Our Governance
RPM’s vision of Building a Better World is built on a foundation of strong corporate governance and values. We have deployed corporate governance and ethical practices and programs, like our Route 168 training program, that create long-term stakeholder value, guided by reasonable oversight through all levels of our leadership.
Effective Governance At RPM
As of October 5, 2023, our Board was composed of 11 Directors, 10 of whom were independent. Our Governance and Nominating Committee Charter assigns oversight of the identification of sustainability risks and opportunities, and the development and implementation of sustainability goals to the Committee. We continue to build Board engagement in environmental and social issues, with the help of added sustainability experience from Director Beth Whited, President, Union Pacific Corporation.
Board Diversity
RPM emphasizes diversity and inclusion at all levels of the company, starting with the Board. Women have been represented on the RPM Board for three decades.
Since adopting the Rooney Rule, a mandate to include diverse candidates in the selection pool for vacant Board seats, we have made significant strides in improving our Board’s gender diversity. General (retired) Ellen Pawlikowski was appointed to the RPM Board of Directors in FY23. Pawlikowski is a retired four-star general of the United States Air Force and is an independent consultant, providing expertise to industry and academia on strategic planning, program management, logistics, and research and development.
Read more about our Directors in our most recent Proxy Statement.
Building a Better World Oversight Committee
RPM established the Building a Better World Oversight Committee in 2021 to support our ongoing commitment to responsibly serve and engage our associates, customers and stakeholders on critical sustainability matters. The Oversight Committee reports to the Governance and Nominating Committee of the Board of Directors and include, among others, the Vice President – Corporate Benefits & Risk Management; Senior Vice President, General Counsel and Chief Compliance Officer; and the Vice President – Environmental, Health and Safety; Vice President – Operations. The Building a Better World Oversight Committee is chaired by the Vice President – Compliance and Sustainability, Associate General Counsel.
The Building a Better World Oversight Committee center leads the identification of sustainability and climate-related risks and the processes for developing and managing sustainability related goals. The Chair of the Building a Better World Oversight Committee reports regularly to the Governance and Nominating Committee of the Board to provide timely insight into important sustainability and climate-related issues. The Committee created dedicated subcommittees of subject matter experts that focus on addressing and managing risks, opportunities and strategies as well as developing initiatives and programming in support of our pillars in the Building a Better World framework: Our Products, Our People and Our Processes.
CEO Compensation
A portion of our CEO’s compensation is discretionary and includes consideration of goals related to the development of diverse candidates for management positions. The level of discretionary compensation is determined by the Compensation Committee as part of their annual evaluation. Read more in our most recent Proxy Statement.
Board Of Directors Committee Composition
Below is a summary of RPM’s committee structure and membership information for its board of directors. To read more about any of the committees, click on committee names in the chart below.
Supply Chain & Responsible Procurement
Our suppliers are a significant component of our global impact, and we hold our supply chain to our sustainability and ethical standards as outlined in Our Code of Conduct, The Values & Expectations of 168, and our Supplier Code of Conduct, which was updated in August 2023. We are committed to conducting business ethically and responsibly, respecting and protecting human rights, and opposing human trafficking and exploitation. Our Supplier Code of Conduct stipulates that our suppliers are required to:
- Remain free of corruption and conduct business in a fair and ethical manner;
- Operate with social responsibility, including providing a safe work environment and protecting workers’ rights;
- Be a steward of the environment; and
- Comply with all applicable laws, rules and regulations.
To further verify adequate supplier oversight, we use third parties to conduct reviews as part of our evaluation of potential suppliers. For example, starting in 2022, we partnered with third-party screener Ecovadis to vet companies based on their sustainability risk and performance, including on human rights across our value chain.
Risk Management
We have synthesized our enterprise-level risk assessment to cover a range of topics including internal audit, finance, compliance and, most recently, sustainability and climate change. In 2021, the survey was given to more than 1,200 associates from our management teams across our business units, allowing for risk identification on topics across the company.
We use employee surveys, a series of questionnaires and follow-up meetings to focus on the specific risk areas identified through the assessment. Then we publish key findings internally and address gaps.
RPM also reviews the assessment process and results with the Board of Directors annually.
Ethics & Compliance
At RPM, ethics and compliance are more than just policies, they are attitudes embracing The Value of 168 in doing the right things, the right way, for the right reasons.
We built our ethics and compliance program on our core values of transparency, trust and respect, creating an open and honest environment, promoting accountability and valuing opinions. The Value of 168 is embodied and demonstrated in the behaviors of our leaders, associates and stakeholders and we are devoted to operating with the highest standard of ethics and integrity.
Code of Conduct
Our Code of Conduct is titled The Values & Expectations of 168 and is reviewed and includes input from our Board of Directors. It is the compass for our business, people and ethics, and represents how we hold ourselves accountable and truly create value for all. The most current version of The Values & Expectations of 168 was approved by RPM’s board of directors on October 6, 2022. It has been translated from English into multiple languages to ensure it is reasonably accessible to RPM’s associates and other stakeholders.
We promote ethics and compliance across the company through regular Code of Conduct and compliance and ethics training programming, awareness campaigns and training. We provide all associates, including management, training on The Values & Expectations of 168; this includes topics such as non-retaliation, human rights, anti-bribery and corruption, conflict of interest, anti-trust, non-harassment and discrimination, and data protection. As of December 31, 2021, we have fully trained more than 90% of our global associates and management team.
