RPM’s vision of Building a Better World starts from the ground up and the strategy from the top down. We have deployed corporate governance and ethical practices and programs, like our Route 168 training program, that create long-term stakeholder value, guided by reasonable oversight through all levels of our leadership.
Effective Governance At RPM
As of October 7, 2022, our Board was composed of 12 Directors, 11 of whom were independent. Our Governance and Nominating Committee Charter assigns oversight of the identification of sustainability risks and opportunities, and the development and implementation of sustainability goals to the Committee. We continue to build Board engagement in environmental and social issues, with the help of added sustainability experience from Directors Julie Lagacy, Chief Sustainability and Strategy Officer, Caterpillar Inc., and Beth Whited, Executive Vice President – Sustainability and Strategy, Union Pacific Corporation.
RPM emphasizes diversity and inclusion at all levels of the company, starting with the Board. Women have been represented on the RPM Board for three decades.
Since adopting the Rooney Rule, a mandate to include diverse candidates in the selection pool for vacant Board seats, we have made significant strides in improving our Board’s gender diversity. General (retired) Ellen Pawlikowski was appointed to the RPM Board of Directors in FY23. Pawlikowski is a retired four-star general of the United States Air Force and is an independent consultant, providing expertise to industry and academia on strategic planning, program management, logistics, and research and development.
Read more about our Directors in our most recent Proxy Statement.
Building a Better World Oversight Committee
RPM established the Building a Better World Oversight Committee in 2021 to support our ongoing commitment to responsibly serve and engage our associates, customers and stakeholders on critical sustainability matters. The Oversight Committee reports to the Governance and Nominating Committee of the Board of Directors. Members of the Committee include, among others, the Vice President – Corporate Benefits & Risk Management; Senior Vice President, General Counsel and Chief Compliance Officer; Vice President – Environmental, Health and Safety; Vice President – Operations; and the Director of Sustainability. The Building a Better World Oversight Committee is chaired by the Vice President – Compliance and Sustainability, Associate General Counsel.
The Building a Better World Oversight Committee center leads the identification of sustainability and climate-related risks and the processes for developing and managing sustainability related goals. The Chair of the Building a Better World Oversight Committee reports regularly to the Governance and Nominating Committee of the Board to provide timely insight into important sustainability and climate-related issues. The Committee created dedicated subcommittees of subject matter experts that focus on addressing and managing risks, opportunities and strategies as well as developing initiatives and programming in support of our pillars in the Building a Better World framework: Our Products, Our People and Our Processes.
A portion of our CEO’s compensation is discretionary and includes consideration of goals related to the development of diverse candidates for management positions. The level of discretionary compensation is determined by the Compensation Committee as part of their annual evaluation. Read more in our most recent Proxy Statement.
Board Of Directors Committee Composition
Below is a summary of RPM’s committee structure and membership information for its board of directors. To read more about any of the committees, click on committee names in the chart below.
Supply Chain & Responsible Procurement
Our suppliers are a significant component of our global impact, and we hold our supply chain to our sustainability and ethical standards as outlined in Our Code of Conduct, The Values & Expectations of 168, and our Supplier Code of Conduct. We are committed to conducting business ethically and responsibly, respecting and protecting human rights, and opposing human trafficking and exploitation. Our Supplier Code of Conduct stipulates that our suppliers are required to:
- Remain free of corruption and conduct business in a fair and ethical manner;
- Operate with social responsibility, including providing a safe work environment and protecting workers’ rights;
- Be a steward of the environment; and
- Comply with all applicable laws, rules and regulations.
To further verify adequate supplier oversight, we use third parties to conduct reviews as part of our evaluation of potential suppliers. For example, we partnered with third-party screener Ecovadis starting in 2022 — to vet companies based on their sustainability risk and performance, including on human rights across our value chain.
We have synthesized our enterprise-level risk assessment to cover a range of topics including internal audit, finance, compliance and, most recently, sustainability and climate change. In 2021, the survey was given to more than 1,200 associates from our management teams across our business units, allowing for risk identification on topics across the company.
We use employee surveys, a series of questionnaires and follow-up meetings to focus on the specific risk areas identified through the assessment. Then we publish key findings internally and address gaps.
RPM also reports the results of the assessment to the Board of Directors annually.
Ethics & Compliance
At RPM, ethics and compliance are more than just policies, they are attitudes embracing The Value of 168 in doing the right things, the right way, for the right reasons.
We built our ethics and compliance program on our core values of transparency, trust and respect, creating an open and honest environment, promoting accountability and valuing opinions. The Value of 168 is embodied and demonstrated in the behaviors of our leaders, associates and stakeholders and we are devoted to operating with the highest standard of ethics and integrity.
Code of Conduct
Our Code of Conduct is titled The Values & Expectations of 168. It is the compass for our business, people and ethics, and represents how we hold ourselves accountable and truly create value for all.
We promote ethics and compliance across the company through regular Code of Conduct and compliance and ethics programming, awareness campaigns and training. We provide all associates, including management, training on The Values & Expectations of 168; this includes topics such as non-retaliation, anti-bribery and corruption, conflict of interest, anti-trust, non-harassment and discrimination, and data protection. As of December 31, 2021, we have fully trained more than 90% of our global associates and management team.
