Ethics and Compliance
Maintaining High Standards
Our business depends on maintaining high standards of professional ethics among our team members and remaining compliant with all relevant laws and regulations. The Novanta Leadership Team, including the Named Executive Officers, strives to promote business practices and operating procedures that can withstand the highest levels of scrutiny. Novanta’s independent Internal Audit function monitors and assesses the Company’s practices and reports directly to the Audit Committee of our Board of Directors. We also conduct risk assessments annually and modify any policies or controls as needed.
Ethical decision-making requires an understanding of personal and company values and principles, coupled with good personal judgment. We expect all Novanta team members—from the Board of Directors and the Novanta Leadership Team to all employees—to understand and embrace our corporate values. We are committed to these principles in everything we do, so our activities reflect positively on our stockholders, our marketplace, our community, and ourselves.
Code of Conduct
The Novanta Code of Ethics and Business Conduct (the “Code of Conduct”) identifies the ethics, values, and principles that guide our business relationships. We are dedicated to doing business with a strong sense of ethics, honesty, and integrity. The Code of Conduct was written by management and approved by the Board of Directors. The Code of Conduct provides guidelines on relationships between employees and internal and external stakeholders, conflicts of interest, anti-corruption, protection of assets, and more. All employees and directors are responsible for upholding the Code of Conduct, which is translated into seven languages besides English.
Anti-bribery and Anti-corruption
Under our Anti-bribery and Anti-Corruption (“ABAC”) Policy, Novanta conducts an annual risk assessment and screening of customers, suppliers, distributors, and resellers to identify and replace any third parties that may have violated anti-corruption or anti-bribery laws in recent years and do not have the necessary controls and procedures in place to prevent and prohibit bribery and corruption behaviors. If a third party is identified as high risk based on an adverse data search, further due diligence is conducted and the business relationship is reviewed by the Chief Financial Officer or the Chief Accounting Officer. Proper safeguards are put in place to protect our business if it is deemed acceptable to continue doing business with the third party.
New and existing employees are required to certify annually that they have read and will uphold the Code of Conduct. Additionally, all employees are required to pass a training course on anti-corruption, ethics, harassment, and data privacy every other year.
Confidential Reporting of Suspected Violations
We maintain an external compliance hotline for the confidential reporting of any suspected policy violations or unethical business conduct on the part of our businesses, employees, officers, directors, suppliers, or customers, and provide training and education to our global workforce with respect to our Code of Conduct, anti-bribery and anti-corruption policies, data privacy regulations, and workplace harassment. To file a complaint, individuals can visit http://novanta.ethicspoint.com or call the hotline. The Novanta Code of Conduct lists local numbers for each country. Internal Audit reports on hotline activities to the Audit Committee of the Board on a quarterly basis. The Chairperson of the Audit Committee also has direct access to all fraud, anti-bribery and anti-corruption, internal control, and financial matter-related reports on the compliance hotline.
We require all our employees and facilities to comply with all relevant laws and regulations in the countries in which they work or operate. We closely govern the activities of our employees, facilities, and supply chain partners through a host of corporate policies, including our:
- Code of Ethics and Business Conduct;
- Supplier Code of Conduct;
- Anti-Harassment Policy;
- Antitrust Law Compliance Statement;
- California Proposition 65 Compliance Policy;
- China Restriction of Hazardous Substances (RoHS) Policy;
- Conflict Minerals Policy;
- Corporate Sustainability Policy;
- Equal Employment Opportunity Policy;
- Human Rights Policy;
- Political Activity Policy;
- Registration, Evaluation, Authorization, and Restriction of Chemicals (REACH) Compliance Policy;
- Related Party Transaction Policy; and
- Restriction of Hazardous Substances (RoHS) and Waste Electrical and Electronic Equipment Directive (WEEE) Compliance Policy.
All of our production facilities are subject to federal, state, local, and, in some cases, foreign environmental regulations related to the use, storage, handling, and disposal of regulated materials, chemicals, and certain waste from production processes.
In 2021, we did not receive any notices of violation or record any significant spills, fines, or sanctions for non-compliance with manufacturing or production laws or regulations. We experienced two non-material permit breaches and immediately implemented countermeasures to prevent future issues.
Data Privacy and Security
We are subject to many privacy and data protection laws and regulations around the world, some of which place restrictions on our ability to process personal data across our business. In particular, the General Data Protection Regulation (GDPR) became effective in the European Union (EU) and the European Economic Area (EEA) in 2018 and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) will take effect in 2023. These regulations create individual privacy rights for consumers, increase the privacy and security obligations of entities handling certain personal data, and require transparency and disclosure to data subjects on how their data is being used. Novanta currently complies with all relevant data privacy and security laws and regulations in the jurisdictions in which we operate. We keep abreast of new and developing legislations related to cybersecurity and data privacy and make plans to comply before new laws take effect.
To manage cybersecurity risks, we have adopted and are implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF integrates industry standards and best practices to help organizations identify and reduce cybersecurity risks through a customized approach, including enterprise-wide cybersecurity awareness training. Novanta’s Board of Directors oversees the Company’s cybersecurity risks and programs. We had no material information security breaches in 2021.