Compliance stage mood .jpg
home- compliance .jpg

Compliance and risk

Base Veneer Landscape Teasers.jpg
Performance Landscape.jpg

Integrity and compliance

It is crucial for trust in our company, our products, services and innovations that we conduct ourselves with honesty and integrity at all times. For us, integrity means taking a stance. Integrity acts as an inner compass to do the right thing out of our own conviction – regardless of economic or social pressure. In all areas of work and functions, we therefore make decisions in accordance with our corporate values, applicable national and international laws, regulations and internal voluntary commitments.

 

Compliance at Bentley is practiced through mitigating control activities which aims to ensure that all employees act in accordance with internal regulations and legal requirements. These processes are closely integrated to form a compliance management system. Our compliance management system enables Bentley to identify compliance risks such as corruption, human rights violations and money laundering and implement mitigating controls such as a compliance training curriculum, due diligence checks on business partners and policies and procedures to enable employees to effectively manage risks. We understand integrity and compliance not as an end in themselves, but as a prerequisite for sustainable success. They form the core of correct and value-based behaviour at Bentley. That is why they are an integral part of our corporate strategy.

Grey leather landscape.jpg
Gallery 4.jpg

Risk

Risks are defined as internal and external events that may have a negative impact on the achievement of our business objectives, the ability to comply with regulatory requirements and the adherence to, or viability of, company processes. At Bentley the management and control of risks is supported by a comprehensive Risk Management and Internal Control System (RMS/ICS). The Risk Management System (RMS) covers the principles, procedures and measures to identify, assess, manage, control, communicate and monitor risks. The Internal Control System (ICS) is used to safeguard the principles, procedures and measures (regulations) introduced by the company. The aim of the ICS is to ensure the effectiveness and economic efficiency of business activity.

Stone Portrait Teaser V1.jpg
Codeofconduct.jpg

Our code of conduct

In the long term, a company can only be successful if it acts with integrity, complies with statutory provisions worldwide, and stands by its voluntary undertakings and ethical principles, even when this is the harder choice. Bentley are committed to this principle. Compliance must be second nature to all Bentley employees. The Code of Conduct outlines the ethical principles and behaviours which we expect from all of our employees in our business dealings.

 

We are aware that violations of laws, rules and regulations have consequences. This is another reason why we want to be a role model in this area. We have set out the ethical basis for our actions in our Code of Conduct and in the Volkswagen Group Essentials, our corporate principles. We live our corporate values, principles and rules. We promote trusting, sincere and fair cooperation in order to assume responsibility and protect the company and its employees with clear rules and clear attitudes. Training on the Code of Conduct is also provided to employees on a regular basis.

 

These high standards are also expected to be followed by our business partners. Business Partners are expected to act responsibly and to agree to comply with the requirements defined in the Code of Conduct for Business Partners. 

Anticorruption.jpg
Texture- Black leather 16x9.jpg

Anti-Corruption

Zero-tolerance policy
Corruption prevention
Code of Conduct for Business Partners
Business Partner Due Diligence
Whistleblower System

Zero-tolerance policy

There is no place for corruption at Bentley! We have a clear zero-tolerance policy regarding active and passive corruption.

Corruption prevention

This is firmly anchored in our Code of Conduct. We actively prevent corruption, white-collar crime, and other legal violations with additional binding guidelines that apply company-wide. We take our responsibility to protect our company and our employees from corruption risks very seriously. Therefore, a fundamental part of our Compliance Management System is to continuously train and educate our workforce on preventing corruption. Web-based trainings, face-to-face trainings and communications are used to raise awareness of the internal regulations and applicable laws and how to deal with corruption risks appropriately.

Code of Conduct for Business Partners

The same high standards also apply to our national and international business partners. We are convinced that ending corruption is a task best accomplished together. The Code of Conduct for Business Partners is an integral part of the contracts we have with our business partners. It formulates the expectations we have of our service providers, suppliers and sales partners when it comes to integrity and law-abiding behaviour. In addition, we offer risk-based training to our business partners on the basics of Compliance and anti-corruption.

 

Business Partner Due Diligence

We undertake a Business Partner Due Diligence process to check the integrity of our business partners, using a risk-based approach. A successful Compliance audit is the basis for a cooperation. Companies that do not meet the standards of our risk-based, transparent screening process are not considered as business partners. We also support our business partners in meeting the required standards with individual dialogues.

Whistleblower System

Our central Whistleblower System is also part of our Compliance Management System for ending corruption. Being aware of potential rule violations by Bentley employees and business partners is just as crucial to us as responding to rule violations appropriately. Our employees, customers, and other third parties can report possible rule violations committed by employees and business partners of Bentley at any time.

