Holistic compliance management system
We have clearly expressed our commitment to complying with ethical principles and both legal and statutory requirements. We have enshrined this pledge in our Guiding Principles and our Code of Conduct. The Code of Conduct is valid throughout the Group and has been introduced in all of our national companies.
At Deutsche Telekom, compliance means following the rules and always doing the right thing. Integrity – which necessarily encompasses compliance – forms the basis of all our business decisions and activities. It defines the behavior of all our employees in dealings with customers, employees, investors, managers, and Deutsche Telekom’s overall sphere of operations.
We have set up a comprehensive compliance management system with a view to ensuring that all areas of the Group operate lawfully and ethically, and successfully tackle compliance risks. Responsibility for the compliance management system at Deutsche Telekom lies with top management. This underscores the great importance that we assign to this topic. The responsibility for the Group-wide design, development, and implementation of the compliance management system falls under the remit of the Chief Compliance Officer (CCO) of Deutsche Telekom AG and of Group Compliance Management. We also have COs (compliance officers) at each of our operating segments and national companies It is their job to ensure that the compliance management system and our compliance goals are implemented on site.
We have derived the following objectives for our compliance work:
- Preventing compliance violations and unethical business decisions
- Integrating compliance into business processes at an early stage and on a lasting basis
- Minimizing liability risks for the company
- Being viewed as a dependable partner by customers and business partners
- Adopting a consistent approach to preventing, identifying, and responding to non-compliance
- Fostering a compliance culture and ethical conduct
Reporting against standards
- GRI 102-17 (General Disclosures)
Ongoing audit of compliance management continued
In 2021, we continued the regular audits of our compliance management system that began in 2010 in accordance with audit standard 980 of the Institute of Public Auditors in Germany, with “anti-corruption” as its main emphasis. This is how we aim to ensure that we can consistently address corruption risks and maintain relevant effective processes in the company.
Between 2016 and 2018, we verified compliance management at a total of 25 German and international companies. A new audit cycle began in 2020, with a first group of nine German companies undergoing an audit. A total of 13 international companies were then audited in 2021. As a result, a total of 22 companies were audited in the two-year period 2020/2021. Audits in this connection have focused on processes that are exposed to heightened corruption risks, such as processes in the areas of procurement, sales, events, donations, sponsorships, and human resources.
For the companies audited in 2021, auditors again confirmed the appropriateness, functionality, and effectiveness of the companies’ compliance management systems. Please see the relevant audit reports for details.
Further development of the compliance management system through regular risk assessment
Our goal is to systematically identify, analyze and evaluate compliance risks for the company. Risk-oriented measures can then be derived to prevent legal and regulatory violations. For this reason, an overarching compliance risk assessment (CRA) is carried out centrally by Group Compliance Management on an annual basis. It also includes Deutsche Telekom subsidiaries that are selected on a risk basis. For this we have established a Group-wide compliance management process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. In detail, the CRAs proceed as follows:
- The companies that will take part in the CRA are selected according to the level of maturity of their compliance management system (maturity-based model). In 2021, 112 companies participated. That equates to a coverage level of 98.10 percent (based on the number of employees of the fully consolidated companies as of December 2021; a different CRA system is used for T-Mobile US). Responsibility for conducting the CRA lies with the respective national company. The central compliance organization also assists with its implementation and provides a standardized methodology. Compliance Management then uses the findings from the CRA to derive risk-oriented Group-wide measures. The Board of Management and Audit Committee of the Supervisory Board of Deutsche Telekom AG are regularly informed about the Group's compliance risk situation.
- The national companies’ managements are responsible for the results of the compliance risk assessment. Activities and responsibilities for the following year’s compliance program are developed on the basis of these results. The management then passes a formal resolution to approve the program. The measures from the compliance program are monitored closely. Any potential risks for our company are listed in a Group risk map. It enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2021, the core risk categories were revised and partly consolidated. In 2021, the risk map covered 21 core risk categories, including such categories as corruption, anti-trust law violations and violations of the Code of Human Rights & Social Principles. In view of the rapid pace of digitalization, we plan to add the topic of “digital ethics” to the risk map in 2021. Each national company can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.
