Responsibility and Trust

At GRENKE, we assess our corporate risks taking into account ESG risk drivers. We define sustainability risks as risks resulting from material ESG topics. They are seen as drivers that can materialise in the known risk types. Accordingly, physical and transitory risks are considered, analysed and categorized along the ESG dimensions per risk type as part of the risk inventory.

Internal Audit provides independent and objective auditing and consulting services on behalf of the Board of Directors. This ensures the maintenance, continuous improvement and control of the governance and compliance structure.

Our non-financial statement is set-up according to the "With Reference" option of the Sustainability Reporting Standards of the Global Reporting Initiative (GRI SRS). This generally applies to standards GRI 1 to 3 as well as the thematic standards on economy (GRI 200 series), ecology (GRI 300 series) and governance (GRI 400 series).

With the EU taxonomy (EU Regulation 2020/852), the European Commission implemented a uniform disclosure of sustainability-related key performance indicators throughout Europe as part of non-financial reporting. Focus of the EU taxonomy is on the environmental goals of "climate protection" and "adaptation to climate change".

We are committed to mitigating negative impacts and creating positive impacts for a sustainable future in line with the United Nations Sustainable Development Goals. The following SDGs are particularly relevant to our business model:

Climate & Environment: 7 Affordable and clean energy, 12 Sustainable consumption and production, 13 Climate action.

Social contribution: 3 health and well-being, 4 quality education, 5 gender equality

Responsibility and trust: 8 decent work and economic growth, 9 industry, innovation and infrastructure, 17 partnerships to achieve goals

Our Group-wide compliance management system (CMS) helps us to meet the various international requirements and prevent risks. In order to ensure compliance with all national and international requirements and guidelines, all countries in which we are represented also have local compliance officers. Our whistleblower platform "GRENKE Integrity Line" offers all internal and external stakeholders the opportunity to bring potential breaches of regulations to our attention - at any time and in complete anonymously.

We counter potential money laundering and criminal activities with our specially qualified staff, work instructions, guidelines and checks. For this purpose, we have appointed national money laundering officers throughout the Group who ensure legal compliance. Our business partners are regularly trained and informed about regulations and developments in money laundering. In addition, we are setting up an IT-supported transaction monitoring and KYC tool, which will automate and digitalise these processes.

We continuously develop our data protection management system further. In this way, we ensure that data processing in the Consolidated Group is carried out in compliance with the law at all times, that potential violations are recognised at an early stage, and that appropriate countermeasures are taken. In order to meet the major challenges in data protection, both GRENKE AG and its subsidiaries have each appointed data protection officers in accordance with legal requirements and created a central office for operational data protection. The data protection officers and operational data protection are also available to our customers, business partners and employees as expert contacts.

In order to protect the information we process in the best possible way, we are constantly developing our information security management system further. Compliance with regulations and laws, in particular the minimum requirements for risk management (MaRisk) and the banking supervisory requirements for IT (BAIT), are the basis of our actions. All measures, processes and controls are based on the ISO27001 standard and the IT security maturity model according to COBIT (internationally recognised framework for IT governance) and are being successively expanded.