FINAL ASSESSMENT THYSSENKRUPP AG

The following pages contain the detailed scoring for your company based on public information.

The following table represents a summary of your scores:

Topic Number % score based of on public questions information

Leadership, Governance and 10 65% Organisation

Risk Management 7 42.9%

Company Policy and Codes 12 79.2%

Training 5 80%

Personnel and Helplines 7 71.4%

Total 41 68.3%

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A1:

Does the company publish a statement from the Chief Executive Officer or the Chair of the Board supporting the ethics and anti-corruption agenda of the company?

Score:

2

Comments:

Based on public information, there is evidence that the company has published in the last two years, a statement from the Executive Board supporting the company’s strong stance against corruption. The company has also published in the last two years one strong statement from the Executive Board that promotes the company’s ethics and anti- corruption agenda, under which it is clear that anti-corruption is a significant component.

References:

Public: Company website: Compliance ‘The Executive Board of ThyssenKrupp AG has unequivocally expressed its rejection of antitrust violations and corruption in the ThyssenKrupp Compliance Commitment.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Code of Conduct (October 2013), p.2: Foreword by the Executive Board ‘Our mission statement describes the values we share and the way we want to work together – both now and in the future. It sets out a clear vision that we must strive to realize in order to secure long-term business success. We can only achieve this goal together – based on the central idea “We are ThyssenKrupp”. Our values such as personal responsibility, openness, transparency as well as legal and ethical compliance play a vital role in this. For the first time, the basic rules and principles governing our behavior now and in the future have been brought together in this Code of Conduct. It provides an orientation framework and applies equally to everyone – board members, managers, and each and every employee. It sets a standard for ourselves and at the same time represents a promise that we will act responsibly both externally in our dealings with business partners and the general public as well as internally in our interactions with colleagues. We bear joint THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

responsibility for our company’s reputation. Misconduct by individuals can cause immense harm to all of us. So please read this code of conduct carefully and let us use it to guide our day-to-day conduct.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance – Compliance Commitment ‘Compliance Commitment of the Executive Board of ThyssenKrupp AG In respect of corruption and antitrust violations, the Executive Board of ThyssenKrupp AG has issued the following ThyssenKrupp Compliance Commitment which unequivocally expresses its stance on compliance with the corresponding laws and Group policies: ThyssenKrupp stands for technological competency, innovation, customer orientation and motivated, responsible employees. These factors are the basis of our high reputation and the long-term economic success of the Group in global competition. Corruption and antitrust violations threaten these success factors and will not be tolerated (zero tolerance). For us, bribes and cartel agreements are not a means of winning business. We would rather forgo a contract and fail to reach internal goals than act against the law. With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to cooperate actively in their areas of responsibility in implementing the ThyssenKrupp compliance program.’ http://www.thyssenkrupp.com/en/konzern/commitment.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A2:

Does the company’s Chief Executive Officer or the Chair of the Board demonstrate a strong personal, external facing commitment to the ethics and anti-corruption agenda of the company?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company’s Chairman demonstrates a strong personal, external facing commitment to the ethics and anti-corruption agenda of the company. There are numerous examples where the Chairman has delivered speeches and participated in interviews where the ethics and anti-corruption agenda of the company is mentioned. However, these have all been delivered in relation to corruption allegations. TI is looking for a personal commitment from the Chairman, rather than a response to allegations, which would be expected from any company leader.

References:

Public: Dr. Heinrich Hiesinger at the Annual Press Conference (30 November 2013), p.6: ‘We have also made significant progress in the area of compliance and, following fines and damages claims, are now on the right track. This is also confirmed by the report on the voluntary special audit, which found the Compliance function to be professionally organized and appropriately staffed. We pursue compliance violations vigorously. Our motto in this is ‘zero tolerance’.’ http://www.thyssenkrupp.com/documents/bpk2013/ThyssenKrupp_2012_2013_BPK_Rede _Hiesinger_Kerkhoff_en.pdf

Speech by Dr. Heinrich Hiesinger at the 15th Annual General Meeting (January 2014), pp.11- 12: ‘Compliance was the third major issue we had to address intensively in the fiscal year. A year ago I had to report to you on the rail cartel. At the end of 2012 Deutsche Bahn filed an action against ThyssenKrupp and other companies. After long discussions, in mid-November 2013 we reached a fundamental settlement on compensation with Deutsche Bahn within THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

the scope of the existing provisions. This settlement is subject to approval by the responsible bodies and funding providers. It could therefore take several weeks before the agreement enters into force. The internal amnesty program, which is now complete, produced no leads concerning the ongoing investigations of the German Cartel Office into alleged price fixing in the supply of certain steel products to the German auto industry and its suppliers. The official proceedings and also the internal investigation launched in this connection are still ongoing. Based on the facts currently known, significant adverse effects on the Group's financial position cannot be ruled out. To rid ourselves of such risks as far as possible in the future, we continuously improved our program to combat corruption and antitrust violations and comply with all regulations in the past fiscal year. The report on the voluntary special audit validated our approach to this. The external auditors find the compliance system at ThyssenKrupp to be professionally organized and appropriately staffed. They made a few proposals for further improvement which we have either already incorporated or will do so as soon as possible. We published the full report on our website together with the invitation to this Annual General Meeting so that anyone who is interested can form their own opinion. The report is also available for inspection here in the foyer. Ladies and Gentlemen, this morning the Supervisory Board appointed Dr. Donatus Kaufmann as Executive Board member responsible for legal affairs and compliance. I would like to take this opportunity to welcome you, Mr. Kaufmann, to ThyssenKrupp. I am looking forward to working with you and to having your support in this highly important area for us.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/ThyssenKrupp_HV_2014_S peech_Hiesinger.pdf

Remarks by Dr. Heinrich Hiesinger at the 14th Annual General Meeting (January 2013), pp.14-15: ‘The subject of cultural change would be incomplete without mention of the compliance infringements. The so-called “rail cartel” in which ThyssenKrupp was involved continues to occupy us; the investigations into private railways and points are still ongoing. Although we acted firmly in the spirit of “zero tolerance”, took swift personnel action and are cooperating intensively with the investigating authorities, the gross misconduct of individual employees has caused serious damage to the Group. We had to pay a high cartel fine. We now face claims for damages from customers. And we have lost a lot of trust. Now we have to earn it back again. For us cartel agreements and corruption are not a means of winning orders. We would rather forgo a contract that act against the law. We on the Executive Board expect all managers to ensure business processes are conducted in a proper manner in their area of responsibility and to stay alert and act. We have unequivocally reiterated this understanding of leadership in an Executive Board resolution. Some shareholders have written to us to say that the new compliance infringements appearing in the media on an almost weekly basis are an indication that we are still not cracking down hard enough. But the opposite is the case: The very fact that there are so many compliance cases makes clear that we investigate such matters rigorously. We don’t have secrets, we probe and bring infringements out into the open. And we will continue to THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

do so in the future – with all due rigor. Some 50 employees have already had to lead the Company on account of compliance infringements. I know that this is a painful process, but it is also healing. And I repeat here today: Anyone who doesn’t cooperate has no business working for us. We also announced at the end of last year that we would be carrying out a thorough review of trips with journalists and other third parties. The provisional findings of this review, which is at an advanced stage, are as follows: The investigation into trips with journalists has so far found that no laws or internal policies were violated. The same is true of trips with other third parties, e.g. employee representatives. From a tax viewpoint the review finds that non-cash benefits must be declared in some cases for the trips. This is being clarified in close consultation with the competent tax inspector. These are the provisional findings of our investigations which we have carried out with the help of external law firms. We will continue these reviews with due care and attention. But regardless of this it is true that certain elements of the trips were not altogether appropriate. For this reason it has already been decided – and I can only emphasize this again today – that we will draw up clear rules on how trips with third parties must be organized in the future. This serves to protect everyone involved.’ http://www.thyssenkrupp.com/documents/hv_2013_01_18_en/ThyssenKrupp_HV_2013_S peech_Hiesinger.pdf

Annual Report 2012/2013, p.vi: Letter to shareholders from Dr. Heinrich Hiesinger, Chairman of the Executive Board ‘We have also made significant progress in the area of compliance and, following fines and damages claims, are now on the right track. This is also confirmed by the report on the voluntary special audit, which found the Compliance function to be professionally organized and appropriately staffed. We pursue compliance violations vigorously. Our motto in this is ‘zero tolerance’.’ http://www.thyssenkrupp.com/documents/investor/Finanzberichte/eng/ThyssenKrupp_20 12_2013_AR.pdf

Spiegel Online website: ThyssenKrupp Under Fire – ‘We Won’t Be Pressurised’ (23 August 2013): Interview with CEO Dr Hiesinger ‘Hiesinger: Yes, addressing risks and challenges is part of the new culture. I did that when the Federal Cartel Office launched an investigation on the basis of an anonymous tip. Spiegel: The investigation involved suspected price fixing in steel production. Hiesinger: That's right. The amnesty program for employees willing to testify did not yield any information. But the investigation is only beginning. If something were discovered, the scope would be enormous. That's what I told our executives. Everyone has to realize that compliance violations can annihilate all successes. Spiegel: It wouldn't be the first antitrust suit. ThyssenKrupp hasn't been able to extricate itself from headlines about illegal collusion and managers lining their pockets. How do explain this? Hiesinger: It happens when those in charge do not rigorously prevent misconduct. THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Spiegel: And that was the case here? Hiesinger: All I can say is that it's no longer the case. We have zero tolerance, and we would rather accept a decline in business than any illegal intrigues. Spiegel: Mr. Hiesinger, thank you for this interview.’ http://www.spiegel.de/international/business/thyssenkrupp-ceo-heinrich-hiesinger-on- saving-the-company-a-917735-2.html

Steel Business Briefing website: ThyssenKrupp offers amnesty to whistle-blowers (17 April 2013): ‘In February, TK was one of three steel companies raided by the German Federal Cartel Office investigating possible anti-competitive agreements in the supply of automotive steel sheet. At the time TK said it would “actively support” the authorities with their investigation. Heinrich Hiesinger, executive chairman, said: “ThyssenKrupp employs a zero tolerance policy. If the allegations are substantiated in the ongoing investigations, we will take rigorous action”.’ https://www.steelbb.com/it/?PageID=157&article_id=119146

Rheinische Post website: Ökostrom-Politik gefährdet den Stahl-Standort (1 March 2014): ‘Hiesinger: Wir haben den Kulturwandel von vornherein mit derselben Energie vorangetrieben wie den gesamten Veränderungsprozess. Dabei ist Kulturwandel keine Gehirnwäsche. Wir haben aus der alten Welt mitgenommen, was gut war. Das, was nicht gut war, lassen wir hinter uns. Ich persönlich bin absolut davon überzeugt, dass man für das private, aber insbesondere auch für das berufliche Leben einen Kompass, eine Orientierung an Werten braucht. Wir setzen hier auf Offenheit, Ehrlichkeit, Transparenz und Wertschätzung – im Umgang mit den Mitarbeitern und den Kunden. Gleichzeitig gilt das Prinzip "Null Toleranz" bei Compliance-Verstößen. Lieber verzichten wir auf ein Geschäft. Wie passt dazu die Einstellung eines neuen Vorstandes, der nur für Compliance zuständig ist? Oder dient er nur der Entlastung von Aufsichtsrats-Chef Lehner? Hiesinger: Donatus Kaufmann leitet das neu geschaffene Ressort Recht und Compliance. Seine Bestellung bedeutet vor allem eine Entlastung für mich und ist ein klares Signal, dass Compliance und Rechtschaffenheit höchste Priorität für uns haben. Mit vier Vorständen sind wir für einen Dax-Konzern aber weiterhin schlank aufgestellt. Sie sind angetreten, um den Konzern sauberer zu machen. Wie weit sind Sie gekommen? Hiesinger: Wir haben den Kulturwandel von vornherein mit derselben Energie vorangetrieben wie den gesamten Veränderungsprozess. Dabei ist Kulturwandel keine Gehirnwäsche. Wir haben aus der alten Welt mitgenommen, was gut war. Das, was nicht gut war, lassen wir hinter uns. Ich persönlich bin absolut davon überzeugt, dass man für das private, aber insbesondere auch für das berufliche Leben einen Kompass, eine Orientierung an Werten braucht. Wir setzen hier auf Offenheit, Ehrlichkeit, Transparenz und Wertschätzung – im Umgang mit den Mitarbeitern und den Kunden. Gleichzeitig gilt das Prinzip "Null Toleranz" bei Compliance-Verstößen. Lieber verzichten wir auf ein Geschäft.’ http://www.rp-online.de/wirtschaft/unternehmen/thyssen-krupp-chefheinrich- hiesinger- oekostrom-politik-gefaehrdet-stahl-standort-aid-1.4073296

Handelsblatt website: Zum Glück Haben Wir Gute Leute (17 January 2014): ‘Ein Teil der Altlasten von Thyssen-Krupp ist eine Firmenkultur, in der Probleme und THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Missstände ignoriert wurden. Wie läuft denn die Erneuerung? Hier sind wir ein gutes Stück vorangekommen. 70 Prozent der Ebene unterhalb des Vorstands haben wir ausgetauscht. Zum Glück haben wir so gute Leute, dass wir 80 Prozent der Stellen intern besetzen konnten. Wir haben gemeinsam ein neues Führungsverständnis vereinbart. Abgeschlossen ist ein Kulturwandel aber eigentlich nie.’ https://www.deutschland-made-by-mittelstand.de/news/handelsblatt/9328

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A3:

Does the company’s Chief Executive Officer demonstrate a strong personal, internal-facing commitment to the ethics and anti-corruption agenda of the company, actively promoting the ethics and anti-corruption agenda at all levels of the company structure?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company’s CEO demonstrates a strong personal, internal-facing commitment to the ethics and anti- corruption agenda of the company, actively promoting the ethics and anti-corruption agenda at all levels of the company structure. This engagement could take the form of speaking at training events or chairing a review of anti-corruption programmes.

References:

Public: NA

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A4:

Does the company publish a statement of values or principles representing high standards of business conduct, including honesty, trust, transparency, openness, integrity and accountability?

Score:

2

Comments:

Based on public information, there is evidence that the company publishes a statement of values representing high standards of ethical business conduct, including openness, transparency and integrity. The company provides a brief explanation of what they mean by such values and why they matter to the organisation.

References:

Public: Code of Conduct (October 2013), p.2: Foreword signed by all the members of the Executive Board ‘Our mission statement describes the values we share and the way we want to work together – both now and in the future. It sets out a clear vision that we must strive to realize in order to secure long-term business success. We can only achieve this goal together – based on the central idea “We are ThyssenKrupp”. Our values such as personal responsibility, openness, transparency as well as legal and ethical compliance play a vital role in this. For the first time, the basic rules and principles governing our behavior now and in the future have been brought together in this Code of Conduct. It provides an orientation framework and applies equally to everyone – board members, managers, and each and every employee. It sets a standard for ourselves and at the same time represents a promise that we will act responsibly both externally in our dealings with business partners and the general public as well as internally in our interactions with colleagues. We bear joint responsibility for our company’s reputation. Misconduct by individuals can cause immense harm to all of us. So please read this code of conduct carefully and let us use it to guide our day-to-day conduct.’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

(p.3): ‘The employees of the ThyssenKrupp Group have jointly developed a Group mission statement. The Group mission statement expresses what our Company stands for now and in the future: We are ThyssenKrupp – The Technology & Materials Company. Competence and diversity, global reach, and tradition form the basis of our worldwide market leadership. We create value for customers, employees and shareholders. We Meet the Challenges of Tomorrow with our Customers. We are customer-focused. We develop innovative products and services that create sustainable infrastructures and promote efficient use of resources. We Hold Ourselves to the Highest Standards. We engage as entrepreneurs, with confidence, a passion to perform, and courage, aiming to be best in class. This is based on the dedication and performance of every team member. Employee development is especially important. Employee health and workplace safety have top priority. We Share Common Values. We serve the interests of the Group. Our interactions are based on transparency and mutual respect. Integrity, credibility, reliability and consistency define everything we do. Compliance is a must. We are a responsible corporate citizen.’