A clear reference framework: Our Code of Conduct and Guidelines for Artificial Intelligence
Integrity, respect, and compliance with the law – these are the principles on which Deutsche Telekom’s business activities are based. Our Code of Conduct is the central reference framework for lawful and ethical conduct. It makes a significant contribution to our business success by providing a solid, ethical foundation for our business activities. The Code of Conduct applies throughout the Group. In the year under review, the foreword for the Code of Conduct was revised, in keeping with the change in the leadership of the Compliance department.
Our AI Guidelines supplement our Code of Conduct at the strategic level. Their status is equivalent to those of our Code of Conduct and our “Code of Human Rights & Social Principles”. They set out clear requirements for our policies for addressing and managing AI at Deutsche Telekom. In following the AI guidelines, we have made it our goal to use and refine our AI products and services in a responsible manner. We want to ensure that the company complies with all applicable laws and regulations, and develops AI in human-centered ways, with a view to protecting the basic rights of the people involved in this area, including sovereignty, freedom from discrimination and freedom of expression.
Raising awareness of compliance risks among staff
The goal is to make sure that the conduct of our employees is ethical and legally compliant at all times, which is why we implement the following measures across the entire Group:
- A Group-wide Code of Conduct that sets out clearly how our employees are expected to behave.
- Compliance-related Group policies on areas such as anti-corruption, gifts, invitations and events, and on dealings with consultants and sales partners.
- A policies database that helps staff find and implement applicable regulations.
- Preventive measures that are combined in a compliance program.
- Regular training courses on compliance and anti-corruption – these courses form part of our welcome process for onboarding of new employees (see GRI 205-2); since 2021, a pertinent compliance workshop forms part of the international introductory event for new employees.
- International introduction of the online training course “Compliance Basics“ in 2021. Our employees are required to repeat this course every two years.
- The course features short, to-the-point videos on compliance topics of relevance to everyday work procedures. They are available to employees at all times, via the internal portal YAM UNITED and LinkedIn.
- In April 2021, and in the framework of the International Compliance Days, a pertinent live-streamed event was held on the topic of business ethics and ethical leadership. The participants included representatives of Deutsche Telekom and T-Systems, and the speakers included an external guest.
- The “Ask me!” portal for questions relating to compliance. The portal contains FAQs with example cases, as well as information on laws, internal policies, and conduct rules. It also gives users the opportunity to contact the “Ask me!” advisory team, which will provide reliable answers if employees are unsure about what to do in a particular situation. The number of inquiries and the topics covered can be viewed here.
- Annual compliance risk assessment (CRA), which we use to identify and assess compliance risks in the national companies and specify key areas for suitable preventive measures.
- Since 2013, to mark the worldwide UN Anti-Corruption Day on December 9: Implementation of Group-wide communication campaigns and various topic-related activities at the companies
- Regular anti-corruption statements by Deutsche Telekom Board of Management members
Systematic handling of infractions
We follow up on all tip-offs related to a violation of legal or internal regulations, provided the description of the facts is adequate. One of the channels we use to receive tip-offs is the whistleblower portal “Tell me!.”
- All tip-offs are treated as confidential, checked for plausibility, and carefully investigated.
- Any violations we uncover will be rigorously sanctioned, without exception, according to legal provisions, regardless of the rank and position of the persons involved. This also includes possible termination of the employment relationship and an assertion of claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, or other parties. We have reported on what Deutsche Telekom views as key processes in the 2021 annual report.Reporting against standards
- GRI 102-17 (General Disclosures)
- GRI 416-2 (Customer Health and Safety)
- GRI 418-1 (Customer Privacy)
- GRI 419-1 (Socioeconomic Compliance)
“Tell me!“ whistleblower portal
We have created the “Tell me!” whistleblower portal to uncover non-compliant conduct. Both our employees and external parties such as business partners and customers can use the portal to report misconduct – and can do so anonymously. We have introduced a Group-wide reporting process to control and monitor these activities.
In 2021, 87 compliance-related reports were made to Deutsche Telekom via the “Tell me!” portal (113 reports were made in the previous year). Seven of those are still being reviewed for plausibility (as of December 31, 2021). A total of 47 were confirmed as actual misconduct and were prosecuted accordingly. 62 plausible reports were investigated as compliance cases.
