ESRS G1 Business conduct

Governance information

ESRS G1 Business conduct

Impact, risk and opportunity management and strategy

Material business conduct-related impacts, risks and opportunities (IRO-1)

PUMA regularly performs assessments to confirm existing risks or identify new risks and their impact when it comes to business conduct. In considering the nature of our business, the locations of our sales entities and sourcing facilities, we focus on the following compliance risks areas: bribery, corruption, money laundering, fraud, conflicts of interest, anti-competitive behaviour, Human Rights violations and environmental damages. When we examine the impact of risks, we look at the impact on our business operations, financial performance, and reputation. The result of each risk assessment is a risk matrix that we use to prioritise identified risks based on their likelihood and impact. This helps us focus resources on managing the most critical risks. Not only risks are spotted in this process opportunities are also addressed.

In relation to our business partners with whom we source our core products, we identify risks by conducting thorough due diligence, which involves sanctions and reputational checks, sanity checks and examination of their sustainability policies and ethical practices. The level of scrutiny applied to each business partner varies and we prioritise the country risk, the industry risk and the volume of the business.

The details of the process of identification of business conduct-related material topics are explained in the General information (IRO-1) section.

The role of the administrative, supervisory and management bodies (GOV-1)

As a company listed in Germany, PUMA adheres to the German Stock Corporation Act and the German Corporate Governance Code. PUMA has a dual management system featuring strict personal and functional separation between the Management Board and the Supervisory Board (two-tier board). Accordingly, the Management Board manages the company while the Supervisory Board monitors and advises the Management Board. PUMA has three bodies: the Management Board, the Supervisory Board, and the Annual General Meeting. The Management Board of PUMA manages the Company on its own responsibility with the goal of sustainable value creation. It develops PUMA's strategic orientation and coordinates it with the Supervisory Board. In addition, it ensures Group-wide compliance with legal requirements and an effective risk management and internal control system.

The members of the Management Board are appointed by the Supervisory Board. The Supervisory Board of PUMA consists of seven members, five of whom are shareholder representatives and two of whom are employee representatives. Shareholder representatives are being elected individually.

The Supervisory Board supervises and advises the Management Board on the implementation of the strategy. Supervision and advice also include, core compliance and sustainability issues, which are covered as a cross-sectional task in the Audit Committee and the Sustainability Committee. The Management Board informs the Supervisory Board regularly, promptly, and comprehensively about all issues of relevance to PUMA relating to strategy, planning, business development, the risk situation, risk management and the compliance management system. PUMA’s sustainability strategy is approved by the Sustainability Committee and the Supervisory Board. It deals with deviations during business from the established plans and targets, stating the reasons. The Supervisory Board is involved by the Management Board in decisions of paramount importance for the Company and the Supervisory Board needs to approve those decisions.

The Management Board has put in place a Compliance Management System (CMS) to ensure good business conduct. It has implemented a Code of Ethics that defines the expectations of the Company regarding good business conduct towards its employees, business partners and stakeholders. The Code of Ethics is part of every employee’s contract and is thus binding for all employees. Through clear tone from the top the CEO regularly delivers clear messages on how important it is to follow the principles of the Code of Ethics. The Supervisory Board is informed in its regular quarterly meetings and, if necessary, on an ad-hoc basis about the status of the implementation of the CMS.

The members of the Management Board and the shareholder representatives on the Supervisory Board bring a wealth of experience when it comes to expertise in business conduct matters. All aforementioned members are seasoned executives in C-level positions of international corporations who have been responsible for building structures on good corporate governance throughout their career. On top every training that employees are asked to conduct on a mandatory basis, must be finished by the members of the Management Board.

Business conduct policies and corporate culture (G1-1)

PUMA has established a comprehensive set of policies to guide business conduct at a Group-wide level. These policies are designed to ensure that all employees, at every level, uphold the highest standards of integrity, transparency, and ethical behaviour. The PUMA Code of Ethics, previously referred to in the sections on Policies related to own workforce (S1-1) and Remediation of negative impacts and channels to raise concerns (S1-3), outlines our commitment to ethical behaviour, Human Rights, and transparency. It applies globally and is relevant to various stakeholders, including employees and business partners in the supply chain. It promotes brand values and ethical conduct, protects Human rights and maintains transparency and accountability. Key areas covered by the Code of Ethics and the Group internal policies include: Human Rights protection, occupational health and safety, learn from mistakes, intellectual property, protection of PUMA assets, sustainability, quality and safety, business partners, conflicts of interest, insider trading, anti-money laundering, trade compliance, fair competition, anti-corruption, financial integrity, tax compliance, confidentiality, data privacy, animal welfare and SpeakUp.