‘Conflicts must be dealt with openly and transparently’.

(p.4): ‘Our political lobbying is centralized, open and transparent.’

(p.5): ‘ThyssenKrupp is built on strong values: Reliability and honesty, credibility and integrity.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance – Compliance Commitment ‘In respect of corruption and antitrust violations, the Executive Board of ThyssenKrupp AG has issued the following ThyssenKrupp Compliance Commitment which unequivocally expresses its stance on compliance with the corresponding laws and Group policies: ThyssenKrupp stands for technological competency, innovation, customer orientation and motivated, responsible employees. These factors are the basis of our high reputation and the long-term economic success of the Group in global competition. Corruption and antitrust violations threaten these success factors and will not be tolerated (zero tolerance). For us, bribes and cartel agreements are not a means of winning business. We would rather forgo a contract and fail to reach internal goals than act against the law. With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to cooperate actively in their areas of responsibility in implementing the ThyssenKrupp compliance program. THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally.’ http://www.thyssenkrupp.com/en/konzern/commitment.html

Company website: Code of Conduct ‘Respect for each other and cooperative action as well as social responsibility are the basis for the sustainability of our business success. At ThyssenKrupp this philosophy has already an old tradition. The whole German system for social security is in parts based on models that our company has introduced already more than 160 years ago. Equal opportunities and fair wages adapted to the local context are a matter of course for us. We offer wages and benefits (e.g. social benefits) according to the national and local standards as well as the standards of our sectors. Our programs comprise for example social security like pension plans and health care. Furthermore ThyssenKrupp is participating in the UN Global Compact and is committed to the United Nations Universal Declaration of Human Rights and the core labor standards of the International Labor Organization (ILO). The main principles and rules governing our actions as well as the standards we set ourselves in our dealings with business partners and stakeholders are summarized in the ThyssenKrupp Code of Conduct. For employees, management as well as the board it gives a framework guidance for the following issues: Compliance with the law Avoiding conflicts of interest Fair competition Preventing money laundering Equal treatment and non-discrimination Human and labor rights Cooperation with employee representatives Occupational health and safety Sustainability and protection of environment and climate Donations Political lobbying Behavior in public and communications Reporting Confidential company information / inside information Data protection and information security Protection of company property’ http://www.thyssenkrupp.com/en/nachhaltigkeit/code_of_conduct.html

‘Our Group Mission Statement

We Share Common Values.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

We serve the interests of the Group. Our interactions are based on transparency and mutual respect. Integrity, credibility, reliability and consistency define everything we do. Compliance is a must. We are a responsible corporate citizen.’ http://www.thyssenkrupp.com/documents/engagement/Group_Mission_Statement_Englis h.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A5:

Does the company belong to one or more national or international initiatives that promote anti-corruption or business ethics with a significant focus on anti-corruption?

Score:

2

Comments:

Based on public information, there is readily available evidence that the company has joined the UN Global Compact.

References:

Public: Company website: Employees – Code of Conduct ‘Furthermore ThyssenKrupp is participating in the UN Global Compact and is committed to the United Nations Universal Declaration of Human Rights and the core labor standards of the International Labor Organization (ILO).’ http://www.thyssenkrupp.com/en/nachhaltigkeit/code_of_conduct.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A6:

Has the company appointed a Board committee or individual Board member with overall corporate responsibility for its ethics and anti-corruption agenda?

Score:

1

Comments:

Based on public information, there is evidence that the company has appointed Executive Board member Dr Kaufmann, with overall corporate responsibility for its ethics and anti- corruption agenda. The Chief Compliance Officer and Head of Legal Affairs report to Dr Kaufmann, who heads the Legal Affairs and Compliance directorate. However, there is no readily available evidence detailing specifically what Dr Kaufmann’s responsibility entails. The company therefore scores 1.

References:

Public: Company website: Compliance ‘Chief Compliance Officer Dr. Christoph Klahold’ ‘On the Executive Board of ThyssenKrupp AG, responsibility for compliance is assigned to one member of the board. The Chief Compliance Officer who heads the central compliance division and coordinates the compliance activities within the ThyssenKrupp Group reports to the responsible board member.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Company website: Press release (17/01/2014): ‘Supervisory Board appoints Dr. Donatus Kaufmann to Executive Board of ThyssenKrupp AG New directorate Legal Affairs and Compliance At its meeting today the Supervisory Board of ThyssenKrupp AG appointed Dr. Donatus Kaufmann (51) as a member of the Executive Board effective February 1, 2014. He will head the newly created Legal Affairs and Compliance directorate. “The appointment of Dr. Kaufmann is a clear signal that compliance is of utmost priority,” says Professor Dr. Ulrich Lehner, Chairman of the Supervisory Board. ThyssenKrupp has made a clear commitment to compliance with laws and internal policies: Any violations, in particular antitrust or

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

corruption violations, will be met with zero tolerance. All reports of misconduct will be investigated. The company’s Groupwide compliance efforts are focused on the areas of antitrust law and combating corruption.’ ‘Dr. Christoph Klahold (Head of Compliance) and Arne Wittig (Head of Legal Affairs) will report directly to Dr. Donatus Kaufmann.’ http://www.thyssenkrupp.com/en/presse/art_detail.html&eid=TKBase_1389943226609_14 17144773

Company website: Dr Donatus Kaufmann

‘Since February 2014 he is member of the Executive Board of ThyssenKrupp and responsible for compliance and legal.’ http://www.thyssenkrupp.com/en/konzern/kaufmann.html

Company website: Corporate Governance Report Organisation chart showing executive board member (Kaufmann) responsible for legal and compliance. Annex to Rules of Procedure for Executive Board. http://www.thyssenkrupp.com/en/investor/kodex-bericht.html#Ziffer5

Company website: Compliance Organisation ‘On the Executive Board of ThyssenKrupp AG, responsibility for compliance is assigned to one member of the board. The Chief Compliance Officer who heads the central compliance division and coordinates the compliance activities within the ThyssenKrupp Group reports to the responsible board member.’

http://www.thyssenkrupp.com/en/konzern/compliance_organisation.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A7:

Has the company appointed a person at a senior level within the company to have responsibility for implementing the company’s ethics and anti- corruption agenda, and who has a direct reporting line to the Board?

Score:

2

Comments:

Based on public information, there is readily available evidence that the company has appointed Chief Compliance Officer Dr Christoph Klahold, with responsibility for implementing its ethics and anti-corruption agenda. The Chief Compliance Officer heads the central compliance division, coordinates the company’s compliance activities and reports to Executive Board member Dr Kaufmann.

References:

Public: Company website: Compliance ‘Chief Compliance Officer Dr. Christoph Klahold’ ‘On the Executive Board of ThyssenKrupp AG, responsibility for compliance is assigned to one member of the board. The Chief Compliance Officer who heads the central compliance division and coordinates the compliance activities within the ThyssenKrupp Group reports to the responsible board member.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Company website: Compliance – Corporate Governance Report Organisation chart showing executive board member (Kaufmann) responsible for legal and compliance. Annex to Rules of Procedure for Executive Board http://www.thyssenkrupp.com/en/investor/kodex-bericht.html#Ziffer5

Company website: Supervisory Board appoints Dr. Donatus Kaufmann to Executive Board of ThyssenKrupp AG ‘At its meeting today the Supervisory Board of ThyssenKrupp AG appointed Dr. Donatus Kaufmann (51) as a member of the Executive Board effective February 1, 2014. He will head THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

the newly created Legal Affairs and Compliance directorate. “The appointment of Dr. Kaufmann is a clear signal that compliance is of utmost priority,” says Professor Dr. Ulrich Lehner, Chairman of the Supervisory Board. ThyssenKrupp has made a clear commitment to compliance with laws and internal policies: Any violations, in particular antitrust or corruption violations, will be met with zero tolerance. All reports of misconduct will be investigated. The company’s Groupwide compliance efforts are focused on the areas of antitrust law and combating corruption.’ ‘Dr. Christoph Klahold (Head of Compliance) and Arne Wittig (Head of Legal Affairs) will report directly to Dr. Donatus Kaufmann.’ http://www.thyssenkrupp.com/en/presse/art_detail.html&eid=TKBase_1389943226609_14 17144773

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A8:

Is there regular Board level monitoring and review of the performance of the company’s ethics and anti-corruption agenda?

Score:

2

Comments:

Based on public information, there is evidence that the company commissioned two external reviews of the compliance programme in 2011 and 2013.

References:

Public: Company website: Combined management report – Compliance ‘The compliance program focusing on anti-corruption policies and antitrust law with its three pillars "inform", "identify" and "report and act" was rigorously continued in the 2012/2013 fiscal year. Compliance work was marked by a series of major incidents to which the Executive Board and Supervisory Board of ThyssenKrupp AG reacted by intensifying compliance activities and strengthening the compliance organization. In response to media reports an internal investigation into press and other trips involving individual Executive Board members was conducted at the end of 2012.’ http://www.thyssenkrupp.com/financial-reports/12_13/en/report/compliance.html

Company website: Corporate Governance ‘The Executive Board and Supervisory Board work closely together in the interest of the Company. An intensive, continuous dialogue between the two boards is the basis for efficient corporate management. We have enhanced and intensified this dialogue step by step and in accordance with national and international standards. Corporate governance at ThyssenKrupp is based on the German Corporate Governance Code, as published by the Government Commission on February 26, 2002 and amended most recently on May 13, 2013. ThyssenKrupp complies with all recommendations of the Code as amended on May 13, 2013. The Code is a recognized standard for good corporate governance at German exchange-listed companies. The Executive Board and Supervisory Board of ThyssenKrupp AG last issued a declaration of conformity in accordance with Art.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

161 AktG at February 06, 2014.’ http://www.thyssenkrupp.com/en/investor/corporate-governance.html

Annex 1 to the Rules of Procedure for the Supervisory Board (May 2014), p.2: ‘The Executive Board shall report regularly, at least every quarter of the year, on the state of business, in particular sales and the situation of the Company and the Group. The report shall provide an update on the results of operations and financial position, personnel development, major risks to the Group and individual Group areas, and compliance. Variances from the prior year and the planning shall be explained.’ ‘Special reports (1) The Executive Board shall report to the Supervisory Board chairman without delay on other important matters. The chairman of the Executive Board/CEO shall report to the Supervisory Board chairman immediately on major events of key significance for assessing the situation, performance and management of the Company or the Group. (2) The Supervisory Board chairman shall inform the Supervisory Board members of the special reports by no later than the next Supervisory Board meeting. Reports on request (1) The Supervisory Board may request a report from the Executive Board at any time on the Company‘s affairs, its legal and business relations with subsidiaries, and business transactions at these subsidiaries which could significantly impact the situation of the Company. (2) Requests for reports are subject to a resolution passed by a simple majority of the Supervisory Board.’ https://www.thyssenkrupp.com/documents/investor/Rules_Procedure_Supervisory_Board _Annex_1.pdf

Rules of Procedure for the Audit Committee of the Supervisory Board of ThyssenKrupp AG (January 2014), p.3: ‘The Audit Committee shall monitor a) the accounting and the accounting process, b) the effectiveness of the internal control system, the risk management system, the compliance system and the internal auditing system’

(p.5): ‘The Audit Committee shall deal with general issues relating to the internal control system, the ThyssenKrupp compliance program and major compliance incidents, the Company‘s risk management principles, legal disputes and the resultant risks for the Group, and internal auditing including fraud reporting. The Audit Committee shall discuss these issues with the Executive Board, particularly in relation to the accounting process.’ http://www.thyssenkrupp.com/documents/investor/Rules_Procedure_Audit_Committee_S upervisory_Board.pdf

Annual Report 2011/2012, p.17: ‘Compliance, in the sense of measures to ensure adherence to statutory requirements and internal company policies and observance of these measures by the Group companies, is a key management and oversight duty at ThyssenKrupp. A compliance program focusing on antitrust law and anticorruption policies was introduced directly after the merger of THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

predecessor companies Thyssen and Krupp in 1999. Ever since then it has been regularly updated internally and reviewed externally on the basis of the applicable legal requirements as well as by auditors. The appropriateness and effectiveness of the compliance system in the audit period was confirmed most recently in November 2011 by KPMG AG Wirtschaftsprüfungsgesellschaft in connection with certification to the new Auditing Standard 980 of the Institute of Public Auditors in . The report by KPMG AG Wirtschaftsprüfungsgesellschaft is available for downloading on the ThyssenKrupp website’ http://www.thyssenkrupp.com/documents/investor/Finanzberichte/eng/ThyssenKrupp_20 11_2012_AR.pdf

Company website: Corporate Governance – Corporate governance declaration 2012/2013 ‘The Executive Board regularly agrees the strategy of the Company with the Supervisory Board, ensures it is implemented and discusses the progress of implementation with the Supervisory Board at regular intervals. The Executive Board provides the Supervisory Board with regular and detailed written and verbal updates on all developments and measures of relevance to the Company related to business performance, financial position and results of operations, planning and target achievement, the risk situation and risk management.’ http://www.thyssenkrupp.com/en/investor/unternehmensfuehrung_2012_2013.html

KPMG Audit Report (September 2011), Appendix 1/7 and 1/8: ‘The Corporate Center Legal & Compliance, headed by the Chief Compliance Officer Dr Kremer, has two departments...one of which...is devoted to circumstantial Compliance audits, fundamental issues and investigations in case of suspicion, while the other...focuses on consultancy and training...The Compliance Officers and Compliance Executives hold regular meetings, at least once a quarter and additionally when needed’

(Appendix 1/17 and 1/18): ‘Compliance monitoring and improvement Compliance monitoring among Group Companies is based on the aforementioned Compliance audits, the inspection of other audit reports, the regular sharing of experiences with Compliance Executives, and training events and interviews at which the Compliance Officers not only give presentations, but also receive information on problematic developments and suspicious cases. In recent years the Compliance program has been subjected to regular external reviews from a number of aspects’ http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.1: Issues for the audit included ‘The extent to which the recommendations declared in the audit report for the audit of the Compliance Management System (CMS) on the prevention of anti-trust and corruption breaches as per IDW PS 980 from September 30, 2011, have already been implemented.’

(p8.): ‘An audit of the Compliance Management System (CMS) to prevent breaches of anti- trust and corruption legislation as per IDW PS 980 took place on September 30, 2011. As a result, the investigation relating to audit subject 2 should exclusively refer to the extent to which the recommendations made in the audit report relating to the CMS audit from THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

September 30, 2011 have already been implemented. Recommendations that can be rapidly implemented have been implemented since the completion of the KPMG audit as per IDW PS 980 on November 14, 2011. The implementation of more in depth recommendations has started. The actions already implemented and those that have begun appear to be suitable for meeting the recommendations of KPMG and to be a suitable reaction to the two observations made by KPMG.’

