Good corporate governance

Within the scope of our activities, we observe the generally recognized principles of responsible corporate governance. For Bilfinger, good corporate governance most importantly means responsible behavior toward shareholders, employees, business partners, society and the environment. It also determines the actions of executives and the management and supervisory bodies of Bilfinger SE in particular and, in line with general understanding, encompasses the entire system of management and supervision of a company, including its organization, its business principles and guidelines as well as the internal and external control and monitoring mechanisms.

A comprehensive and transparent corporate governance ensures the responsible, value-oriented and sustainable management and control of the company. It forms the foundation for sustainable business success and fosters trust among our shareholders, employees, customers and other business partners as well as the financial markets. We view good corporate governance as an all-encompassing topic, one that is inseparable from non-financial topics.

Never compromise on integrity 

Are you aware of any violations or concerns about known or suspected violations of the Bilfinger Code of Conduct? Please contact the appropriate person or you may use our Confidential Reporting Line.

Code of Conduct

Statement of Principles on Human Rights Confidential Reporting Line

Management committees and leadership

Management committees and leadership

Bilfinger SE, a European stock corporation headquartered in Germany, has a dual management and control structure consisting of the executive bodies Executive Board and Supervisory Board. While the Executive Board is responsible for managing the business of the Company and the Group, the Supervisory Board supervises it and has personnel authority over the members of the  Executive Board. The two committees work in close cooperation for the benefit and in the interest  of the company. The third corporate body is the Annual General Meeting, which, in accordance with the law, is primarily responsible for fundamental decisions.  

In the course of implementing corporate governance, Bilfinger follows the recognized standards of the German Corporate Governance Code (GCGC). The Executive and Supervisory Boards of  Bilfinger issue an annual declaration of compliance with regard to the application of the recommendations of the GCGC.  

The declaration of compliance with the GCGC and further details on the duties and responsibilities of the boards of the company are provided in the declaration of corporate governance and corporate governance report of the Annual Report. 



Excutive Board

The Executive Board has established specific committees to implement and ensure corporate governance in the company and the Group. In particular, this includes the Bilfinger Risk Committeethe Safety Council, the Compliance Review Board and the Independent Allegation Management Committee

Bilfinger Risk Committee

The Bilfinger Risk Committee (BRC) meets at the behest of the Executive Board and advises it on issues related to risk assessment. It consists of the Chief Financial Officer (CFO), the Financial Directors of the individual regions / divisions, and selected Heads of Corporate Departments. The BRC supports the organization of an effective and pragmatic risk management system and the monitoring of general risk developments. The assessment of non-financial risks to society and the  environment that could arise from Bilfinger’s activities is also carried out as part of the BRC processes. The BRC thus contributes to general process quality as well as to the identification, treatment and reporting of significant Group risks.   

Safety Council

The Safety Council is the responsibility of the Chief Operating Officer (COO) as a member of the Executive Board and is the exploratory and decision-making body for HSEQ-related issues at Bilfinger. Members of the Safety Council include the COO, the Executive Presidents of the individual regions / divisions and the Head of Corporate HSEQ. The Safety Council is responsible, for example, for the Group-wide, topic-specific minimum HSEQ requirements and determines the annual HSEQ  targets for the Group. The Safety Council thus makes a significant contribution to the implementation of the HSEQ objectives in the Group. 

Compliance Review Board

The Compliance Review Board (CRB) manages and monitors the organization and implementation of our compliance management system. It is comprised of the full Executive Board as well as selected heads of the corporate departments and meets quarterly under the chairmanship of the Chief Compliance Officer. The CRB has a central role in ensuring the ongoing effectiveness of our compliance management system. 

Independent Allegation Management Committee

The Independent Allegation Management Committee (IAMC) is comprised of the heads and the representatives of the corporate departments of Legal, Compliance, Internal Audit, Tax and Human  Resources. Under the chairmanship of the Chief Compliance Officer, the committee controls and monitors the conduct of internal investigations into possible serious violations of our Code of Conduct. The IAMC also advises on necessary responses to identified violations, including process changes, control activities and disciplinary measures.

Disciplinary Committee

The Disciplinary Committee consists of the Heads of Corporate Compliance and Corporate Human  Resources. The committee is chaired by the Head of Corporate Human Resources and evaluates the severity of any proven misconduct. In the event of a serious violation of the Bilfinger Code of Conduct, the Disciplinary Committee defines disciplinary measures to be taken with respect to the  relevant Bilfinger employee. 


