Governance

Principles guiding our anti-corruption efforts

We follow internationally recognised guidelines in our anti-corruption work, such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act 2010. The six principles outlined below form the basis of our anti-corruption efforts.

1. Top-level commitment: We have a clearly articulated policy against corruption. Our group management team constantly communicate their commitment towards zero tolerance for any kind of corrupt activities throughout the organisation. The management team has the full support and encouragement from the board.
2. Proportionate procedures: Our anti-corruption measures are proportionate to the variation in risk we have across our diversified organisation and the various parts of the world where we operate.
3. Risk assessment: Corruption risk assessments are carried out in all our business areas, identifying whether we face a high, medium or low risk. The risk varies, depending on geographical location and the nature of the business we conduct
4. Communication (including training): We constantly communicate the anti-corruption policy in order to make sure that our policy is understood throughout the organisation. Anti-corruption training is compulsory for all employees.
5. Due diligence: We conduct due diligence of business partners where appropriate and in a variety of forms. The comprehensiveness of the due diligence conducted is proportionate to the risks. We utilise licensed screening systems to conduct due diligence in-house and, if necessary, source from third party consultants.
6. Monitoring and review: We acknowledge that monitoring, reviewing and reporting is challenging, yet essential to ensure effective implementation. The board of Wilhelmsen as well as the group management team receive and review quarterly anti-corruption reports. To ensure our data are accurate, we have a number of reporting initiatives including a whistleblowing channel, giving all employees the opportunity to anonymously report irregularities, thorough investigation of complaints, audits of risk exposed areas of operation, and third party verification of our anti-corruption procedures. All potential breaches are handled according to our routines and regulatory framework.

More information on our whistleblowing system, our values, our Code of Conduct and our compliance policy is available here.

Incidents in 2017

In 2016, we experienced an increase in external fraud attempts through cyber/email "attacks" with various degrees of sophistication. Also, the more typical whaling (CEO) fraud attempts occurred where the fraudster takes the identity of one of our business leaders requesting bogus payments. These kind of fraud attempts seem to have been part of an international trend across various industries. We have during 2017 continued to make sure that our organisation, on a regular basis, has been reminded about these fraud attempts and the various scenarios that have occurred. These reminders, in addition to making sure we stick to our internal control procedures with regards to payments, are of paramount importance in order to avoid losses. In the most risk exposed geographical areas we operate, we frequently remind our customers about the danger of fraud attempts.

The increase in cyber security threats has made it extremely important to manage this as an integrated part of doing business. We are seeing that big players in the maritime industry require that we have state of the art security mechanisms to meet the new generation of threats. A professional approach to cyber security can become one of Wilhelmsen’s competitive advantages.

In order to address these new threats and secure our email and documents, we decided in the second half of 2017 to implement Multi Factor Authentication, or MFA. This means that in addition to logging in with a Wilhelmsen username and password, every employee must verify a code on their mobile phone before accessing their mailbox on their PC or smartphone. This is a solution much similar to what is used in for example internet banking.

We believe that our awareness efforts and our increased focus on security measures is moving us in the right direction. In 2017, we had only one substantial loss of USD 120 000 where a fraudster had managed to take the identity of one of our vendors in order to divert our payments. As a principle, we report all major cases to the police.

Joint ventures

Even though the companies that we have an investment in with less than a 50% ownership stake do not have the same compliance policy or training programme as we do, we expect them to operate with the same ambitious standards on ethics and compliance. The expectations are clearly conveyed through board members of the respective companies. In addition, we actively share our policy and best practice documents with these companies with the aim of moving towards alignment of anti-corruption standards and practices.

Continuous improvement

Late in 2017, we introduced a revised Code of Conduct and a new simplified compliance policy. Instead of having multiple policies covering our business standards, we now have one compliance policy referring to more operational policy descriptions covering the areas of anti-corruption, theft and fraud, whistleblowing, competition law and personal data protection.