(pp.54-55): ‘In each Board meeting (usually every fourteen days), there is a written report on the compliance activities at ThyssenKrupp. Every quarter, a compliance report is created for the Board and the Audit Committee and it gives information on the status of the Compliance Audit. When the individual audits are represented, there is a distinction between corruption and anti-trust audits and also between on-going, started, and completed audits. We were told that the basic audit results are formulated for the Board, while the remaining results are included and presented in a statistical evaluation.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Declaration of Conformity in accordance with Art. 161 of the Stock Corporation Act (AktG) ‘§ 161 of the Stock Corporation Act (AktG) requires the executive board and supervisory board of a listed German stock corporation to declare at least once a year whether the German Corporate Governance Code has been and is being complied with, or which of the Code's recommendations have not been or are not being applied and why not. On the basis of intensive discussions the Executive Board and Supervisory Board issued the following Declaration of Conformity pursuant to § 161 subsection 1 AktG at October 01, 2013:…’ http://www.thyssenkrupp.com/en/investor/unternehmensfuehrung_2012_20 13.html

Company website: Compliance – External Assessments ‘Voluntary Special Audit 2013 In July 2013 ThyssenKrupp agreed with Deutsche Schutzvereinigung für Wertpapierbesitz e.V. and the shareholder Christian Strenger, whose motions for a special audit were rejected by the Annual General Meeting in January 2013, to carry out a voluntary special audit – with the aim of creating sustainable value for ThyssenKrupp and its shareholders. The special audit looked into the basic structure of the improved internal control system with regard to its appropriateness in preventing compliance infringements in the future, the status of implementation of certain recommendations in the compliance management system, as well as the appropriateness of the investment control process for future large investment projects and the associated reporting to the Supervisory Board. ThyssenKrupp engaged two special auditors, BDO AG Wirtschaftsprüfungsgesellschaft and Prof. Dr. Hans-Joachim Böcking, Professor of Business Administration, Auditing and Corporate Governance at Goethe University Frankfurt am Main, to perform the special audit. The auditors carried out their audit up to the beginning of November 2013’ ‘IDW PS 980 Assessment 2011 ThyssenKrupp has subjected its groupwide Compliance Program to an examination according to the Compliance standard PS 980 of the Institute of Public Auditors in Germany THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

(Institut der Wirtschaftsprüfer, "IDW") in relation to the areas of antitrust and anticorruption law with the period under review being April to September 2011 by KPMG AG. The examination involved auditing the appropriateness of the design and implementation as well as auditing the effectiveness of the ThyssenKrupp Compliance Program which is the most intensive audit type of IDW PS 980. Due to particular regulations in the US and Canada, group companies there have not been part of the audit. KPMG issued an attestation according to which the ThyssenKrupp Compliance Management System has been appropriately implemented and effective in the period under review. As far as recommendations have been issued on the ground of findings, their implementation will be subject to review. The report of KPMG is available for download.’ http://www.thyssenkrupp.com/en/konzern/compliance_pruefberichte.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A8(a):

Is there a formal, clear, written plan in place on which the review of the ethics and anti-corruption agenda by the Board or senior management is based, and evidence of improvement plans being implemented when issues are identified?

Score:

1

Comments:

Based on public information, there is limited evidence of a formal written plan that guides the Board review of the ethics and anti-corruption agenda. Each quarter, a compliance report is created for the Board and the Audit Committee and it gives information on the status of the Compliance Audit. There is some evidence that when issues are identified compliance activities are intensified. The company therefore scores 1. To score higher on this question the company would need to provide further information on the formal plan that guides the review and further evidence that improvement plans are implemented.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), pp.53-54: ‘Compliance Case Management and Compliance Reporting, Whistleblower System 2.3.7.1. Creation of Audit Reports and Case Management 2.3.7.1.1. Actual situation at the time of audit Creation of the audit report At ThyssenKrupp, Compliance Audits are carried out both with and without a specific cause. The cause -independent Compliance Audits are agreed during the annual planning of the Department Investigations of the Corporate Function Compliance (CO/CPL-NV) together with the Corporate Function Internal Auditing (CO/AUD). The Business Areas can present suggestions for this. The final decision on the cause-independent audits to be carried out lies with COP/CPL-INV. Cause-independent Compliance Audits are carried out in the following process steps: • Preparation of audit; THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

• Execution of forensic audit; • Create report on the reports on the forensic audit; • Evaluation of results of the forensic audit; • Legal check and evaluation of results from the forensic audit; • Determination of measures to be implemented by the audited area. The audit preparation is carried out by both CO/CPL-INV and CO/AUD together. With the anti-corruption audits, the forensic part of the audit is subsequently carried out by CO/AUD. However, this does not represent a legal evaluation. Based on the report from CO/AUD, CO/CPL-INV makes an initial assessment whether and/or which findings of the audit should be investigated. It is also decided whether the legal evaluation of the findings should be carried out externally or internally. The results of the audit are subject to a legal evaluation after this evaluation. The coordination of the external lawyers or consultants is also the responsibility of the area CO/CPL-INV. The audit process in the area of anti-trust legislations differs because no forensic audit is carried out by CO/AUD. In reality, the facts are clarified directly by CO/CPL-INV, if applicable, in cooperation with an external law practice specializing in anti-trust legislation. The determination of measures to be implemented by the audited group unit as a consequence of the results of the audit and the tracking of these measures is carried out by the area CO/CPL-INV. The creation of the audit report was implemented in the 2nd quarter of 2012/2013. The aim of this implementation is to guarantee efficient report creation as part of the audit process as well the clear and condensed representation of the audit results. The audit results and the legal audit of these results are also categorized and recorded statistically. The cause –related Compliance Audits are generally based on information received by ThyssenKrupp, for example, via the BKMS® system and/or the Ombudsman. Due to the internal organization, all information received by ThyssenKrupp from the Ombudsman or via BKMS® system is directed automatically to the manager of the area CO/CPL-INV and from there it is assigned for further processing. According to the documents provided to us, the cause-dependent Compliance Audit is carried out in the following process steps: • Check of information; • If applicable, forensic data analysis; • Comments on the forensic analysis; • Evaluation of forensic analysis; • Legal audit and evaluation of the results of the forensic analysis; • Determination of measures to be implemented by the audited area. The audit of the information and, if necessary, a possible data analysis are carried out in consultation with CO/CPL-INV and CO/AUD. The evaluation of the forensic investigation is the responsibility of the area CO/CPL-INV. We were told that a legal assessment of the evaluated information is carried out by external law practices, however, sometimes also by internal employees. The internal responsibility for cooperation with the external representatives lies with the area CO/CPL-INV. The determination of measures to be implemented by the audited group unit as a consequence of the results of the audit and the tracking of these measures is carried out by the area CO/CPL-INV. A Competence, Responsibility and Reporting matrix (RACI) was also created for the reports following cause-related Compliance Audits. This gives information on the author, the THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

recipient and the company areas to be informed in the case of corruption audits and whistleblowing cases.’

(pp.54-55): ‘In each Board meeting (usually every fourteen days), there is a written report on the compliance activities at ThyssenKrupp. Every quarter, a compliance report is created for the Board and the Audit Committee and it gives information on the status of the Compliance Audit. When the individual audits are represented, there is a distinction between corruption and anti-trust audits and also between on-going, started, and completed audits. We were told that the basic audit results are formulated for the Board, while the remaining results are included and presented in a statistical evaluation.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Company website: Combined management report – Compliance ‘The compliance program focusing on anti-corruption policies and antitrust law with its three pillars "inform", "identify" and "report and act" was rigorously continued in the 2012/2013 fiscal year. Compliance work was marked by a series of major incidents to which the Executive Board and Supervisory Board of ThyssenKrupp AG reacted by intensifying compliance activities and strengthening the compliance organization. In response to media reports an internal investigation into press and other trips involving individual Executive Board members was conducted at the end of 2012.’ http://www.thyssenkrupp.com/financial-reports/12_13/en/report/compliance.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A9:

Does the company have a formal process for review and where appropriate update its policies and practices in response to actual or alleged instances of corruption?

Score:

1

Comments:

Based on public information, there is evidence that the company has a process to review and update company policies in the event of actual or alleged instances of corruption. However, it is unclear if this is a standard, formal process or is ad-hoc and based on a particular case. The company therefore scores 1. To score higher the company would need to provide evidence of such a formal process.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.7: ‘As a result of breaches of anticorruption and anti-trust legislation in the past, ThyssenKrupp have made the areas of anti-corruption and anti-trust the focus of their Compliance program. This is also reflected in the top-down risk assessment carried out in 2011. No systematic bottom-up risk analysis has yet taken place, however, this is planned for the calendar year 2014.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Annual Report 2012/2013, p.69: ‘Internal investigation into press trips In response to press inquiries and press reports in November 2012 concerning trips by members of the Executive Board of ThyssenKrupp AG with press representatives and other third parties, the compliance team, with the support of two law firms, conducted an extensive internal investigation into trips in the period 2007 to 2012 by the Executive Board members in office at that time. The review of the trips found that no laws or internal compliance regulations were violated. However, it was found that some of the trips were THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

only just within acceptable limits and that the existing internal regulations on trips with third parties were in some cases unclear or inadequate. The Executive Board reacted to this by issuing its own policy for press trips and initiating an annual review of its travel expenses by Internal Auditing, starting immediately.’ http://www.thyssenkrupp.com/documents/investor/Finanzberichte/eng/ThyssenKrupp_20 12_2013_AR.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A9(a):

Does the company have a formal anti-corruption risk assessment procedure implemented enterprise-wide?

Score:

2

Comments:

Based on public information there is readily available evidence that the company has an anti-corruption risk assessment procedure implemented enterprise-wide. Corruption risks are identified and mitigation plans developed by the group companies, with the support of the Corporate Function Compliance. The Compliance Risk Profile is a main tool for setting priorities under the Compliance Programme.

References:

Public: Company website: Combined management report – Opportunities and risks ‘Risk report Risk management at ThyssenKrupp embraces all measures for the systematic and transparent management of risks and through its integration with controlling processes is an integral part of value-based corporate governance. Thanks to continuous further development, the risk management system now goes far beyond the early identification of risks required by law. All requirements placed on the system by the Executive Board and the Supervisory Board Audit Committee are implemented promptly. We continuously improve our methods and tools to identify, assess, manage and report risks. Standardized risk management processes ensure that the Executive Board and Supervisory Board are informed promptly and in a structured way about the Group’s current risk situation. However, despite comprehensive risk analysis, the occurrence of risks cannot be systematically ruled out. From the current perspective the Group’s risks are contained and there are no risks that threaten the Group’s ability to continue as a going concern.

Risk policy The Group’s risk policy guidelines set the framework for meeting the requirements of proper, consistent and forward-looking risk management and its integration into corporate

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

strategy. The organizational anchoring of risk management in operational and strategic controlling facilitates active and holistic Group risk management integrated with planning and reporting processes. Risk management also includes challenging and systematically analyzing the business models, strategies and concrete measures of the operating entities. The aims of risk management at ThyssenKrupp are to increase risk awareness and establish a value-based risk culture at all corporate levels. Risks and opportunities are analyzed transparently and are systematically incorporated into business decisions. Responsible risk management also involves shifting risks outside our core processes and competencies, reducing them or avoiding them completely, which however does not rule out the occurrence of individual risks. Various risk management measures and appropriate balance sheet provisions for risks ensure that the risks taken in the Group are covered and monitored.

Risk management system Corporate risk management has the task of continuously developing the risk management system towards best practice standard and adapting it to new insights and requirements where needed. In the current Group policy on risk management we have formulated binding requirements for the risk management process and defined the individual risk management tools on a standard Groupwide basis. A global IT risk management tool used in all Group companies for preparing an integrated risk map ensures that earnings and cash risks are recorded and reported through a series of approval and aggregation processes via the business area management boards to Group level. The requirements in the risk mapping process include formulating risk management measures for the individual identified and assessed risks and systematically monitoring their implementation. The opportunities and risks not included in the monthly updated projections or in the budget are part of standard business area reporting and make an important contribution to integrated business management during the year and to corporate planning. As part of the planning process and also on an ad hoc basis we analyze earnings and cash corridors on the basis of various scenarios as well as macroeconomic concentration risks based on Groupwide risk scenarios. Ad hoc risks are communicated immediately to the risk management officers and are also documented via the established reporting channels. Risks already recognized via balance sheet provisions are also the subject of standardized analyses and risk reporting, ensuring systematic risk management for these risks too. The material Group risks identified in the risk maps as well as the results of the analyses of risk scenarios and risk provisions are discussed and validated in meetings of the interdisciplinary risk committee held once every quarter and chaired by the CFO. In this way we systematically prepare subsequent risk reporting to the Executive Board and Audit Committee. The risk committee meetings are attended by all Group officers responsible for governance, risk and compliance. This interdisciplinary approach at committee level makes a key contribution to improving corporate governance processes in the Group. The Group’s risk management system is summarized in the following graphic: Opportunity and risk reporting at ThyssenKrupp

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

We regularly train our employees on individual risk management elements and also use our Groupwide web-based IT risk management tool to provide targeted information and training material. Internal Auditing uses the information from the risk maps for its risk- oriented audit planning. The internal audits structured on this basis contribute to the efficient monitoring of the risk management system and deliver insights to increase the quality of the information and further improve risk management in the Group as a whole. Control and risk management in the Group accounting process The internal control system at ThyssenKrupp comprises all the principles, processes and measures introduced with the aim of ensuring the security and efficiency of business management, the reliability of financial reporting and compliance with laws and policies. Under the corporate project daproh for data and process harmonization we are continuously developing the internal control system using a standardized risk control matrix. Various process-integrated and process-independent monitoring measures in the accounting process help ensure that implemented controls allow compliant financial reporting despite possible risks. A standard, regularly updated accounting policy for the consolidated financial statements is available to all involved employees via an internal internet platform. For consolidation we use a Group tool based on standard software. In this way we ensure consistent procedures and minimize possible risks of misstatements in the Group’s accounting and external reporting. ThyssenKrupp has clearly defined the sub-processes involved in financial reporting and assigned clear responsibilities for them. An appropriate segregation of functions and application of the dual-control principle reduce the risk of fraudulent conduct. Corporate Function Controlling, Accounting & Risk is responsible for the preparation of the consolidated financial statements and issues binding instructions to the local units with regard to content and timing. In this way we ensure consistent accounting practices throughout the Group with minimum scope for discretion in connection with the recognition, measurement and reporting of assets and liabilities. Group-owned shared service centers support the local units in preparing local financial statements. Regular training takes place for all employees involved in the accounting process.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

We perform regular central system backups on the IT systems used in the consolidation process in order to avoid data losses and system failures. The security strategy also includes system controls, manual spot checks by experienced employees, and custom authorizations and access controls to prevent misuse of finance systems. Corporate Function Internal Auditing regularly checks the effectiveness of the internal control and risk management systems and is therefore integrated in the overall process. By means of these coordinated processes, systems and controls we ensure that the Group’s accounting is reliable and complies with IFRS, German GAAP (HGB) and other relevant standards and laws.’ http://www.thyssenkrupp.com/financial- reports/12_13/en/report/opportunities_and_risks.html#Risk_report

Company website: Compliance ‘Basis for the strategic development of the Compliance Program is a groupwide assessment of anti-trust and corruption risks. The Identification of these risks allows for the development of individual catalogues of measures to mitigate the specific risks. The defined measures are implemented by the group companies with the support of the Corporate Function Compliance.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.7: ‘Internal Control System - Compliance As a result of breaches of anti-corruption and anti-trust legislation in the past, ThyssenKrupp have made the areas of anti-corruption and anti-trust the focus of their Compliance program. This is also reflected in the top-down risk assessment carried out in 2011. The systematic recording of the compliance risks from the bottom up has not yet taken place, however this is planned for 2014. We recommend that the systematic risk analysis planned by ThyssenKrupp for 2014 is carried out as planned.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_ on_the_Voluntary_Special_Audit.pdf

KPMG Audit Report (September 2011), Appendix 1/5 - 1/6:

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A10:

Does the company have a formal anti-corruption risk assessment procedure for assessing proposed business decisions, with clear requirements on the circumstances under which such a procedure should be applied?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company has a formal anti-corruption risk assessment procedure for assessing proposed business decisions, with clear requirements on the circumstances under which such a procedure should be applied.

References:

Public: Company website: Combined management report – Compliance ‘We also provide compliance advice on key business transactions, e.g. in connection with major projects or on the engagement of intermediaries. For this the employees can contact their compliance officers in the business areas, regions and at Corporate or call our central hotline. The compliance officers advise the operating units on integrating compliance into their business processes.’ http://www.thyssenkrupp.com/financial-reports/12_13/en/report/compliance.html

KPMG Audit Report (September 2011), Appendix 1/4: ‘(b) critical consideration must be given at the planning stage to potential indicators of Compliance risks (so-called red flags), with due regard for their respective business model. Implementation of these principles must be documented in the relevant planning templates (opportunities & risk) under the risk category "Legal & Compliance". In accordance with the planning cycle, the Compliance Executives and the responsible Compliance Officers hold feedback meetings on the planning process.’

