Setting the bar high on integrity and compliance
" For more than 20 years, Thales has developed a robust policy on ethics, integrity and compliance, which are the foundations of our social responsibility and the key to building a world we can all trust. "
training sessions on corruption and influence peddling were delivered in 2019-2020
certification was achieved in March 2021 for a scope covering Thales SA and the companies it controls in France, plus some subsidiaries of Thales International SAS outside France
Thales introduced a corruption risk prevention policy in the late 1990s in order to protect itself from corruption and bribery, which represent a major risk for multinationals.
This policy is regularly reviewed and updated to reflect increasingly strict international rules and requirements on corruption and influence peddling, and has been further strengthened by Thales’s progress towards ISO 37001 certification. The policy is based on:
- Thales’s Corruption Risk Prevention Policy, which is backed by a dedicated governance structure, including a standalone “Compliance” function with 18 Chief Compliance Officers and over 100 Compliance Officers.
- A set of principles clearly articulated by the Chairman and CEO and shared with all employees: all senior executives sign personal pledges to adhere to Thales’s integrity and compliance rules – including rules on corruption and influence peddling – and are required to refresh this pledge every two years.
- Thales’s Code of Conduct: Prevention of Corruption and Influence Peddling which explains and illustrates – in clear and simple language – why preventing corruption and influence peddling is important, what types of behaviour are prohibited as likely signs of corruption or influence peddling, and how Thales employees should react in certain high-risk situations.
- A corruption and influence peddling risk map, which is drawn up in accordance with Thales’s general risk mapping methodology.
- Third-party due diligence procedures (mainly covering customers, suppliers, subcontractors and partners), which use risk profiles and include preventive measures proportionate to the identified risks.
- Accounting control procedures, which are embedded in Thales’s internal control rules in order to prevent and detect acts of corruption and fraud.
- A training programme for employees who are exposed to corruption and influence peddling risk in their line of work, and for those in supporting roles who may be in a position to prevent or detect corruption and influence peddling. The programme is tailored to employees’ risk exposure.
- A disciplinary system that sets out what action employees will face if they breach the Code of Conduct: Prevention of Corruption and Influence Peddling or break the law more generally, up to and including dismissal for misconduct.
- An anti-bribery management system (ABMS), which sets out the aims of Thales’s anti-corruption compliance programme, explains the associated rules, performance indicators and control procedures, and tracks breaches and improvement loops.
- An internal whistleblowing system, which can be used to report breaches of the Code of Conduct: Prevention of Corruption and Influence Peddling and, more generally, any matter falling within the scope of French due diligence legislation. Thales employees have the option to file a report with their line manager or the relevant whistleblowing officer, or to use the Thales Alert Line platform.
Thales Alert Line: Thales’s alert platform
Thales has set up a Group-wide alert platform, known as Thales Alert Line. The system is open to Thales employees, external and contract workers, and the staff of our suppliers, subcontractors and customers. Eligible individuals acting in good faith can use the system to report any matter that breaches Thales’s internal rules or that falls within the scope of applicable legislation.
In March 2021, Thales was certified by AFNOR (Association Française de NORmalisation), France’s independent standards organisation, to the ISO 37001 standard for anti-bribery management systems. This initial certification covers a scope including Thales SA and the companies it controls in France, plus some subsidiaries of Thales International SAS outside France. Thales plans to continue this process and extend the scope of the certification.
This certification – part of the Group’s CSR objectives for 2021 – confirms our commitment to doing business in accordance with the very highest international standards in this area.
" Thales’s certification to ISO 37001 testifies to the existence of a set of demanding compliance measures and procedures, and underscores the entire Group’s engagement and tenacity in the fight against corruption. These efforts help to build the trust of all of Thales’s stakeholders and are fully aligned with the Group’s purpose of ‘building a future we can all trust’. "
Responsible data use
In the course of its business activities, Thales processes a large amount of personal data, both on its own behalf and on behalf of its customers.
