3.8Compliance
management approach
SBM Offshore’s reputation and license to operate depends on responsible business conduct. SBM Offshore is committed to complying with all applicable laws and regulations. SBM Offshore does not tolerate bribery, corruption, fraud, violations of trade sanctions, anti-money laundering or anti-competition laws, or any other illegal or unethical conduct in any form by anyone working for or on behalf of the Company. All employees and those working for or on behalf of SBM Offshore must embrace and act in accordance with the core values of the Company (see section 1.3 ), the Code of Conduct and the Company’s internal policies and procedures. SBM Offshore fosters a culture of trust and fairness where dilemmas are openly addressed enabling employees to make the right decisions, with commitment to integrity at all levels. This commitment is one of the foundations of the Company’s license to operate and license to grow in support of SBM Offshore’s vision. Building on the accomplishments of recent years, the Company will strive for continuous improvement in embedding compliance as an integral part of its business processes.
Governance
The Group Compliance function is, on behalf of the Management Board, responsible for ensuring that the entire SBM Offshore organization operates within its clearly defined Compliance Program. The Group Compliance function has a leadership role in proactively advising the Management Board and Management on acting in a compliant manner, both from a strategic and an operational perspective. An important part of its role includes the focus on the prevention of misconduct.
Governance Management
The Company’s Management Board has overall accountability and the Chief Governance and Compliance Officer (CGCO) has the overall responsibility for compliance, risk and legal matters. Reporting to the CGCO, the Group Risk and Compliance Director (GRCD) leads the Compliance Program, drives its execution and regularly reports on its operating effectiveness to the Management Board and the Audit and Finance Committee of the Supervisory Board, while also reporting on the Company’s key compliance risks and incidents. The GRCD is chair of the Company’s Validation Committee for the review and approval of third parties before engaging in a business relationship. Furthermore, the GRCD chairs the Company’s Risk Assurance Committee, ensuring an integrated approach to risk management. The integrated Risk and Compliance department comprises a global team of fourteen Risk and/or Compliance professionals, reporting directly to the GRCD, located within the Company’s worldwide locations and at corporate headquarters. Business leadership has accountability and responsibility to manage compliance and integrity risks within their fields of management control.
STRATEGY
SBM Offshore’s Compliance Program aims to guide the Company’s Management and employees in applying their moral compass as well as strengthening the management control system. SBM Offshore has integrated the Compliance Program into its organizational structure and is promoting a culture of integrity and compliance in the day-to-day way of working of all employees. SBM Offshore maintains an effective compliance risk management and control system, which includes monitoring and reporting and upholds the Company’s zero tolerance for bribery, corruption, fraud or any other form of misconduct. The Company maintains a global management control framework, while the Company’s Management is responsible for embedding compliance in day-to-day business practice.
The Compliance Program is built on three pillars:
- Compliance governance and organization
- Hard and soft controls1
- Organizational culture and employee behavior
Key elements of the Compliance Program
- Commitment of the Management Board and the Supervisory Board
- Responsibility and accountability for compliance implementation and management residing in line management and ultimately with the Management Board
- Oversight and autonomy of the GRCD and adequate, qualified resources in the department
- Company Code of Conduct and Compliance policies and procedures
- Regular communication, training and continued guidance and advice
- Regular monitoring of compliance risks, mitigating measures and risk-based controls as well as incident and action reporting
- A thorough third party management process, including an internal Validation Committee which reviews the due diligence outcome on high-risk third parties prior to engagement
- Independent verification (e.g. compliance audits)
- Compliance-related internal financial controls, following ICOFR principles
- Confidential reporting procedures, including an Integrity Line and internal investigations
- Annual compliance statements from employees in middle and senior management positions
|
NOTABLE DEVELOPMENTS AND ACHIEVEMENTS IN 2018 |
||