The PUMA Code of Ethics helps mitigate several risks like bribery, anti-competitive behaviour, violations of Human Rights, tax evasion, money laundering etc. It is the basic document employees are asked to turn to educate themselves about the values of PUMA. More detailed internal policies complement the main principles of the Code of Ethics. In incorporating the Code of Ethics into the agreements with the business partners and suppliers, a strong relationship is built, and a transparent communication is ensured. The Code's anti-corruption measures ensure that PUMA and its partners operate with integrity and transparency, protecting the brand's reputation.

The policy framework defines zero tolerance issues within the organisation. PUMA is committed to adhering to the UN Global Compact principles related to governance. The Management Board and especially the CEO is responsible for the implementation of compliance policies. Each compliance policy is approved by all members of the Management Board and communicated by the CEO via email to all local General Managers responsible for implementation to all employees. All awareness measures on the core compliance risk areas are pre-aligned with the CEO.

To foster a positive corporate culture, we actively promote these values through regular trainings according to a training plan agreed with the Management Board, cascading awareness initiatives through posters, leaflets, emails, CEO messaging and a leadership team that leads by example. By embedding these principles into our daily operations, we aim to create an environment that encourages trust, accountability, and mutual respect.

The Management Board and the Supervisory Board are informed quarterly about compliance cases and the implementation status of our CMS.

PUMA behaves in a law-abiding, fair, respectful, and ethical manner towards its employees, consumers and business partners. The Compliance Organisation, Group Compliance in the headquarters and Local Compliance Officers in each and every PUMA entity, works together as a team to ensure that all PUMA employees comply with PUMA's values. While PUMA Group Compliance at the headquarters sets the baseline, stricter local requirements take precedence, ensuring the highest standards are always met.

PUMA has developed a comprehensive risk assessment framework that incorporates key policies to address various identified risks. The framework aligns with our business objectives and regulatory requirements to ensure that all potential risks are identified, assessed, and mitigated effectively. Depending on their exposure to the identified risks, target groups of employees are built who receive more intensive training than others. Where external parties are involved, measures are taken to ensure that the risk associated with these parties is mitigated. This includes contractual clauses, onboarding, due diligence or training. After a policy has been released, related communication and training materials are developed to reinforce the understanding of the rules of the policy.

Internal controls and procedures ensure efficient operations and minimise errors, fraud and misconduct.

Our Code of Ethics, Anti-corruption and Anti-bribery Policy, and all other policies are in place to ensure we comply with local and international laws and regulations. PUMA’s Anti-bribery and Anti-corruption Policy is consistent with the United Nations Convention Against Corruption. Employees are trained on these policies to ensure a thorough understanding of legal obligations. These policies mitigate risks related to legal penalties, financial loss, and reputational damage by ensuring that all activities comply with applicable laws and regulatory standards.

Breaches of law or our internal policies are not tolerated. Through the whistleblowing channel SpeakUp, PUMA can be informed about such breaches. PUMA’s Whistleblowing Policy protects whistleblowers globally from retaliation and guarantees a confidential and fair treatment of the case.

In case violations occur, those are remediated, a new risk analysis is performed, and measures are taken to close potential gaps in the control system.

Tone from the top is key in PUMA’s corporate culture, leadership demonstrates commitment through transparent communication, and by modelling the behaviours that align with our core values. This commitment is cascaded down to all levels in the organisation, ensuring a consistent culture framework. PUMA is dedicated to continuously developing a positive and inclusive corporate culture. We invest in training programs and workshops that focus on our values, ethics and leadership development. These programs are designed to help employees at all levels understand and embody the company culture.

During the onboarding process, new employees are introduced to PUMA’s culture through orientation sessions that cover our values, mission and expectations. This ensures that from day one, employees are aware of and engaged with the company’s culture.

Leadership development is another critical component of our culture-building efforts. We provide ongoing support and training for our leaders to ensure they act as role models and reinforce the desired culture within their teams. PUMA has developed a variety of communication channels, including regular townhall meetings and compliance awareness initiatives. Through the intranet culture stories, achievements and updates are shared with all employees. Compliance policies are communicated by the Management Board member responsible for the topic via email and are available on the intranet. Compliance awareness initiatives are communicated via multiple channels, like hardcopy, email and videos.

Compliance awareness initiatives are structured to echo a training plan, a new policy or a policy update, or to educate after a compliance incident.

