Management approach and targets
Compliance is an integral element of our corporate culture. As part of the initiative for a strong compliance organization mandated in 2019 by the Group Management Board, we continued to develop the Compliance Management System (CMS) at DB Group in 2021 in order to remain at the cutting edge and to develop effective compliance practices for the long term. Compliance is embedded in the Strong Rail strategy.
Our CMS is based on national and international legal requirements and established standards, such as the Institute of Public Auditors (Institut der Wirtschaftsprüfer; IDW) auditing standard IDW PS 980 in Germany. DB Group also applies the directive of the Federal Government on corruption prevention in the German Federal administration by analogy. The CMS aims to ensure that compliance risks are identified at an early stage and appropriate countermeasures are implemented. We continuously monitor the effectiveness of our CMS and make any necessary adjustments. Compliance is a component of the internal control system (ICS). As a result, intra-Group auditors examine, among other things, the CMS within DB Group as part of the ICS audits under the German Accounting Law Modernization Act (Bilanzrechtsmodernisierungsgesetz; BilMoG).
In 2021, an independent investigation by an auditing and consulting firm into DB Group’s CMS with regard to corruption and corporate crime in the form of fraud and embezzlement was launched Group-wide. While adequacy and implementation audits have been concluded in previous years with unqualified audit opinions in accordance with the IDW PS 980 audit standard, the new audit of DB Group’s CMS includes an additional step: as well as adequacy and implementation, it also evaluates the effectiveness of the CMS. In addition, certification with ISO 37001 standard is carried out, in particular for internationally active business units. The audit within corporate management has already been completed. The Group-wide audits began in 2021. They will be completed with audit reports or certifications in 2022.
DB Group compliance management is typified by a combination of centralized and decentralized units at the operational and organizational levels. The Chief Compliance Officer (CCO) manages the further development of our CMS and reports directly to the Chairman of the Management Board. The CCO is assisted in their duties by more than 250 employees responsible for compliance issues (either full time or with divided responsibilities). Corporate management focuses its compliance work on centralized governance activities in particular, while operational responsibility is exercised in the business and service units. Various formats ensure that central and local compliance officers can engage in extensive dialog.