Governance & risk assessment


A comprehensive complianceThe adherence to laws and regulations, standards, company policies and self-commitments. management system with clear lines of responsibility and reporting structures as well as effective monitoring mechanisms provides us with the necessary framework to ensure adherence to both our Group-wide Code of Conduct and the rules laid down in our various other policies.

Responsibility and reporting

PwC EN 29, S0 8, PR 9

Compliance is a management responsibility and is thus overseen by all management bodies within the Group. Responsibility for designing the compliance management system lies with the Chief Compliance Officer (CCO), who reports directly to the Chief Financial Officer. The CCO is assisted by the Global Compliance Office, which establishes Group-wide standards for compliance management and supports the corresponding activities of the divisions.

Each of the four operating divisions has a Compliance Officer who can draw on additional local resources and regularly presents a report to the divisional Board of Management. The activities and the content of the reports drawn up by both the divisional Compliance Officers and the Global Compliance Office are incorporated into the quarterly update reports to the Board of Management as well as the annual report to the Finance and Audit Committee of the Supervisory Board.

In addition to the measures conducted by the compliance organization, Corporate Audit includes compliance-related issues in its independent, objective audits commissioned by the Management Board. The focus of these audits lies in analysis and evaluation of the efficiency and effectiveness of the Group’s internal monitoring system, its risk management system, and its organizational security measures and controls in the divisions and corporate departments.

Compliance Management System


Our Compliance Management System (CMS) uses a seven-component approach to ensure adherence to our compliance policy, rules and principles.

One of the most important functions of our compliance management system is the prevention and early detection of potential compliance risks. Analysis of the company’s current risk profile is thus of fundamental importance in adjusting and improving the system. The findings of these analyses are used within the compliance program to establish suitable measures to prevent violations of compliance policy and rules.

Key components of the compliance program include:

  • Developing appropriate guidelines for use in identifying compliance risk areas
  • Evaluating business partners with regard to compliance
  • Developing, implementing and continuously updating compliance training and internal communication measures
  • Coordinating the system for reporting potential violations of law or policy, including the respective sanctions as deemed necessary

Elements of the Compliance Management System

Elements of the Compliance Management System

Instilling a compliance culture


To improve the compliance culture and increase awareness for potential compliance violations, we have made regular compliance training for managers and employees a key component of our compliance management system. Compliance training is mandatory for managers and for certain employee groups. Training content is regularly revised to ensure that it serves current needs.

Compliance violations: Reporting and confidentiality


Employees can report potential compliance violations through a special 24-hour web application or by calling our Compliance Hotline, which is available in 150 countries and in 30 different languages. Compliance violations can be reported anonymously (where legally permitted) or by providing contact information. Reported compliance violations are handled professionally and confidentially. Internal media are used to ensure that employees know about the reporting systems available to them as well as whom to contact within the local compliance organization. Information regarding relevant violations form part of the reports to the Board of Management and the Supervisory Board’s Finance and Audit Committee.

Independent monitoring through Corporate Audit



regular audits

The subject of compliance is a fundamental part of the audits which Corporate Audit performs in all business divisions and departments. Corporate Audit also inspects the management processes within the compliance organization on a routine basis. The results of these inspections are documented and reported regularly to the Board of Management together with recommendations for improvement. In 2016, recommendations included revising the Group’s competition policy and reviewing the compliance training program.

In the reporting year, some 246 regular audits which were either directly or indirectly related to compliance were conducted across the Group. A number of ad hoc audits were also performed for specific reasons. The audits supplement the Group-wide monitoring system and support ongoing compliance activities as well as the identification of compliance risks. They provide the basis for ongoing enhancement of our Group-wide compliance program.

The findings of the various audits also result in a review of existing monitoring and control criteria for their currentness and completeness. Thus, in this reporting year, we have updated and added further compliance aspects to the catalog of criteria used in inspections conducted by Corporate Audit.