Corporate culture is evaluated by regular employee feedback mechanisms, e.g. employee survey, open-door policy, that encourage employees to voice their opinions and concerns. Such feedback is analysed to identify trends, strengths and areas of improvement. The survey is conducted every three months. Culture alignment is also assessed during performance reviews, where employees are evaluated not only on their job performance but also on how well they embody the company’s core values. This approach ensures that cultural fit is a key component of overall performance. To maintain and improve our corporate culture, we regularly conduct internal audits to assess compliance with our values and standards. Action plans are developed to address any identified gaps, ensuring that our culture continues to evolve in a positive direction.

At PUMA, we act in accordance with the law and self-imposed standards of conduct in all business activities. PUMA’s CMS is designed to systematically prevent, detect at an early stage and sanction violations of rules in the areas of corruption, money laundering, conflicts of interest, antitrust law, fraud or embezzlement. Violations of the law or internal policies are not tolerated.

As part of the CMS, PUMA has a Group-wide electronic whistleblower platform, operated by an external provider, to which employees and third parties can report illegal or unethical behaviour. Reporting is also possible to the P&O department or to the Local Compliance Officers. All cases in core compliance areas are documented and managed in the same way, no matter the reporting channel. Reporting from external stakeholders is enabled via a link to the whistleblower system on our website.

Violations from all risk areas can be reported. Reports of violations that do not fall within the core compliance risk areas are forwarded to the relevant departments, which are then responsible for investigating and implementing appropriate measures in the respective cases.

We have Case Handling Rules and Investigation Guidelines to support the members in our investigation team. All major cases in the whistleblowing platform are reported quarterly to the Management Board and Supervisory Board.

PUMA’s whistleblowing platform SpeakUp fulfils all requirements of German and European whistleblowing law. Education on SpeakUp is a mandatory part of compliance trainings and is regularly communicated via Compliance Awareness Initiatives, e.g. SpeakUp poster in all PUMA buildings worldwide. PUMA has implemented Case Handling Rules and Investigation Guidelines to support the staff receiving the reports and investigating the cases. They are trained regularly and exchange on lessons learned from the case investigations in catch-up sessions.

PUMA protects all whistleblowers from retaliation. No employee will be subject to disciplinary or retaliatory actions due to reporting a concern or an incident in good faith. Every report is treated as strictly confidential. This is stated in our Whistleblowing Policy and is the mindset that we display in the course of every investigation.

PUMA takes every report seriously and investigates every substantiated compliance case. The investigation process is free from any undue influence and the standards applied are objective. If a violation has not been proven, the presumption of innocence applies. Incriminating and exculpating facts are equally included in the investigation. All investigations are conducted in a confidential manner and comply with the applicable laws. Disciplinary measures are taken in accordance with the principle of proportionality. In the event of misconduct by a business partner, appropriate consequences will also be taken in accordance with the principle of proportionality.

The PUMA Compliance Training Strategy resolved by the Management Board stipulates that two short trainings on core business conduct topics like preventing bribery, anti-money laundering, anti-trust, ethical behaviour, business partner due diligence, keeping information confidential etc. will be held every second year for all employees worldwide and one deep dive training on selected topics from the above listed ones will be held every three years for target groups based on their risk exposure to the topic.

The functions in PUMA that are most at risk of corruption and bribery, are typically those that involve interaction with external governmental bodies or business partners. Those are facility management, logistics, sourcing and procurement, sales, sports marketing, and marketing.

Prevention and detection of corruption or bribery and incidents (G1-3, G1-4)

CMS helps us to operate within legal and regulatory boundaries while fostering ethical behaviour and good corporate governance, with a focus on the compliance risk areas including anti-corruption and anti-bribery. PUMA’s CMS in this regard consists of three pillars including prevent, detect and respond.

• In “Prevent”, we identify and assess the compliance risks via regular risk assessments, then formulate related policies and training to mitigate the related risks especially in areas like anti-corruption, bribery, anti-money laundering and fraud. A regular Tone from the Top is an important tool in preventing compliance violations
• We have established different whistleblowing channels to “Detect” violations against the law or our internal policies that we described above
• We “Respond” to compliance violations with actions that counter the severity of the case. Consequences can be warnings or other disciplinary measures, remediation action plans, awareness measures or an adaptation of the training content and cycle to the new evaluated risk situation. We include case studies and clear guidance on best practices and prohibited behaviours to prevent incidents of corruption or bribery.

Anti-corruption is a standard training module in our Compliance in-person training program, as well as in our e-learning training program. The whistleblowing channel SpeakUp is available on the internet page and available for both employees and external business partners. Information on SpeakUp and how allegations are handled are a standard training module in all our Code of Ethics e-learning and Compliance in-person trainings. We include a module on anti-corruption and anti-bribery in each training for our suppliers.

