Aspect 5: Fighting corruption

Corruption and unfair business practices violate national and international law. We reject every type of corruption, which is why we focus on corruption avoidance measures.

ETHICAL BUSINESS PRACTICES AND COMPLIANCE

We feel it is highly important that all staff and executive bodies in our Group act with integrity and comply with our values, rules of conduct, and applicable laws at all times. The goal of our compliance activities is to prevent violations and fraudulent business behavior and to integrate compliance into our business processes early on and on a long-term basis. Our customers need to be able to trust our actions meet the highest standards for compliance and integrity around the world. This is essential if we are to be seen as a reliable partner. 16

We have expressed our commitment to complying with ethical principles and current legal standards. We have anchored this commitment in our Guiding Principles and Code of Conduct, revised in 2017, with the goal of focusing on issues of compliance and integrity and finding a positive way to raise employee awareness of, and motivation to tackle, these issues. The Code of Conduct is valid throughout the Group and will be introduced in all of our national companies.

Group Compliance Management, our central compliance organization, also plays a key role in establishing corporate governance structures and a corporate culture that focus on integrity. It promotes a compliance culture and establishes a set of values centering around the issue of compliance at our Company, and encourages managers and employees to internalize these values. Hence, our understanding of what compliance means far exceeds pure adherence of corporate action to legal requirements, i.e., laws and internal regulations, and focuses on the integrity of everyone in our Group.

We have introduced a comprehensive compliance management system: a way to reduce risks and make sure conduct throughout the Group complies with the existing regulations. All of our activities comply with legal and statutory requirements and with our own policies and internal data privacy regulations. Responsibility for the compliance management system lies with the Board of Management department for Data Privacy, Legal Affairs and Compliance. In addition, one person at management or managing board level in each Group company is in charge of compliance. Our Chief Compliance Officer is responsible for the Group-wide design, advancement and implementation of the compliance management system. Compliance officers implement the compliance management system and our compliance goals locally at the level of our operational segments and national companies.

We take many different actions and measures to prevent and fight corruption. Our compliance management system is based on the Compliance Risk Assessment (CRA), which we use to identify and assess compliance risks and introduce suitable preventative measures. We have established an annual process for this purpose throughout the Group that we use to identify responsibilities and define clear assessment criteria that are documented in a traceable manner. The companies that will take part in the CRA are selected on the basis of the level of maturity of their compliance management system (maturity-based model). In the reporting year, the CRA included 73 companies and covered around 98 percent of the workforce. The individual Group companies are responsible for implementing the CRA and receive support and advice from the central compliance organization. After the management/managing boards in the national companies have been informed of the CRA findings, these findings are used to outline the compliance program for the following year: Measures and responsibilities are defined and management approves the program. These activities are monitored closely to ensure that measures are completed. We have our compliance management system certified regularly, with a focus on anti-corruption measures. In 2016 and 2017, a total of 22 companies – 10 German and 12 international – were reviewed.

We regularly provide risk-oriented and target group-specific training on compliance and avoiding corruption. We have set up the “Ask me!” advice portal focused on the issue of compliance. The portal contains reliable information for employees on laws, internal policies, and behavioral standards relevant to their daily activities.

Despite the best preventive measures, we are not always able to prevent breaches of law or violations of regulations at the Company. The Tell me! whistleblower portal is used by employees and external parties for reporting breaches or suspected breaches of the law or of internal policies and regulations. In 2017, we received 146 compliance-related tip-offs through the Tell me! portal (108 tip-offs in the prior year). Of these, during the course of the year, 43 were confirmed to be cases of misconduct and dealt with accordingly. We systematically pursue all tip-offs, including those that reach us via other channels, within the scope of the legal framework available to us, and implement appropriate sanctions. We have introduced a Group-wide reporting process to control and monitor these activities. This primarily includes reporting on Group-wide compliance cases and the status of the compliance program.

Our suppliers sign our Supplier Code of Conduct, committing to refrain from any kind of corruption and any actions that could be interpreted as corrupt. We expect, and work to ensure, that our suppliers observe these obligations, principles, and values, and take all necessary measures to prevent and penalize active and passive corruption. We have been offering regular e-learning and classroom training on compliance to our suppliers since 2014, as well as providing them with a compliance guideline. We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. 17