Personal data has become a major asset for businesses operating in key global markets. For this reason, Thales has made data protection a top priority: we seek to maximize the utility of the data we process while adhering to applicable legislation at all times.
At Thales, we make a two-fold pledge: to keep the data we process as secure as possible, and to demonstrate that commitment.
Responsible tax policy
Thales’s global tax policy applies to all countries and incorporates the Group’s ethics rules, including measures against tax evasion. As a global business, Thales pays significant taxes and duties in many countries.
Thales adheres to tax rules at all times and is careful to comply with local regulations, international treaties and the guidelines of international organisations.
The tax that Thales pays is directly related to its business strategy and activities, and we only establish offices outside France for the purpose of developing our business or meeting operational needs. We also comply with the OECD Transfer Pricing Guidelines.
The tax function is managed by the Group Tax Director, who reports directly to the SEVP, Finance & Information Systems, who is a member of Thales’s Executive Committee. Tax risk is fully integrated into the risk analysis role of the Audit, Risks & Internal Control Department and is one of the internal control assessment items of the Yearly Attestation Letter.
For Thales, lobbying means providing useful information to inform public decision-making. More specifically, it involves transparently publicising and promoting our activities in order to give public decision-makers exhaustive information and technical expertise.
We engage in both national and supranational lobbying – and always in accordance with local laws and regulations. In particular, we comply with Article 25 of the French Transparency, Anti-Corruption and Economic Modernisation Act of 9 December 2016 (known as the Sapin II Act), which aims to ensure transparency in relations between lobbyists and the French authorities.
We have compiled a Best Practices Guide to Lobbying for employees whose role may involve lobbying French public officials, detailing the ethical and reporting obligations that apply in France and describing the procedure employees must follow.
Thales is committed lobbying transparently and with integrity. In particular, we:
- apply a zero-tolerance approach to corruption and influence peddling in accordance with our Code of Ethics and our Code of Conduct: Prevention of Corruption and Influence Peddling.
- comply with national laws, regulations and ethical rules, and with the rules of the institutions with which we have relationships.
- register as a lobbyist with the institutions with which we have relationships, in accordance with applicable law.
- refrain from financing political activities, including in countries where such financing is authorised, and adhere to the principle of political neutrality.
- promote best practices in responsible lobbying.
- refrain from contracting with public officials to represent our interests.
Strict export controls
Because Thales mostly operates in strategic areas, our businesses are bound by a specific regulatory framework. We have developed rigorous procedures as part of a process of continuous improvement to ensure that our businesses comply with regulations at all times.
Thales sells its products, solutions and services across the world to a very large number of public and private customers, both directly and indirectly. The export and re‑export of many products, technologies and systems for military or dual use requires licences issued in advance by the authorities of the exporting countries.
Other regulations – including extraterritorial regulations such as those issued in the USA by the Office of Foreign Assets Control (OFAC) – prohibit trading with certain states, bodies, companies or individuals. These regulations, which can often change, create a framework of restrictive measures and impose economic and criminal sanctions on any individual, organisation or state that breaches them.
The Group exports its equipment and systems according to very strict rules designed to protect the national security of democratic states and combat the proliferation of weapons of mass destruction throughout the world. Compliance with export control rules, embargoes and economic sanctions is therefore a critical challenge for us.
At Thales, we undertake to operate in strict compliance with export control requirements, embargoes and economic sanctions. Each of our countries of operation has its own sovereign interests and its own export control rules – so we need to comply with different sets of regulations.
A central plank of our governance model
Given the global nature of our business, a rigorous export control, embargo and economic sanction system is a clear necessity. The Export Control Department defines Thales’s strategy at corporate level, and Trade Compliance Officers and Trade Compliance Managers within each exporting entity are responsible for deployment worldwide.
Compliance with export control rules, embargoes and economic sanctions is everybody’s business, so all our employees have access to online training.