and tools. 77 such compliance training courses were held globally in 2023 (2022: 64; 2021: 25).

Talking to Staff about Integrity and Compliance

Personal contact sticks in people’s minds, making it ideal for creating awareness – and compliance and integrity are no exception. Dr. Claudia Mayfeld, the Executive Board member responsible for this topic, regularly meets with employees to get to the bottom of the issue: How do our employees experience integrity and compliance at Knorr‑Bremse and how important is it to them? In February 2023, 72 employees from different regions, departments and levels of the organization took part in a joint workshop to evaluate how compliance and integrity are being embedded in day-to-day work and make suggestions for improvement. A second workshop was held in May 2023 and was attended by 51 employees. The fruitful discussion not only highlighted current strengths, but also showed compliance officers that more intensive communication and specific training for managers would be a welcome next step. Specific measures will be developed once the results have been evaluated.

Management of Sustainability-Related Risks and Opportunities

As an international corporate Group with global structures, Knorr‑Bremse encounters risks as well as opportunities in its business activities. The goal of risk management is to identify risks across the Group and minimize their potential impact on the Group’s anticipated business position. Equally, such risk management should proactively leverage opportunities to increase the company’s value.

Risk Management

Our risk management structures and procedures are aligned with our overall organizational structure and anchored in a corporate policy that includes clear definitions of responsibilities and reporting structures.

An inventory of potential risks that involves all of the Group’s companies is conducted every quarter so that risks of major significance can be identified at an early juncture. A key component of regular risk reporting is a condensed Group Risk Report, which is submitted to the internal Risk Committee and the Executive Board. In addition to regular reporting periods, there is an internal ad hoc reporting process, whereby all employees are encouraged to proactively report risks.

The risk management system established in the Group is subject to continuous refinement, which includes adjustments of internal and external requirements. New developments are periodically integrated into the risk management guidance on the topic of risk management, which is available to all employees on the intranet.

Our risk management system comprises 14 specific risk categories based on the company’s value chain. Within the company’s departments, particular attention is paid to identifying sustainability-related risks – an area that will be expanded further going forward. The “sustainability” category encompasses risks in connection with environmental and climate protection and the protection of human rights. The risks relating to environmental and climate protection concern, for example, rising energy and material costs as a result of increased environmental regulations and the increasing taxation of carbon emissions as part of the journey to a decarbonized economy. In the future, meeting ESG requirements will have an increasing influence on the financing of the Knorr‑Bremse Group. In addition, climate change can disrupt supply chains and impact material properties that are relevant to product quality. The company deals with these risks at an early stage in order to be able to react to them adequately and with appropriate measures in all areas. We address the risks that could arise from the implementation of the German Supply Chain Due Diligence Act by integrating human rights due diligence into our operating processes even more strongly with the goal of minimizing human rights risks and preventing negative impacts on our business activities. To do this, we also use the results of the human rights risk analyses and associated information on potential human rights breaches (Due Diligence Processes for Human Rights).

Descriptions of other risk categories as well as a detailed explanation of our risk management system can be found in our Report on Risks, Opportunities and Expected Developments.

TCFD Reporting

To provide transparent information about the climate risks and opportunities we face as a company, we have reported based on the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) since 2021. The appendix contains a reference table reflecting the status of our climate-related reporting based on the areas of governance, strategy and risk management as well as key performance indicators and targets (TCFD table).

Opportunity Management

The opportunity management system at Knorr‑Bremse follows the processes used in the risk management system. In addition to regular management reviews, opportunities are reported in the quarterly report on risks and opportunities.

Besides the megatrends of urbanization, digitalization and mobility, the megatrend of sustainability also unlocks important, strategic opportunities for Knorr‑Bremse.

Knorr‑Bremse is benefiting from opportunities to expand rail transportation as cities, states and countries make growing efforts to combat climate change. Electrification and other energy-efficient and eco-friendly solutions are the result of a growing public awareness of the importance of energy efficiency, combined with intensified government energy initiatives such as stricter emission regulations. End-to-end eco-design in our products is helping to reduce carbon footprints and make transportation more energy-efficient.