TRAINING & AWARENESS
We promote ethics and compliance across the company through regular Code of Conduct and compliance and ethics programming, awareness campaigns and training.
Our compliance training program, Route 168, takes a risk-based approach and employs our learning management systems. Training includes, among others, courses on data protection, conflicts of interest, competition and antitrust compliance, anti-corruption and bribery compliance, gifts and entertainment, anti-harassment, modern slavery, risks in the supply chain, fraud and business integrity.
Our Route 168 program, rolled out in January 2021, delivers monthly compliance messages across RPM in new and engaging ways to raise awareness of compliance and ethics topics, equip our associates with the appropriate and useful resources to confront issues and reinforce a unified company culture of ethical business conduct and decision-making. Communications include newsletters, emails, toolbox talks, posters, trainings and business initiatives covering topics such as non-retaliation, fraud, anti-trust, data protection, conflicts of interest and corruption and bribery. The campaign is designed to help our associates spot red flags and know how to raise issues on compliance and ethics concerns.
In November 2021, we launched monthly Compliance Tool-Box Talks, a program designed to deliver critical compliance messages in an easy-to-digest format to improve awareness of compliance topics among production associates.
All associates have access to RPM Navigator, an internal site that serves as a resource for policies, training materials and guidance. Navigator was officially launched in July 2021 and provides information on our compliance hotline; Hotline and Nonretaliation Policy and other corporate policies; Route 168 resources; and Supplier, Applicator and Distributor Codes of Conduct. The site has multi-lingual functionality.
We also conducted our first Global Compliance Survey in January 2021. The survey focused on our Code of Conduct, efficacy of the compliance training program and protocol for reporting concerns. We use this data to determine key performance indicators for our compliance-related goals.
RPM’s Anti-Bribery and Anti-Corruption Policy expresses our long-standing commitment of a zero-tolerance policy towards bribery and corruption. We use our Route 168 program to educate our associates about how to spot and report corruption activity and investigate all reports of suspected incidents.
We remain committed to conducting business ethically and responsibly, respecting and promoting human rights, and opposing human trafficking and exploitation. RPM strives to operate in compliance with applicable laws where we do business by:
- Implementing policies and guidelines requiring equal opportunities, nondiscrimination and non-harassment, the prohibition of child and forced labor;
- Complying with applicable health and safety and wage and hour laws and ensuring safe working environments and fair and living wages;
- Expecting our associates, suppliers, distributors and applicators to operate in accordance with our Codes of Conduct;
- Respecting our associates’ right of freedom of association and collective bargaining in accordance with local laws;
- Offering a reporting hotline where individuals can report any ethical or employment concerns without retaliation.
We also support the U.N. Guiding Principles for Business and Human Rights, which respects and honors the principles of internationally recognized human rights.
Data Privacy & Information Security
We work diligently throughout our business to maintain our information security systems, comply with data protection laws and manage data incidents.
The oversight of our Information Security Program is led by our Chief Information Officer and other members of our Information Technology Executive Oversight Committee (ITEOC) and Information Security Center of Excellence Team. The ITEOC, Information Security Center of Excellence Team and our Legal and Compliance Department, where applicable and in combination, are responsible for managing our internal approach and strategy for improvement of cybersecurity and data protection protocols throughout RPM.
Reporting & Internal Audit, Controls & Standards
Our CIO provides quarterly updates and an annual report to the Audit Committee of our Board of Directors on data security controls, incidents, reviews, protocols and remediation processes. Our Chief Audit Executive provides the Audit Committee with quarterly and annual reports regarding our data security compliance and internal controls audits. A compliance update and hotline report are also provided at each Audit Committee meeting.
We regularly test our data security controls for reliability and compliance and we employ auditors specializing in information technology, data security, privacy and compliance within our Internal Audit Department to assess our controls, systems and policies. In addition to our internal testing, we use third-party consultants to review our systems, including external penetration testing, and to provide insight on new and evolving threats along with specialized advice on how best to mitigate those threats.
RPM is committed to complying with all applicable data protection laws and respecting privacy rights afforded to individuals in the jurisdictions within which we operate. Our External Privacy Notice describes the ways in which we collect, use, disclose or otherwise process personal data of our customers, end-users and third parties. In addition, our associate data privacy policies describe how we collect, disclose or otherwise process personal data of our associates, as well as identify the data privacy responsibilities and obligations our associates owe with respect to the personal data of their fellow associates, our customers and others.
Cybersecurity Training & Incident Reporting
Our first line of defense against threats to our cybersecurity or the protection of the data we process is with our associates and vendors. Therefore, the Legal and Compliance Department, together with our Information Security Center of Excellence Team, provide regular training and resources to associates across the organization that highlight potential issues and ways to avoid digital incidents such as phishing. We require that all data privacy incidents or concerns are immediately reported to our corporate Legal and Compliance Department via our Reportable Events portal. These are investigated by both the Legal and Compliance and Information Security Center of Excellence teams to ensure any resulting risks are appropriately identified and remediated.