TRAINING & AWARENESS
Our compliance training program, Route 168, takes a risk-based approach and employs our learning management systems. Training includes, among others, stand-alone courses on data protection, conflicts of interest, competition and antitrust compliance, anti-corruption and bribery compliance, gifts and entertainment, anti-harassment, modern slavery, risks in the supply chain, fraud and business integrity. Training is provided to all employees with particular focus on topics that closely relate to functional areas such as modern slavery and risks in supply chain to those who oversee RPM’s supply chain.
Our Route 168 program, rolled out in January 2021, delivers monthly compliance messages across RPM in new and engaging ways to raise awareness of compliance and ethics topics, equip our associates with the appropriate and useful resources to confront issues and reinforce a unified company culture of ethical business conduct and decision-making. Communications include newsletters, emails, toolbox talks, posters, trainings and business initiatives covering topics such as non-retaliation, fraud, anti-trust, data protection, conflicts of interest and corruption and bribery. The campaign is designed to help our associates spot red flags and know how to raise issues on compliance and ethics concerns.
The Audit Committee of the Board of Directors is responsible for the oversight of risk management and ethics and compliance matters and receives quarterly reports from management on ethics and compliance.
In November 2021, we launched monthly Compliance Tool-Box Talks, a program designed to deliver critical compliance messages in an easy-to-digest format to improve awareness of compliance topics among production associates.
All associates have access to RPM Navigator, an internal site that serves as a resource for policies, training materials and guidance. Navigator was officially launched in July 2021 and provides information on our compliance hotline; Hotline and Nonretaliation Policy and other corporate policies; Route 168 resources; and Supplier, Applicator and Distributor Codes of Conduct. The site has multi-lingual functionality.
We also conducted our first Global Compliance Survey in January 2021. The survey focused on our Code of Conduct, efficacy of the compliance training program and protocol for reporting concerns. Some of the same or comparable survey questions were included in our Employee Engagement surveys in 2022 and 2023 providing comparable data over the period. We use this data to determine key performance indicators for our compliance-related goals.
Anti-Corruption Policy
RPM’s Anti-Bribery and Anti-Corruption Policy expresses our long-standing commitment of a zero-tolerance policy towards bribery and corruption. We use our Route 168 program to educate our associates about how to spot and report corruption activity and investigate all reports of suspected incidents.
We remain committed to conducting business ethically and responsibly, respecting and promoting human rights, and opposing human trafficking and exploitation. RPM strives to operate in compliance with applicable laws where we do business by:
- Implementing policies and guidelines requiring equal opportunities, nondiscrimination and non-harassment, the prohibition of child and forced labor;
- Complying with applicable health and safety and wage and hour laws and ensuring safe working environments and fair and living wages;
- Expecting our associates, suppliers, distributors and applicators to operate in accordance with our Codes of Conduct;
- Respecting our associates’ right of freedom of association and collective bargaining in accordance with local laws;
- Offering a reporting hotline where individuals can report any ethical or employment concerns without retaliation.
We also support the U.N. Guiding Principles for Business and Human Rights, which respects and honors the principles of internationally recognized human rights.
Information Security & Data Privacy
RPM actively fosters healthy relationships with its associates, customers, and other stakeholders by understanding the importance of securing the data its entrusted with, complying with data protection laws and recognizing applicable data related rights afforded to individuals.
Our Information Security Program is designed to protect and preserve the confidentiality, integrity and continued availability of all information that we own or is in our care. The Program is led by our Vice President – Global Systems, and Vice President – Commercial Excellence in coordination with other members of our Information Technology executive leadership. The Information Technology executive leadership together with our Legal and Compliance department are responsible for defining strategy and managing our internal approach to cybersecurity and data governance.
Reporting & Internal Audit, Controls & Standards
Our Director – Information Security provides quarterly updates and an annual report to the Audit Committee of our Board of Directors on data security controls, incidents, reviews, protocols, training and remediation processes. Our Chief Audit Executive provides the Audit Committee with quarterly and annual reports regarding our data security compliance and internal controls audits. A corporate compliance and hotline report update is also provided at each Audit Committee meeting.
We regularly test our data security controls for reliability and compliance, and we employ auditors specializing in information technology, data security, privacy and compliance within our Internal Audit Department to assess our controls, systems and policies. In addition to our internal testing, we use third-party consultants to review our systems, including risk management, network penetration testing, and to provide insight on new and evolving threats along with specialized advice on how best to mitigate those threats.
Data Privacy
RPM is committed to complying with all applicable data protection laws and respecting the privacy rights afforded to individuals in the jurisdictions within which we operate. Our Privacy Notice describes the ways in which we collect, use, share or otherwise process personal data of our customers, end-users and other third parties. The Privacy Notice is available on our websites and informs users of their rights and how to contact the Company in the event they have a question or concern about their information or our data practices. Our internal data privacy policies are designed to prevent unauthorized access to, and disclosure of, personal information using a range of operational and technological safeguards. Our employee privacy policies keep associates informed of how the Company processes their personal information and the rights that may be afforded to them under data protection laws.
Associates are educated on data protection topics that include identifying and appropriately handling protected information. Projects, processes, or tools that involve sensitive data types are reviewed for legal compliance and integration of data privacy by design concepts.
Cybersecurity Training & Incident Reporting
The organization’s Information Security team provides regular training and resources to associates across the organization that highlight potential cyber threats, concerns and ways to avoid digital incidents. We require that all data incidents or technology concerns are immediately reported to our corporate Legal and Compliance department via our Reportable Events portal. These are investigated by the Legal, Compliance and Information Security teams to ensure any resulting risks are appropriately identified and remediated.