Tax strategy 

Bentley Motors Limited (the Company) is the most sought after luxury car brand in the world. The company’s headquarters in Crewe is home to all of its operations including design, R&D, engineering and production of the company’s model lines – Continental, Flying Spur, Bentayga, and Bentayga EWB. Bentley employs over 3,000 people at Crewe.

The Company manages its tax affairs based on five core principles:The following document sets out the Company’s strategy in relation to tax in the UK and represents how tax is undertaken within the business. The Company pays and collects on behalf of the Government a significant amount of tax every year, including PAYE, National Insurance, VAT, business rates, and other taxes.

Although the focus in on UK taxes, the Company’s attitude to tax globally follows the same principles as the UK.

 

Bentley Motors Limited regards its publication of this tax strategy as compliant with the duty under Finance Act 2016, paragraph 22(2).

This document was approved on behalf of the Board of Directors on 13th December 2023, and was published on 18th December 2023.

The fundamental principle underlying all the tax decisions within the Company is that of seeking to pay the right amount of tax in the right place at the right time. This is mandated at a global level by the Board of Management of our parent company, Volkswagen AG, and by the management of our internal Brand Group headed by Audi AG. The aim is to disclose all relevant facts and circumstances to the tax authorities and to claim reliefs and incentives where these are made available by tax legislation.

The Company seeks to build transparent and collaborative relationships with the UK Tax Authorities to create and maintain “Good Corporate Citizenship”. We aim to achieve this by engaging with HMRC with honesty, integrity, respect and fairness.

 

HMRC is kept informed about business developments to the extent they have a tax impact, at periodic meetings or through regular correspondence, to ensure a “no surprises” approach is maintained. We will always seek to disclose all relevant facts to HMRC to enable them to fully understand the matter in question, and to enable the appropriate tax treatment to be applied.

 

In the event that a disclosure to HMRC is required, these are made voluntarily and with full co-operation from the business.

 

This open, transparent approach would also apply to any dealings with overseas tax authorities, where relevant.

Ultimate responsibility for the tax affairs of the Company sits with the Board of Directors. The Board has assigned a Director with overall responsibility for its on-going tax affairs. This Director is the nominated Senior Accounting Officer for tax purposes.

 

The Company has a dedicated professionally qualified tax team covering all tax matters. The Company supports the tax team in maintaining their continuing Professional Development requirements. The team also adheres with the ethical standards of their relevant professional institutions.

 

Members of the tax team actively participate in various tax fora, both those with an industry specific focus and those with a tax technical base. This assists with understanding current best practice and developments.

 

The Company will also engage with specialist external advisors for particular matters as may be required. This is to further ensure that tax risk is adequately managed and that the Company remains up to date with the latest tax changes that may affect the business.

Given the size and global nature of our business, tax risks will arise. The individuals responsible for tax are appropriately skilled to handle these matters and receive regular tax updates to ensure knowledge is always up to date. Controls are also in place to seek to ensure that the tax team are involved with all significant business decisions with potential tax consequences.

 

The Group places a strong emphasis on tax risk management and robust global policies are in place to minimise risks. The Company adheres to these policies.

 

The above, taken together, enables the teams to identify, monitor and manage tax risks within the business. External advisors may also be engaged to help manage the risk and ensure that the Company meets its tax obligations.

The primary tax objective of the Company is to pay the correct amount of tax at the point at which it is properly due. The Company will utilise exemptions and reliefs that are legitimately available and in accordance with the wording and spirit of the law.

 

The Company is mindful of its reputation in the marketplace and seeks to operate in the manner of a responsible taxpayer.

 

Transactions between group companies are conducted on an arm’s-length basis and in accordance with OECD principles. The group do not undertake profit allocation on the basis of tax rates, and profit allocations follow the business activities of the group.

 

Where tax incentives are implemented by the Government to support investment, employment and economic development, the Company will only ever seek to implement these in the manner intended.

 

Engagement in artificial tax arrangements (i.e. those without commercial substance) is not undertaken. Where a point of law is unclear or uncertain, the Company may seek clarification from HMRC, external advisors or the judiciary as appropriate. This is to ensure that the Company complies with its tax objectives as set out in this document. Tax is not the commercial driver for decision making within the Company nor is tax a key performance indicator.

cyber security.jpg
Light Wood Portrait.jpg

Cyber security

Vulnerability reporting
How to contact us?
What to include
Supplementary infomation

Vulnerability reporting

Preserving the safety, security and quality of our products is an important issue to us. Indications from security experts are therefore of utmost importance to us. If you find a potential vulnerability in one of our products, please mail your results to vehicle.vulnerabilities@bentley.co.uk. Please pay attention to the scope and the disqualifying and qualifying vulnerabilities.

How to contact us?

- Please use only the designated communication channel to report information concerning vulnerabilities.

- Please send information only in English.

- Provide enough details for us to reproduce the vulnerability.