The PUMA Compliance Training Strategy resolved by the Management Board stipulates that two short trainings on core business conduct topics like preventing bribery, anti-money-laundering, anti-trust, ethical behaviour, business partner due diligence, keeping information confidential etc. will be held every second year for all employees worldwide and one deep dive training on selected topics from the above listed ones will be held every three years for target groups based on their risk exposure to the topic.

Our Code of Ethics communicates our expectations regarding the prevention of corruption and bribery in business. A more detailed Anti-bribery and Anti-corruption Policy helps employees to comply with the expectations and is communicated by the CEO to all PUMA employees worldwide. It lays out approval processes for risky business transactions. Implemented internal controls like the segregation of duties and four-eyes principle limit opportunities for corrupt activities. The screening process established via the Business Partner Due Diligence policy ensures that business partners are carefully selected and the corresponding compliance clauses in the agreements request them to meet anti-corruption standards. Regular Code of Ethics e-learnings and in-person compliance training programs as well as awareness measures make sure that the key messages are properly communicated to all the employees.

We have established a whistleblowing channel for employees and external partners to report corruption and bribery allegations. With the help of Internal Audit, suspicious activities in terms of corruption and bribery are identified. Cross department screening in SAP also helps to monitor financial transactions for red flags. Once PUMA is aware of corruption or bribery cases, the Case Handling Rules and Investigation Guidelines are in place to enable every case manager in each entity to conduct investigations properly and all cases are documented in a case management system and reported to the Management Board and Supervisory Board on a quarterly basis.

Corruption and bribery are zero tolerance issues at PUMA. Disciplinary consequences and remediation plans are mandatory for each confirmed corruption or bribery case. Annual Compliance e-learning is conducted targeting each PUMA employee with a business email account. Anti-corruption/bribery is subject at all in-person compliance trainings. Additional training is provided to executive/senior management with tailored case studies. All compliance training materials are developed by the Compliance team in order to be very relevant to the PUMA teams and to speak the language of the fairly young employee base. The compliance training strategy is approved by the Management Board.

At PUMA we ensure that the investigators are completely independent from the management chain or department that is involved in the matter. This includes:

• When appointing an investigator (case manager), Group Compliance makes sure that there no conflict of interests and they are from an unrelated entity or department, normally the local compliance officer or, where necessary, an external investigator
• PUMA has established clear and separate reporting lines for the investigators, ensuring they report the case solely to the compliance department, rather than to anyone involved in the matter
• Investigation Guidelines are in place, which clearly state that if a conflict of interest arises, e.g. if the responsible compliance officer is too close to the accused or the reporter, the case will be handled by Group Compliance, to ensure the case is impartially handled
• For particularly sensitive cases, we may engage external investigators or forensic auditors to further distance the investigation from internal influence.

The investigation is overseen by Group Compliance to ensure adherence to protocols, and fairness. The Compliance function reports all corruption/bribery cases and all other major cases to the Management Board and to the Audit Committee of the Supervisory Board on a quarterly basis. The content of this report includes the quarterly summary/analysis of cases, comparisons to previous quarters, percentage of closed cases, key case summaries with follow-up measures, actions or learnings/recommendations derived from the key cases.

PUMA Compliance Policies are written in easy language that can be well understood by the staff. They are translated into the local languages and can be adapted to local needs. Compliance Policies are always released by the CEO to all employees worldwide to ensure the right Tone from the Top. In the CEO email, a copy of the policy is provided with a link to the intranet for easy access. Each compliance policy names a contact person to answer questions related to the understanding and implementation of the policy. The contact person can also bring back the latest information and feedback on the policy, ensuring that PUMA is prepared for possible updates. In all compliance training, including e-learnings and in-person trainings, the related policies are repeatedly communicated.

PUMA has a compliance training strategy that illustrates which compliance training is provided to whom at which frequency in which format. Every new joiner receives onboarding training about compliance culture, introduction of risk areas and policies, expectations and the whistleblowing channel SpeakUp. Existing employees receive basic and deep-dive compliance training. Basic training educates about the fundamentals of the most relevant risk areas. They are covered by short annual e-learnings. Deep-dive training provides deeper knowledge in certain risk areas and is designed for targeted employees with bigger risk exposure. This deep-dive compliance training is covered by longer e-learnings and face-to-face compliance trainings. All training on anti-corruption/anti-bribery is mandatory. Training modules on anti-corruption are standard parts of all compliance trainings.