Supervisory Board

In accordance with Article 11 of the Articles of Incorporation, the Supervisory Board of Bilfinger SE consists of 12 members, including equal representation of the shareholders and the employees. The Supervisory Board advises and monitors the Executive Board and is responsible for the appointment and dismissal of Executive Board members, their employment contracts and remuneration. Monitoring also includes the topics of sustainability and Environmental, Social & Governance (ESG) as well as the corresponding reporting. 

Learn more

In addition to legal provisions and the Articles of Association, the Supervisory Board has  adopted Rules of Procedure which set out, among other things, the tasks, items that require approval as well as other requirements for Supervisory Board members, together with the formalities for preparing, convening and holding meetings and adopting resolutions. This is reviewed on a regular basis and updated when necessary. It is available on the Bilfinger SE website. The Supervisory Board has established various committees in order to ensure more efficient operations. Information about the committees can be found in the Declaration of corporate governance and corporate governance report of the Annual Report. Among other things, the Supervisory  Board has transferred supervision and preparation of the topics of sustainability and Environmental, Social & Governance (ESG) to the Audit Committee, whereas the overall and final responsibility for this remains with the Supervisory Board.

Basic structure of the Bilfinger Group

The Bilfinger Group is organized decentrally and hierarchically. It is managed by Bilfinger SE as parent company and headquarters.

Learn more

Headquarters is responsible for the fundamental structural and functional management and administration of the Bilfinger Group. It is divided into corporate departments, in part with corporate functions as sub-units with each assigned to the area of responsibility of a member of the Executive Board. Operationally, the Group is divided into two service lines (Engineering & Maintenance and Technologies) and within these into eight regions and two divisions, to which in turn the individual Group companies are allocated. Within the framework of the decentralized structure, the regions and divisions are granted a high degree of entrepreneurial autonomy.  

Responsibility in each of the regions and divisions lies with an Executive President who is responsible for operating business and who reports to the Chief Operating Officer (COO) on the Executive Board, and a Financial Director, who is responsible for commercial matters and reports to the Chief Financial Officer (CFO). There are three Global Excellence Teams (HSEQ, Global Development and Operational Excellence) established in the form of corporate departments to provide targeted support to the regions, divisions and Group companies to develop new areas of business, increase efficiency and, moreover, ensure our HSEQ standards.  

This organizational form facilitates short decision-making paths and lean administration. Governance at Bilfinger is organized in line with this structure. 

Frameworks and regulations

Frameworks and regulations

Our frameworks and regulations for the implementation of governance in the Group go beyond statutory requirements for the management of German listed companies. We provide both guidelines and binding regulations for the actions of each individual, oriented on the needs of our business.

Learn more

Bilfinger governance is essentially defined and implemented by its various elements, including the governance documents and the regulations they contain as well as their relationship to each other. This governance structure was further enhanced in the reporting year and a new Governance Portal was implemented. The Governance Portal makes all key governance documents available to Bilfinger employees in a bundled and transparent form. This is designed to effectively help employees use and implement Bilfinger governance in their daily work. 

There is a clear and transparent structuring of Bilfinger governance (as summarized in the illustration below). 

Mission Statement, Group Principles, Code of Conduct

Our Mission Statement, our Group Principles and our Code of Conduct, together with the basic structure of the Group, form the framework for governance, with priority given to more general guidelines.  

Our corporate values are specified in the Mission Statement and Group Principles. Integrity and security serve as the foundation and are of the utmost priority. The Mission Statement also describes our passion, values and competences and illustrates the cornerstones of our corporate culture. On this basis, our Group Principles set out behavioral guidelines in abstract form for all employees, in particular for the areas of HSEQ and risk-conscious behavior.  

The principles laid out in the Code of Conduct serve as a further benchmark for our actions. The Bilfinger Code of Conduct applies to activities throughout the world and has been translated into a total of 18 languages. It provides specific guidance for responsible, compliant and integrity- oriented behavior in everyday business and is mandatory for all managers and employees – regardless of where they work and what job they do. It is valid throughout the Group and relates to how we deal with each other and how we deal with customers and business partners. In addition to the general principles of behavior in the area of compliance, the Code of Conduct includes, among other things, rules related to integrity as well as the handling of conflicts of interest, and prohibits corruption and discrimination of any kind. The individual topics are substantiated by corresponding Group Policies. The Code of Conduct and the substantiated Group Policies are regularly reviewed and adjusted for current needs and developments. 

The elements of Bilfinger governance also lay out specific guidelines for the management and organization of the Group. These can be divided into three pillars – content and process specifications (Group Policies and Standard Operating Procedures), specifications for the framework and limits for actions and measures (rules of procedure as well as approval and signature requirements) and further specifications for responsibility and organization (reporting lines and schedules of responsibility). 

