1. Home
    Item seperator
  3. Item seperator
    Our compliance corner

Our compliance corner

The fight against corruption

Nokia is committed to maintaining a culture of integrity and to fighting against corruption. Our strong policies and processes help to ensure that employees do not engage in unlawful or unethical behavior, thereby mitigating risks related to anti-corruption, competition, bribery, fraud, and money laundering. The consequences of corruption are profound and can result in reputational damage, financial settlements and substantial fines. In addition, companies and individuals are subject to investigations, potential loss of business, and harm to careers, investors, and consumers.

At Nokia, compliance is a shared responsibility with our leaders, who must lead by example and demonstrate deep engagement in driving compliance; our employees, who must know and understand the rules and raise their hands when they have concerns; and our Legal, Compliance and Sustainability team that is responsible for educating and empowering employees, establishing clear guidelines, and implementing effective procedures to address the complex and varied risks inherent in today’s business environment. External partners are also expected to abide by our high ethical standards. We employ a risk-based due diligence process for suppliers and commercial third parties and contractual provisions to ensure that external partners understand our expectations for compliant behavior.

Integrity is a core value at Nokia, and we constantly seek to mitigate risks and improve our compliance program. At the foundation is our speak-up culture which is supported by multiple options for reporting concerns, including our Ethics Helpline and our global network of Ombuds leaders, who are a neutral and confidential avenue for employees to raise concerns, receive guidance, and stay compliant. Our Ethics, Regulatory and Compliance team is structured to ensure comprehensive compliance coverage in our businesses, regions, and central functions. Our investigations team responds to concerns raised about potential violations of our Code of Conduct, Nokia policies, and the laws of the various countries in which we operate. Our compliance leaders serve as our eyes and ears on the ground everywhere we do business and work to increase awareness on our program, policies, and procedures. Regulatory specialists are integrated into our Ethics, Regulatory and Compliance team and apply a strategic mindset to their domains to enable growth and business development while protecting the company from legal, financial, and reputational risks. We are committed to compliance with all applicable trade and sanctions laws and regulations that impact operations, including export control and customs compliance. Our sustainability team oversees the compliance aspects of sustainability and provides oversight, governance, and strategic direction for Nokia’s overall environmental, social and governance agenda. We have policies and practices in place to ensure our operations are fully aligned with international human rights standards and that our technology is not used to limit or infringe on human rights. Our global privacy, data and cyber regulatory team addresses cyber and data-related laws and regulations, safeguards Nokia’s data and business processes, and ensures that our products and services meet customer and market expectations for security, compliance, and data protection. The anti-corruption center of excellence (CoE) manages risks arising from third parties, entertainment, and hospitality.

We understand that maintaining a strong culture of integrity is a commercial differentiator and prioritize maintaining our values in a competitive market. We want to “win” with integrity!

On this page
train station

Trust is based on a foundation of integrity

Nokia values an inclusive, stable work environment and is committed to driving growth ethically and providing fair pay, benefits, and growth opportunities. Our adherence to these ideals attracts customers, suppliers, shareholders, and partners. Our compliance program is agile and adaptable, constantly adjusting to the changing landscape of issues such as corruption, privacy, cybersecurity, competition law, trade compliance, and sustainability.

We proactively address new and emerging risk areas as we expand into different industries and markets. Our program enables business, protects the company, and provides compliant solutions to support our teams and partners who are creating the technology that helps the world’s organizations, machines and devices act in sync with each other and the people they serve. We achieve this by understanding business strategies and goals and partnering to assess and mitigate compliance risks.

Our compliance program has several key elements, including but not limited to effective and engaging compliance training and communications; a thriving speak-up culture and concern reporting process; a robust risk assessment process; expanding privacy, data and cyber regulatory oversight; and increasing oversight of trade and supply chain compliance. Every employee plays a crucial role in compliance, and they are expected to know and understand the rules, complete annual mandatory training, ask questions when unsure, and speak up if they notice anything amiss. Our success is based not only on providing cutting-edge technology but also on a dedicated and productive workforce that feels valued and trusts the company to do the right thing. We also work closely with third parties, including commercial third parties, licensees and suppliers, to encourage adherence to the same high standards of ethical business across all interactions and to help ensure responsible sourcing and globally acceptable labor practices.