(Appendix 1/5): ‘The 'Compliance Risk Profile' is an assessment of the individual, structural risk situation of the 39 OUs on the basis of defined, weighted criteria, incorporating THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

individual considerations of the respective Group Companies in condensed form. The focus here is not on the activities and conduct of executives/employees, nor on Compliance issues in the past. Against this background, annual reviews are held to determine whether the current circumstances necessitate an update. Alongside other indicators, the review also includes additions and requirements under company law, amendments to the Group's strategic orientation, altered market conditions (CPI Index, market shares etc), and the results of monitoring meetings with the Compliance Executives.’ http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

Company website: Combined management report – Opportunities and risks ‘Risk report Risk management at ThyssenKrupp embraces all measures for the systematic and transparent management of risks and through its integration with controlling processes is an integral part of value-based corporate governance. Thanks to continuous further development, the risk management system now goes far beyond the early identification of risks required by law. All requirements placed on the system by the Executive Board and the Supervisory Board Audit Committee are implemented promptly. We continuously improve our methods and tools to identify, assess, manage and report risks. Standardized risk management processes ensure that the Executive Board and Supervisory Board are informed promptly and in a structured way about the Group’s current risk situation. However, despite comprehensive risk analysis, the occurrence of risks cannot be systematically ruled out. From the current perspective the Group’s risks are contained and there are no risks that threaten the Group’s ability to continue as a going concern.

Risk policy The Group’s risk policy guidelines set the framework for meeting the requirements of proper, consistent and forward-looking risk management and its integration into corporate strategy. The organizational anchoring of risk management in operational and strategic controlling facilitates active and holistic Group risk management integrated with planning and reporting processes. Risk management also includes challenging and systematically analyzing the business models, strategies and concrete measures of the operating entities. The aims of risk management at ThyssenKrupp are to increase risk awareness and establish a value-based risk culture at all corporate levels. Risks and opportunities are analyzed transparently and are systematically incorporated into business decisions. Responsible risk management also involves shifting risks outside our core processes and competencies, reducing them or avoiding them completely, which however does not rule out the occurrence of individual risks. Various risk management measures and appropriate balance sheet provisions for risks ensure that the risks taken in the Group are covered and monitored.

Risk management system Corporate risk management has the task of continuously developing the risk management system towards best practice standard and adapting it to new insights and requirements where needed. In the current Group policy on risk management we have formulated binding requirements for the risk management process and defined the individual risk management THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

tools on a standard Groupwide basis. A global IT risk management tool used in all Group companies for preparing an integrated risk map ensures that earnings and cash risks are recorded and reported through a series of approval and aggregation processes via the business area management boards to Group level. The requirements in the risk mapping process include formulating risk management measures for the individual identified and assessed risks and systematically monitoring their implementation. The opportunities and risks not included in the monthly updated projections or in the budget are part of standard business area reporting and make an important contribution to integrated business management during the year and to corporate planning. As part of the planning process and also on an ad hoc basis we analyze earnings and cash corridors on the basis of various scenarios as well as macroeconomic concentration risks based on Groupwide risk scenarios. Ad hoc risks are communicated immediately to the risk management officers and are also documented via the established reporting channels. Risks already recognized via balance sheet provisions are also the subject of standardized analyses and risk reporting, ensuring systematic risk management for these risks too. The material Group risks identified in the risk maps as well as the results of the analyses of risk scenarios and risk provisions are discussed and validated in meetings of the interdisciplinary risk committee held once every quarter and chaired by the CFO. In this way we systematically prepare subsequent risk reporting to the Executive Board and Audit Committee. The risk committee meetings are attended by all Group officers responsible for governance, risk and compliance. This interdisciplinary approach at committee level makes a key contribution to improving corporate governance processes in the Group. The Group’s risk management system is summarized in the following graphic: Opportunity and risk reporting at ThyssenKrupp

We regularly train our employees on individual risk management elements and also use our Groupwide web-based IT risk management tool to provide targeted information and training material. Internal Auditing uses the information from the risk maps for its risk- oriented audit planning. The internal audits structured on this basis contribute to the efficient monitoring of the risk management system and deliver insights to increase the

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

quality of the information and further improve risk management in the Group as a whole. Control and risk management in the Group accounting process The internal control system at ThyssenKrupp comprises all the principles, processes and measures introduced with the aim of ensuring the security and efficiency of business management, the reliability of financial reporting and compliance with laws and policies. Under the corporate project daproh for data and process harmonization we are continuously developing the internal control system using a standardized risk control matrix. Various process-integrated and process-independent monitoring measures in the accounting process help ensure that implemented controls allow compliant financial reporting despite possible risks. A standard, regularly updated accounting policy for the consolidated financial statements is available to all involved employees via an internal internet platform. For consolidation we use a Group tool based on standard software. In this way we ensure consistent procedures and minimize possible risks of misstatements in the Group’s accounting and external reporting. ThyssenKrupp has clearly defined the sub-processes involved in financial reporting and assigned clear responsibilities for them. An appropriate segregation of functions and application of the dual-control principle reduce the risk of fraudulent conduct. Corporate Function Controlling, Accounting & Risk is responsible for the preparation of the consolidated financial statements and issues binding instructions to the local units with regard to content and timing. In this way we ensure consistent accounting practices throughout the Group with minimum scope for discretion in connection with the recognition, measurement and reporting of assets and liabilities. Group-owned shared service centers support the local units in preparing local financial statements. Regular training takes place for all employees involved in the accounting process. We perform regular central system backups on the IT systems used in the consolidation process in order to avoid data losses and system failures. The security strategy also includes system controls, manual spot checks by experienced employees, and custom authorizations and access controls to prevent misuse of finance systems. Corporate Function Internal Auditing regularly checks the effectiveness of the internal control and risk management systems and is therefore integrated in the overall process. By means of these coordinated processes, systems and controls we ensure that the Group’s accounting is reliable and complies with IFRS, German GAAP (HGB) and other relevant standards and laws.’

‘Risks associated with disposals, acquisitions and restructurings Continuous optimization of the Group portfolio is one of the key pillars of our Strategic Way Forward. Active portfolio management in connection with the disposal or acquisition of businesses is associated with risks. The same applies to restructurings within our existing businesses. We monitor the associated risks continuously and recognize provisions where required. On November 29, 2013 ThyssenKrupp entered into an agreement with a consortium of ArcelorMittal and Nippon Steel & Sumitomo Metal Corporation on the sale of the ThyssenKrupp Steel USA rolling and coating plant in Calvert/Alabama. In addition it was contractually agreed that the consortium will purchase 2 million tons of slabs per year from THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

ThyssenKrupp CSA up to 2019. This long-term slab supply contract for ThyssenKrupp CSA is a first major step in the decoupling of the two plants and will also enable ThyssenKrupp to fulfill the commitment agreed with Vale to purchase slabs from ThyssenKrupp CSA. In this way the Group will be able to reduce the risks from the originally intended cross-currency- area tandem model as well as price risks in connection with market entry into the USA. The closing of the agreements is subject to approval by the competent regulatory authorities. Following the disposal of Stainless Global ThyssenKrupp is exposed to risks from the 29.9% shareholding in Outokumpu as well as from the financial receivable (vendor loan) created in the transaction, a 364-day credit line, a supplier finance backup facility and contingencies. More information on this is provided in Note 23. These are value risks and default risks depending on Outokumpu’s financial situation. In the context of the necessary refininancing of Outokumpu ThyssenKrupp AG signed a contract with Outokumpu Oyj on November 29, 2013 transferring 100% of the shares of VDM and AST and of other smaller activities in the stainless steel service center sector to ThyssenKrupp. In return ThyssenKrupp’s financial receivable from Outokumpu Oyj in the nominal amount including capitalized interest of €1,269 million, which had a book value of €969 million at September 30, 2013, was transferred to Outokumpu. The commitment resulting from the sale of Inoxum to Outokumpu to offset any negative financial consequences for Outokumpu under merger control requirements up to an amount of €200 million therefore ceases to apply.’

‘Compliance risks We operate a strict compliance program focused on reducing the risk of antitrust and corruption violations. This focus is justified due to the enormous potential for damage with these offenses – both financial and in terms of reputation. This is illustrated by the so-called rail cartel case. On July 23, 2013 the German Federal Cartel Office imposed a second fine on ThyssenKrupp GfT Gleistechnik GmbH. This €88 million fine relates to the private market and turnouts sections of the proceedings. ThyssenKrupp accepted the fine and had already recognized a provision for it. Previously in July 2012 the authority had imposed a €103 million fine for price fixing in connection with rail deliveries to Deutsche Bahn. With the latest fine for the private market and turnouts sections of the case fines have now been established and settled for all the allegations relating to ThyssenKrupp in the rail cartel case. However, various Deutsche Bahn companies have filed claims for damages against several companies – including ThyssenKrupp GfT Gleistechnik and ThyssenKrupp Materials International – in connection with the rail cartel. In the meantime other companies have also asserted out-of-court claims against ThyssenKrupp in connection with the private market and turnouts sections of the proceedings. More details are provided in Notes 16 and 21 to the consolidated financial statements. Acting on an anonymous tip, the German Federal Cartel Office has been investigating ThyssenKrupp Steel Europe and other companies since the end of February 2013 based on an initial suspicion of price fixing in the delivery of certain steel products to the German auto industry and its suppliers over a period dating back to 1998. ThyssenKrupp has launched its own investigation into the allegations with the support of external lawyers. The

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

amnesty program we carried out from April 15 to June 15, 2013 produced no leads regarding the ongoing investigations. The investigations by the Federal Cartel Office are ongoing. The internal investigations launched in response to the investigations of the Federal Cartel Office are at an advanced stage but not yet complete. Based on the facts currently known to us, significant adverse consequences with regard to the Group's asset, financial and earnings situation cannot be ruled out.’ http://www.thyssenkrupp.com/financial- reports/12_13/en/report/opportunities_and_risks.html#Risk_report

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A11:

Does the company conduct due diligence that minimises corruption risk when selecting or reappointing its agents?

Score:

1

Comments:

Based on public information, there is readily available evidence that the company conducts due diligence that minimises corruption risk when selecting agents. To score higher the company would need to provide evidence it refreshes the due diligence at least every 3 years and/or when there is a significant change in the business relationship. The company therefore scores 1.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), pp.39-41: ‘2.3.4. Business Partner Checks 2.3.4.1. Actual situation at the time of audit The aim of the Business Screening at ThyssenKrupp is to prevent breaches of the corruption ban and the Compliance Program for fighting corruption in connection with consultants/intermediaries and/or to avoid a corresponding index effect and thus reduce as much as possible the risk of corruptive actions or other financial crimes against group companies and their employees. We were told that Business Partner Screenings are carried at ThyssenKrupp if a consultant or intermediary is employed to provide sales support for the project or for day-to-day business or at the instigation of a company in the ThyssenKrupp Group. At ThyssenKrupp, the terms Consultant and Intermediary are used to refer to intermediaries, consultants, sales representatives, agents, sponsors and all other persons working for the company. Rules for carrying out Business Partner Screenings that are valid across the group are included in the group guidelines for the involvement of intermediaries, consultants, and other persons commissioned for sales support as passed by the Board on October 26, 2009. The application of the guidelines is dependent on the actual function of the consultant/intermediary as required by the contracting parties, not on the designation of

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

the commissioned person or the legal arrangement of the contractual relationship. In accordance with the aforementioned group guidelines, it is essential that the sales area wanting to commission the consultant/intermediary conducts a review of all consultants/intermediaries before any possible business relationship. As part of this mandatory preliminary check, information must be obtained on the identity of the consultant/intermediary and research must be carried out to ensure that no agreements are made with "letter-box companies". The guidelines do not include any specifications of how the check should be carried out. The concrete implementation of the specifications given in the guidelines lies instead at the discretion of the Area Board for the relevant Business Area. If the Compliance Officer is linked to a Business Partner in the check and must make a statement, there is an internal note from January 6, 2012 under the header "Gliederung und Prüfungspunkte einer Compliance Stellungnahme -Stand Januar 2012" (Structure and Checkpoints in a Compliance Statement -January 2012). This note gives specifications on the framework for reporting and points to be considered when making a statement. According to the guidelines, the Chief Compliance Officer for ThyssenKrupp should only be contacted in this matter if a group company wants to engage politicians, members of the assembly, members of state governments, officials, office holders, or holders of other official functions as consultants/intermediaries. In addition, the Compliance Officer can also be included in the check via the respective Sales Unit wishing to cooperate with a consultant/intermediary. Attachment II to the group guidelines includes concrete specifications on the form of agreements with consultants/intermediaries as well as contract clauses that must be included in the respective contracts. It states that: • Agreements are only permitted in writing; • Agreements must be detailed; • Verbal agreements are not permitted; • Services provided must be documented. It also specifies that the agreements with consultants/intermediaries must include clauses prohibiting assignment and corruption. The agreements can optionally also include an audit clause and a tax clause. The audit clause specifies that if business, transactions, or projects are the subject of an official investigation/a judicial inquiry, the consultant/intermediary will immediately provide all information relevant for the process or investigation if requested by ThyssenKrupp and must specifically give access to all documents and records that could be significant for ThyssenKrupp with regard to the inquiry or investigation. The tax clause specifies that, in the case of official investigations or a judicial inquiry and if requested by ThyssenKrupp, the nsultant/intermediary will immediately provide written confirmation to show whether, to what extent, when, to which tax authorities and with which reference number the consultant has declared as income the commission/remuneration payments received from the roject/transaction/business. As a result of the specification in the group guidelines that the implementation of the specifications given in the group guidelines is the task of the Area Board for the respective Business Area, the Area Boards for the five Business Areas have issued specific regulations for the respective Business Areas. These area-specific regulations are given individually for the respective Business Areas in the "Zustimmungspflichtige Geschäftsvorfälle (ZGV)" (Business Transactions Subject to THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Approval) catalogs. They are regulated according to the order volume, commission value or the country is which the consultant/intermediary is to be engaged and/or in which the delivery is to take place, approval processes, release processes, information obligations. We are told that the specifications defined via the Business Areas in the ZGVs are agreed with CO/CPL.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A12:

Does the company have contractual rights and processes for the behaviour, monitoring, control, and audit of agents with respect to countering corruption?

Score:

1

Comments:

Based on public information, there is evidence that the company has formal procedures and contractual rights for the behaviour, monitoring, control, and audit of agents with respect to countering corruption. However, it is not clear that the company has the right to terminate a contract if corrupt activities are discovered and there is insufficient evidence to suggest that the Supplier Code of Conduct applies to agents. The company therefore scores 1.

References:

Public: Supplier Code of Conduct (August 2014), p.3: ‘Prohibition of corruption and bribery At ThyssenKrupp, we expect our suppliers to have zero-tolerance for corruption and to ensure compliance with all United Nations (UN) and Organisation for Economic Co-operation and Development (OECD) conventions against corruption, and with all governing anti-corruption laws. In particular, our suppliers are expected to ensure that their employees, subcontractors and agents do not offer, promise or grant any advantages to any ThyssenKrupp employees or related parties with the goal of securing an order award or any other form of preferential treatment in their business transactions.’ http://www.thyssenkrupp.com/documents/einkauf/code_of_conduct/TKSCoC_en.pdf

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.40: ‘Attachment II to the group guidelines includes concrete specifications on the form of agreements with consultants/intermediaries as well as contract clauses that must be included in the respective contracts. It states that: • Agreements are only permitted in writing; • Agreements must be detailed; THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

• Verbal agreements are not permitted; • Services provided must be documented. It also specifies that the agreements with consultants/intermediaries must include clauses prohibiting assignment and corruption. The agreements can optionally also include an audit clause and a tax clause. The audit clause specifies that if business, transactions, or projects are the subject of an official investigation/a judicial inquiry, the consultant/intermediary will immediately provide all information relevant for the process or investigation if requested by ThyssenKrupp and must specifically give access to all documents and records that could be significant for ThyssenKrupp with regard to the inquiry or investigation. The tax clause specifies that, in the case of official investigations or a judicial inquiry and if requested by ThyssenKrupp, the consultant/intermediary will immediately provide written confirmation to show whether, to what extent, when, to which tax authorities and with which reference number the consultant has declared as income the commission/remuneration payments received from the project/transaction/business.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A13:

Does the company make clear to contractors, sub-contractors, and suppliers, through policy and contractual terms, its stance on bribery and corruption and the consequences of breaches to this stance?