- Most of the tip-offs received in 2021 focused on “financial interests” (possible cases of fraud, breach of trust, manipulation of targets, and unfair sales methods).
- In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. A list of the actions taken is published on our website.
- Naturally, we always follow up on all compliance-related tip-offs, even those that reach us through other channels.
Receipt and handling of tip-offs on the “Tell me!” portal*
Thereof anonymous tip-offs
* Tip-offs received directly by the international companies are only included here if they are relevant to the Group.
Measures to strengthen our corporate culture
In 2019, as part of the Compliance-based Company Culture initiative, we conducted our second ever international employee survey on compliance. The survey provided insights regarding potential ways of improving our corporate culture. We then addressed the potential for improvements by carrying out various measures, such as Management-Board workshops, employee-training events, and e-learning programs for managers. In the workshops, for example, members of the Board of Management and managers considered use cases that presented typical dilemma situations, and discussed how best to handle them. The survey findings, along with the insights gained via the measures, have given us an adequate understanding of Deutsche Telekom’s compliance culture. To obtain additional findings, we regularly analyze the results of various employee surveys (such as pulse surveys).
Also, in 2021 we launched additional measures to strengthen the Group’s compliance culture. For example, we introduced an online course entitled “Compliance Basics” (“Compliance Grundlagen”) that addresses typical compliance-related issues that arise in everyday business. In addition, we carried out in-person training events on the topics of compliance and compliance culture.
Furthermore, we developed new formats for efforts to raise employee awareness about compliance, such as social-media-style “1-minute videos” that provide tips on important compliance topics. Also, we introduced “SimpleShows” – short animated films on various compliance topics – throughout the Group. In yet another effort, at this year’s onboarding event for new employees, we gave a special presentation aimed at raising awareness about compliance and the importance of having a good compliance culture. The presentation was provided in addition to the compliance information normally provided at such onboarding events. Finally, similar presentations were made to additional groups of employees in various segments of “Integrity Workshops.”
Crossing borders: Worldwide cooperation for compliance
Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge for us. The increasingly dynamic development of global markets, the emergence of new, digital business models, and intensified international competition also influence our compliance strategy.
In line with the Group’s international orientation, we discuss strategic compliance issues with an internal international compliance advisory team twice a year. In 2021, in keeping with the coronavirus pandemic, compliance officers from the largest and/or strategically most significant international units met with Group Compliance Management in online conferences. Similarly, the company’s annual International Compliance Days were not held in person in 2021, due to the coronavirus pandemic. Monthly international Compliance videoconferences were held in their place. Strategic projects were presented and experiences from compliance activities at our international units exchanged. Topics included “Being Agile and Compliant,” “Digital Ethics” and “Corporate Strategy”.
In the framework of international “best practice calls,” compliance measures of national companies were presented that received especially good assessments in the audits and were upheld as being “best practice” measures and especially exemplary. This was done with a view to promulgating the results of compliance audits pursuant to IDW 980, and to promoting mutual learning in this context, throughout the Group. Examples of such measures include the fraud monitoring system in place at Magyar Telekom (Hungary) and the donation and sponsorship processes in place at OTE Group (Greece). Additional such calls are planned for 2022.
With regard to compliance issues, we also confer with relevant national and international organizations and experts. In addition, we regularly promote the further development of compliance standards and management systems through specialist presentations, publications, and other contributions.
Commitment to anti-corruption initiatives
We participate regularly in the work of national and international organizations that focus primarily on compliance issues. As a member of associations and organizations such as the German Institute for Compliance (DICO e.V.), the Compliance & Integrity forum of ZfW (Center for Business Ethics) and BITKOM, Germany’s digital association, we make use of opportunities to exchange ideas and experiences related to compliance.
For years now we have been using the United Nations International Anti-Corruption Day on December 9 as an opportunity to raise awareness in the Group about the issue of bribery and corruption. In this connection, since 2015 Management Board members have been issuing an annual “Tone from the Top” that speaks out against corruption. In the year under review, Tim Höttges, Chief Executive Officer, and Claudia Nemat, Member of the Deutsche Telekom Board of Management and head of the Board department Technology and Innovation, held an open discussion on anticorruption activities. The Group made a point of carrying out such communication measures during the pre-Christmas period, when many questions arise about the ethical handling of gifts.