Many individuals consider employers as their most trusted institution or relationship, outpacing NGOs, business, and media. The 2024 Edelman Trust Barometer survey shows that business is the most trusted institution to introduce innovation into society.1 Employees expect companies to act as change agents , working to improve their lives and society. Employers who meet these expectations benefit from an engaged, loyal, and committed workforce. We understand the importance of trust, engagement, and a greater purpose.

In the Legal, Compliance and Sustainability organization, trust is central to what we do. We strive to raise the bar on transparency and compliance everywhere we do business. We also work hard to improve communities and the lives of others through pro bono work. Our Legal, Compliance and Sustainability team furthers the trust equation by supporting our business partners in complex negotiations, business objectives, and dispute resolutions; protecting intellectual property; providing communication and technology solutions; leading the strategic direction and implementation of the overall ESG agenda; and setting an example for ethical business practices. Our culture of trust and shared responsibility serves as a foundation for compliance.

We are especially proud to have been named once again by Ethisphere as one of 2025’s World’s Most Ethical Companies®, recognizing us as a global leader in corporate ethics. We strive every day to ensure that excellence, innovation, and compliance continue to define our company.
 

12024 Edelman Trust Barometer, an annual survey carried out by Edelman, a global communications firm. 2024 Edelman Trust Barometer | Edelman

people
Stop watch in hand

Compliance risk assessment and mitigation

Our Ethics, Regulatory and Compliance team manages our robust compliance program, strives to embed integrity as a core value in our operations and among our employees and partners, and implements and enforces policies and practices that enable the compliant growth of our business while safeguarding our longstanding reputation for ethics and integrity.  Evaluating ethics and compliance risk is critical to our success and is a fundamental driver of Nokia’s compliance program. Nokia employs a systematic and structured approach to risk management across our business operations and processes. Key risks and opportunities for improvement of our risk mitigant processes are identified, either in business operations or at the global level, and are analyzed and monitored as part of our overall performance management to ensure efficacy.

Our Risk and Monitoring function evaluates the current risk assessment processes, proactively identifies strategic initiatives and other changes that may impact the risk profile, and implements improvements. This includes the addition of enhanced data analytics to create continuous monitoring processes for certain risk areas as well as measuring ethical culture.
 

Some of the key components of our compliance risk assessment process include:

Nokia Compliance Risk Assessment Key Components

Compliance Control Framework Reviews & Deep Dive Reviews

Compliance Operational Reviews

External Data

Internal Input

Non-quantifiable Risk Inputs

Provide a deep analysis of compliance risks and controls associated with a specific business, country, or region

Provide an in-depth assessment of a region/business’s compliance programs and status, including a review of the strength of the culture of integrity

Includes risk perception rankings from Transparency International as well as information from other respected anti-corruption organizations and prosecuting agencies

Includes findings from internal audit, compliance investigations, and third-party reviews

Includes anticipated geopolitical changes, business strategy plans, and business or region-specific information from business and compliance leaders

The Compliance Control Framework (“CCF”) is an internally developed process for evaluating corruption and other compliance risks, as well as the controls in place to mitigate these risks; the goal is to strengthen the compliance programs within our businesses, regions, and at our Nokia sites. These assessments are used to determine effectiveness and identify gaps and improvement areas in processes and risk mitigants.  Within the CCF Program, we also carry out targeted ‘Deep Dive’ Reviews to look at specific areas of high compliance risk, such as vendor interaction with government officials (customs, permits, lobbyists etc.) or sanction diversion risk.  

Compliance Operational Reviews are high-profile exercises led by the region/business head and the regional/business compliance leader and are attended by the Chief Compliance Officer and key stakeholders of the region/business. The reviews focus on the compliance culture, program, and risks within a particular region or business group, providing an opportunity to revise and strengthen compliance processes and controls in the business/region.

Beyond these inputs, we apply an early warning approach to compliance risks, including employee surveys to measure culture, leadership engagement, and comfort with speaking up, and we regularly monitor data related to investigations, concern reporting, high risk third parties, corporate hospitality, regulatory and legislative activity, and enforcement trends.

After identifying and assessing our risks, the efficacy of our controls, and process improvement opportunities, we engage with stakeholders to empower them with knowledge and partner with them for implementation of improvements. We follow the data, develop targeted training and compliance communications, and strengthen internal controls and oversight with clear policies and procedures.