Group Policies and SOPs 

In addition to the Group’s specific guidelines on the Code of Conduct, all other specialized issues and processes classified as requiring regulation throughout the Group are also set out in Group policies. Specific processes are, in turn, regulated in Standard Operating Procedures (SOPs), which are binding for all employees. In each case, local requirements must be taken into account. In individual cases, these permit more specific implementation regulations and, in exceptional cases, deviations. Responsibility for the Group Policies and SOPs lies with the corporate and specialist departments and Group functions at Group headquarters. The review of Group Policies and SOPs begun in the course of the realignment of the Group structure in 2020 was largely completed in the reporting year. In this context, the fundamental Group Policies on governance at Bilfinger were also updated. The Group Policies and SOPs are regularly reviewed to ensure they are up-to-date and adjusted as necessary. 

Rules of Procedure as well as approval and signature requirements

In addition to the content of the Group Policies and SOPs, the actions of individual Bilfinger employees and managers in the Group are guided by rules of procedure and approval requirements. The regional or division head as well as the managing director or other executive representative  of a Bilfinger company each has Rules of Procedure which define, among other things, the reporting line, internal approval requirements for certain actions and measures. Approval requirements exist for each unit and level of the Group, whereby the approval requirements in the regions and  divisions are determined by the respective management in its framework for action. In addition, binding requirements and limits exist for each Group unit for the signing or other drafting or issuing of business-relevant documents and declarations by Bilfinger employees. These elements ensure a clear framework for action for each individual Bilfinger employee and manager. Approval and signature requirements are regularly reviewed to determine whether they are up-to-date, most recently in the reporting year. They are also adjusted if necessary.  

Schedules of responsibility and reporting lines 

The Rules of Procedure also contain the respective reporting lines as well as procedural regulations, for example the possible allocation of responsibilities and requirements for joint decisions in the relevant body of the Group company or the regional or divisional management. Reporting lines also exist for each Bilfinger employee. In principle, the reporting line corresponds to the disciplinary responsibility, but it can also be divided if the employee is assigned to a different function.  

The regulations in the Rules of Procedure are supplemented by a mandatory schedule of responsibility, in which the responsibilities for each member of the executive body of a Group company or a regional / divisional head are clearly assigned. This ensures that there is clear accountability and organization for each respective manager.  

The described implementation of governance at Bilfinger serves as a structural guide in the design of the respective key factors that are organized by the corresponding specialist departments. The concepts are described in greater detail in the following chapters. 

Counteracting corruption and bribery

Counteracting corruption and bribery   

Bilfinger is committed to the fight against corruption and bribery. Corrupt behavior is contrary to our values. We are also convinced that corruption undermines business relationships, distorts competition and exposes companies and individuals to unnecessary risks.

Bilfinger's CMS aims to avoid rule violations through preventive measures, to recognize any misconduct at an early stage and to react quickly and consistently. The CMS mainly consists of the following components:

  • Code of conduct for all Bilfinger employees worldwide
  • Guidelines for compliant behavior, for example when dealing with third parties, accepting or giving gifts and in the event of conflicts of interest
  • Training for employees and extensive advice and information on all compliance-related topics and processes, including anti-corruption or anti-trust issues
  • Uniform Group-wide internal control system
  • Operational support of our regions and divisions from on-site compliance employees
  • Confidential whistleblowing system for Bilfinger employees and external whistleblowers
  • Compliance Review Board consisting of Executive Board and department heads. This Board monitors and manages the organization and implementation of the CMS

Our CMS does not remain static. We continuously review and optimize its effectiveness and efficiency to meet changing regulatory requirements, market and business changes as well as the demands of our customers.

Concept - learn more

Counteracting corruption and bribery is a central component of our compliance management system. For this reason, Corporate Compliance is responsible for the framework to counteract corruption and bribery at Bilfinger. 

Bilfinger’s compliance management system covers all areas of the business and pursues the objective of preventing compliance violations through preventive measures, recognizing early any type of misconduct and, in the case of confirmed violations, reacting quickly and consistently punishing misconduct.  

The Bilfinger compliance management system is illustrated in, among other places, the Code of Conduct, which is binding for all employees worldwide. In the Code of Conduct, we prohibit bribery and corruption among our employees. They may not hold out the prospect of or grant to  our customers, suppliers or other business partners money or anything of value, either directly or indirectly, to influence their decisions or to gain any improper advantage. This principle also applies in reverse: No one acting for or on behalf of Bilfinger can allow him- or herself to be corrupted or bribed through the acceptance of unfair economic advantages from business partners. Accepting  small payments to secure or accelerate routine official acts (acceleration payments) is also prohibited for our employees. 

