Compliance

Deutsche Telekom's business is based on the principles of integrity and respect. Compliance, which is understood as the lawfulness of corporate activities, therefore plays a significant role in the Group's business activities.

Deutsche Telekom has clearly expressed its commitment to complying with ethical principles and current legal standards. This commitment has been incorporated in our Guiding Principles and Code of Conduct. Deutsche Telekom has been practicing comprehensive compliance management since 2005 to make sure conduct throughout the Group is ethical and complies with legal provisions. All compliance management activities are in line with legal regulations and with Deutsche Telekom's Privacy Code of Conduct, a policy on handling personal data within the Deutsche Telekom Group.

Responsibility for the compliance management system lies with the top management level at Deutsche Telekom in the Board department for Data Privacy, Legal Affairs and Compliance. The compliance organization is comprised of the Chief Compliance Officer (CCO) as well as central and local compliance units. The compliance organization helps employees live compliance every day at work. A policy database makes it easy for employees to access policies quickly. Employees of Group companies can use the database to get an overview of which policies apply at their company. The compliance organization also helps policy publishers implement policies throughout the Group and document as defined by the process. We regularly conduct general compliance and extensive anti-corruption trainings, which the majority of our employees attend.

Deutsche Telekom conducts wide-scale measures to raise employee awareness of compliance issues. Managers also act as facilitators and discuss the topic with their employees. We thoroughly analyze their feedback and use it to come up with different measures including expanded compliance training offers tailored to the information needs of our employees as well as accompanying communication initiatives.

Deutsche Telekom has set up two online portals called Ask me! and Tell me! for questions and tips on the topic of compliance. Employees can find reliable information on laws, internal policies and codes of conduct relevant to their daily activities on the Ask me! portal. The Tell me! portal helps clear up cases involving violations of statutory or internal regulations. Both employees and external parties such as business partners and customers can notify us of any violations by e-mail, phone or fax.

The ICT  industry is characterized by dynamic change. Companies need to constantly update their core business, tap into potential in growth markets, realize innovative business ideas, and open up new business fields. As a result, Deutsche Telekom Group companies that have to tackle these challenges are extremely varied. Depending on the business model, size, and risk situation, these companies need different compliance management solutions.

That is why we have created a toolkit for maturity-based compliance. The purpose of the toolkit is to define compliance management system requirements at the different Group companies, taking their economic development, business strategies, and risks into account. We classified the companies based on their current life cycle phase (from start-up to market leader) and their specific compliance risks in a matrix. In addition, we defined five clusters along with minimum standards for each aspect of the compliance management system. For example, we determined which compliance policies need to be implemented by our subsidiaries, how often the subsidiaries need to participate in the compliance risk assessment, and how often they need to submit a compliance report.

In 2013 and 2014 we grouped our subsidiaries based on the concept and assessed to what extent their current compliance management systems met our expectations. One area we assessed was whether a company was doing too much or too little with regard to individual compliance activities. We used these findings to more effectively structure how we use our resources. The concept was also used in developing compliance activities at newly acquired or newly founded subsidiaries.

The compliance management system helps guarantee compliance, i.e., the lawfulness of our corporate activities. Key system components include:

  • Establishing a compliance organization in all major Group units
  • Risk-based derivation of a compliance program and its consistent implementation through policies, training, consulting offers, and communication measures
  • Compliance controls and compliance due diligence (analyzing compliance risks involved in acquisitions)
  • Making sure that the company responds appropriately to violations

In addition to the eight Deutsche Telekom companies in Germany that have already been certified, we also had auditors evaluate compliance management systems at international subsidiaries. In 2013, 13 international subsidiaries were certified in compliance with the IDW 980 auditing standard with another two followed suit in 2014. The audits focused heavily on anti-corruption. This certification is proof that the certified compliance management systems used by the companies listed below is effective when it comes to identifying corruption risks and preventing violations.