Score:

2

Comments:

Based on public information, there is evidence that the company communicates to suppliers through policy and contractual terms, its ethics and anti-corruption agenda. The company expects suppliers to comply with national and international laws and regulations, as well as the Supplier Code of Conduct. The company has the right to terminate a contract if a supplier is found to have breached the Supplier Code of Conduct.

References:

Public: Company website: Supplier Code of Conduct ‘As we are committed to treating employees, customers, suppliers and local residents responsibly and with fairness, we expect our suppliers to share this commitment with us. ThyssenKrupp expects from its suppliers that all their business activities fully comply with applicable national and international laws and regulations, with the principles of the United Nations Global Compact, and with the requirements and standards laid out in the ThyssenKrupp Supplier Code of Conduct. In May 2013, we have started to invite our suppliers to sign the ThyssenKrupp Supplier Code of Conduct. The rollout is conducted in several waves. We strive to only work with suppliers whose business activities fully comply with the principles of the ThyssenKrupp Supplier Code of Conduct, who sign the related documents upon request, support all related ThyssenKrupp sustainability processes, and ensure that their own suppliers also meet the documented ThyssenKrupp standards.’ http://www.thyssenkrupp.com/en/konzern/supplier_coc.html

Supplier Code of Conduct (May 2013), p.3: THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

‘Prohibition of corruption and bribery At ThyssenKrupp, we expect our suppliers to have zero-tolerance for corruption and to ensure compliance with all United Nations (UN) and Organisation for Economic Co- operation and Development (OECD) conventions against corruption, and with all governing anti-corruption laws. In particular, our suppliers are expected to ensure that their employees, subcontractors and agents do not offer, promise or grant any advantages to any ThyssenKrupp employees or related parties with the goal of securing an order award or any other form of preferential treatment in their business transactions.

Invitations and gifts At ThyssenKrupp, we expect that our suppliers refrain from presenting any invitations or gifts to our employees so as to gain any form of influence. Any invitations or gifts extended to ThyssenKrupp employees or related parties, if any, must be reasonable and suitable with a view to scope and design, i.e. they must be of low financial value and reflect ordinary local business custom. We also expect our suppliers to refrain from asking ThyssenKrupp employees or related parties for any inappropriate advantages.’

‘Supplier relations At ThyssenKrupp, we expect our suppliers to communicate the principles laid out herein to their subcontractors and subsuppliers and to take these principles into account when selecting subcontractors and subsuppliers. Our suppliers are expected to encourage their subcontractors and subsuppliers to comply with the minimum standards of this Code of Conduct regarding the protection of human rights, working conditions, anti-corruption and environmental protection when fulfilling their contractual obligations.’

‘Compliance with the ThyssenKrupp Supplier Code of Conduct We will review our suppliers’ compliance with the principles and requirements laid out in the ThyssenKrupp Supplier Code of Conduct regularly, asking our suppliers to complete a self assessment not more than once a year. Furthermore, we reserve the right to consult with each supplier and to appoint a qualified third party to perform a sustainability audit at the supplier’s site. In the event that such a review audit regarding sustainability standards is performed, the supplier shall bear all costs and expense up to a maximum of 5,000 Euros. ThyssenKrupp will receive a full report on the audit findings. Any violation of the principles and requirements set out in this ThyssenKrupp Supplier Code of Conduct will be regarded as a serious violation of the supplier regarding his contractual obligations towards ThyssenKrupp. In the event that supplier is suspected of violating any of the principles laid out in the ThyssenKrupp Supplier Code of Conduct (e.g. based on negative media reports), ThyssenKrupp reserves the right to request from the supplier that all relevant information be disclosed. Furthermore, ThyssenKrupp reserves the right to stop any business with all suppliers who are in clear, verifiable violation of the ThyssenKrupp Supplier Code of Conduct and/or who are neither seeking nor implementing measures for improving their sustainability performance. In the event that a supplier evidently fails to fulfill any of the principles and requirements set out in this ThyssenKrupp Supplier Code of Conduct, or refuses to implement measures for improving his sustainability performance, ThyssenKrupp reserves the right to immediately terminate any or all contracts with the supplier for cause.’ THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

http://www.thyssenkrupp.com/documents/einkauf/code_of_conduct/TKSCoC_en.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A13(a):

Does the company explicitly address the corruption risks associated with offset contracting?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company explicitly addresses the corruption risks associated with offset contracting.

References:

Public: NA

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A13(b):

Does the company conduct due diligence that minimises corruption risk when selecting its offset partners and offset brokers?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company conducts due diligence that minimises corruption risk when selecting its offset partners and offset brokers.

References:

Public: NA

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A15:

Does the company have an anti-corruption policy that prohibits corruption in its various forms?

Score:

2

Comments:

Based on public information, there is evidence that the company has an anti-corruption policy that prohibits corruption in its various forms. This includes the giving and receiving of bribes, facilitation payments, gifts and hospitality, and conflicts of interest.

References:

Public: Code of Conduct (October 2013), p.3: ‘Compliance with the law Compliance with law, rules and regulations is for us an essential basic principle of responsible business conduct. We adhere to legal prohibitions and requirements at all times, even if this involves short-term business disadvantages or difficulties for the Company or individuals. Where national laws are more restrictive than the rules applying at ThyssenKrupp, the national laws take precedence. Avoiding conflicts of interest At ThyssenKrupp business decisions are made exclusively in the best interests of the Company. Any conflicts of interest with personal matters or other business or non-business activities, including those of relatives or other related parties should be avoided. Should such conflicts nevertheless occur, they must be resolved in accordance with the law and Group policies. Conflicts must be dealt with openly and transparently. Fair competition Our conduct on the markets is based on the compliance commitment issued by the Executive Board of ThyssenKrupp AG: ThyssenKrupp stands for technological competency, innovation, customer orientation and motivated, responsible employees. These factors are the basis of our high reputation and the long-term economic success of the Group in global competition. Corruption and antitrust violations threaten these success factors and will not be tolerated

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

(zero tolerance). For us, bribes and cartel agreements are not a means of winning business. We would rather forgo a contract and fail to reach internal goals than act against the law. With its Compliance Program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with anti-corruption and antitrust regulations and the Group policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to contribute actively in their areas of responsibility in implementing the ThyssenKrupp Compliance Programme.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance – Compliance Commitment ‘Compliance Commitment of the Executive Board of ThyssenKrupp AG In respect of corruption and antitrust violations, the Executive Board of ThyssenKrupp AG has issued the following ThyssenKrupp Compliance Commitment which unequivocally expresses its stance on compliance with the corresponding laws and Group policies: ThyssenKrupp stands for technological competency, innovation, customer orientation and motivated, responsible employees. These factors are the basis of our high reputation and the long-term economic success of the Group in global competition. Corruption and antitrust violations threaten these success factors and will not be tolerated (zero tolerance). For us, bribes and cartel agreements are not a means of winning business. We would rather forgo a contract and fail to reach internal goals than act against the law. With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to cooperate actively in their areas of responsibility in implementing the ThyssenKrupp compliance program.’ http://www.thyssenkrupp.com/en/konzern/commitment.html

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), pp.44-45: ‘2.3.5.2. Anti-Corruption Guidelines 2.3.5.2.1. Actual situation at the time of audit On July 20, 2012 the current valid group guidelines on the prevention of corruption were passed by the Board of the ThyssenKrupp AG. These group guidelines are clarified and supplemented by the following accompanying rules: • FAQ „Einladungen und Geschenke: Fragen und Antworten" (FAQ "Invitations and Gifts: Questions and Answers"); • Information leaflet "Zum Umgang mit Einladungen, Geschenken und Rabatten zur privaten Nutzung" (Handling of Invitations, Gifts and Discounts for Personal Use); THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

• Information leaflet "Korruptionsstrafrecht und steuerliche Behandlung von Zuwendungen an Dritte im geschäftlichen Verkehr" (Criminal Law on Corruption and Fiscal Handling of Contributions to Third Parties in Business Transactions); • "Konzernrichtlinie über Gesellschaftliches Engagement, Mitgliedschaften und Ticketerwerb" (Group Guidelines on Social Engagement, Memberships and Purchase of Tickets) (since October 1, 2013 the responsibility of Corporate Function Communication and CO/CPL). The guidelines formulate the basic requirements made of the employees in connection with the fight against corruption as follows: "The ThyssenKrupp Group expects its employees at all levels of the company and irrespective of their hierarchical position to observe the valid anti-corruption legislation and this guideline on corruption prevention." This means that the respective statutory standards apply in each country, irrespective of whether these are stricter or more permissive than in Germany. Secondly, the standard of the guideline itself is a minimum requirement. Specific rules apply for donations to holders of offices, for facilitation payments as well as for invitations and gifts. The latter can be omitted if only the impression of extraneous considerations may arise, even if the donation would be permitted by law. Some Business Area guidelines include supplementary rules, for example, the guidelines for delegation trips which only applies to the Business Area Elevator. The subjects of the purchase of tickets, hiring VIP lounges, business seats etc. are regulated in the "Konzernrichtlinie über Gesellschaftliches Engagement, Mitgliedschaften und Ticketerwerb" (Group Guidelines on Social Engagement, Memberships and Purchase of Tickets). There is a detailed supplementary German -language form available for the release and documentation when purchasing tickets for sport or cultural events. In addition, a group-wide standardized IT-supported process (Global Engagement Tool (GET)) for the internal approval and documentation of donations/sponsoring, memberships as well as the acceptance of tickets is planned for the financial year 2013/14. The guidelines on corruption prevention require that the employees involve a Compliance Office if there is even the "slightest doubt" of the legitimacy of an operation. In specific cases, it is essential that approval is received from a superior and/or a consultation is held with the Compliance Officer before accepting or granting donations. The content of the anti-corruption group guidelines is imparted in the E-Learning module on anti-corruption. The subject of anti-corruption is also covered in on-site compliance training.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A16:

Is the anti-corruption policy explicitly one of zero tolerance?

Score:

2

Comments:

Based on public information, there is evidence that the company has a zero tolerance corruption policy.

References:

Public: Company website: Corporate Governance Report ‘The Executive Board of ThyssenKrupp AG has unequivocally expressed its rejection of antitrust violations and corruption in the ThyssenKrupp Compliance Commitment. The compliance commitment clearly states that violations, particularly antitrust violations and corruption, will not be tolerated in any way (zero tolerance).’ http://www.thyssenkrupp.com/en/investor/kodex-bericht.html#Ziffer5

Code of Conduct (October 2013), p.3: ‘Corruption and antitrust violations threaten these success factors and will not be tolerated (zero tolerance).’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance Commitment ‘Compliance Commitment of the Executive Board of ThyssenKrupp AG In respect of corruption and antitrust violations, the Executive Board of ThyssenKrupp AG has issued the following ThyssenKrupp Compliance Commitment which unequivocally expresses its stance on compliance with the corresponding laws and Group policies: ThyssenKrupp stands for technological competency, innovation, customer orientation and motivated, responsible employees. These factors are the basis of our high reputation and the long-term economic success of the Group in global competition. Corruption and antitrust violations threaten these success factors and will not be tolerated (zero tolerance). THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

For us, bribes and cartel agreements are not a means of winning business. We would rather forgo a contract and fail to reach internal goals than act against the law. With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to cooperate actively in their areas of responsibility in implementing the ThyssenKrupp compliance program.’ http://www.thyssenkrupp.com/en/konzern/commitment.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A17:

Is the company's anti-corruption policy easily accessible to Board members, employees, contracted staff and any other organisations acting with or on behalf of the company?

Score:

2

Comments:

Based on public information, there is evidence that the company’s Code of Conduct and Supplier Code of Conduct are easily available to employees, Board members and third parties. Both documents are available on the company website in multiple languages.

References:

Public: Company website: Employees – Code of Conduct The Code of Conduct is available in 7 languages. http://www.thyssenkrupp.com/en/nachhaltigkeit/code_of_conduct.html

Company website: Supplier Code of Conduct The Supplier Code of Conduct is available in 6 languages. http://www.thyssenkrupp.com/en/konzern/supplier_coc.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A17(a):

Is the company’s anti-corruption policy easily understandable and clear to Board members, employees and third parties?

Score:

2

Comments:

Based on public information, there is evidence that the Code of Conduct and Supplier Code of Conduct are written in accessible, comprehensible language.

References:

Public: Code of Conduct (October 2013), p.3: ‘Compliance with the law Compliance with law, rules and regulations is for us an essential basic principle of responsible business conduct. We adhere to legal prohibitions and requirements at all times, even if this involves short-term business disadvantages or difficulties for the Company or individuals. Where national laws are more restrictive than the rules applying at ThyssenKrupp, the national laws take precedence.’

Supplier Code of Conduct (May 2013), p.3: ‘Prohibition of corruption and bribery At ThyssenKrupp, we expect our suppliers to have zero-tolerance for corruption and to ensure compliance with all United Nations (UN) and Organisation for Economic Co- operation and Development (OECD) conventions against corruption, and with all governing anti-corruption laws. In particular, our suppliers are expected to ensure that their employees, subcontractors and agents do not offer, promise or grant any advantages to any ThyssenKrupp employees or related parties with the goal of securing an order award or any other form of preferential treatment in their business transactions.’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A18:

Does the anti-corruption policy explicitly apply to all employees and members of the Board?

Score:

2

Comments:

Based on public information, there is evidence that the Code of Conduct applies to all employees and Board members.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG, p.59: ‘Following the decision of the Board of ThyssenKrupp AG from September 24, 2013, an official Code of Conduct has been effective at ThyssenKrupp since October 1, 2013.The Code of Conduct, which includes a foreword by the Board, applies to all employees, managers, and board members at ThyssenKrupp.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Code of Conduct (October 2013), p.2: ‘For the first time, the basic rules and principles governing our behavior now and in the future have been brought together in this Code of Conduct. It provides an orientation framework and applies equally to everyone – board members, managers, and each and every employee.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A20:

Does the company have a policy on potential conflicts of interest, and does it apply to both employees and board members?

Score:

1

Comments:

Based on public information, there is evidence that the company has a policy on potential conflicts of interest. However, it is minimal and does not provide extensive guidance. The company therefore scores 1. To score higher the company would need to provide evidence that a conflict of interest is clearly defined and that examples of potential conflicts of interest are provided for employees. TI notes that members of the Supervisory Board have a separate policy.

References:

Public: Code of Conduct (October 2013), p.3: ‘Concrete rules and regulations for individual situations and circumstances in the work environment are clearly formulated in the corresponding Group policies, directives and agreements. These policies, directives and agreements are unconditionally valid and binding for all employees of the ThyssenKrupp Group. Any employee who fails to comply with the Group policies, directives and agreements must expect corresponding consequences under internal rules and statutory requirements.’ ‘Avoiding conflicts of interest At ThyssenKrupp business decisions are made exclusively in the best interests of the Company. Any conflicts of interest with personal matters or other business or non-business activities, including those of relatives or other related parties should be avoided. Should such conflicts nevertheless occur, they must be resolved in accordance with the law and Group policies. Conflicts must be dealt with openly and transparently.’

