Policies (G1-1)
Compliance Management System
Compliance is an integral element of DB Group’s corporate culture and guides our actions in all our business activities. Our Group-wide compliance management system (CMS) is continuously adapted to new requirements and developments in order to further promote the conditions for integrity and compliant behavior within the company. The appropriateness and effectiveness of the CMS is regularly reviewed by non-Group experts. Key compliance processes also form part of the internal control system (ICS). The intra-Group auditors audit the CMS at selected Group companies.
Our CMS is based on national and international legal requirements and established standards such as the IDW PS 980 auditing standard and ISO 37001. DB Group also applies the Federal Government’s directive on corruption prevention in the Federal administration accordingly. Our compliance organization pursues a preventive approach with a focus on avoiding corruption, fraud and embezzlement. The employee representatives were involved in the design process.
In terms of structure and process organization, compliance management at DB Group is characterized by a combination of centralized and decentralized elements. Group management focuses its compliance work on centralized governance activities in particular. In the business units and service entities, operational responsibility is assumed while implementing the CMS minimum requirements for Group management. Adjustments to the structural and procedural design of the CMS are planned for 2026.
The Chief Compliance Officer (CCO) manages the continued development of the CMS within DB Group. The Management Board is regularly informed about the further expansion of the compliance program, significant compliance cases and risks and new legal developments. The CCO also reports on compliance issues, including Group-relevant and critical issues, once a quarter in the Audit and Compliance Committee of the Supervisory Board.
Compliance handbook
The compliance handbook contains the most important guidelines on the topic of compliance. It sets out Group-wide regulations such as the framework guideline on grants, the framework guideline on conflicts of interest and, in particular, the DB Group Code of Conduct (Group principles on ethics), which is a central component of our CMS. The Code of Conduct defines standards and expectations for the daily actions of our executive bodies, executives and employees. It is made available to employees via the Group regulations database and the intranet. The compliance regulations are also included in an app that is installed on all centrally managed business mobile devices at DB Group. The Code of Conduct has also been part of the employment contracts of DB Group employees since 2018. The Code of Conduct is also published on DB Group’s website in German and English.
Executives and employees are advised on compliance issues by DB Group’s compliance organization, including a compliance helpdesk that has been in place for over ten years.
DB Code of Conduct for Business Partners
Selecting business partners and suppliers carefully and informing them about the values and minimum requirements of DB Group are also necessary to ensure successful and sustainable business operations. The DB Code of Conduct for Business Partners, for which an e-learning module is freely available online, is an important cornerstone of partnership-based cooperation. It uses practical examples to provide information on the topics of integrity, legal standards and ethical issues and formulates clear compliance requirements.
Contracts and contractual partners are audited for compliance risks. Integrity clauses contained in the General Terms and Conditions of Purchase are used to counteract potential compliance risks. Other compliance regulations are agreed based on risks. This applies to the appointment of intermediaries, for example.
If serious misconduct occurs, the group of decision makers for exclusions from tender procedures (Entscheiderkreis Vergabesperre; EKV) shall decide to suspend the awarding of tenders on the basis of clear criteria that stipulate how to deal with contractors or suppliers. In case of an exclusion, the business relationship can only be re-established after the exclusion period expires. However, the EKV may also terminate the exclusion prematurely if a self-clean-up process has been implemented that we consider to be sufficient. In 2025, seven companies were subject to exclusions from tender procedures. None of the exclusions from tender procedures was due to corruption violations. In addition, an exclusion from tender procedures was imposed on two other sanctioned creditors.