Companies were selected based on materiality and risk aspects and include the following:

  • Deutsche Telekom AG
  • T-Systems International
  • T-Deutschland
  • DT Customer Service (KS)
  • DT Network production
  • DT Technischer Service
  • Telekom Shop Vertriebsgesellschaft
  • Detecon International
  • Magyar Telekom
  • Makedonski Telekom
  • T-Mobile Macedonia
  • Crnogorski Telekom
  • Slovak Telekom
  • T-HT Hrvatski Telekom
  • OTE
  • Cosmote
  • Romtelecom
  • Albanian Mobile Communications
  • T-Mobile Czech Republic
  • T-Mobile Polska
  • T-Systems Iberia
  • T-Systems South Africa
  • T-Systems do Brasil

Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge. The increasingly dynamic development of global ICT  markets and intensified international competition also influence Deutsche Telekom's compliance strategy.

In line with the Group's international structure, strategic issues are discussed with an international compliance advisory team and a shared compliance approach is defined. The team is a trend-setter of sorts, as it provides an impetus for designing and implementing balanced compliance structures at the Deutsche Telekom Group.

We have also been promoting Group-wide compliance collaboration for years through meetings of the representatives of all compliance organizations from our international subsidiaries. The International Compliance Days celebrated their tenth anniversary in 2014. More than 100 people responsible for compliance from 27 countries met at Magyar Telekom in Budapest on April 2 and 3, 2014. Under the slogan, "Compliance today and tomorrow," they discussed compliance strategies and trends as well as new approaches to collaboration.

All Group units regularly audited for risk of corruption
We take a wide spectrum of internal measures to prevent and fight corruption. The compliance risk assessment forms the foundation of our compliance management system. The assessment helps us identify and evaluate compliance risks and develop appropriate prevention measures. Deutsche Telekom created a tool-based process that has to be applied every year throughout the Group. For the process, we assigned responsibilities and defined straightforward assessment criteria that are clearly documented. Companies are selected to participate in the compliance risk assessment process based on the maturity-based model described above. 81 companies participated in 2014 and a total of 94 Group companies undergo the process at least every two years.

The Deutsche Telekom Compliance department has introduced a Group risk map that takes an extensive, systematic approach and illustrates risks that could be significant to our company. This risk map is extensive and enables globally active companies to conduct systematic risk analyses of their business models. It currently covers 30 risk categories. Each subsidiary can add additional categories specific to their business needs.

This involves defining which specific threat each risk poses to the subsidiary and stating which measures have already been implemented to mitigate this risk. If necessary, additional measures are developed to reduce the risks to a manageable level, as defined by the risk strategy. Responsibility for the compliance risk assessment lies with the respective Group company. Our central compliance organization provides support and advice in these matters.

They inform the subsidiary's management of the results of the compliance risk assessment. These results are used in the subsequent year's compliance program, which includes defined measures and responsibilities. The local management has to adopt a documented resolution to approve program. The compliance program measures are monitored closely.

Investigation based on clear criteria
Deutsche Telekom has specified clear criteria for investigating suspected cases of corruption. The company only starts investigations if a violation of legal or internal regulations is reported with a sufficient degree of detail. We thoroughly investigate any tips that meet these requirements. Any violations we uncover during our investigation are sanctioned appropriately— measures may include the termination of employment relationships and asserting claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.

International recognition for transparency
Deutsche Telekom is a global leader in transparency. This was confirmed in a study conducted by Transparency International. We came in seventh place among the 124 largest corporations worldwide covered by the study and even landed first place in a Germany-wide comparison. The study was based on company information available to the public regarding the scope of company anti-corruption programs, disclosing economic ties, and disclosing financial expenses and income in specific countries.

Deutsche Telekom is party to several proceedings both in and out of court with government agencies, competitors, and other parties. The proceedings mentioned in the 2014 Annual Report are of particular importance from Deutsche Telekom's point of view.