More information about our opportunity management system can be found in our Report on Risks, Opportunities and Expected Developments.

Sustainable Company Financing

As a player in the capital market, Knorr‑Bremse sees orientation toward ESG criteria as increasingly important. Financial market players measure corporate performance in the area of sustainability by means of ESG criteria and use the findings as the basis for investment decisions. Numerous conversations with investors and rating agencies (Stakeholder Management) in 2023 demonstrated that the capital market continues to show growing interest in sustainability issues at Knorr‑Bremse. Companies and institutions are also increasingly seeking to engage in an informative dialog with Knorr‑Bremse on sustainability-linked financing instruments. Knorr‑Bremse has already received many above-average ratings for its sustainability measures (Sustainability Ratings and Rankings).

The link between our financing strategy and our sustainability targets underscores our ambitions in these areas. To position Knorr‑Bremse as a sustainable company for investments and obtain sustainability-linked capital, the company established a Sustainability-Linked Bond Framework and updated it during the reporting period. This framework ties Knorr‑Bremse’s decarbonization targets (Scopes 1, 2, and 3) in with the company’s financing strategy. These expanded targets were reassessed by an external party. A second party opinion issued by the credit rating agency S&P Global Ratings confirmed that the targets set by Knorr‑Bremse are consistent with the global goals for climate action set forth in the 2015 Paris Agreement. The framework also lays the foundations for current and future sustainability-linked financial instruments. Over one-third of Knorr‑Bremse’s financing arrangements are linked to sustainability criteria, increasing to around two-thirds for long-term capital market financial instruments.

Currently, Knorr‑Bremse has linked three different financing initiatives to its sustainability performance. First, we signed syndicated financing with a credit line of € 750 million, the interest rate of which is linked to our sustainability rating by ISS Corporate Solutions. If Knorr‑Bremse’s rating improves due to progress being made from a sustainability perspective, we will be granted more favorable repayment terms. Because our rating improved to the prime status of “B-” in 2023, we will be able to draw on this regulation in the future and benefit from it.

In addition, we issued the first sustainability-linked bond with a volume of € 700 million in 2022. We fulfilled the associated obligation to define a Scope 3 target validated by the Science Based Target initiative (SBTi) (Climate Protection). Moreover, we make use of incentive systems for our suppliers. The Sustainability-Linked Supply Chain Finance Program (SSCF), which was implemented in collaboration with Deutsche Bank, is now linked to the ESG rating of suppliers. The global SSCF serves as an important instrument that Knorr‑Bremse uses to foster stronger commitment to ESG among its suppliers. The program exemplifies our fundamental beliefs: We will only be able to achieve the sustainability-driven transformation when we resolutely foster ESG throughout the entire value chain. The entire SSCF process was designed by the bank to be very low threshold so that it would consciously appeal to smaller suppliers. The ESG link has been successively rolled out globally since 2023.

66 %

of the long-term capital market financing instruments used by Knorr‑Bremse are linked to sustainability criteria

Suppliers Who Have a Good ESG Ranking Receive Better Financing Terms

The Sustainability-Linked Supply Chain Finance Program that was introduced in collaboration with Deutsche Bank makes an ESG rating for suppliers particularly appealing. Under this program, they receive their money earlier, as the bank provides a line of credit for the time until Knorr‑Bremse pays their invoices at attractive interest rates. The financing costs for suppliers are based on the creditworthiness of Knorr‑Bremse, a feature that generally lowers suppliers’ financing costs. The inclusion of sustainability components in the program creates additional financial benefits for suppliers: Companies that do business more sustainably can reap dividends from improved financing terms. The result is a win-win situation: for our suppliers and for Knorr‑Bremse.