What to include

- Tell us the date you found the vulnerability

-In the case of a vehicle vulnerability please send us all available information about the model, VIN (Vehicle Identification Number), the component(s), part number(s) and software version.

- Describe the prerequisites that need to be met to exploit the vulnerability.

- Describe the tested system state and if possible, provide Proof-of-Concept code.

- Don’t send findings from automated scanning tools only.

Supplementary infomation

- Any independent activity in context with our products is at your own risk.

- Always comply with relevant laws.

- If you want to examine one of our products or vehicles, only use a vehicle in your ownership or one, for that you have the permission of the owner to examine it.

- Do not access or manipulate data if you do not own it or if you do not have the explicit permission of the owner.

- Do not start attacks leading to denial-of-service attacks and overall avoid high network load. If you think our servers have a specific problem in dealing with high data load, you are welcome to report it to the designated communication channel and we will reproduce your findings in a non-productive environment.

- All activities with criminal relevance are prohibited in any form.

- Please consider that it is possible to infringe the rights of third parties with reverse engineering. This can lead to legal consequences.

- Do not conduct activities that could harm you or others.

- Never endanger road safety and do not perform tests on public roads or places, but only at a secured place with a non-driving vehicle.

Usually we will answer your mail within 2-3 business days and inform you about the further procedure. Please note that vehicles are subject to safety and legal regulations. Therefore it can be quite a long process to resolve vulnerabilities in vehicles e.g. because of necessary validation. So we kindly ask you to give us time (Responsible Disclosure).

 

IT systems

 

All hosts in the ownership of Bentley Motors Apps

 

All apps, that are published by Bentley Motors, e.g. My Bentley

 

Vehicles that were sold under the brand Bentley Motors

 

Equipment that was sold under the brand Bentley Motors

Web pages of Bentley partners – occasionally Bentley partner use a subdomain of .bentleymotors as address for their web site. Bentley Motors has no control over those web pages. Please contact the corresponding dealer if you find a vulnerability there.

Vulnerabilities outside the scope

 

Denial-of-service attack (DoS / DDoS)

 

Brute-force attack

 

Social engineering

 

Vulnerabilities without an impact on safety or security (Vulnerabilities must have a security or safety impact in order to be considered)

 

URL forwarding

 

Reports, generated by automatic scan tools

 

Missing TLS communication

 

Expired TLS certificates

Physical destruction of locks, anti-theft devices etc.

 

Gaining access to a vehicle by physical destruction

 

Use of valid diagnostic functions

 

Denial-of-service attacks on ECUs or bus systems via flooding attacks

Injection

 

Broken Authentication

 

Cross-Site-Scripting (XSS)

 

Insecure Direct Object References

 

Security Misconfiguration

 

Sensitive Data Exposure

 

Missing Function Level Access Control

 

Cross-Site-Request-Forgery (CSRF)

 

Using Known Vulnerable Components

 

Unvalidated Redirects and Forwards

Firmware updates and cryptographic signatures

 

Identity management

 

Embedded software frameworks

 

Debug interface

 

Network protocols

 

Authentication procedure

 

Buffer and stack overflow

 

Sending of arbitrary data on in-vehicle bus systems (CAN, LIN, Flexray etc.)

 

Unlocking a vehicle

 

Remote-code-execution

 

Compromise of the update mechanism, e. g. flashing an ECU with unauthorized firmware

 

Infringement of GDPR-specifications: collection, usage, storage and revealing of sensitive data

Our whistleblower system

Complying with statutory regulations and internal rules, and the principles laid down in our Code of Conduct and the Code of Conduct for Business Partners, has top priority at Bentley Motors Ltd. The success of our company is based on Integrity and Compliance. It is important to learn of potential employee or supplier misconduct and to put a stop to it.

A “whistleblower” is a person who exposes any kind of information or activity that is deemed illegal, unethical or a Serious Regulatory Violation (SRV) at Bentley. The information of alleged wrongdoing includes serious violations of the Code of Conduct, company policy, regulation, law, or threats to public interest or national security, as well as fraud and corruption.

 

Our Whistleblower System offers various channels to report potential Regulatory violations by employees and/ or potential violations of the Code of Conduct for Business Partners by suppliers in our Supply Chain, that allow a swift review and reaction by our company if necessary. Reports can be made 24/7 in every language. This does not affect your statutory right to contact other designated authorities.

We have entrusted the Audi Investigation Office to operate an independent, impartial and confidential Whistleblower System on our behalf. Based on the principle of procedural fairness, the Whistleblower System guarantees the greatest possible protection for whistleblowers, persons implicated and employees contributing to the investigation of reported misconduct.

 

If your report concerns potential serious violations with regards to human rights and environment by suppliers, the Investigation Office will inform the responsible departments, who will process the issue accordingly. A key pillar of our Whistleblower System is the principle of procedural fairness. It also guarantees the greatest possible protection for whistleblowers, Persons Implicated and employees contributing to the investigation of reported misconduct.


