Ensuring integrity and compliance
We have clearly expressed our commitment to complying with ethical principles and current legal standards. This commitment has been incorporated in our Guiding Principles and Code of Conduct. We have introduced a comprehensive compliance management system: this is a way to combat risks effectively and make sure conduct throughout the Group is based on integrity and complies with our principles and regulations. All activities related to compliance management fulfill legal regulations and our Binding Corporate Rules on Privacy. This policy regulates how personal data is handled at Deutsche Telekom. Responsibility for the compliance management system lies with the top management level at Deutsche Telekom in the Board department for Data Privacy, Legal Affairs and Compliance. In addition, there is a member in each company of Deutsche Telekom on the Management or Board level who is responsible for compliance. The Chief Compliance Officer of Deutsche Telekom AG is responsible for the Group-wide structure, advancement and implementation of the compliance management system. This individual also heads up the Group Compliance unit. We also have compliance officers at each of our operating segments and national companies These individuals are responsible for ensuring that the compliance management system and our compliant goals are implemented on site.
Goals of the compliance management system (CMS)
At Deutsche Telekom, compliance refers to following the rules and doing the "right thing," which means compliance requires all employees to act with integrity. Within the meaning of our five Guiding Principles and Code of Conduct, integrity, and therefore compliance, forms the basis of all our business decisions and activities. It defines the behavior of all our employees when dealing with customers, employees and colleagues, investors, managers and Deutsche Telekom's general environment.
The goals of our compliance activities are based on these principles, the relevant regulations and legal standards as well as on our strategic objective of becoming the leading European telecommunications provider. Concretely, the purpose is to avoid compliance violations and business decisions that are not made with integrity. In addition, compliance should be integrated early on and permanently into business processes. This reduces liability risks for the company. Furthermore, compliance contributes to ensuring that our customers perceive us as a reliable partner. We ensure implementation of our overarching compliance goals in business activities by systematically applying the compliance management system in the areas of prevention, identification and response.
Focus on prevention
Each year, we carry out a Group-wide Compliance Risk Assessment. This helps us identify and assess our compliance risks and define focal points for conducting effective preventative measures, which are compiled in our compliance program.
The goal is to make sure that the conduct of our employees is ethical and compliant at all times, which is why we have set forth clear expectations on employee conduct in our Code of Conduct. We have introduced compliance-related Group policies for this purpose, such as regulations on anti-corruption measures, gifts, invitations, and events, as well as on handling consultants and agents. A policy database makes it easy for our employees to access and follow our policies (Group-wide implementation of the Code of Conduct).
Besides regular compliance training sessions, we also carry out comprehensive anti-corruption training. We specifically address managers to act as multipliers to further raise awareness of compliance. Their feedback is analyzed carefully and used to initiate additional training sessions or other measures if necessary.
Employees can also visit the "Ask me!" portal to have their compliance questions answered and find reliable information on laws, internal policies and codes of conduct relevant to their daily activities.
Finally, we established a variety of communication measures to promote a "compliance culture" in the company.
Identification and monitoring
Despite the best preventative measures, we are not always able to prevent breaches of law or serious violations of internal regulations at the company. We have created the Tell me! whistleblower portal to uncover non-compliant conduct. Our employees as well as external parties, e.g., business partners or customers, can use the portal to report misconduct (Protecting whistleblowers). Deutsche Telekom thoroughly investigates all reports within the limits of the legal framework and punishes such activity appropriately. We have introduced a Group-wide reporting process to control and monitor these activities, including regular internal and external audits of our compliance management activities.
Compliant interaction with business partners and suppliers
Our Code of Conduct specifies proper conduct for all of our employees. With our Social Charter we make a commitment to protecting and promoting human rights including compliance and other issues with the ILO's core labor standards. Our suppliers are expected to comply with the obligations, principles and values set forth therein and we do our part to place our suppliers under the obligation to do so. We also expect our suppliers to require the same of their sub-suppliers. Our General Terms and Conditions for Purchasing include a corporate social responsibility and anti-corruption clause that places suppliers under the obligation to take all steps necessary to prevent and punish active and passive forms of corruption. We have been offering regular e-learning and face-to-face compliance training to our suppliers since 2014 and provide them with a compliance guideline as well (see GRI index).
We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. This applies to customers and suppliers as well as consultants (Consultant Policy), sales agents, development partners, and joint venture partners.
Renewed compliance management certification
In 2016, we once again had our compliance management system certified with a focus on anti-corruption measures. This enables us to ensure we can confront risks consistently and that we have established effective processes in the company. Ten companies in Germany were under review; 13 companies in other countries will follow in 2017.
The certification focused on processes in procurement, sales, HR, and mergers & acquisitions, as well as the topics of events, donations, and sponsorships. The potential danger of corruption is greatest in these areas. Auditors completed their audit of the effectiveness of our compliance management system (CMS) and the system passed with flying colors. We document details regarding audit content and corporate departments that have undergone anti-corruption audits in our audit report.
Certificates and audit assessments play an ever growing role, for instance, in bidding processes and decisions to award bids, offering a clear advantage whenever we are in competition with other companies. External auditors have previously certified our compliance management system (CMS) with a focus on anti-corruption measures and anti-trust law in 2010 and 2013.