Rules of Procedure for the Supervisory Board of ThyssenKrupp AG (May 2014), p.6: ‘(1) Each member of the Supervisory Board is obliged to protect the interests of the Company. In his decisions he shall not pursue personal interests or take personal advantage

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

of business opportunities to which the Company is entitled. (2) Each member of the Supervisory Board shall immediately disclose to the Supervisory Board any conflicts of interest, in particular those which may result from a consultant or directorship function with clients, suppliers, lenders or other third parties. The disclosure procedure shall be agreed with the Supervisory Board chairman. In its report to the Annual General Meeting, the Supervisory Board shall provide information on any conflicts of interest which have occurred and how they have been dealt with. (3) Any material and not merely temporary conflicts of interest in respect of the person of a Supervisory Board member shall result in the termination of his mandate, e.g. through resignation. A Supervisory Board member whose professional activity significantly changes compared with that at the time of his election shall discuss the possible termination of his mandate with the Supervisory Board chairman.’ http://www.thyssenkrupp.com/documents/investor/Rules_Procedure_Supervisory_Board.p df

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A21:

Does the company have a policy for the giving and receipt of gifts to ensure that such transactions are bona fide and not a subterfuge for bribery?

Score:

2

Comments:

Based on public information, there is evidence that the company has a policy that regulates the giving and receiving of gifts to ensure that such transactions are bona fide and not a subterfuge for bribery. The company instructs employees to only offer or accept gifts if appropriate, and completely prohibits cash gifts and all gifts exchanged before a deal is signed. Gifts to and from business partners are limited to approximately €50 and gifts to public officials must be low-value typical promotional gifts.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG, p.46: ‘With regard to the area of gifts and invitations, the "Merkblatt zum Umgang mit Einladungen, Geschenken und Rabatten zur privaten Nutzung" (Information Leaflet on the Handling of Invitations, Gifts and Discounts for Personal Use) includes criteria, checklists, and practical case studies covering correct behavior to reduce the risk of suspicious or corruptive donations. However, the attachment to this information leaflet specifies that invitations and gifts below specific guide values are always considered as permitted by ThyssenKrupp. Irrespective of the value of the specified guide value, we consider this statement in this general form to be unclear at the very least, when the attachment to the information leaflet itself states that if in doubt, a Compliance Officer should be involved and also that, if there is cause for the acceptance, that in specific countries or in dealings with office holders or customers, narrower threshold values are relevant. The statement that donations to office holders with a value of less than EUR 35 are always permitted should not be made so generally for Germany and other legal systems if a footnote in the information sheet itself states that specifications from authorities are often more stringent.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Compliance Requirements (June 2014), p.2: ‘It is inadmissible to offer, promise or grant advantages in order to gain preferential treatment. No personal advantages may be demanded or accepted from any business partner. It is inadmissible to offer, grant or promise advantages to public officials, employees of international organizations or employees or agents of private enterprises at home or abroad. ThyssenKrupp expects its employees: -neither to demand nor to accept personal advantages from the business partners; -to accept or extend invitations and gifts from/to business partner/s only if they are appropriate in terms of occasion and scope. Cash gifts are strictly prohibited. The following value limits should be observed: - Invitation to/from business partner/s: approx. €100 - Invitation to public officials: €35 - Gifts to/from business partner/s: approx. €50 - Gifts to public officials: low-value typical promotional gifts Even taking regional and cultural differences into consideration, the above defined value limits and limits of appropriateness must not be changed arbitrarily. A critical view should be taken of: -Cost payments by business partners for accommodation, travel and entertainment programs for spouses/partners. -Invitations/gifts in the period before a contract award/before signing of a deal even if they are not directly connected to work activity. To avoid impairing a business relationship or offending a business partner by turning down a gift/invitation, please refer to the ThyssenKrupp Compliance Program in critical situations. Gifts which cannot be rejected due to the particular circumstances should be made available to the company. Delegation trips/plant visits must not be used “just for fun”. When planning delegation trips/plant visits, the recommendations of the Guidance Notes “On dealing with invitations, gifts and discounts” should be observed. Particular caution is necessary with invitations to ThyssenKrupp events or for ThyssenKrupp employees when business obligations are not the main concern, e.g. when relatives are also invited, expenses (for travel, hotel etc.) are to be paid, adult entertainment is offered and/or there are indications that the invitation is being issued in return for a business advantage. Private use of corporate discounts is inadmissible if there is any risk of a conflict of interests.’ http://www.thyssenkrupp.com/documents/Compliance_Requirements.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A22:

Does the company’s anti-corruption policy include a statement on the giving and receipt of hospitality that ensures that such transactions are bona fide and not a subterfuge for bribery?

Score:

2

Comments:

Based on public information, there is evidence that the company has a policy that regulates the giving and receiving of hospitality to ensure that such transactions are bona fide and not a subterfuge for bribery. Employees are instructed to only offer or accept hospitality if it is appropriate and are completely prohibited from exchanging hospitality before a deal is signed. Invitations to and from business partners are limited to approximately €100 and invitations to public officials are limited to €35.

References:

Public: Code of Conduct (October 2013), p.3: ‘Avoiding conflicts of interest At ThyssenKrupp business decisions are made exclusively in the best interests of the Company. Any conflicts of interest with personal matters or other business or non-business activities, including those of relatives or other related parties should be avoided. Should such conflicts nevertheless occur, they must be resolved in accordance with the law and Group policies. Conflicts must be dealt with openly and transparently.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Report on the Voluntary Special Audit at ThyssenKrupp AG, p.46: ‘With regard to the area of gifts and invitations, the "Merkblatt zum Umgang mit Einladungen, Geschenken und Rabatten zur privaten Nutzung" (Information Leaflet on the Handling of Invitations, Gifts and Discounts for Personal Use) includes criteria, checklists, and practical case studies covering correct behavior to reduce the risk of suspicious or corruptive donations. However, the attachment to this information leaflet specifies that THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

invitations and gifts below specific guide values are always considered as permitted by ThyssenKrupp. Irrespective of the value of the specified guide value, we consider this statement in this general form to be unclear at the very least, when the attachment to the information leaflet itself states that if in doubt, a Compliance Officer should be involved and also that, if there is cause for the acceptance, that in specific countries or in dealings with office holders or customers, narrower threshold values are relevant. The statement that donations to office holders with a value of less than EUR 35 are always permitted should not be made so generally for Germany and other legal systems if a footnote in the information sheet itself states that specifications from authorities are often more stringent.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Compliance Requirements (June 2014), p.2: ‘It is inadmissible to offer, promise or grant advantages in order to gain preferential treatment. No personal advantages may be demanded or accepted from any business partner. It is inadmissible to offer, grant or promise advantages to public officials, employees of international organizations or employees or agents of private enterprises at home or abroad. ThyssenKrupp expects its employees: -neither to demand nor to accept personal advantages from the business partners; -to accept or extend invitations and gifts from/to business partner/s only if they are appropriate in terms of occasion and scope. Cash gifts are strictly prohibited. The following value limits should be observed: - Invitation to/from business partner/s: approx. €100 - Invitation to public officials: €35 - Gifts to/from business partner/s: approx. €50 - Gifts to public officials: low-value typical promotional gifts Even taking regional and cultural differences into consideration, the above defined value limits and limits of appropriateness must not be changed arbitrarily. A critical view should be taken of: -Cost payments by business partners for accommodation, travel and entertainment programs for spouses/partners. -Invitations/gifts in the period before a contract award/before signing of a deal even if they are not directly connected to work activity. To avoid impairing a business relationship or offending a business partner by turning down a gift/invitation, please refer to the ThyssenKrupp Compliance Program in critical situations. Gifts which cannot be rejected due to the particular circumstances should be made available to the company. Delegation trips/plant visits must not be used “just for fun”. When planning delegation trips/plant visits, the recommendations of the Guidance Notes “On dealing with invitations, gifts and discounts” should be observed. Particular caution is necessary with invitations to ThyssenKrupp events or for ThyssenKrupp employees when business obligations are not the main concern, e.g. when relatives are also invited, expenses (for travel, hotel etc.) are to be paid, adult entertainment is offered THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

and/or there are indications that the invitation is being issued in return for a business advantage. Private use of corporate discounts is inadmissible if there is any risk of a conflict of interests.’ http://www.thyssenkrupp.com/documents/Compliance_Requirements.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A23:

Does the company have a policy that explicitly prohibits facilitation payments?

Score:

1

Comments:

Based on public information, there is readily available evidence that the company has a policy that explicitly prohibits facilitation payments. However, the policy is limited in scope. The company therefore scores 1. To score higher the company would need to provide evidence of guidance on how the policy is to be implemented in practice.

References:

Public: Company website: Compliance ‘The compliance requirements which are stipulated in group-wide policies have been derived from applicable law and also serve to implement international standards. For example, they include rules regarding the conduct vis-à-vis competitors and business partners, regarding invitations and gifts and also the prohibition of so-called facilitation payments.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.45: ‘Specific rules apply for donations to holders of offices, for facilitation payments as well as for invitations and gifts. The latter can be omitted if only the impression of extraneous considerations may arise, even if the donation would be permitted by law. Some Business Area guidelines include supplementary rules, for example, the guidelines for delegation trips which only applies to the Business Area Elevator’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Compliance Requirements (June 2014), p.2: ‘It is inadmissible to offer, promise or grant advantages in order to gain preferential

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

treatment. No personal advantages may be demanded or accepted from any business partner. It is inadmissible to offer, grant or promise advantages to public officials, employees of international organizations or employees or agents of private enterprises at home or abroad.’ http://www.thyssenkrupp.com/documents/Compliance_Requirements.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A24:

Does the company prohibit political contributions, or regulate such contributions in order to prevent undue influence or other corrupt intent? Does the company record and publicly disclose all political contributions?

Score:

2

Comments:

Based on public information, there is evidence that the company prohibits political contributions in order to prevent corruption or other undue influence.

References:

Public: Code of Conduct (October 2013), p.4: ‘Donations We regard ourselves as an active corporate citizen and demonstrate our commitment in a variety of ways. Donations and other forms of corporate citizenship are carried out solely in the interests of the company. We make no financial contributions, in particular donations or sponsorships, to political parties in our home country or abroad, organizations related or similar to parties, individual office incumbents or candidates for political offices.’

(p.3): ‘Concrete rules and regulations for individual situations and cir-cumstances in the work environment are clearly formulated in the corresponding Group policies, directives and agreements. These policies, directives and agreements are unconditionally valid and binding for all employees of the ThyssenKrupp Group. Any employee who fails to comply with the Group policies, directives and agreements must expect corresponding consequences under internal rules and statutory requirements. On the basis of the above, this Code of Conduct summarizes the main principles and rules governing our actions as well as the standards we set ourselves in our dealings with business partners and stakeholders.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A25:

Does the company have a clear policy on engagement in lobbying activities, in order to prevent undue influence or other corrupt intent, and discloses the issues on which the company lobbies?

Score:

1

Comments:

Based on public information, there is some evidence that the company has a lobbying policy, in order to prevent undue influence or other corrupt intent. There is also evidence that the company discloses some of the issues on which it lobbies. However, the Code of Conduct provides insufficient information to understand the company’s lobbying policy. The company therefore scores 1. To score higher the company would need to provide evidence of the policy mechanisms and guidelines, such as employees requiring authorisation from individuals with legal expertise before they commence lobbying activities.

References:

Public: Code of Conduct (October 2013), p.4: ‘Political lobbying Our political lobbying is centralized, open and transparent. We comply with the legal requirements on lobbying and avoid at all costs unfairly influencing government policy and legislation. We have voluntarily joined the European Union Transparency Register and comply with the European Union Code of Conduct.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

EU website: Transparency Register ‘Main EU initiatives covered the year before by activities falling under the scope of the Transparency Register: Inhaltlich stehen wirtschaftliche und technische Themen im Vordergrund, insbesondere: Energie- und Klimapolitik (ETS, 2030 Ziele), Beihilferecht (Energie- und Umweltbeihilfeleitlinien u.a.), Ressourceneffizienz, Rohstoffpolitik, Finanzmarkt, THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Handelspolitik (Freihandelsabkommen, TTIP), Forschungprogramme (Horizon 2020), Nachhaltigkeit, European Corporate Governance,u.a.’

‘Estimated costs to the organisation directly related to representing interests to EU institutions in that year: 500000 € - 600000 €’ http://ec.europa.eu/transparencyregister/public/consultation/displaylobbyist.do?id=72164 7010823-15&isListLobbyistView=true&locale=en#en

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A25(a):

Does the company prohibit charitable contributions, or regulate such contributions in order to prevent undue influence or other corrupt intent?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company prohibits or regulates charitable contributions, in order to prevent undue influence or other corrupt intent. A Global Engagement Tool is planned for the financial year 2013/14 but there is a lack of information available concerning its specific application to charitable contributions. The company does not publically declare the recipients of charitable contributions.

References:

Public: Code of Conduct (October 2013), p.4: ‘Donations We regard ourselves as an active corporate citizen and demonstrate our commitment in a variety of ways. Donations and other forms of corporate citizenship are carried out solely in the interests of the company. We make no financial contributions, in particular donations or sponsorships, to political parties in our home country or abroad, organizations related or similar to parties, individual office incumbents or candidates for political offices.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.45: ‘Specific rules apply for donations to holders of offices, for facilitation payments as well as for invitations and gifts. The latter can be omitted if only the impression of extraneous considerations may arise, even if the donation would be permitted by law. Some Business Area guidelines include supplementary rules, for example, the guidelines for delegation trips which only applies to the Business Area Elevator.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

The subjects of the purchase of tickets, hiring VIP lounges, business seats etc. are regulated in the "Konzernrichtlinie über Gesellschaftliches Engagement, Mitgliedschaften und Ticketerwerb" (Group Guidelines on Social Engagement, Memberships and Purchase of Tickets). There is a detailed supplementary German-language form available for the release and documentation when purchasing tickets for sport or cultural events. In addition, a group-wide standardized IT-supported process (Global Engagement Tool (GET)) for the internal approval and documentation of donations/sponsoring, memberships as well as the acceptance of tickets is planned for the financial year 2013/14. The guidelines on corruption prevention require that the employees involve a Compliance Office if there is even the "slightest doubt" of the legitimacy of an operation. In specific cases, it is essential that approval is received from a superior and/or a consultation is held with the Compliance Officer before accepting or granting donations.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A26:

Does the company provide written guidance to help Board members and employees understand and implement the firm’s ethics and anti-corruption agenda?

Score:

1

Comments:

Based on public information, there is evidence that employees have access to written guidance that helps explain the company’s ethics and anti-corruption agenda. However, it is unclear in what format this guidance facilitates explanation. The company therefores scores 1. To score higher the company would need to provide evidence of guidance that contains examples in the form of scenarios or case studies.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.43: ‘However, the on-site training and E-Learning offerings on anti-corruption and on anti-trust legislation include extensive information on the corresponding guidelines and information leaflets’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

KPMG Audit Report (September 2011), Appendix 1/11: ‘At ThyssenKrupp AG, the main internal directives and prohibitions regarding anti- corruption and antitrust law are set out in Group policies. Selected segments/business areas have adopted their own supplementary policies on special topics...These policies are explained in greater depth in guidance notes. Policies, guidance notes, and other employee information documents (Frequently Asked Questions) are available on the intranet, distributed to the Group Companies by the Compliance Managers, and discussed at length within the context of training.’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Appendix, 1/12. http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

Compliance Requirements (June 2014) This document gives an overview of compliance policies e.g. gifts and hospitality thresholds http://www.thyssenkrupp.com/documents/Compliance_Requirements.pdf

Voluntary Special Audit, p.44: ‘2.3.5.2. Anti-Corruption Guidelines 2.3.5.2.1. Actual situation at the time of audit On July 20, 2012 the current valid group guidelines on the prevention of corruption were passed by the Board of the ThyssenKrupp AG. These group guidelines are clarified and supplemented by the following accompanying rules: • FAQ „Einladungen und Geschenke: Fragen und Antworten" (FAQ "Invitations and Gifts: Questions and Answers"); • Information leaflet "Zum Umgang mit Einladungen, Geschenken und Rabatten zur privaten Nutzung" (Handling of Invitations, Gifts and Discounts for Personal Use); • Information leaflet "Korruptionsstrafrecht und steuerliche Behandlung von Zuwendungen an Dritte im geschäftlichen Verkehr" (Criminal Law on Corruption and Fiscal Handling of Contributions to Third Parties in Business Transactions)’

(p.45): ‘The content of the anti-corruption group guidelines is imparted in the ELearning module on anti-corruption. The subject of anti-corruption is also covered in on-site compliance training.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A27:

Does the company have a training programme that explicitly covers anti- corruption?

