We have a strict zero policy when it comes to corruption and bribery.
ESL Shipping’s highest decision-making authority lies with the Board of Directors. Chaired by the CEO of Aspo Plc, the members are external to the company and support operative business management. There were no changes in the composition of the Board of Directors in 2022. At the end of 2022, management team of the group consisted of seven members.
Sustainability activities in the group are led by the Managing Director in accordance with the group’s ESG Policy. The Management team of the group has shared the specific areas of responsibility in ESG matters between Kirsi Ylärinne (environment), Mikko Rausti (social) and Petter Ruda (governance).
ESL Shipping actively participates in industrial cooperation. Managing Director Mikki Koskinen is Chairman of the Board of Finnish Shipowners Association and a Member of the Board at the International Chamber of Shipping. Frida Rowland is a Member of the Board of Swedish Shipowners’ Association.
Compliance at AtoB@C Shipping
At ESL Shipping group, compliance means ensuring that we act in accordance with requirements that are derived from laws and regulations, our compliance manual and internal guidelines, our Code of Conduct and the UN Global Compact principles. The company’s compliance is the responsibility of the CFO.
ESL Shipping’s vessels operate in international traffic and occasionally can visit countries where corruption is common. Our Code of Conduct absolutely prohibits corruption and bribery in all forms. Code of Conduct training includes anti-corruption issues and provides guidance for identifying any suspicious situations and practices considered unethical. In 2022, all of the ESL Shipping’s shore personnel completed the Code of Conduct training.
Knowing the counterparties we work with is an essential part of our compliance work. ESL Shipping checks possible sanction risks as well as solvency of all counterparties with modern and efficient tools. No business is allowed prior to sanction risks being checked and evaluated thoroughly. In addition, the Group closely monitors sanction risks of current counterparties as the sanction schemes evolve constantly and new sanction risks may suddenly emerge.
Our internal guidelines set clear guidelines regarding the monetary acceptance limits of individual employees and management team members. Furthermore, all financial transactions require the approval of two individuals.
Anti-corruption and bribery
At AtoB@C Shipping, we have a strict policy of zero tolerance towards bribery and corruption. Our vessels operate in international traffic and occasionally visit countries where corruption is prevalent. However, we firmly prohibit any form of corruption and bribery through our Code of Conduct. Our comprehensive Code of Conduct training equips our personnel with the knowledge to identify and address any unethical situations or practices. In 2022, all of AtoB@C Shipping's shore personnel successfully completed the Code of Conduct training.
Through our parent company ESL Shipping, we are proud members of the Maritime Anti-Corruption Network (MACN), a collective of more than 180 shipping companies and institutions dedicated to fighting corruption. Despite our vessels primarily trading in Northern Europe, we recognize that corruption remains a significant issue in certain countries where our vessels occasionally operate.
To mitigate the increased risks of corruption, bribery, and security concerns during port calls to these areas, our safety department performs thorough risk assessments using various sources, including the MACN database. We provide our vessels with valuable information and clear instructions on how to effectively manage and minimize potential risks.
Furthermore, we have established a dedicated whistleblowing channel that allows our employees and stakeholders to report any violations of our policies promptly. We believe in the importance of maintaining a transparent and accountable environment for all.
Cybersecurity and IT risk management
As society becomes increasingly reliant on functioning IT systems, it is crucial to protect our critical IT systems from a wide range of threats such as spyware and malware. Our group has made significant investments in modern and efficient tools to safeguard our IT and operational technology environment.
We evaluate IT risks annually based on industry best practice templates, fully integrating them into our corporate risk management program. Our information security roadmap includes a maturity and gap assessment, as well as an investment timeline for cybersecurity matters.
We provide mandatory cybersecurity guidelines in our intranet and have incorporated them into our Safety Management System. Additionally, our staff receives training in cybersecurity matters. In the event of a breach of confidential information, we have established procedures to report these incidents to the relevant authorities in accordance with applicable laws and regulations.
To ensure that access to our systems is restricted to authorized users only, we have implemented several measures. We tightly control and monitor third-party service providers' access to our IT systems and require them to sign non-disclosure agreements. As part of our group-wide auditing plan, our IT control procedures undergo annual audits.
ESL Shipping actively participated in the national cybersecurity exercises organized by the Finnish National Emergency Supply Agency in 2022 and 2023.
Handling of personal data
When sharing personal data with third-party service providers outside the company, we require a Data Processing Agreement before the data can be shared.
Whistleblowing provides an opportunity to report suspicions of misconduct. Individuals have an important role in raising concerns if there is suspicion of serious misconduct, that should be prevented or corrected. There is no need for proof of suspicions, but all messages and reports must be made in good faith.
Individuals can raise their concerns anonymously by using our reporting channel, managed by a third-party company. The service is separate from our IT environment. The system does not track IP addresses or other data that could identify a person sending a message. Messages are encrypted and can only be decrypted by designated individuals. The system provider cannot decrypt and read messages.