UPM Annual Report 2023

First page Table of contents Previous page 76-77 Next page Last page

RESPONSIBILITY

UPM

BEYOND FOSSILS

BUSINESSES

GOVERNANCE

ACCOUNTS FOR 2023

The reviews to be performed each year are agreed with the businesses during the annual risk assessment process and coordinated with the Internal Audit. The most important compliance review findings and recommen dations are reported to the Audit Committee of the Board of Directors and businesses. These recommendations are then carried out in collaboration with said businesses. The integrity of our people provides a solid foundation for our continued success and growth. In 2023, the compliance team conducted compliance reviews in five local units or operations in the Americas, the Asia-Pacific region and Europe. Another example of our compliance team’s monitoring activity is the counterparty screening procedures shown in the illustration on the right. Voicing concerns It is an important part of our culture of integrity that employees feel comfortable voicing any concerns they have and that they can trust UPM to take the appropriate action. If we see or suspect any misconduct or unethical behaviour, we must speak up and report it. We do not tolerate retalia tion against any person who, in good faith, reports suspected misconduct or assists with an investigation to resolve suspected misconduct. In 2023, we published our third internal Integrity Report, the purpose of which is to communicate to our employees examples of cases of misconduct and how they have been handled within the company. We also further developed our internal procedures for handling misconduct reports. The table on the left summarises the number of cases recorded in our miscon duct case management system in 2023 and provides examples of cases handled. 21 (8) cases led to disciplinary action, including warnings and terminations of employment. Investigations into misconduct include a root cause analysis that aims to identify whether compliance programme improve ments are necessary.

country risk and complexity and the extent of our operations in each country. Our compliance team has a three year monitoring plan for its unit-specific compliance reviews that are based on this

matrix. On top of these general reviews covering all business integrity topics, we conduct risk-based reviews around specific topics such as competition law or anti corruption.

COMPLIANCE MONITORING

Monitoring We aim to ensure compliance at all levels of the organisation through monitoring. Our monitoring activities are based on a Group company risk matrix that considers the

REGULAR DISCUSSIONS WITH MANAGEMENT , monitoring significant projects, training rate monitoring, implementation of risk mitigation plan

REGULAR COMPLIANCE REVIEWS based on group

UPM BUSINESS AREAS AND OTHER OPERATIONS

HOW WE BUILD A CULTURE OF INTEGRITY

company risk matrix

Mindset Tone from the top Lead by example Ethical behaviour Strong speak-up culture Building organisational justice Practices Upholding the Code of Conduct and Group policies Training and communication Proactive advice

REGULAR DISCUSSIONS WITH EMPLOYEES , third-party due diligence and risk monitoring, reports through UPM Report Misconduct channel, EES and other employee surveys

PROMOTING A CULTURE OF INTEGRITY

We create a future beyond fossils

"Guiding our business through uncertainty...

COUNTERPARTY SCREENING PROCEDURES

UPM PURPOSE

FOSTERING ETHICAL DECISIONS

PURPOSE OF UPM COMPLIANCE

•Business partner screening against public sources •Business integrity (trade sanctions, anti-corruption, anti-money laundering, competition law, fraud)

UPM VALUES

•Human rights • Environment •Supply chain risk assessments

...towards world-leading integrity"

Trust and be trusted Achieve together Renew with courage

Aiming higher Risk identification Risk mitigation and follow-up Remediating and reacting to misconduct

MANAGING COMPLIANCE RISKS

Low risks

UPM business partner portfolio

Mitigating identified risks

Avoiding high risks

PREVENT •Supplier qualification •Supplier and Third-Party Code •Specific requirements •Enhanced due diligence on selected business partners •Onboarding and contracting process

MONITOR •Supplier audits and corrective action plans •Supplier assessments

REACT •Incident analysis and investigation •Blocking procedure •Contract termination

Employees tried to conceal the nature of hospi tality provided to customers in violation of UPM policies. Written warnings.

ALLEGED MISCONDUCT CASES UPM Code of Conduct section Our commitment on integrity Our people and operations Respect people and human rights

2023

2022

9

5

Employee had a side job which affected their performance at UPM. According to UPM Code of Conduct employees must not engage in activities that could have a negative impact on the job performance by demanding too much time or conflicting with work at UPM. Performance discussion and reprimand.

40

25

Taking care of the environmental impact and product safety

3

4

COMPLIANCE TRAINING FOR SPECIFIC TARGET GROUPS IN 2023

COMPLETION RATES AS OF 3 JANUARY 2024

SIZE OF TARGET GROUP

Business integrity Zero-tolerance for corruption and bribery

98% 99% 98% 96% 99% 97%

15,600 6,800 6,800 6,800 3,000

Code of Conduct e-learning

4 3 1

2 4 0 8

Personal data protection e-learning

Avoid conflicts of interest

Anti-Corruption e-learning Confidentiality e-learning Competition law e-learning Insider Policy e-learning

Compliance with competition laws Protect assets and information

12

Our stakeholders Know with whom you trade

Employee used corporate credit card for per sonal expenses in violation of UPM’s policies. Termination of employment.

140 400

11

6

Total

83

54

100%

Association participation e-learning

76

77

UPM ANNUAL REPORT 2023

UPM ANNUAL REPORT 2023

Made with FlippingBook - Online catalogs