3.8Compliance
management approach
SBM Offshore’s reputation and license to operate depend on responsible business conduct. SBM Offshore is committed to complying with all applicable laws and regulations. SBM Offshore does not tolerate bribery, corruption, fraud, violations of trade sanctions, anti-money laundering or anti-competition laws, or any other illegal or unethical conduct in any form by anyone working for or on behalf of the Company. All employees and those working for or on behalf of SBM Offshore must embrace and act in accordance with the core values of the Company (see section 1.3), the Code of Conduct and the Company’s internal policies and procedures. SBM Offshore fosters a culture of trust and fairness, where dilemmas are openly addressed, enabling employees to make the right decisions, with commitment to integrity at all levels. This commitment is one of the foundations of the Company’s license to operate and license to grow, in support of SBM Offshore’s Vision.
The Management Board has assessed its Compliance program against a basic maturity model (from ‘minimum standards’ to ‘value led business’). The table below displays the Compliance program maturity level as per end of 2019. Overall, the Compliance program is deemed to be transitioning from ‘Compliance culture’ to the ‘Beyond Compliance’ level, although certain elements of the Compliance program, notably the focus on responsible leadership behavior, fall within the ‘value-led business’ maturity level. Through evolving Compliance Program enhancements, the Company strives for continuous improvement in embedding compliance as an integral part of its business processes.
Governance
The Management Board is ultimately responsible for ensuring that the entire SBM Offshore organization operates within its clearly defined Compliance Program. The Group Risk & Compliance Function (GRCF) has a leadership role in proactively advising the Management Board and Management on acting in a compliant manner, both from a strategic and an operational perspective. An important part of its role includes the focus on the prevention of misconduct.
Governance Management
The Company’s Management Board has overall accountability and the Chief Governance and Compliance Officer (CGCO) has the overall responsibility for compliance, risk and legal matters. Reporting to the CGCO, the Group Risk and Compliance Director (GRCD) leads the Compliance Program, drives its execution and regularly reports on its operating effectiveness to the Management Board and the Audit and Finance Committee of the Supervisory Board, while also reporting on the Company’s key compliance risks and incidents. The GRCD is chair of the Company’s Validation Committee, for the review and approval of third-parties before engaging in a business relationship. Furthermore, the GRCD chairs the Company’s Risk Assurance Committee, ensuring an integrated approach to risk management.
The integrated Group Risk & Compliance Function comprises a global diverse team of fifteen experienced Risk and/or Compliance professionals, reporting to the GRCD either directly or through Compliance managers located within the Company’s most prominent locations worldwide and at corporate headquarters. Business leadership has accountability and responsibility to manage compliance and integrity risks within their fields of management control.
STRATEGY
SBM Offshore’s Compliance Program aims to guide the Company’s Management and employees in applying their moral compass, as well as strengthening the management control system. SBM Offshore has integrated the Compliance Program into its organizational structure and is promoting a culture of integrity and compliance in the day-to-day way of working of all employees, increasingly focusing on targeted training initiatives, digitalization of processes and data analysis. SBM Offshore maintains an effective compliance risk management and control system, which includes monitoring and reporting, and upholds the Company’s zero-tolerance for bribery, corruption, fraud or any other form of misconduct. The Company maintains a global management control framework, while the Company’s Management is responsible for embedding compliance in day-to-day business practice.
The Compliance Program is built on three pillars:
- Compliance governance and organization
- Hard and soft controls1
- Organizational culture and employee behavior
Key elements of the Compliance Program
- Commitment of the Management Board and the Supervisory Board .
- Responsibility and accountability for compliance implementation and management residing in line management and, ultimately, with the Management Board.
- Oversight and autonomy of the GRCD and adequate, qualified resources in the department.
- Company Code of Conduct and Compliance policies and procedures .
- Regular communication, training and continued guidance and advice.
- Regular monitoring of compliance risks, mitigating measures and risk-based controls, as well as incident and action reporting.
- A thorough third-party management process, including an internal Validation Committee, which reviews the due diligence outcome on high-risk third-parties prior to engagement.
- Independent verification (e.g. compliance audits).
- Compliance-related internal financial controls, following ICOFR principles.
- Confidential reporting procedures, including an Integrity Line and internal investigations.
- Annual compliance statements from employees in middle and senior management positions.