In our Code of Conduct, we also describe constellations that are often associated with a risk of corruption in business life. These include donations, sponsoring activities, gifts, hospitality and entertainment, dealing with public officials and accounting. 

Corporate Compliance is headed by the Chief Compliance Officer. He reports directly to the Chairman of the Executive Board or, on an interim basis during the reporting period, to the COO and has an additional reporting line to the Supervisory Board and its Audit Committee. Managers have a special role to play in the implementation of our Code of Conduct and the compliance management system: they must act as role models. The annual performance evaluation of managers therefore includes an individual integrity assessment that then forms part of the annual dialogue on career development. In addition, variable remuneration for managers at management levels 1 and 2 includes an individual integrity factor. This factor is determined and taken into consideration annually with regard to the extent a manager implements the topics of integrity and compliance into his daily actions and how much he actively supports and promotes them in his environment. 

To manage and monitor the design and implementation of our compliance management system, the Executive Board has established a Compliance Review Board (CRB), whose tasks and composition are described in Chapter B.5.2.1 Good corporate governance.  

Our subsidiaries are supported by compliance managers and compliance officers at both the regional and divisional levels. In addition, each regional and divisional management, each executive management and each department head at Bilfinger assumes responsibility for the effectiveness of the compliance management system including the Internal Control System (ICS) in their respective area of responsibility.  

The international network of Compliance Representatives ensures that employees in the business units have an additional local compliance contact person. The Compliance Representatives are specially trained employees who, in addition to their primary functions in the company, support their colleagues with compliance and integrity questions and thus strengthen the presence and visibility of the topic of compliance at their locations. The Compliance Representatives maintain a regular exchange of information with Corporate Compliance and contribute experience and challenges of the individual locations to the further development of the respective Compliance program.  


To prevent future misconduct, we employ, among other things, practical compliance advice from Compliance Managers and Officers as well as the Compliance Help Desk, guidelines, supporting compliance IT tools as well as training and communication measures. 

Our compliance training modules include both on-site training and e-learning programs in which knowledge is conveyed and case studies are discussed. The total number of people in the target group of the individual trainings sometimes varies greatly from year to year as a result of a multi-year training concept. 


Performance indicators - learn more 

All employees also have access to a central Compliance Help Desk that offers support in all compliance-related questions. 


Number of inquiries to the Compliance Help Desk

In order to deliver our services as a company, we are dependent on cooperation with numerous business partners. Because the compliant behavior of our business partners is an indispensable prerequisite for us, we use a risk-based, IT-supported process to review our potential business partners before entering into a business relationship (so-called third-party due diligence). When carrying out such integrity audits, the business units of Bilfinger are supported by the compliance department in the risk evaluation.  

In addition to prevention, the rapid identification of any misconduct and an appropriate response to such misconduct are essential components of our compliance management system. There is a whistleblower system in place for the receipt, documentation and processing of suspicious cases in connection with possible violations of our Code of Conduct: Our employees and external parties can, on a confidential basis and if desired also anonymously, provide information on potential misconduct on the part of Bilfinger employees. 


Number of notices of compliance violations 

Compliance plays an extremely important role at Bilfinger. It is a management task and is practiced by everyone in the company. Our compliance culture is a guarantee for our customers that we not only offer top-quality services, but that we are also a partner with integrity. This is a decisive competitive advantage for Bilfinger."

Gernot TölleHead of Awareness, Prevention & Antitrust, Compliance Officer Headquarters at Bilfinger



Are you aware of any violations or concerns about known or suspected violations of the Bilfinger Code of Conduct? Bilfinger applies a zero-tolerance policy to any violations of the Code of Conduct and as such, encourages employyes and other stakeholder to raise any concerns you may have.

In such a situation please contact your supervisor or colleagues from other departments such as the Human Resources, Corporate Comliance or any other person of trust within Bilfinger.



If you are uncomfortable with any of these channels, or if you are not a Bilfinger employee, you may use our Confidential Reporting Line, consisting of an elextronic postbox and teleohone-hotline, 24 hours a day, 365 days a year, operating in multiple languages.

Confidential Reporting Line

The Confidential Reporting Line is managed by an idependent services provider.

00800 – B-I-L-F-I-N-G-E-R 
(00800 - 245 34 64 37)

If you cannot reach the hotline, please check here, wether a different number applies in your country. If this is not the case, please click on the link above to access our electronic postbox.