Training

The group wide anti-corruption programme “I Comply” was rolled out in the second half of 2014. The roll out and focus on the programme has continued since then, with emphasis on e-learning modules, training through workshops and addressing the importance of our anti-corruption work at management conferences throughout our organisation. All new Wilhelmsen employees receive this training as a mandatory course when joining Wilhelmsen. Out of a total of 462 new employees in the Wilhelmsen group in 2017, 70% have completed the general compliance training in Wilhelmsen Business Standards (eLearning) in 2017. Our aim is to have a 100% completion rate and the results are here not acceptable. The clear majority of the non-completion population are employed within ships service. Even though the underperformance partly can be explained by heavy workload due to the restructuring process taking place in the organisation, this underperformance will be addressed in 2018. Ships service will in 2018 complete a new global rollout of the Wilhelmsen Business Standard training including most employees, the exception being a few categories of employees where such training is not relevant.

In 2017, ship management continued to focus on completion of compliance training for seafarers and new joiners onshore. The current completion rate for seafarers on board and planned for joining is 97%. Onshore, all employees have completed the compliance training. Efforts have been taken to continue to increase awareness both for sea and shore employees about the need to have full compliance with the company Code of Conduct and governance requirements. In 2018, we will continue with these efforts as well as familiarising the employees and seafarers with the new Code of Conduct structure with full focus on compliance.

For a selected and risk-exposed group rollout of our competition law training (eLearning) started in the fourth quarter of 2016, this has continued in 2017. A total of 217 employees has been assigned the course, the completion rate by the end of the year is 99%.

In 2017 we acquired an increased stake in NorSea Group (NSG). Our policy is that in all companies where our shareholdings exceed 50% should implement the Wilhelmsen group business standards. The implementation in NSG started late in 2017 and will continue in 2018.

Industry partnerships

We believe in partnerships in our fight against corruption. In addition to taking part in the Maritime Anti-Corruption Network, we were accepted as members of Transparency International Norway at the beginning of 2016. Being part of their network allows us to draw on their expertise and experience with corruption in various parts of the world on how to best deal with the training needed and the challenges our personnel will face. We have participated in several Transparency International seminars where we have shared our experiences and challenges with other members across various sectors. We have further contributed towards a corruption dilemma collection that was launched by Transparency International on 31 March 2017 in a seminar hosted by the Confederation of Norwegian Enterprise (NHO). The purpose for this collection is to be used by companies in their anti-corruption training and utilised by universities for educational purposes. 

Ship management was certified by TRACE, an anti-bribery standard-setting organisation, in early 2016. This demonstrates our commitment to commercial transparency and allows ship management to serve as a valued business partner to multinational companies. “By independently becoming TRACE Certified, ship management is helping to raise anti-bribery compliance standards across the shipping and maritime industry. We applaud them for their commitment to integrity and transparency and look forward to other ship owners and logistics companies continuing to follow their lead,” said Alexandra Wrage, president and founder of TRACE International.

The ships service organisation has continued to complete the TRACE certification in their vast network of business globally in 2017. We aim at achieving further certification for all parts of the ships service organisation in 2018. For further information about TRACE, please refer to their webpage. 

A general observation and trend that continued in 2017 is that our customers in an increasing scale ask us to verify that we have our house in order when it comes anti-corruption initiatives. We very much appreciate this trend and believe that our extensive efforts to be in compliance will distinguish us and provide us with new business.

We have also experienced an increasing focus on anti-corruption and other compliance matters related to M&A activities.

When considering own acquisitions, we always ensure that a thorough Integrity Due Diligence (IDD) of the target is executed at an early stage in such a process. We have in 2017 for the first time also initiated a FCPA audit of a potential target in an investment project. Even though such initiatives are costly exercises, it is of utmost importance to us to ensure that we identify potential issues, thus enabling us to deal with them in an adequate manner as early as possible. The number of questions and requirements for disclosure related to possible issues clearly illustrates the growing importance of compliance if you are disposing or acquiring assets. We believe that this trend will continue in the coming years.

Risk assessments

Ships service and ship management each assess risk on a business area basis. Ships service is the business area within Wilhelmsen with the highest number of land-based employees, with a capacity to provide service and products to the maritime industry in 2 200 ports in 125 countries. Due to the magnitude of their operations and their exposure by operating in geographical areas where corruption in general is widespread, ships service has initiated a 2018 corruption risk assessment, which at the time of this report is not finalised. In previous risk assessments, the outcome was that the main risk factor relates to the general level of corruption in the country of operation. Ships service does not operate in high-risk sectors, typically being identified as extractive, defence, and heavy engineering, where operations are linked to government approvals and the winning of licences. Therefore, the ships service exposure to the risk of “grand” corruption is low. The typical exposure would be related to facilitation payments or petty corruption. Ships service’ business is predominantly of transactional nature.