This also includes offering opportunities for anonymous reporting and communication. We assure not to perform any steps in order to identify anonymous whistleblowers, who do not misuse our Whistleblower System. Retaliation of whistleblowers and all persons who contribute to investigations at Bentley will not be tolerated. Persons implicated are presumed innocent until the violation is proven. Investigations will be conducted with the utmost confidentiality. The information will be processed in a fair, fast and protected process.


If you have any questions or inquiries regarding a product you have purchased or feedback or complaints about services provided by Bentley, please contact your Customer Care Contact. We kindly ask for your understanding that the Whistleblower System unfortunately cannot process customer complaints.

The Whistleblower System offers various channels to report potential employee and or potential violations of the Code of Conduct for Business Partners by suppliers in our Supply Chain, that allow a swift review and reaction by our company if necessary. Reports can be made 24/7 in every language.

 

A report should be as specific as possible. Use the following questions to help:

• Who? - is affected? who might be responsible? has is happened before?

• What? - happened? what damage has occurred?

• When? - did the incident occur? is it still ongoing? are there witnesses?

• Why? was the potential violation committed? (if known), why do you think this a violation? e.g. which law/ policy has been allegedly violated?

• Where? - did the potential violation take place?

• How? - can the potential violation be substantiated?

You have the option of using a web-based communication platform to contact the Investigation Office in many languages. This system is confidential and technically secured. Even if your preferred language is not offered in the reporting channel, you can use any language to submit your report. You can also contact the Investigation Office in any language via e-mail or mail. Email: whistleblower-office@audi.de 

You can make a report 24 hours, 365 days, using the international toll-free number:
Toll free: 00 800 444 46300*

If your local telephone provider does not support the toll-free service, you can call the following chargeable number for Germany: 0049 5361 946300.

Depending on the country you are calling from it is possible that the international toll-free hotline is not available since some telephone network providers do not support the service. If so, please use the offered chargeable number or your country specific number.

Audi AG Whistleblower System
85045 Ingolstadt, Germany.

 

In person- Audi Investigation Office
AUDI AG
I/GC-H
85045 Ingolstadt, Germany
Appointments may be arranged in advance via whistleblower-office@audi.de.

External lawyers have been appointed to act as Ombudspersons. They advise on the Whistleblower System or ensure that reports from whistleblowers are forwarded anonymously to the Investigation Office if desired.

 

If you want to get in contact with the Ombudspersons you can find their contact details here: http://www.ombudsmen-of-volkswagen.com/

The qualified and experienced colleagues at the Investigation Office examine every report for potential misconduct by a Bentley employee thoroughly and follow it up systematically. First, you will get a confirmation of receipt. The Investigation Office then assesses your report. This includes gathering facts particularly from the whistleblower.

 

Only if this initial evaluation shows grounds for suspicion of a violation an investigation by a dedicated Investigating Unit will be started. Afterwards, the results of the investigation will be assessed by the Investigation Office and appropriate measures will be recommended. Information about the status* and the outcome of the procedure will be given to you without undue delay.

 

Potential violations of the Code of Conduct for Business Partners by suppliers, including serious risks and violations of human rights and environment by direct and indirect suppliers, can also be reported to the Investigation Office - as well as reports requiring otherwise immediate action. The Investigation Office will inform the responsible departments, who will process the issue accordingly. This particularly includes taking the necessary measures to minimize or end violations and/or risks.

 

* The processing time varies depending on the subject of the procedure,

 

Find more information on the procedural principles of the Audi Group Complaint Procedure here.

Questions or suggestions for improvement concerning the Whistleblower System can also be addressed to the Audi Investigation Office. If you have been interviewed in terms of an investigation, you have the possibility to give feedback to the Ombudsperson as independent body.


Furthermore, our local Compliance Officer can also be addressed in all matters of the Whistleblower System via compliance@bentley.co.uk

Phone numbers to make a report:

Toll free number: 0800-5912743

Local number: 021-23911381

Toll free number: 001-800-4610242

Local number: 0155-71000355

Toll free number: 0800-002576

Local number: 02-33325602

Toll free number: 833-6571574

Local number: 908-2198092

Toll free number: 0800-994983

Local number: 021-1003533

Toll free number: 1-800-819523

Local number: 0154-600099

Toll free number: 0800-6662992

Local number: 011-52528632

Toll free number: 0800 444 46300

Local number: 05361-946300

All vehicles on this page: WLTP drive cycle: fuel consumption, mpg (l/100km) – Combined 26.6-27.4 (10.3-10.6). Combined electrical consumption – 277-279 Wh/km. Combined CO₂ Emissions – 29-31 g/km.