|---|---|---|
|
Updated Code of Conduct: Development, communication and Company-wide deployment of an updated Code of Conduct entitled ’Building Trust’ |
Two-day Compliance Leadership Program: Development and implementation of a two-day Compliance Leadership Program titled ‘From rules to mindset’ for Company senior leadership; Program held in April, July and October, aimed at Executive Committee members, top 50 business leaders and group function directors |
New face-to-face training program for employees ‘From rules to mindset’: Accompanying the updated Code of Conduct development and deployment of new face-to-face training program entitled ’From rules to mindset’ aimed at promoting speaking up and openly discussing compliance-related matters |
|
New e-learning: Launch of new e-learning program on the Code of Conduct for all employees onshore and offshore leadership |
Risk & Compliance Charter: Development and deployment of a Risk & Compliance Charter for US-based group entities |
Strengthening staffing Risk & Compliance function: Further to the organizational changes. Aligned R&C function staffing to match the developments in the Product Lines |
|
Compliance country risk assessment: Compliance China strategy plan developed and deployed |
GDPR deployment: Initial GDPR project completed and continuos improvement effort undertaken to enhance maturity of the implementation.The Corporate Privacy Officer has been appointed. |
Strengthening risk reviews: Optimization of tender and project risk review process as joint effort with GEMS, Project Controls and Cost Control functions |
|
Enhanced compliance third party monitoring: Enhanced compliance monitoring and audit plan deployed combined with acquisition of a supporting tool GAN to optimize data analytics on third-party information and continuous monitoring |
Embedding the Annual Risk Appetite: Annual Risk Appetite, including compliance consideration now embedded in the Corporate Guidance for strategic planning purposes, further contributing to integrating compliance mindset in day-to-day business decision-making on compliance |
Legacy Issues. For information on the Company’s Legacy Issues see sections 1.1, 2.4, 4.1, 4.3.1, 4.3.5, 4.3.26, 4.3.27, 4.3.28 and 5.2.5. |
How SBM Offshore measures performance
- As part of performance management processes, the Company sets, monitors and reports on compliance KPIs for its Business Pillars, Product Lines and Operations
- Compliance training hours and completion ratios by employee target group
- Employee feedback surveys after each face-to-face training
- Annual Code of Conduct certification by staff in leadership positions
- Use of a Company-wide tool to approve, register and monitor giving and receiving of gifts, hospitality and entertainment
- Use of a Company-wide tool for continuous risk identification, assessment, registration and reporting
- Registration, review and monitoring of integrity reports through a Company-wide Compliance Case Management System
- Integrated quarterly Group Risk and Compliance reports to the Management Board and the Audit and Finance Committee of the Supervisory Board
Metrics
Following continuous improvement, this year’s results have exceeded the Company’s initial target. Compared to 2017, SBM Offshore has further expanded the training program. The number of Ethics and Compliance training hours for direct hires has increased from 2,397 hours in 2017 to 5,780 hours in 2018.
|
ANNUAL COMPLIANCE STATEMENTS AND TRAININGS OF DESIGNATED STAFF |
||
|---|---|---|
|
Number of employees in Designated Staff1 per year-end |
886 |
|
|
Onshore completion ratio |
99% |
|
|
Offshore completion ratio |
42% |
|
- 1 Designated Staff reflects all employees in Hay grade 11 or above.
|
COMPLIANCE TRAININGS TO DESIGNATED STAFF |
|
|---|---|
|
Number of employees in Designated Staff1 per year-end |
2,711 |
|
Onshore Completion ratio |
90% |
|
Offshore Completion ratio |
55% |
- 1 Designated staff reflects all Onshore staff and Offshore Leadership. Offshore Leadership represents <5% of designated staff.
|
OVERALL NUMBER OF COMPLIANCE TRAININGS CONDUCTED IN 2018 WORLDWIDE: |
|
|---|---|
|
Face-to-face trainings1 |
1,534 |
|
e-Learnings |
3,858 |
|
Face to face training hours |
3,490 |
|
e-Learning hours |
2,785 |
- 1 The number represents the overall number of compliance face-to-face trainings. Certain SBM Offshore employees have participated in multiple trainings.
|
INTEGRITY LINE REPORTS: |
|
|---|---|
|
Integrity Line reports received under the Company’s Integrity reporting policy |
58 |
|
The Company is promoting a Speak Up culture. The nature of the Integrity Line reports over 2018 was predominantly workplace related. |
|
The objectives for 2018 are to continuously strengthen compliance management and control, focusing on the importance of the right behavior and enhancing efficiencies in the management process.