Score:

2

Comments:

Based on public information, there is evidence that the company has a training programme on its ethics and compliance systems, which includes anti-corruption.

References:

Public: Company website: Compliance – Facts and Figures ‘Employees of the Group are informed about the applicable statutory provisions and internal policies in classroom courses and through an interactive E-learning Program available throughout the Group. In fiscal year 2012/13 more than 2400 employees of ThyssenKrupp participated in classroom trainings. The classroom trainings are supplemented by a group-wide interactive E-learning Program. Since the launch of the current edition of this E-Learning Program more than 42000 (antitrust) and more than 36000 (anticorruption) employees have participated.’ http://www.thyssenkrupp- architektenwettbewerb.de/en/konzern/compliance_facts_and_figures.html

Company website: Compliance – Compliance Organisation ‘With the Department Regions Compliance consultancy in risk regions will be strengthened by so-called Regional Compliance Officers. These Regional Compliance Officers are able to locally provide Compliance related advice and Compliance trainings to selected ThyssenKrupp companies being fully aware of the respective legislation and culture. In the Business Areas, specifically appointed Compliance Officers who directly report to the Chief Compliance Officer are responsible for giving Compliance advice and conducting trainings.’ http://www.thyssenkrupp- architektenwettbewerb.de/en/konzern/compliance_organisation.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Company website: Compliance ‘The worldwide training programs carried out by the compliance officers in which our employees learn about compliance requirements and risks especially in the areas of anti- corruption and antitrust law as well as possible sanctions are the central component of the "inform" pillar of our compliance program. In August 2012, the third cycle of the e-learning program was initiated. Also, in September 2013 a global e-learning program for compliance managers was launched, aimed at informing them about their role in implementing the compliance program in the operating units. In addition, we carry out regular webinars on current issues and keep employees informed with internal newsletters.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Voluntary Special Audit, p. 32: ‘2.3.3. E-Learning 2.3.3.1. E-Learning Program 2.3.3.1.1. Actual situation at the time of audit At ThyssenKrupp there is a group-wide Compliance E-Learning Program that covers the areas of anti-corruption and anti-trust legislation and which is currently available in nine languages. To supplement the E-Learning, there is also on-site training for both areas.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A28:

Is anti-corruption training provided in all countries where the company operates or has company sites?

Score:

2

Comments:

Based on public information, there is evidence that the company provides anti-corruption training in all countries where it operates or has sites. The group-wide compliance e- learning programme covers anti-corruption and is available in nine different languages.

References:

Public: Company website: Compliance – Facts and Figures ‘Employees of the Group are informed about the applicable statutory provisions and internal policies in classroom courses and through an interactive E-learning Program available throughout the Group. In fiscal year 2012/13 more than 2400 employees of ThyssenKrupp participated in classroom trainings. The classroom trainings are supplemented by a group-wide interactive E-learning Program. Since the launch of the current edition of this E-Learning Program more than 42000 (antitrust) and more than 36000 (anticorruption) employees have participated.’ http://www.thyssenkrupp- architektenwettbewerb.de/en/konzern/compliance_facts_and_figures.html

Company website: Compliance ‘The worldwide training programs carried out by the compliance officers in which our employees learn about compliance requirements and risks especially in the areas of anti- corruption and antitrust law as well as possible sanctions are the central component of the "inform" pillar of our compliance program. In August 2012, the third cycle of the e-learning program was initiated. Also, in September 2013 a global e-learning program for compliance managers was launched, aimed at informing them about their role in implementing the compliance program in the operating units. In addition, we carry out regular webinars on current issues and keep employees informed with internal newsletters.’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

http://www.thyssenkrupp.com/en/konzern/compliance.html

Report on the Voluntary Special Audit at ThyseenKrupp AG (November 2013), p.32: ‘2.3.3. E-Learning 2.3.3.1. E-Learning Program 2.3.3.1.1. Actual situation at the time of audit At ThyssenKrupp there is a group-wide Compliance E-Learning Program that covers the areas of anti-corruption and anti-trust legislation and which is currently available in nine languages. To supplement the E-Learning, there is also on-site training for both areas.’

(p.43): ‘The on-site training and E-Learning offerings on anti-corruption and on anti-trust legislation include extensive information on the corresponding guidelines and information leaflets’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Company website: Combined management report – Compliance ‘We are continuing to intensify our compliance efforts after the ending of the amnesty program. A key aspect of this are the training programs carried out by the compliance officers, in which our employees learn about compliance requirements and risks as well as possible sanctions. This training is the central component of the “Inform” pillar of our compliance program. In the reporting year more than 2,400 employees worldwide took part in extensive face-to-face training on cartel law and corruption prevention. In particular with the new regional compliance officers and the compliance departments in the business areas, we will significantly increase these local training activities in the coming year. In the third cycle of the e-learning program initiated in August 2012, 41,883 employees (anticorruption) and 36,089 employees (antitrust) had successfully completed the training courses as of the end of the reporting period. That means that based on a cut-off point of eight weeks after registration, the program has currently been completed by 98.5% of those registered. Our subsidiaries in the USA and Canada have their own programs. Also, in September 2013 a global e-learning program for compliance managers was launched, aimed at informing them about their role in implementing the compliance program in the operating units. In addition, we carry out regular webinars on current issues and keep employees informed with internal newsletters.’ http://www.thyssenkrupp.com/financial-reports/12_13/en/report/compliance.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A29:

Does the company provide targeted anti-corruption training to members of the Board?

Score:

1

Comments:

Based on public information, there is evidence that Board members take part in classroom training, which includes anti-corruption and antitrust matters. The company therefore scores 1. To score higher the company would need to provide evidence that this training occurs at least every 3 years.

References:

Public: KPMG Audit Report (September 2011), Appendix 1/4: ‘Members of the Board and numerous executives at all levels of the Group regularly address the topic of Compliance on the basis of our Compliance Commitment at management forums and Compliance trainings’

(Appendix 1/13): ‘E-learning: All employees deployed in certain functions (such as sales staff, procurement, marketing) are required to participate in an e-learning program. In order to correctly identify participants, a catalog of mandatory participants for the training modules on antitrust law and anti-corruption have been drawn up by CC-LC and distributed to the Compliance Managers.’ ‘Attendance training: As the second component of the training concept, the Compliance Officers hold classroom courses at Group Companies across the world, and may enlist the support of local attorneys where necessary for legal or linguistic reasons. The training requirements are requested annually from the Compliance Executives and/or Compliance Managers. A training plan is then prepared with due regard for risk profile. Following a correspondent request by the Compliance Officer, the respective Compliance Manager draws up a list of participants for classroom trainings on antitrust law and anticorruption. Unless the Compliance Officers specify particular selection criteria, the Compliance Manager will generally list Board members/managing directors, senior executives, sales and

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

purchasing staff, plus any other employees who come into contact with corruption or antitrust matters, as classroom training candidates.

(Appendix 1/14): ‘On this basis, in the financial year 2010/11, some 3,556 employees received training in antitrust law and anti-corruption.’ http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A30:

Does the company provide tailored ethics and anti-corruption training for employees in sensitive positions?

Score:

2

Comments:

Based on public information, there is readily available evidence that the company provides supplementary ethics and anti-corruption training for employees facing different levels of risk. Employees selected for additional training may include sales and purchasing staff or senior executives.

References:

Public: Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013), p.34: ‘With regard to the employees, additional differentiated, target-group-secific training is held as a non-site training offering. For the financial year 2013/2014, approximately 5,300 employees are included in the training plan to attend on-site training in the areas of anti- corruption and anti-trust legislation. We were told that the participation and non- participation of employees invited to the on-site training will be statistically recorded and evaluated retroactively to October 1, 2013.’ http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BDO_on_the_Volu ntary_Special_Audit.pdf

Company website: Compliance – Facts and Figures ‘Employees of the Group are informed about the applicable statutory provisions and internal policies in the areas of anti-corruption and antitrust in worldwide classroom courses and through an interactive E-learning Program available throughout the Group. In the fiscal year 2012/13 more than 2400 employees of ThyssenKrupp participated in classroom trainings. The classroom trainings are supplemented by a group-wide interactive E-learning Program. The participants are selected by means of a catalogue based on specific risk criteria which encompasses especially employees in sensitive positions. Since the launch of the current edition of this E-Learning Program more than 42000 (antitrust) and more than 36000 (anticorruption) employees have participated.’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

http://www.thyssenkrupp.com/en/konzern/compliance_facts_and_figures.html

KPMG Audit Report (September 2011), Appendix 1/13: ‘E-learning: All employees deployed in certain functions (such as sales staff, procurement, marketing) are required to participate in an e-learning program. In order to correctly identify participants, a catalog of mandatory participants for the training modules on antitrust law and anti-corruption have been drawn up by CC-LC and distributed to the Compliance Managers.’ ‘Attendance training: As the second component of the training concept, the Compliance Officers hold classroom courses at Group Companies across the world, and may enlist the support of local attorneys where necessary for legal or linguistic reasons. The training requirements are requested annually from the Compliance Executives and/or Compliance Managers. A training plan is then prepared with due regard for risk profile. Following a correspondent request by the Compliance Officer, the respective Compliance Manager draws up a list of participants for classroom trainings on antitrust law and anticorruption. Unless the Compliance Officers specify particular selection criteria, the Compliance Manager will generally list Board members/managing directors, senior executives, sales and purchasing staff, plus any other employees who come into contact with corruption or antitrust matters, as classroom training candidates.’

(Appendix 1/14): ‘On this basis, in the financial year 2010/11, some 3,556 employees received training in antitrust law and anti-corruption.’ http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A31:

Does the company have a clear and formal process by which employees declare conflicts of interest?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company has a clear and formal process for employees to declare conflicts of interest. To score on this question the company would need to provide evidence that employees declare conflicts of interest in writing to a manager or to an independent department.

References:

Public: Company website: Employees – Code of Conduct 'The main principles and rules governing our actions as well as the standards we set ourselves in our dealings with business partners and stakeholders are summarized in the ThyssenKrupp Code of Conduct. For employees, management as well as the board it gives a framework guidance for the following issues: -Compliance with the law -Avoiding conflicts of interest’ http://www.thyssenkrupp.com/en/nachhaltigkeit/code_of_conduct.html

Code of Conduct (October 2013), p.3: ‘Avoiding conflicts of interest At ThyssenKrupp business decisions are made exclusively in the best interests of the Company. Any conflicts of interest with personal matters or other business or non-business activities, including those of relatives or other related parties should be avoided. Should such conflicts nevertheless occur, they must be resolved in accordance with the law and Group policies. Conflicts must be dealt with openly and transparently.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Compliance Requirements (June 2014), p.2: ‘Private use of corporate discounts is inadmissible if there is any risk of a conflict of interests’ http://www.thyssenkrupp.com/documents/Compliance_Requirements.pdf

For the ThyssenKrupp Supervisory Board specific rules and procedures apply: Rules of the ThyssenKrupp Supervisory Board ‘§ 8 Conflicts of interest (1) Each member of the Supervisory Board is obliged to protect the interests of the Company. In his decisions he shall not pursue personal interests or take personal advantage of business opportunities to which the Company is entitled. (2) Each member of the Supervisory Board shall immediately disclose to the Supervisory Board any conflicts of interest, in particular those which may result from a consultant or directorship function with clients, suppliers, lenders or other third parties. The disclosure procedure shall be agreed with the Supervisory Board chairman. In its report to the Annual General Meeting, the Supervisory Board shall provide information on any conflicts of interest which have occurred and how they have been dealt with. (3) Any material and not merely temporary conflicts of interest in respect of the person of a Supervisory Board member shall result in the termination of his mandate, e.g. through resignation. A Supervisory Board member whose professional activity significantly changes compared with that at the time of his election shall discuss the possible termination of his mandate with the Supervisory Board chairman.’ http://www.thyssenkrupp.com/documents/investor/Rules_Procedure_Supervisory_Board.p df

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A32:

Is the company explicit in its commitment to apply disciplinary procedures to employees, Directors and Board members found to have engaged in corrupt activities?

Score:

2

Comments:

Based on public information, there is evidence that the company clearly states that it will apply disciplinary procedures to employees and Board members found to have violated the company’s policies, directives and agreements.

References:

Public: Code of Conduct (October 2013), p.2: ‘For the first time, the basic rules and principles governing our behavior now and in the future have been brought together in this Code of Conduct. It provides an orientation framework and applies equally to everyone – board members, managers, and each and every employee.’

(p.3):‘Concrete rules and regulations for individual situations and circumstances in the work environment are clearly formulated in the corresponding Group policies, directives and agreements. These policies, directives and agreements are unconditionally valid and binding for all employees of the ThyssenKrupp Group. Any employee who fails to comply with the Group policies, directives and agreements must expect corresponding consequences under internal rules and statutory requirements.’ ‘With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

en.pdf

Company website: Compliance – Compliance Commitment ‘With its compliance program, ThyssenKrupp has taken wide-ranging measures to ensure compliance with corruption and antitrust regulations and the Group Policies based thereon. Infringements will not be tolerated and will result in sanctions against the persons concerned. All Executive board members and managing directors, all senior executives and other employees must be aware of the extraordinary risks which corruption and antitrust violations can signify for ThyssenKrupp as well as for them personally. All employees are requested to cooperate actively in their areas of responsibility in implementing the ThyssenKrupp compliance program.’ http://www.thyssenkrupp.com/en/konzern/commitment.html

KPMG Audit Report (September 2011), Appendix 1/4: ‘At ThyssenKrupp, the basic principle is that all Compliance breaches will be penalised on a case-by-case basis depending on the nature and severity of the violation, the degree of culpability, and whether the individual concerned cooperates or makes false statements/cover-up attempts.’ http://www.thyssenkrupp.com/documents/investor/TK-PS-980-Short-version-30-09- 2011.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A33:

Does the company have multiple, well-publicised channels that are easily accessible and secure, to guarantee confidentiality or anonymity where requested by the employee (e.g. web, phone, in person), to report concerns or instances of suspected corrupt activity?

Score:

2

Comments:

Based on public information, there is evidence that the company has multiple, wel- publicised channels that are accessible and confidential, to report instances of suspected corrupt activity. Both the company whistleblowing system and the Ombudsman allow anonoymous reporting, with the latter also being independent from the company.