Strengthening our corporate culture, encouraging a speak-up culture
A compliance management system (CMS) is only effective if it is lived out in practice in everyday work. This is why we started the "Transparent company culture initiative" in 2016 with the intention of encouraging integrity and a speak-up culture within our company. The project consists of two central pillars: we will begin by completing a scientific study to analyze the existing corporate culture at Telekom. Our research partners are ESMT Berlin and the Hertie School of Governance. As part of this study project, in spring of 2017 we will invite employees from 25 national and international companies to take part in an online survey for the purpose of examining our current compliance culture. The second pillar of the initiative is founding an independent panel of experts to monitor the study intensively. The expert panel will consist of company representatives as well as external experts from NGOs, economics, science, and society. After completing the online survey, the panel of experts will assess the results and develop suggestions for strengthening our corporate culture. These will be submitted to the Board of Management as a basis for decision-making on future measures.
In addition, we started the "Speak-Up Culture" initiative in 2016 to encourage objection within the company where this is necessary. Employees are to be empowered to report misconduct or take action early on. Besides a variety of communication measures, the initiative includes completing a survey that allows our employees to state their views on the speak-up culture at Telekom and find out how they fit in with this culture. The results of the survey show that there is already a speak-up culture within the company, although it does need to be strengthened further. Managers, in particular, need to be willing to accept dissent, and doubters must be encouraged to express their opinions more often. Experience reports by former whistleblowers will supplement these various measures.
International collaboration on compliance
Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge. The increasingly dynamic development of global markets and intensified international competition also influence our compliance strategy.
In line with the Group's international structure, we discuss strategic issues with an international compliance advisory team twice a year and define a shared compliance approach. The team is a trend-setter of sorts, as it provides an impetus for designing and implementing balanced compliance structures at Deutsche Telekom. We have also been promoting Group-wide compliance collaboration for years through meetings of the representatives of all compliance organizations from our international subsidiaries. Our International Compliance Days took place for the twelfth time in 2016: around 140 compliance officers from 31 countries met on April 13 and 14 at the Telekom Forum in Bonn. They discussed compliance strategies and trends under the motto of "Teamwork, Excellence and Integrity". In addition, they launched the "Speak-up Culture" campaign, with which we want to encourage employees to report misconduct or take action promptly.
Preventing and fighting corruption
All Group units regularly audited for risk of corruption
We conduct a wide spectrum of internal measures to prevent and fight corruption. The compliance risk assessment forms the foundation of our compliance management system. It helps us identify and evaluate compliance risks and develop appropriate prevention measures. We have established an annual process for this purpose Group-wide: it identifies responsible officers and defines clear assessment criteria that are documented in a traceable manner. The companies that will take part in the compliance risk assessment are selected using a model centered on how developed and complete their compliance programs are. 79 companies participated in the assessment process in 2016.
Our Group risk map is a key component of the compliance risk assessment that we use to assess risks that are particularly significant to our company. The risk map enables Deutsche Telekom's globally active companies with their various business models to conduct systematic risk analyses. It currently covers 27 core risk categories ranging from corruption and anti-trust law violations to violations of the Group Code of Conduct. Each subsidiary can add additional categories specific to their business needs. This involves defining which specific threat each risk poses to the subsidiary and stating which measures have already been implemented to mitigate this risk. If necessary, additional measures are developed to reduce the risks to a manageable level. Responsibility for the compliance risk assessment lies with the respective Group company. Our central compliance organization provides support and advice in these matters.
The subsidiaries' managing boards are informed of the results of the compliance risk assessment. Subsequently the compliance program for the following year is defined, including specific measures and responsibilities. The managing board passes a formal resolution to approve the program. The compliance program measures are monitored closely.
Investigation based on clear criteria
Deutsche Telekom has specified clear criteria for investigating suspected cases of corruption. We only start investigations if a violation of legal or internal regulations is reported with a sufficient degree of detail. Any tips that meet this requirement are investigated thoroughly. Any violations we uncover are punished appropriately. In some cases employment relationships have even been terminated for good cause. Claims for damages may also be asserted. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
"Tell me!" portal: 121 reports received
In 2016, 121 compliance-related reports were made to Deutsche Telekom via the "Tell me!" portal (120 reports were made in the previous year). 14 of those are still being reviewed for plausibility and investigations are being made into 60 plausible reports (as at: January 2017). 20 of these were confirmed as actual misconduct and were punished accordingly. 26 cases are still in the investigation phase. In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. Overall, most reports made in 2016 related to potential cases of embezzlement, theft, and fraud, commission fraud, and manipulation of targets.
Engagement in anti-corruption initiatives
Deutsche Telekom AG regularly joins forces with national and international organizations that deal specifically with compliance-related issues including combating corruption. As a member of associations and organizations such as the Compliance & Integrity forum of ZfW (Center for Business Ethics), DICO (German Institute for Compliance e.V.), Bitkom (Federal Association for Information Technology, Telecommunications and New Media), Deutsche Telekom makes use of the opportunity to exchange ideas and experiences related to compliance. Thanks to this collaborative approach and exchange of experiences, Deutsche Telekom AG not only makes a valuable contribution to anti-corruption within the Group, but also to initiatives in this field worldwide. Deutsche Telekom AG uses the findings to work on continually improving its compliance management system.