EU Taxonomy

A key step in the achievement of the EU climate and energy targets for 2030 and in the realization of the European Green Deal’s aims is the directing of capital flows toward sustainable projects and activities. This requires a shared language and consistent understanding of the activities that count as “environmentally sustainable.” Consequently, the EU’s Sustainable Finance action plan provides for the creation of a uniform classification system for sustainable economic activities, or an “EU Taxonomy.”

The 2023 amendment of the climate taxonomy introduced additional economic activities that bring Knorr-Bremse into the scope of the EU Taxonomy to a greater extent than before. While the production of low-emission vehicles was already classified as taxonomy-eligible, this amendment also puts a stronger focus on the key role of suppliers in climate protection. You can find detailed reporting on the EU Taxonomy in the 2023 Annual Report.

Data Protection and Information Security

The processing of personal data is a core element of increasing digitalization. For Knorr‑Bremse, the protection of such sensitive data is an important requirement when developing new fields of business and interacting with our internal and external stakeholders. Numerous statutory requirements, like those in the EU General Data Protection Regulation in particular, provide the framework for our actions.

For this reason, Knorr‑Bremse set up an organizational structure for data protection in 2018. It is headed by the Group data protection officer, who is supported by data protection managers in the divisions and at the locations around the world. Data protection coordinators in the central departments additionally act as points of contact and multipliers for data protection. The Data Protection Board installed in 2022 decides on the direction of the Knorr‑Bremse data protection management system and monitors its ongoing development. The Data Protection Board is made up of representatives of the Executive Board, divisional management, IT, and HR.

Our Group data protection guideline is the foundation for all data protection measures in the company and imposes binding specifications and processes for implementation of the statutory requirements. Furthermore, the protection of personality rights and privacy of each individual is an important element of our internal Code of Conduct.

Our Data Protection Measures

Our employees are made familiar with the requirements of data protection law through e-learning courses and face-to-face training and are given instructions on handling personal data carefully.
The processing of data is checked and documented by the data protection organizational structure using an IT tool that is available globally (list of processing activities).
A central Incident Notification and Alarm Services [INAS] system ensures that data protection incidents can be reported to the data protection organizational structure and addressed quickly and without any detours (Integrity and Compliance).
Anonymous or personalized reports of data breaches can be made by employees or external stakeholders at any time using the compliance whistleblower system. In these cases, the established process for clarifying situations is applied
(Integrity and Compliance).

Information Security

The Information Security section at the Group ensures unfailing adherence to the three central information values of confidentiality, availability, and integrity for all our data. The section is headed by the corporate information security officer and controlled by a corporate security board.

In addition to the responsible member of the Executive Board, this board also includes the managing directors of the two divisions as well as the Chief Information Officer.

The maturity level of the control processes was significantly improved in recent years. Firstly, the Group-wide information security guideline was revised. This guideline is aligned with ISO/IEC 27001, the international standard for information and asset security, for which 26% of our locations are certified. On top of that, there are internal specifications to meet the statutory requirements of the respective location. Furthermore, we have introduced a new process for audits and risk management.

For projects in operations, the primary focus is on the preventive protection of the IT infrastructure of Knorr‑Bremse via IT security solutions implemented throughout the Group.

Protection with Multilevel Cybersecurity Architecture

The security by design approach at the divisions is adapted to the requirements of the product platforms. It protects products against attacks or makes them resilient. The architecture underpinning the protective measures features a multilevel design (applying the “defense in depth” concept) because securing the outer defenses of the network is no longer close to sufficient. If hackers manage to breach one layer, there is another underneath it with a different structure. The cybersecurity architecture includes, among other things:

Conventional security products such as secure gateway (SGW), which secures gateways.
Public key infrastructure (PKI), which allocates digital security certificates to devices and software solutions that are equipped with chips and protects them against unauthorized modifications as a result.
In the RVS division, the threat detection solution (TDS). The TDS detects anomalies in incoming and outgoing data traffic much as an early warning system does and only allows authorized communication and devices in the network. Hackers are prevented from feeding harmful devices into the train networks.