A hundred percent of function-at-risk are covered by training programs. Each Code of Ethics e-learning is mandatory for all employees and aims at a 100 % completion rate. Such e-learnings are communicated and launched via the CEO of PUMA to all employees worldwide. All e-learnings are also conducted by the members of the Management Board and the Supervisory Board. On top of that the members of the Management Board and the Supervisory Board receive regular tailor-made compliance trainings, depending on the topics that are relevant for the fulfilment of their tasks.

In 2024, PUMA did not have confirmed cases on corruption or bribery.

PUMA is dedicated to fostering a culture of integrity by offering global anti-corruption and anti-bribery e-learnings every two years. The last session of e-learnings on anti-corruption and anti-bribery was conducted in 2023 and is due again in 2025.

Management of relationships with suppliers (G1-2)

PUMA has several practices to minimise supply chain disruptions, aligning with its strategy and risk management:

• Vendor Financing Program: Established in 2016, this program offers suppliers attractive financing terms through partnerships with banks like BNP Paribas, Standard Chartered Bank, and HSBC, ensuring liquidity during disruptions
• Collaborative adjustments: During the COVID-19 pandemic, PUMA worked with retail partners and manufacturers to adjust order placements, sharing the burden and maintaining continuity
• Continuous Communication: PUMA maintains ongoing dialogue with suppliers to assess risks related to factory work suspensions, layoffs, wage payments, and working conditions, addressing issues proactively
• Responsible purchasing: PUMA ensures orders are paid in full and materials compensated even if orders are cancelled, building trust and reliability
• Health and Safety Guidelines: PUMA guides manufacturers to follow government and ILO guidelines to protect workers’ health, ensuring safe operations during crises
• Sustainability strategy: PUMA’s FOREVER. BETTER. strategy, informed by the SDGs focuses on human rights, climate action, and circularity, ensuring long-term resilience and adaptability.

PUMA recognises the impact of its business practices on suppliers and aims to reduce negative effects through its Responsible Sourcing Policy.

Established in 2019, the Responsible Purchasing Practice Policy guides decisions and ensures consistency. PUMA trains its sourcing staff and suppliers on this policy, referencing the UN Guiding Principles on Business and Human Rights to highlight the link between purchasing practices, working conditions, and human rights risks.

We ask strategic Tier 1 suppliers to participate in the Better Buying survey to gather feedback on PUMA’s responsible purchasing practices. This survey collects anonymous ratings from suppliers based on five principles of responsible purchasing, helping us improve our practices. We share the survey results with our sourcing team and suppliers.

In 2023, PUMA added a responsible disengagement clause to its purchasing practices. Following Fair Labor Association guidelines, PUMA commits to providing at least six months’ notice before significantly downscaling orders or ending business relationships. A longer notice period may be granted based on average production capacities over the past two to three years to mitigate impacts on workers and allow suppliers time to find new buyers.

PUMA’s Code of Conduct is integral to our manufacturing agreements. As part of the manufacturing agreements all suppliers sign a legally binding Declaration of Principles specifying the principles and standards to be observed by the suppliers, including annexes on Anti-corruption, Building safety, Animal protection, PUMA sustainability audit, restricted substances, and PUMA cotton sourcing policies. The supplier acknowledges the importance of adhering to social and environmental standards and guarantees these rights to all employees and affected stakeholders. Additionally, the supplier commits to respecting internationally recognised human rights, complying with all applicable laws to prevent slavery, servitude, forced labour, and human trafficking, and avoiding any activities that would constitute an offense.

PUMA uses a Supplier Scorecard to evaluate and manage supplier performance based on several key criteria including environmental compliance, waste management and effluent treatment. PUMA conducts regular reviews and meetings with suppliers to discuss scorecard results, address any issues, and identify areas for improvement. Suppliers needing improvement get support and guidance to meet PUMA’s standards.

PUMA extends its local supply chain initiatives in markets such as China, India, Latin America and Türkiye. By sourcing materials and products regionally, PUMA fosters closer relationships with local suppliers.

Payment practices (G1-6)

PUMA has digitised its supply chain to create transparency and operational efficiency, ensuring timely payments to suppliers. Consequently, all payments to vendors are automated and paper-free, ensuring timely payments as per our terms.

PUMA’s standard contract payment terms require payment upon receipt of invoice within a specified number of days from the actual handover date. In 2024, approximately 76 % of annual invoices were paid according to these standard terms. The remaining invoices were paid based on local terms agreed upon between the sales subsidiary and the supplier. In 2024, there were no outstanding legal proceedings for late payments, as this process is automated. ‎└