Data security and data protection

Data security and data protection  

To be able to provide our services, we collect, store and process a range of data. On the one hand, this relates to personal data of our employees, but also data about plants, processes and people at our customers’ sites, because we are providing an increasing number of services for the digitalization of plants. Information is therefore an integral part of our business processes and thus represents an important corporate asset that must be protected in an appropriate manner against  unauthorized access. In the context of an ever-increasing global networking of computer systems, protection against abuse, manipulation, espionage or theft requires increasingly complex procedures. 


Data leaks or issues related to accessing data can have a serious impact on the relationship with our employees or business partners. For this reason, our processes and activities for data security and data protection are important prerequisites for the acceptance of our business model by our stakeholders. 

Data security

Employees, customers and other stakeholders must be able to rely on the fact that the data entrusted to Bilfinger is protected against abuse and loss. Bilfinger has therefore adopted targeted regulations with regard to information security and data protection and has taken appropriate organizational measures. 

The fundamental regulations for the secure and legally compliant handling and processing of data are summarized in our Group Policy on Information Security. It is binding for all Group employees and for all those working on behalf of Bilfinger. It describes the components of information security, principles for handling and processing data and the obligations of managers, IT specialists, employees and external parties. Violations of the provisions of this Group Policy and its annexes or of existing laws may result in disciplinary, contractual or criminal consequences. 

In addition to the Group Policy on Information Security, various Standard Operating Procedures (SOPs) have been defined with the goal of implementing the Group Policy on Information Security in all Group companies. These include, for example, SOPs on the topics of information management standard, physical protection of data, emergency security and IT audit. 

Technical responsibility for information security lies with the manager responsible for information security at Bilfinger Global IT GmbH, who is supported by the dedicated, central competence center for the topic of information security. The Information Security team checks to ensure that IT services that are planned or in operation are compliant with the Group Policy on Information Security as well as regulatory requirements. In addition, each organizational unit must appoint a person responsible for data protection who works together with the manager responsible for information security as a coordinator.  

We counter the risks in the cyber security environment with a broad package of measures, such as increased monitoring of incoming and outgoing e-mail traffic to prevent malicious e-mails with a cloud-based e-mail gateway. In the event of specific threats, we work together closely with the relevant authorities. The central data centers were migrated to Microsoft Azure in the cloud and will continue to be subject to ISO 27001 certification. In addition, measures to make network access more stringent are checked by means of regular vulnerability analyses, e.g., through so-called friendly hacking. To monitor security-relevant incidents, Bilfinger uses a Security Information and Event Management System (SIEM) which collects all central logs and evaluates them for anomalies. Another focus of our efforts is the swift closure of newly reported weaknesses from software manufacturers, such as the hafnium vulnerability in Microsoft’s Exchange software. In this case, the security vulnerability was closed within a few days and there were no longer any visible indications of a potential breach. In addition, training requirements have been defined for all employees with computer workstations to raise awareness of the increasing risk. 

Every employee or person working on behalf of the Bilfinger Group is obligated to report any possible or actual threat to the information available in the Group as a security incident in a timely manner. In addition, each business unit is obligated to establish and maintain a comprehensive and effective emergency management system in accordance with its business area and area of responsibility. Should there be a security incident, the Independent Allegation Management Committee (IAMC) is, when necessary, commissioned with an investigation into the violation. 

Data protection

In order to create a uniform standard for handling personal data in accordance with the European General Data Protection Regulation, a standardized Group Privacy Policy applies in our Group. It is based on the provisions of the European General Data Protection Regulation and on globally accepted basic data protection principles for the processing of the personal data of employees, customers, suppliers and other business partners. The policy describes the tasks and responsibilities of the external Data Privacy Officer, the internal Data Privacy Officer as well as the Data Privacy Coordinator. It also outlines the data protection principles, specifications for data transmission and commissioned data processing, the rights of data subjects and the responsibilities of Group companies. 

The policy is binding for all Group companies and is intended to ensure that the data protection standards described in the policy are not undercut. It also applies to Group companies in countries that do not have their own statutory data protection regulations.  

If data protection violations occur or are suspected, the Group Privacy Policy lays out a procedure for the reporting of data protection violations. A reporting form is available for employees as a guideline for this purpose. For further processing and for the purposes of evaluation, the reports are fed into a database in which the (suspected) data protection violation is described. 

The Executive Board is informed about data security and the structure of data protection at least once a year. The Executive Board is informed of any incidents of particular significance.  

More about

Contact Us