Protection of Digitalized Products

Knorr‑Bremse’s products and services support our customers in the digital age and promote sustainable mobility. Examples of new, digitalized business fields include condition-based maintenance for rail vehicles as well as highly automated or autonomous driving in the Commercial Vehicle Systems division.

As part of this portfolio development, data protection and information security (often referred to as “cybersecurity” in this context) are playing an increasingly important role. Accordingly, Knorr‑Bremse considers the requirements of data protection law from as early as the product development stages (privacy by design).

With regard to information security, dedicated organizational units and teams in both divisions ensure that aspects of cybersecurity are firmly integrated into the processes in product development and customer projects.

Both the RVS division with its Digital Products & Services department and the CVS division follow the security by design approach. It develops solutions for governance, risk management, and security checks that are adapted to the special requirements of each individual product platform. Rail or commercial vehicle hardware with security certification is thus combined with high-performing cybersecurity functions and tailor-made services for a comprehensive cybersecurity architecture. Digitalized products and systems, whether current or future ones, are protected against attacks or made resistant to them. The matrix-structured Digital Products & Services department (RVS division) is closely interconnected with the Knorr‑Bremse Cybersecurity Center of Competence (CoC). At the CVS division, the product cybersecurity team is an integrated part of the platform organization. The cybersecurity management system at CVS includes the development, production, and maintenance phases of a product and covers the entire life cycle. It meets all requirements under ISO 21434 (Road Vehicles – Cybersecurity engineering).

Knorr‑Bremse maintains continuous efforts to uphold and improve cybersecurity. We align ourselves with international standards and use internal and external guidelines. In 2023, Knorr‑Bremse published a cross divisional traffic light protocol policy (for controlling information dissemination). Furthermore, both divisions strive to adhere to the forthcoming legal framework for cybersecurity, which includes the EU NIS 2 Directive and the Regulation on Horizontal Cybersecurity Requirements for Products with Digital Elements (EU Cyber Resilience Act), for example.

Awareness of the subject of cybersecurity is strong within the Knorr‑Bremse workforce and is being raised further. The Product Cybersecurity Center of Competence (CoC) offers a variety of webinars and videos in the Rail Vehicle Systems division, for example, an “Introduction to Cybersecurity in Rail Products.” RVS is further expanding its internal training on topics such as cryptography, key lifecycle management and security controls. At the internal Global Cybersecurity Summit event, Knorr‑Bremse’s cybersecurity specialists in its management and engineering teams engaged in intensive dialog, while the center of competence demonstrated its presence in the industry by participating in international conventions on the subject of cybersecurity. At the CVS division, all CoCs can take advantage of a range of continuous awareness-raising training courses for cybersecurity. Knorr‑Bremse believes there are many opportunities that arise from industry-wide collaboration on cybersecurity and has an active role in various initiatives for its ongoing development. One example of this for rail vehicles is the UNIFE Cybersecurity working group. For commercial vehicles, Knorr‑Bremse has been active in the VDA ISO21434 working group since 2023, which is working on different recommendations for Automotive Cybersecurity.

Assuring Quality: Collaboration with Bureau Veritas

Rapid technological development exposes rail vehicles to an increased risk of cybercrime. Knorr‑Bremse responds to this risk with pioneering cybersecurity solutions for secure, digital vehicle communication. They are continuously adapted to the constantly developing industry requirements and regulatory standards. In this context, Knorr‑Bremse has signed a Global Cybersecurity Services Framework Agreement with Bureau Veritas, a globally leading provider of audit, inspection, and certification services. Besides cybersecurity risk assessments, the agreement includes a range of other important cybersecurity support services that are adapted specifically to Knorr‑Bremse’s special needs.

Sustainability in the Supply Chain

Taking responsibility along the value chain is part of our self-image as a sustainable company. Strategic procurement, including the selection of suppliers and materials, lays the foundation for Knorr‑Bremse’s sustainable, reliable and safe products.

