Policies (G1-1)

The protection of whistleblowers enjoys a very high priority in DB Group and is a key component of the Group-wide compliance structures. This is reflected in Group-wide principles, binding agreements and guidelines with clearly defined procedures designed to ensure confidentiality and protect whistleblowers from discrimination.

• Code of Conduct (Group principles on ethics): The Group-wide Code of Conduct (Group principles on ethics) makes it clear that no reprisals against whistleblowers or other persons covered by whistleblower protection will be tolerated.
• KBV and KSprAV on whistleblower management: The handling of incoming reports from whistleblowers is regulated in detail in the Group employer/works council agreement (Konzernbetriebsvereinbarung; KBV) on whistleblower management and in the Group Spokespersons’ Committee agreement (Konzernsprecherausschussvereinbarung; KSprAV) and the processes based on these. Both policies apply throughout Germany. Clearly defined requirements regarding the rigor and relevance of reports from whistleblowers serve to take account of the interests of whistleblowers and the individuals named in the tip-offs. Reports can be made via various reporting channels, including by telephone, letter or email, via the accessible electronic whistleblower system, via trusted lawyers, through personal meetings and via the compliance departments of the business units and service entities. Trusted lawyers are bound by law to maintain confidentiality. The Group-wide electronic whistleblower system also serves to protect whistleblowers, enables anonymous whistleblowing and is available to employees, customers, suppliers and other whistleblowers in 12 languages. Following the submission of a report, it is also possible to communicate anonymously with DB Group’s processing departments in order to clarify queries or provide additional information.
• Group guideline on risk minimization: The EU directive for improved whistleblower protection was transposed into national law in Germany in 2023 with the HinSchG. In order to cover the full range of topics, DB Group operates 12 different reporting offices in accordance with the Group guideline on risk minimization, which are obliged to implement the HinSchG in their respective areas of responsibility. Reports are only to be allowed to be processed by specially instructed DB employees who are bound to maintain confidentiality. Reports are to be treated confidentially and in compliance with data protection regulations. The Group guideline on risk minimization stipulates on a Group-wide basis that the compliance officers of the business units and service entities are independent in the context of whistleblower management and can promise anonymity to whistleblowers.