Responsible use of artificial intelligence (AI)
Digital responsibilityis a task for society as a whole. Deutsche Telekom develops artificial intelligence (AI) and uses it in a variety of products. AI systems have long played an integral role in our operations. For example, they are used to automatically prioritize customer enquiries. Also, we use chatbots in interactions with customers, in order to speed up processing of customer enquiries and concerns.
We are strongly committed to ethical use of AI – meaning use in which people, and their needs, are always in central focus – just as we are committed to high-quality service and to digital self-determination. Last but not least, we have a great interest in ensuring that our customers can trust our products.
Against this backdrop, in 2018 we were one of the first companies in the world to develop management guidelines for the ethical handling of our AI. They clarify how we at Deutsche Telekom intend to use AI responsibly and develop our AI-based products and services. Our AI Guidelines outline an approach in which AI is developed with people and their needs in mind. They are oriented to the pertinent legal foundations – and to our Code of Human Rights & Social Principles, in which we commit ourselves to upholding and promoting human rights.
To support the specifics of implementing our AI Guidelines, we saw a need to take additional steps, issue additional rules, and introduce additional processes. To that end, we have initiated the following measures:
- True to the motto “share and enlighten,” we have created an online training course on “Digital Ethics” for our employees and held presentations on AI-related topics at the German and international levels.
- In keeping with the fact that many companies are involved with AI, the existing Supplier Code of Conduct has been supplemented with corresponding requirements for handling AI.
- As part of our work as a member of various bodies, we share our experiences and insights with other companies. This occurs, for example, in our work in the Federation of German Industries (BDI); the German Association for Information Technology, Telecommunications and New Media (Bitkom); the German Association for the Digital Economy (BVDW); and the Ethisphere Institute.
In the period under review, we implemented additional measures in support of active application of our AI Guidelines:
- We subjected Telekom Deutschland’s AI-based voice and chatbots for business customer sales to review in keeping with the Federal Office for Information Security’s (BSI’s) criteria for trustworthy AI (AI Cloud Service Compliance Criteria Catalogue (AIC4)), thereby becoming one of the first companies to have such review carried out.
- To support our technological experts and project managers in connection with this issue, and in the context of development of new technologies, we collaborated with them to produce a “Professional Ethics” guide. The guide presents best practices, methods, and tips for applying the AI Guidelines to development processes. With this guide, we are seeking to ensure that all developers who work with AI are able to conform to the AI Guidelines and implement them in the systems and products they develop.
- The Robust AI Assessment project is part of our overarching efforts to link state-of-the-art technologies to ethical standards. In a cooperative effort with experts of Israel’s Ben Gurion University, and the German start-up Neurocat, AI experts of Telekom Innovation Laboratories are working to measure and analyze the robustness of internal and external AI-based products and services, with a view to identifying potential for improvements.
- In addition, we have added the AI Guidelines to the curricula for various training courses for our employees. For example, we have developed relevant training events for our Data Scientist training program and our “Re-Skilling Academy,” and we offer these events in various attractive formats in the framework of Telekom Vocational Training, including virtual tours, online training and “Digital Learning Journeys.”
Further development of the Compliance organization
Due to the increasing challenges in our market environment and changes in the working world, we are constantly adjusting the range of duties covered by Compliance. With means of needs-oriented and ad hoc training courses, we also keep Compliance employees up to date in terms of knowledge and skills.
In 2020, we launched and further developed the “Compliance Next Level” transformation initiative, with a view to preparing our Compliance organization for growing customer requirements, both internal and external, and for digital and agile modes of work. Since October 2021, the Group Compliance Management area has been using agile work processes.
By concentrating training on the topic areas “Innovation,” “Business Ethics” and “Risk Mitigation,” we are seeking to uphold staff’s thoroughgoing customer centricity and their capabilities to respond – collaboratively, quickly and appropriately – to changes in the Compliance sector.
In this context, we have offered employees an extensive range of training measures, such as training focused on agility. These measures have met with broad interest and generated fruitful discussion.