As a global Group, we work with a large number of predominantly local suppliers. We currently purchase products and services from approximately 30,000 suppliers from over 70 countries. They include roughly 7,000 partners for the manufacturing and production of parts, components, and materials for our products; just by themselves, they account for 74% of procurement spending. The ordered products primarily comprise metals, friction components, electronic components and plastics, with the proportion of raw materials purchased by us being low.

Purchasing volume by region of origin

We are aware that Knorr‑Bremse’s selection of suppliers has a significant impact on the environment and society in production countries. Working together with our suppliers, we want to improve sustainability in the supply chain and minimize risk.

The Knorr‑Bremse strategy for sustainable procurement is embedded in purchasing processes across the Group. The purchasing managers for direct and indirect materials are responsible for implementing sustainable procurement. Compliance with and optimization of sustainability standards in the supply chain are supported by experts at Group level. The Sustainable Procurement Steering Committee discusses and decides on strategic and current sustainability topics several times a year. It consists of the heads of Knorr‑Bremse’s global purchasing units and the head of the Sustainability department.

We provide process descriptions and guidance to implement our sustainability standards in internal procurement processes. These give an overview of the sustainability criteria and management approaches that we incorporate into the global purchasing processes. Internal guidelines specify the extent to which sustainability aspects are to be taken into account in purchasing decisions for various categories, including renewable energy, business travel, or energy-efficient products, equipment, and services. As part of our EcoDesign approach, we are working on implementing sustainability requirements in the material specifications of the products and components we acquire. The EcoDesign Standard on Hazardous Substances in Products from the RVS division guides us in that
(Environmental Product Design).

Further information on climate protection and respect for human rights in the supply chain:

The focus of purchasing: Scope 3

In 2023, the focus of the purchasing department’s sustainability activities was again on its contribution to reducing CO₂e. Continued efforts were undertaken to reduce emissions from purchased goods and services (Scope 3.1) (Climate Protection). In addition, a cross-functional and cross-divisional Scope 3 project team tackled the new Scope 3 target of cutting CO₂ emissions by 25% by 2030. It develops action plans and decarbonization strategies for the supply chain. The core tasks in 2023 were to improve the data quality, analyze major emission drivers, and communicate directly with significant suppliers about possible reduction initiatives. Moreover, we worked on solutions for collecting primary CO₂ data from suppliers. To do this, we ran a pilot project which collated the carbon balance and reduction efforts of suppliers of greatly varying characteristics in a carbon accounting tool. This helps us to increase transparency in the supply chain and obtain findings to align our future data collection processes.

Direct and indirect procurement

The purchasing organization at Knorr‑Bremse consists of global direct procurement, which is controlled by the respective division, and cross-divisional indirect procurement with global responsibility. Direct procurement acquires production materials (direct materials). This includes all externally sourced raw materials, items and components that are directly or indirectly delivered to our customers as part of our products. Indirect procurement handles the sourcing of non-production materials (indirect materials) and services that are not an integral part of Knorr‑Bremse products but that serve to support the internal organization indirectly.

Sustainability in Supplier Relationships

We rely on three pillars for the implementation and realization of sustainability standards in the supply chain: determination of our sustainability requirements, evaluation and assessment, and qualification of our suppliers and procurement specialists.