References:

Public: Code of Conduct (October 2013), p.5: ‘6. Implementation and contacts ThyssenKrupp AG and the Group companies shall actively promote communication of the Group policies and agreements on which the Code of Conduct is based. The individual companies shall ensure that they are implemented and that no employee is disadvantaged by complying with the policies/agreements. In their special capacity as role models, our managers have a particular responsibility to ensure that their actions measure up to the Code of Conduct. They are the first point of contact for questions on understanding the rules and must ensure that all employees know and understand the Code of Conduct. As part of their management duties they shall prevent unacceptable conduct and take suitable measures to avoid infringements of rules in their area of responsibility. Good and trusting relations between employees and managers are reflected in honest and open communication and mutual support. For further questions relating to the Code of Conduct all employees as well as third parties (customers, suppliers, etc.) can also contact our central e-mail address [email protected]. Information about possible infringements of the law or Group policies regarding corruption or anti-competitive behavior and relating to personnel THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

and companies of the ThyssenKrupp Group can also be reported via the ThyssenKrupp whistleblower system. The contact details are provided on the ThyssenKrupp website. All information will be treated in strict confidence.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance – Whistleblower System ‘The ThyssenKrupp Whistleblowing System enables you to report possible violations of antitrust and anti-corruption laws or company policies in relation to companies of the ThyssenKrupp Group – anonymously if desired. This system for reporting information is open to all ThyssenKrupp employees as well as third parties such as customers, suppliers, etc. Information can be reported at any time and in 34 languages worldwide via an electronic Whistleblowing System on the internet and via a Telephone Hotline. Toll-free numbers for telephone reports have been set up in more than 60 countries. All reports received are reviewed and handled by ThyssenKrupp AG Compliance Officers. It is possible to set up a secure postbox – anonymously if desired – to enable communication between Compliance Officers and whistleblowers. ThyssenKrupp safeguards the interests of the whistleblower not only through this secure Whistleblowing System, but also by providing assurances that all information received by Corporate Compliance at ThyssenKrupp AG will be treated in confidence, and that all means at our disposal will be used to protect whistleblowers acting in good faith from any disadvantages as a result of their disclosures. During its investigations, ThyssenKrupp will also strive to protect the legitimate interests of other persons affected by a disclosure. Casting suspicion on another person can have serious consequences for that person. It is essential that the Whistleblowing System is used responsibly. Employees who feel the need for a more personal and confidential discussion prior to and when providing information can also contact the ThyssenKrupp AG ombudsmann. For employees of the ThyssenKrupp Group reports submitted via this system and the ombudsman are one way of providing us with information about possible compliance violations. However, in the spirit of a corporate culture based on openness, we encourage all employees to first turn to contacts within the company, e.g. their line managers or the Legal and Compliance Departments. For legal reasons, information concerning the USA and Canada must be reported via the ThyssenKrupp North America report submission system. Electronic Whistleblowing System To submit an electronic, internet-based report, please click here. Telephone Hotline To submit a report by telephone, the following toll-free numbers are available 24 hours a day. A number in Germany (subject to charges) has also been set up for countries not included in the list or in the event that your telecommunications provider does not permit calls to toll- free numbers: +49 (0) 30-120 909 28.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Country Hotline

Argentina 00800 22233344 Australia 0011800 22233344 Austria 00800 22233344 Belgium 00800 22233344 Brazil 0021800 22233344 Bulgaria 00800 22233344 Chile 1230020 1262 00800 22233344 Croatia 00800 22233344 Czech Republic 00800 22233344 Denmark 00800 22233344 Ecuador 1800 000228 Egypt 0800 0000793 Finland 00800 22233344 France 00800 22233344 Germany 00800 22233344 Greece 00800 22233344 Hongkong 001800 22233344 Hungary 00800 22233344 India 000800-0410001 Indonesia 0078 034112015 Ireland 00800 22233344 Israel 014800 22233344 Italy 00800 22233344 Japan 010800 22233344 Kazakhstan 8800 22233344 Liechtenstein 00800 22233344 Lithuania 00800 22233344 Luxembourg 00800 22233344 Malaysia 00800 22233344 Mexico 01800 1231867 Netherlands 00800 22233344 New Zealand 00800 22233344 Norway 00800-22233344 Panama 00800 0540598 Peru 51 1 7085632 Poland 00800 22233344 Portugal 00800-22233344 THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Romania 00800 22233344 Russia 810800 22233344 Serbia 0800-190 377 Singapore 001800 22233344 Slovakia 00800 22233344 South Korea 001800 22233344 Spain 00800 22233344 Sweden 00800 22233344 00800 22233344 Taiwan 00800 22233344 Turkey 0090 2129880251 Ukraine 0800-501764 United Kingdom 00800 22233344 Uruguay 00800 22233344 Venezuela 0800-1005688 Vietnam 1800-4840’ http://www.thyssenkrupp.com/en/konzern/whistleblower_system.html

Company website: Compliance - Ombudsman ‘Dr. Dietrich Max, a lawyer and long-standing partner in the Düsseldorf office of the law firm Taylor Wessing, has taken on the role of compliance ombudsman for ThyssenKrupp effective April 15, 2013. The ombudsman is available to employees wishing to contact the company in connection with possible corruption or antitrust violations as a further channel in addition to the whistleblower system. Dr. Max represents the interests of ThyssenKrupp, but is also authorized, on request, to pass on information without naming the informant. The appointment of Dr. Max as ombudsman is intended in particular for employees and managers who feel the need for a more personal and confidential discussion prior to and when providing information.’ ‘Lawyer Dr. Dietrich Max, Düsseldorf, ombudsman for ThyssenKrupp AG Phone: +49 211 8387129 (also by e-mail via [email protected])’ http://www.thyssenkrupp.com/en/konzern/ombudsmann.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A33(a):

Are the whistleblowing channels available to all employees in all geographies?

Score:

2

Comments:

Based on public information, there is evidence that all employees in all geographies have access to the Ombudsman and the company whistleblowing system.

References:

Public: Company website: Compliance - Ombudsman ‘Dr. Dietrich Max, a lawyer and long-standing partner in the Düsseldorf office of the law firm Taylor Wessing, has taken on the role of compliance ombudsman for ThyssenKrupp effective April 15, 2013. The ombudsman is available to employees wishing to contact the company in connection with possible corruption or antitrust violations as a further channel in addition to the whistleblower system. Dr. Max represents the interests of ThyssenKrupp, but is also authorized, on request, to pass on information without naming the informant. The appointment of Dr. Max as ombudsman is intended in particular for employees and managers who feel the need for a more personal and confidential discussion prior to and when providing information.’ ‘Lawyer Dr. Dietrich Max, Düsseldorf, ombudsman for ThyssenKrupp AG Phone: +49 211 8387129 (also by e-mail via [email protected])’ http://www.thyssenkrupp.com/en/konzern/ombudsmann.html

Company website: Compliance – Whistleblower System ‘The ThyssenKrupp Whistleblowing System enables you to report possible violations of antitrust and anti-corruption laws or company policies in relation to companies of the ThyssenKrupp Group – anonymously if desired. This system for reporting information is open to all ThyssenKrupp employees as well as third parties such as customers, suppliers, etc. Information can be reported at any time and in 34 languages worldwide via an electronic Whistleblowing System on the internet and via a THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Telephone Hotline. Toll-free numbers for telephone reports have been set up in more than 60 countries. All reports received are reviewed and handled by ThyssenKrupp AG Compliance Officers. It is possible to set up a secure postbox – anonymously if desired – to enable communication between Compliance Officers and whistleblowers. ThyssenKrupp safeguards the interests of the whistleblower not only through this secure Whistleblowing System, but also by providing assurances that all information received by Corporate Compliance at ThyssenKrupp AG will be treated in confidence, and that all means at our disposal will be used to protect whistleblowers acting in good faith from any disadvantages as a result of their disclosures. During its investigations, ThyssenKrupp will also strive to protect the legitimate interests of other persons affected by a disclosure. Casting suspicion on another person can have serious consequences for that person. It is essential that the Whistleblowing System is used responsibly. Employees who feel the need for a more personal and confidential discussion prior to and when providing information can also contact the ThyssenKrupp AG ombudsmann. For employees of the ThyssenKrupp Group reports submitted via this system and the ombudsman are one way of providing us with information about possible compliance violations. However, in the spirit of a corporate culture based on openness, we encourage all employees to first turn to contacts within the company, e.g. their line managers or the Legal and Compliance Departments. For legal reasons, information concerning the USA and Canada must be reported via the ThyssenKrupp North America report submission system. Electronic Whistleblowing System To submit an electronic, internet-based report, please click here. Telephone Hotline To submit a report by telephone, the following toll-free numbers are available 24 hours a day. A number in Germany (subject to charges) has also been set up for countries not included in the list or in the event that your telecommunications provider does not permit calls to toll- free numbers: +49 (0) 30-120 909 28. Country Hotline Argentina 00800 22233344 Australia 0011800 22233344 Austria 00800 22233344 Belgium 00800 22233344 Brazil 0021800 22233344 Bulgaria 00800 22233344 Chile 1230020 1262 China 00800 22233344 Croatia 00800 22233344 Czech Republic 00800 22233344 Denmark 00800 22233344

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Ecuador 1800 000228 Egypt 0800 0000793 Finland 00800 22233344 France 00800 22233344 Germany 00800 22233344 Greece 00800 22233344 Hongkong 001800 22233344 Hungary 00800 22233344 India 000800-0410001 Indonesia 0078 034112015 Ireland 00800 22233344 Israel 014800 22233344 Italy 00800 22233344 Japan 010800 22233344 Kazakhstan 8800 22233344 Liechtenstein 00800 22233344 Lithuania 00800 22233344 Luxembourg 00800 22233344 Malaysia 00800 22233344 Mexico 01800 1231867 Netherlands 00800 22233344 New Zealand 00800 22233344 Norway 00800-22233344 Panama 00800 0540598 Peru 51 1 7085632 Poland 00800 22233344 Portugal 00800-22233344 Romania 00800 22233344 Russia 810800 22233344 Serbia 0800-190 377 Singapore 001800 22233344 Slovakia 00800 22233344 South Korea 001800 22233344 Spain 00800 22233344 Sweden 00800 22233344 Switzerland 00800 22233344 Taiwan 00800 22233344 Turkey 0090 2129880251 Ukraine 0800-501764 United Kingdom 00800 22233344 THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Uruguay 00800 22233344 Venezuela 0800-1005688 Vietnam 1800-4840’

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A33(b):

Does the company have formal and comprehensive mechanisms to assure itself that whistleblowing by employees is not deterred, and that whistleblowers are treated supportively?

Score:

0

Comments:

Based on public information, there is no readily available evidence that the company has formal and comprehensive mechanisms, to assure itself that whistleblowing is not deterred and that whistleblowers are treated supportively.

References:

Public: TI notes: Company website: Compliance – Whistleblower System ‘ThyssenKrupp safeguards the interests of the whistleblower not only through this secure Whistleblowing System, but also by providing assurances that all information received by the Corporate Function Compliance at ThyssenKrupp AG will be treated in confidence, and that all means at our disposal will be used to protect whistleblowers acting in good faith from any disadvantages as a result of their disclosures. ThyssenKrupp will apply appropriate measures against employees who violate this commitment. During its investigations, ThyssenKrupp will also strive to protect the legitimate interests of other persons affected by a disclosure. Casting suspicion on another person can have serious consequences for that person. It is essential that the Whistleblowing System is used responsibly.’ http://www.thyssenkrupp.com/en/konzern/whistleblower_system.html

BKMS website: ThyssenKrupp ‘All information received is handled by a Compliance Officer of ThyssenKrupp AG in the strictest confidence. ThyssenKrupp ensures that no employee is disadvantaged in any way as a result of information disclosed in good faith.’ https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=20TYK11&language=eng THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Code of Conduct (October 2013), p.5: ‘ThyssenKrupp AG and the Group companies shall actively promote communication of the Group policies and agreements on which the Code of Conduct is based. The individual companies shall ensure that they are implemented and that no employee is disadvantaged by complying with the policies/agreements.’ ‘Information about possible infringements of the law or Group policies regarding corruption or anti-competitive behavior and relating to personnel and companies of the ThyssenKrupp Group can also be reported via the ThyssenKrupp whistleblower system. The contact details are provided on the ThyssenKrupp website.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A34:

Does the company have well-publicised resources available to all employees where help and advice can be sought on corruption-related issues?

Score:

2

Comments:

Based on public information, there is readily available evidence that the company has well- publicised resources available to all employees where help and advice can be sought on corruption-related issues. These resources include a range of compliance officers and compliance managers.

References:

Public: Code of Conduct (October 2013), p.5: ‘6. Implementation and contacts ThyssenKrupp AG and the Group companies shall actively promote communication of the Group policies and agreements on which the Code of Conduct is based. The individual companies shall ensure that they are implemented and that no employee is disadvantaged by complying with the policies/agreements. In their special capacity as role models, our managers have a particular responsibility to ensure that their actions measure up to the Code of Conduct. They are the first point of contact for questions on understanding the rules and must ensure that all employees know and understand the Code of Conduct. As part of their management duties they shall prevent unacceptable conduct and take suitable measures to avoid infringements of rules in their area of responsibility. Good and trusting relations between employees and managers are reflected in honest and open communication and mutual support. For further questions relating to the Code of Conduct all employees as well as third parties (customers, suppliers, etc.) can also contact our central e-mail address [email protected]. Information about possible infringements of the law or Group policies regarding corruption or anti-competitive behavior and relating to personnel and companies of the ThyssenKrupp Group can also be reported via the ThyssenKrupp whistleblower system. The contact details are provided on the ThyssenKrupp website.

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

All information will be treated in strict confidence.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance - Ombudsman ‘Dr. Dietrich Max, a lawyer and long-standing partner in the Düsseldorf office of the law firm Taylor Wessing, has taken on the role of compliance ombudsman for ThyssenKrupp effective April 15, 2013. The ombudsman is available to employees wishing to contact the company in connection with possible corruption or antitrust violations as a further channel in addition to the whistleblower system. Dr. Max represents the interests of ThyssenKrupp, but is also authorized, on request, to pass on information without naming the informant. The appointment of Dr. Max as ombudsman is intended in particular for employees and managers who feel the need for a more personal and confidential discussion prior to and when providing information.’ http://www.thyssenkrupp.com/en/konzern/ombudsmann.html

Company website: Compliance ‘We also provide compliance advice on key business transactions, e.g. in connection with major projects or on the engagement of intermediaries. For this the employees can contact their compliance officers in the business areas, regions and at Corporate or call our central hotline. The compliance officers advise the operating units on integrating compliance into their business processes.’ http://www.thyssenkrupp.com/en/konzern/compliance.html

Company website: Compliance – Compliance Organisation ‘With the Department Regions Compliance consultancy in risk regions will be strengthened by so-called Regional Compliance Officers. These Regional Compliance Officers are able to locally provide Compliance related advice and Compliance trainings to selected ThyssenKrupp companies being fully aware of the respective legislation and culture. In the Business Areas, specifically appointed Compliance Officers who directly report to the Chief Compliance Officer are responsible for giving Compliance advice and conducting trainings. At the Group companies, compliance managers – selected from among the executives – are responsible for implementing the compliance policies within their companies.’ http://www.thyssenkrupp.com/en/konzern/compliance_organisation.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

A35:

Is there a commitment to non-retaliation for bona fide reporting of corruption?

Score:

2

Comments:

Based on public information, there is evidence that the company has a commitment to non- retaliation for bona fide reporting of corruption. Evidence suggests that disciplinary measures are applied to employees who breach this policy.

References:

Public: Code of Conduct, (October 2013) p.5: ‘ThyssenKrupp AG and the Group companies shall actively promote communication of the Group policies and agreements on which the Code of Conduct is based. The individual companies shall ensure that they are implemented and that no employee is disadvantaged by complying with the policies/agreements.’ http://www.thyssenkrupp.com/documents/engagement/ThyssenKrupp_Code_of_Conduct_ en.pdf

Company website: Compliance – Whistleblower System ‘ThyssenKrupp safeguards the interests of the whistleblower not only through this secure Whistleblowing System, but also by providing assurances that all information received by the Corporate Function Compliance at ThyssenKrupp AG will be treated in confidence, and that all means at our disposal will be used to protect whistleblowers acting in good faith from any disadvantages as a result of their disclosures. ThyssenKrupp will apply appropriate measures against employees who violate this commitment.’ http://www.thyssenkrupp.com/en/konzern/whistleblower_system.html

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM

Information Sources:

Company website: www.thyssenkrupp.com

Code of Conduct: http://www.thyssenkrupp.com/en/nachhaltigkeit/code_of_conduct.html

Our Group Mission Statement: http://www.thyssenkrupp.com/documents/engagement/Group_Mission_St atement_English.pdf

Supplier Code of Conduct: http://www.thyssenkrupp.com/en/konzern/supplier_coc.html

Report on the Voluntary Special Audit at ThyssenKrupp AG (November 2013): http://www.thyssenkrupp.com/documents/hv_2014_01_17_en/Report_BD O_on_the_Voluntary_Special_Audit.pdf

THYSSENKRUPP AG 04/09/14 HTTP://WWW.THYSSENKRUPP.COM