Compliance

Overview

The term compliance refers to adherence to legal requirements and internal corporate regulations.

The key objectives are to protect employees and company officers, prevent reputational and liability risks or other legal disadvantages, support the fulfilment of corporate due diligence obligations, and strengthen the organisation’s positive public image.

Austrian Post goes one step further: we aim to create an environment in which all employees base their daily work on our corporate mission statement and uphold ethical standards of conduct.

To ensure proper and exemplary behaviour, Austrian Post has established a compliance culture rooted in its mission statement and Code of Conduct and Ethics. The maintenance of this culture is sustainably ensured through the Compliance Management System (CMS). The CMS is continuously improved and built on transparency, risk and process orientation, as well as training and advisory services. The following diagram illustrates the CMS structure:

The Compliance Department is responsible for implementing the following areas:

• Capital market compliance
• Business compliance
• Supplier compliance
• Whistleblowing

In addition, the Compliance Department provides support on issues relating to the Code of Conduct and Ethics (acting as the central coordinating unit).

We report on our activities annually in the Annual Report (see Corporate Governance Report and Non-Financial Information Statement) as well as in Austrian Post’s Sustainability Report.

Guidelines

In area of capital market compliance, the legal requirements of the EU Market Abuse Regulation and the Austrian Stock Exchange Act are implemented through the Capital Market Compliance Policy. Regarding capital market compliance, the Group Compliance Officer reports directly to the full Management Board.

The Capital Market Compliance Policy covers the following topics:

• Prohibition of insider dealing
• Rules on handling capital market-relevant and insider information
• Measures to protect capital market-relevant and insider information

In the area of business compliance, the legal requirements of the Austrian Criminal Code relating to anti-corruption law (Sections 304 ff.) are implemented, along with commitments arising from voluntary self-regulation, such as adherence to the UN Global Compact and membership of Transparency International Austria.

The Business Compliance Policy covers the following topics:

• Prohibition of corruption
• Handling of gifts, invitations, and other benefits
• Handling of sponsorships and donations
• Management of conflicts of interest
• Use of company resources

The Supplier Compliance Policy ensures the implementation of the EU Corporate Sustainability Due Diligence Directive (CSDDD). It also defines requirements and due diligence processes to ensure that suppliers adhere to the values set out in the Code of Conduct and Ethics and in Austrian Post’s Statement of Principles.

 In the area of whistleblower protection, the legal requirements of the EU Directive 2019/1937 on the protection of persons who report breaches of Union law and the Austrian Whistleblower Protection Act are fulfilled. We support and encourage employees, contractors, and other stakeholders to raise concerns about possible misconduct or violations of laws and internal regulations. All reports are treated as strictly confidential, and the whistleblower’s identity is protected. Even if an allegation proves unfounded, no direct or indirect disadvantages will result, provided the report was made in good faith and to the best of the person’s knowledge.