Ships service realises that individual breaches to our anti-corruption policy may occur regardless of how much efforts and resources are put into anti- corruption work. The focus is therefore to ensure that any system or routine breaches of the policy that potentially could accumulate into major breaches are eliminated. In 2018, ships service will focus on conducting a more thorough risk assessment concerning the payment of facilitation payments in port, this in order to ensure our anti-corruption efforts focuses on the high risk geographical areas.

In ship management, the main challenge revolves around corruption and bribery in the vessel operations. Port official in some countries are still requesting facilitation in the form of cigarettes and/or cash. Ships are trying their best to avoid these payments with strong support from shore.

Zero tolerance policy on corruption

We operate in many geographical areas were corruption and bribes are still a major problem. We recognize that even if we see a move in the right direction, our efforts will have to continue and be further strengthened throughout our organisation. However, our long-term goal is firm. Our ambition is a corruption free industry.

In 2018, we will continue to focus on “living” our business standards. Learning and understanding the standards are important parts of our recruitment routines and new employees undergo mandatory business standard (ethics) training. We will continue emphasising our zero corruption tolerance goal and expect all our employees to say no to corruption. Our ambition is to increase our focus on internal compliance audits in order to verify and document that we “live” our zero tolerance policy on corruption.

Personal data protection policy

In 2017, we have been preparing for the introduction of a global Wilhelmsen personal data protection policy ensuring that we adhere to current and planned legislation that will come into force in May 2018. We are planning to rollout and implement this new personal data protection policy for the whole organisation in 2018. We will further file a “Binding Corporate Rules” (BCR) application with the Norwegian and European Data Protection authorities for the purpose of receiving authorisation. BCR is basically our internal guidelines or Code of Conduct within the area of personal data protection. BCRs are designed to allow multinational companies like Wilhelmsen to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA. In order for Wilhelmsen to be certified, we must demonstrate that our BCR adequately safeguards the protection of personal data throughout our organisation. The application and certification process is expected to take two years.

Competition law training

For a selected and risk-exposed group of employees, we will continue competition law training (e-learning). Our goal is to train 100% of the pre-defined group. The competition law training will continue in 2018 with the integration of the NorSea Group.

Whistleblowing

In 2018, we will continue to focus on building a culture with increased emphasis for blowing the whistle/raising a concern if something irregular is detected. We have since late in 2014 been operating an internal whistleblowing channel (email based were complaints/whistles are being forwarded to Wilhelmsen Compliance). Our experience was positive, but in May 2017 we added to this by introducing a whistleblowing channel also being available for external stakeholders (vendors, customers, JV partners, etc.) and that guarantees anonymous reporting if requested (a third party intermediary in the reporting line will ensure this). The purpose of this is to get more whistles and better quality, making sure that potential irregularities are detected and dealt with as early as possible. Our experience with this new and extended whistleblowing channel is positive. But we see that we have a way to go in terms of creating awareness among our employees about this possibility, this will be a focus area in 2018.

As of the first quarter 2018, we are planning for our business standards and compliance training to include the areas of anti-corruption, theft and fraud, whistleblowing, competition law and personal data protection.

Business Standard audits

In 2017, we started doing Business Standard audits. These are audits initiated and conducted by and in cooperation with various parts of the Wilhelmsen organisation. Focus areas and audit location are chosen from a number of parameters. From being randomly chosen to being selected due to concerns received. Our increased focus on audits is in accordance with the initial mentioned recommended principles of anti-corruption efforts. We are in our audits also including other aspects of our Business Standards. In order to ensure that we actually live our Business Standards, audits are essential. The audits conducted in 2017 have detected irregularities/deviations and have as such confirmed the need to put even more efforts into this area in 2018.

Target summary 2018

• Incorporate Wilhelmsen business standards in any companies where we acquire a dominant position (more than 50% shareholdings)
• Conduct Integrity Due Diligence (IDD) procedures of target in any acquisitions we may consider
• Roll-out and implementation of personal data protection measures
• File BCR application with Data Protection Authorities and ensure follow up of identified loopholes
• Increase the number of internal Wilhelmsen business standard audits
• Increase awareness of our whistleblowing channel