We have set out Knorr‑Bremse’s commitment to sustainability in the supply chain in our Code of Conduct and our sustainability guidelines. We expect suppliers to act in a manner that is in line with our values and takes account of international environmental and human rights guidelines and standards. These include the principles of the UN Global Compact, the International Labour Organization (ILO) conventions, and the UN Universal Declaration of Human Rights. These principles are specified in our guidelines:

Our Group-wide Supplier Code of Conduct is intended to promote and require the systematic inclusion of sustainability aspects in the production methods and conduct of our suppliers. The code exists in 15 languages and sets out the standards our suppliers are required to meet with respect to working conditions, human rights, environmental protection, safety, business ethics, and compliance. We expect our suppliers to comply with the code and implement it in their upstream supply chain. In 2023, we issued concrete specifications in our Supplier Code of Conduct that set out the requirements for complaint mechanisms, among other measures. For instance, suppliers are asked to inform their employees about the Knorr‑Bremse whistleblower and complaint systems. If a supplier’s employees or stakeholders report their concerns or potential breaches of the Supplier Code of Conduct, we do not permit any disadvantages for them as a result of this. The binding code is an integral component of all supplier contracts.

In accordance with our Human Rights Policy, we expect our suppliers and subcontractors to respect human rights. They are also instructed to convey this expectation to their suppliers and contractors. Our procurement and supplier management strives to support suppliers in improving their human rights due diligence processes (Due Diligence Processes for Human Rights).

The Conflict Minerals Policy governs the handling of conflict materials and thus serves as a guide for Knorr‑Bremse procurement and Knorr‑Bremse suppliers.

In accordance with our quality guidelines, we require our suppliers to observe the Principles of the UN Global Compact as well as our Supplier Code of Conduct, among other regulations.

We use targeted instruments to review and assess compliance with our requirements and also include the results in our procurement decision-making.

Sustainability assessments at suppliers are continuously conducted by external service providers with experience in the industry. They survey and assess the implementation of suppliers’ sustainability management systems. The criteria during the selection of suppliers for a sustainability assessment are purchasing volume, ESG risk profile, and classification as a new or preferred supplier. We currently have a valid sustainability assessment for roughly 3,200 suppliers. The coverage rate is thus 71% of the global purchasing volume, meeting the target of 70% that we set for 2023. We are aiming for a target rate of 75% in 2025.

2021

2022

2023

We take account of suppliers’ sustainability assessments in our contract award process. In the CVS division, the sustainability assessment and a signed Supplier Code of Conduct are integrated into the so-called Sourcing Board, the review and decision-making body for supplier orders. In the RVS division, preference is given to suppliers who have been granted “Preferred” or “Potential Preferred” supplier status. To be able to reach the highest supplier status, Knorr‑Bremse requires a valid supplier sustainability assessment or proof that such assessment is in progress. Moreover, the suppliers should be able to present a certified environmental management system that is in line with the international standard ISO 14001. Of our direct purchasing volume, 61% is covered by suppliers that possess valid ISO 14001 certification.

We use the findings from the sustainability assessments of both divisions to conduct a risk assessment of the suppliers. Based on the individual assessment results, we classify our suppliers into the categories A, B and C, where C represents the level with the potentially highest sustainability-related risks. We aim to reduce the share of suppliers that perform low in the sustainability assessment. To this end, we draw up action plans for improving the sustainability performance with the suppliers in question. In the long term, Knorr‑Bremse sees two main development paths for suppliers in category C: They measurably and demonstrably make progress on their sustainability performance or we gradually relocate the purchasing volume allocated to them. We aim to continuously improve our risk assessment approach. In the next step we take, we will restructure the categories and raise the assessment levels. In doing so, we will also set a new sustainability-linked financial incentive for our Supplier Early Payment Program (SEPP) (Sustainable Company Financing).

Furthermore, we carry out risk analyses on the topic of human rights. The risk assessment is based on criteria such as a supplier’s location, production technology, and sustainability assessment. We introduced remedies during the reporting period for suppliers that have a potentially higher risk assessment. Consequently, 600 of our suppliers were instructed to sign our revised Supplier Code of Conduct. They have also been requested to update their sustainability assessment in accordance with a revised assessment model that complies with Germany’s Supply Chain Due Diligence Act (LkSG) (Due Diligence Processes for Human Rights).