|
NOTABLE DEVELOPMENTS AND ACHIEVEMENTS IN 2019 |
||
|---|---|---|
|
Implementation of the digital SBM Offshore Compliance Platform: Systematic deployment of the third-party management process (due diligence and continuous monitoring), the annual compliance certification process, e-Learning dissemination to designated staff and completion monitoring |
Two-day Compliance Leadership Program: Extension of the two-day Compliance Leadership Program (first introduced in 2018) titled ‘Leading Responsibly’, aimed at newly-hired business leaders and the next level of top leaders, with the objective to strengthen abilities to manage compliance risks today and tomorrow |
Deployment of new face-to-face training program for employees: In support of the Code of Conduct, deployment of new face-to-face training program aimed at Conflicts of Interest, Fraud, Confidential Information and speaking up on compliance-related matters. |
|
Completion of two-year e-Learning campaign: e-Learning program on the Code of Conduct for all employees onshore and offshore leadership completed |
Enhanced Compliance Microsite: Update of the Compliance Intranet site with relevant content and links to the SBM Offshore Compliance Platform |
Strengthening staffing of Group Risk & Compliance Function: Expansion of the GRCF, with a compliance officer in Brazil and a data analyst in Amsterdam, to progress to data driven compliance |
|
Compliance risk assessments: Country risk assessments on high risk and new entry countries performed (including the risks associated to compliance). Continuous assessment of compliance risks in Brazil. Dedicated fraud risk assessment to identify opportunities for risk control enhancements. |
GDPR deployment: Continuous improvement efforts undertaken to enhance maturity of the implementation of GDPR. A deputy Corporate Privacy Officer has been appointed. |
Third-Party Relationships: Dedicated compliance engagement with strategic vendors and contractors to facilitate continuous dialogue, by example the China Compliance Day in October and the sponsorship of, and contribution to, the ICC International Integrity & Anti-Corruption Conference in The Hague in December |
|
Enhanced compliance third-party monitoring Execution of the 2019 third- party monitoring and audit plan; digitalization of third-party management to optimize the due diligence process (including potential M&A targets) and enable continuous monitoring; review of joint venture payment controls. |
Introduction and revision of policies: Investigations Protocol developed; Third-Party Management procedures enhanced (including M&A process); Anti-Bribery and Corruption Policy updated; enhanced pre-employment screening process developed and deployed. |
Closure of Legacy Issues. For information on the Company's Legacy issues, see section 4.3.1 Financial Highlights. |
How SBM Offshore measures performance
- As part of performance management processes, the Company sets, monitors and reports on compliance KPIs for its Business Pillars, Product Lines and Operations
- Compliance training hours and completion ratios by employee target group
- Employee feedback surveys after each face-to-face training
- Annual Code of Conduct certification by staff in leadership positions
- Automated continuous monitoring of third-parties within the SBM Offshore Compliance Platform
- Use of a Company-wide tool to approve, register and monitor giving and receiving of gifts, hospitality and entertainment
- Use of a Company-wide tool for continuous risk identification, assessment, registration and reporting
- Registration, review and monitoring of integrity reports through a Company-wide Compliance Case Management System
- Integrated quarterly Group Risk and Compliance reports to the Management Board and the Audit and Finance Committee of the Supervisory Board
Metrics
The number of Ethics and Compliance training hours for direct hires has increased substantially in 2019 (6668 hours in 2019 versus 6275 hours in 2018). The Company has increased training effectiveness by further deploying its risk-based targeted approach, for example through cultural awareness training as a response to workplace related reports received through the Integrity Line, and through further extending its training program to third-parties, notably contracted yards, strategic vendors and co-owned entities staff around the globe.
|
Annual Compliance Statements of designated staff |
Designated Staff1 |
|---|---|
|
Number of employees in Designated Staff per year-end |
1,088 |
|
Onshore Completion ratio |
98% |
|
Offshore Completion ratio |
73% |
- 1 Designated Staff reflects all employees in Hay grade 11 or above
|
Trained on the Code of Conduct1 |
Designated Staff2 |
|---|---|
|
Number of employees in Designated Staff per year-end |
3,687 |
|
Onshore Completion ratio |
96% |
|
Offshore Completion ratio |
62% |
- 1 Trained by face-to-face training in 2019 and/or by having completed mandatory Code of Conduct e-Learning
- 2 Designated staff reflects all Onshore Staff and Offshore Leadership (<5%)
|
Overall number of Compliance Trainings conducted in 2019 worldwide |
Trainings |
Training hours |
|---|---|---|
|
Face-to-face trainings1 |
2,234 |
4,822 |
|
e-Learnings2 |
2,643 |
1,846 |
|
Total |
4,877 |
6,668 |
- 1 An employee can have attended multiple face-to-face trainings
- 2 An employee can have completed multiple Compliance e-Learning courses
|
Face-to-face training categories |
Trainings |
Training hours |
|---|---|---|
|
Compliance Leadership Program1 |
35 |
420 |
|
Annual Code of Conduct training |
1,257 |
2,408 |
|
Targeted Compliance topic training2 |
842 |
1,573 |
|
Training of third parties3 |
100 |
421 |
|
Total |
2,234 |
4,822 |
- 1 Continuation of 2018 program. Now extended to newly hired and next level senior management
- 2 Selection of Compliance topics for specific target audiences
- 3 Mainly strategic vendors and contracted yards
|
Integrity Reports |
Total |
|---|---|
|
Reports received under the Company's Integrity Reporting Policy1 |
53 |
|
The Company is promoting a Speak Up culture. |
|
|
The nature of the Reports over 2019 was predominantly workplace related. |
- 1 Reports received through the Integrity Line and by the Risk and Compliance Function
The objectives for 2020 are to continuously strengthen compliance management and control, focusing on the importance of the right behavior and enhancing efficiencies in the management process through increased digitalization and continuous improvement of data analysis.