Specificcompliance instruments have been developed to protect the Group, its employees and executives. This includes, for example, binding directives, risk and process analyses, a compliance reporting system, special training and communication measures, and a whistle-blower management system.
The DB Group Code of Conduct is the cornerstone of our CMS. It defines the standards and expectations about how our bodies, executives and employees should conduct themselves on a daily basis. It is supplemented by binding directives that specify applicable legal provisions governing national and international business and contact with customers. In the year under review, the directive on the protection of trade secrets and assets was revised in the context of new German legislation on the protection of trade secrets.
Compliance risk analyses are a key component of DB Group risk management and are conducted by the business units and service units. A Group-wide survey of compliance risks is conducted in accordance with governance requirements set by Group management. The compulsory framework concept contains minimum requirements for planning, conducting, reporting and follow-up.
A compact compliance annual report provides the Management Board with information on compliance risks related to DB Group’s business activities. The report separately sets out the risk exposure of business units, service units and Group management functions and highlights existing risk-reducing factors and countermeasures. The Management Board is also kept regularly informed during the year about the further expansion of the compliance program and any significant compliance cases. The Chief Compliance Officer also reports on compliance issues at meetings of the Supervisory Board’s Audit and Compliance Committee.
We are continually optimizing our instruments so that we can achieve our compliance goals on a sustainable basis. One of the key areas in this process in the year under review was the development and Group-wide implementation of 12 new e-learning modules. Several new full-video formats were produced for the modules, showing possible predicaments and engaging the users more directly. E-learning modules are managed via a central training platform.
DB Group’s plan to raise awareness about compliance emphasizes the importance of participating in face-to-face events in addition to the e-learning modules described above. The plan adopts a risk-oriented approach, which provides, among other things, executives and employees with medium and high-risk training thanks to regular participation in events or e-learning modules. Using this approach, almost complete training coverage can be achieved over a period of two to two and a half years. In the year under review, 25,350 executives and employees participated in face-to-face events. Similar to previous years, employees in the top level of management were made aware of compliance risks as part of the series of dialogs with the Heads of the Compliance, Audit and Legal Group functions.
As an extra digital supply of information, the Compliance app underwent further development in the year under review and was required to be installed on all centrally managed business mobile devices within DB Group. With the app, DB employees can receive information about compliance topics via their smartphone or tablet. This information includes compliance-relevant directives and FAQs, checklists, explainer videos, e-learning modules, a workflow for auditing gifts and options for contacting central and local compliance organizations.
There is a Group-wide whistle-blower system to obtain information about potential violations of laws or internal regulations. The way in which submitted tip-offs are handled is regulated in detail. The processes implemented protect whistle-blowers. In addition to other measures, clearly defined requirements regarding the rigor and relevance of whistle-blowing tip-offs serve to take account of the interests of the persons concerned.
There are various ways of submitting a whistle-blowing tip-off. These include three trusted legal practitioners, who are legally bound to secrecy, and an ombudswoman, in addition to the compliance teams in the Group management, business units and service units. There is also a Group-wide electronic whistle-blower system, which makes it possible to submit tip-offs anonymously. It can be used in 22 languages and is not just available to employees, but customers, suppliers and other stakeholders, too. In the year under review, tip-offs in the double-digit range were received through the whistle-blower system for instances of corruption.