We also audit and assess suppliers’ sustainability performance in supplier visits and external audits. Firstly, we have integrated sustainability aspects into standard supplier visits. Knorr‑Bremse employees in the area of supplier development use the Supplier On-Site Sustainability Risk Checklist so that they can identify and assess sustainability-related risks on-site at suppliers. The results of the completed checklists are used as a decision-making criterion regarding additional sustainability audits on-site or other in-depth investigations. In addition, independent experts conduct their own sustainability audits of suppliers. They examine adherence to international social and environmental standards based on initiatives such as the Responsible Business Alliance, Together for Sustainability, and the UN Global Compact. 10 on-site audits were conducted this way in 2023 (2022: 30; 2021: 18), of which 3 were follow-up audits (2022: 9; 2021: 8). The selection criteria for these audits were the purchasing volume that went to the supplier as well as the supplier’s results in the human rights risk analysis respectively sustainability assessment. If an audit or a sustainability assessment reveals breaches or improvement potential, Knorr‑Bremse develops and implements action plans for improvement with the suppliers and conducts follow-up audits.

To meet our sustainability requirements over the long term, we offer training programs to support our suppliers in the further development of their sustainable business practices. At the same time, we provide our employees with qualification and training on the topics as well.

We continuously work to raise the awareness and develop the skills of our suppliers in the area of sustainability. In coordination with a few service providers responsible for the sustainability assessments, we also offer corresponding webinars and additional support on the subject. For example, we provide training materials on the subject of conflict minerals. In 2023, we continued to advance our approach to training and developing suppliers in the field of sustainability.

If a sustainability assessment reveals breaches by or improvement potential for a supplier, action plans for improvement are subsequently implemented and follow-up audits conducted. In addition, the audit results help us to identify potential risk fields, which we will pay particular attention to in the future as part of our supplier management.

Raising the awareness of and training Knorr‑Bremse employees are key prerequisites for sustainable purchasing management. Around the world, they should develop know-how to be able to assess, advise, and audit suppliers. In 2023, we continuously informed our purchasing specialists about sustainability in procurement at events, at workshops, and in webinars. Our e-learning courses on sustainable procurement processes and practices were utilized by 51% of purchasing employees globally in 2023 (2022: 53%).

As a leading and global actor in the industry, Knorr‑Bremse actively participates in industrial sustainability initiatives. This means we can improve sustainability standards in the supply chain together with customers, competitors, and other stakeholders. As a member of the Railsponsible initiative, we have signed the Responsible Climate Pledge, a voluntary commitment to decarbonization across the rail transportation supply chain by 2050. Knorr‑Bremse is seeking to help with the achievement of this goal through its climate protection measures. In the automotive industry, we are an active member of the German Association of the Automotive Industry (VDA) and, using the Drive+ platform, strive for systematic dialog on sustainability-related issues with automotive suppliers. As a member of the Responsible Minerals Initiative (RMI), Knorr‑Bremse is working on an improved process for responsible mineral procurement.

Handling of Conflict Minerals

As a manufacturer of brakes and other systems for rail and commercial vehicles, we are aware of our responsibility for the sustainable procurement of our raw materials. This applies above all to the procurement of minerals from conflict or high-risk areas, termed conflict minerals. Some of these are mined in conflict-ridden regions and used to finance armed conflicts. They include tin, tantalum, tungsten, and gold (“3TG”). In order to protect human rights in the area of conflict minerals, we have introduced a due diligence process. We create transparency in the procurement process for conflict minerals by heeding the recommendation of the Responsible Minerals Initiative. Key instruments for managing and reporting conflict minerals include the Group-wide binding Conflict Minerals Policy and supplier surveys. In an annual survey, we ask direct suppliers with 3TG relevance for information on the origin of the minerals used using the Conflict Minerals Reporting Template (CMRT). More than 70% of our purchasing volume was covered by the most recent survey. It identified 32 (2022: 24; 2021: 6) smelting plants that were classifiable as critical. These companies do not meet the requested requirements of the compliant smelters and refiners list, and we have instructed them to join through an independent audit of the Responsible Minerals Assurance Process (RMAP). RMAP audits demonstrate if a supplier’s business practices, management systems, and values correspond to the most important principles of responsible procurement. To ensure due diligence in the cobalt and mica supply chain, we collect relevant information with the aid of the Extended Minerals Reporting Template (EMRT). At the end of 2023, 2,160 suppliers were asked to answer the questionnaire by mid-2024.

