Governance & risk assessment
A comprehensive complianceThe adherence to laws and regulations, standards, company policies and self-commitments. management system with clear lines of responsibility and reporting structures as well as effective monitoring mechanisms provides us with the necessary framework to ensure adherence to both our Group-wide Code of Conduct and the rules laid down in our various other policies.
Responsibility and reporting
EN 29, S0 8, PR 9
Compliance is a management responsibility and is thus overseen by all management bodies within the Group. Responsibility for designing the compliance management system lies with the Chief Compliance Officer (CCO), who reports directly to the Chief Financial Officer. The CCO is assisted by the Global Compliance Office, which establishes Group-wide standards for compliance management and supports the corresponding activities of the divisions.
Each of the four operating divisions has a Compliance Officer who can draw on additional local resources and regularly presents a report to the divisional Board of Management. The activities and the content of the reports drawn up by both the divisional Compliance Officers and the Global Compliance Office are incorporated into the quarterly update reports to the Board of Management as well as the annual report to the Finance and Audit Committee of the Supervisory Board.
In addition to the measures conducted by the compliance organization, Corporate Audit includes compliance-related issues in its independent, objective audits commissioned by the Management Board. The focus of these audits lies in analysis and evaluation of the efficiency and effectiveness of the Group’s internal monitoring system, its risk management system, and its organizational security measures and controls in the divisions and corporate departments.
Compliance Management System
Our Compliance Management System (CMS) uses a seven-component approach to ensure adherence to our compliance policy, rules and principles.
One of the most important functions of our compliance management system is the prevention and early detection of potential compliance risks. Analysis of the company’s current risk profile is thus of fundamental importance in adjusting and improving the system. The findings of these analyses are used within the compliance program to establish suitable measures to prevent violations of compliance policy and rules.
Key components of the compliance program include:
- Developing appropriate guidelines for use in identifying compliance risk areas
- Evaluating business partners with regard to compliance
- Developing, implementing and continuously updating compliance training and internal communication measures
- Coordinating the system for reporting potential violations of law or policy, including the respective sanctions as deemed necessary
Elements of the Compliance Management System
Instilling a compliance culture
To improve the compliance culture and increase awareness for potential compliance violations, we have made regular compliance training for managers and employees a key component of our compliance management system. Compliance training is mandatory for managers and for certain employee groups. Training content is regularly revised to ensure that it serves current needs.
Compliance violations: Reporting and confidentiality
Employees can report potential compliance violations through a special 24-hour web application or by calling our Compliance Hotline, which is available in 150 countries and in 30 different languages. Compliance violations can be reported anonymously (where legally permitted) or by providing contact information. Reported compliance violations are handled professionally and confidentially. Internal media are used to ensure that employees know about the reporting systems available to them as well as whom to contact within the local compliance organization. Information regarding relevant violations form part of the reports to the Board of Management and the Supervisory Board’s Finance and Audit Committee.
Independent monitoring through Corporate Audit