Climate Pledge of the industry initiative Railsponsible

The Railsponsible initiative with its 15 members, including Knorr‑Bremse, is geared toward sustainable procurement practices in the rail industry. The Climate Pledge published by Railsponsible in 2023 is a voluntary commitment to decarbonization across the rail transportation supply chain by 2050. The signatory members want to play a leading role in sustainable procurement measures in order to mitigate climate change. Environmentally friendly and carbon-conscious business decisions, as well as close cooperation across the entire value chain, are intended to contribute to this. The signatories of the Climate Pledge commit, among other things, to reduce greenhouse gas (GHG) emissions with the aim of achieving the goal of net zero across the entire company, and to assess and publish GHG emissions in accordance with the Greenhouse Gas Protocol. The working group for responsible procurement, which Knorr‑Bremse is chairing once again, takes on important tasks as part of this. Knorr‑Bremse shares its well-founded knowledge with members and suppliers regarding sustainable procurement practices, transparent business processes and the further development of suppliers there.

		2023	2022	2021
Suppliers invited to take the CMRT survey	Number	2,160	2,301	2,449
Response rate of the suppliers surveyed	in %	49	51	62

The figure for 2022 relates to the percentage of suppliers who have provided us with information on the use and origin of conflict minerals in the June 2022–April 2023 reporting period. The figures for 2023 represent an interim status for the period from June 2023 to February 2024. The current data collection process will end in April 2024.

Governance

Responsible Corporate Governance

Integrity and Compliance

Establishing a Compliance Organization

Well-Developed Complaint Management

Reports Made in 2023

Prevention through Training and Communication

Talking to Staff about Integrity and Compliance

Management of Sustainability-Related Risks and Opportunities

Risk Management

TCFD Reporting

Opportunity Management

Sustainable Company Financing

Suppliers Who Have a Good ESG Ranking Receive Better Financing Terms

EU Taxonomy

Data Protection and Information Security

Our Data Protection Measures

Information Security

Protection with Multilevel Cybersecurity Architecture

Protection of Digitalized Products

Assuring Quality: Collaboration with Bureau Veritas

Sustainability in the Supply Chain

Purchasing volume by region of origin

The focus of purchasing: Scope 3

Direct and indirect procurement

Sustainability in Supplier Relationships

Sustainability assessment coverage rate for suppliers

Handling of Conflict Minerals

Climate Pledge of the industry initiative Railsponsible

Reporting of Conflict Minerals¹

Governance

Responsible Corporate Governance

Integrity and Compliance

Establishing a Compliance Organization

Well-Developed Complaint Management

Reports Made in 2023

Prevention through Training and Communication

Talking to Staff about Integrity and Compliance

Management of Sustainability-Related Risks and Opportunities

Risk Management

TCFD Reporting

Opportunity Management

Sustainable Company Financing

Suppliers Who Have a Good ESG Ranking Receive Better Financing Terms

EU Taxonomy

Data Protection and Information Security

Our Data Protection Measures

Information Security

Protection with Multilevel Cybersecurity Architecture

Protection of Digitalized Products

Assuring Quality: Collaboration with Bureau Veritas

Sustainability in the Supply Chain

Purchasing volume by region of origin

The focus of purchasing: Scope 3

Direct and indirect procurement

Sustainability in Supplier Relationships

Sustainability assessment coverage rate for suppliers

Handling of Conflict Minerals

Climate Pledge of the industry initiative Railsponsible

Reporting of Conflict Minerals1

Reporting of Conflict Minerals¹