We have clearly expressed our commitment to complying with ethical principles and current legal standards. This commitment has been incorporated in our Guiding Principles and Code of Conduct. We have introduced a comprehensive compliance management system. This is a way to effectively combat risks and make sure conduct throughout the Group is based on integrity and complies with our principles and regulations. All activities related to compliance management fulfill legal regulations and our Binding Corporate Rules on Privacy. This policy regulates how personal data is handled at Deutsche Telekom. Responsibility for the compliance management system lies with the top management level at Deutsche Telekom in the Board department for Data Privacy, Legal Affairs and Compliance. In addition, there is a member in each company of Deutsche Telekom at the Management or Board level who is responsible for compliance. The Chief Compliance Officer of Deutsche Telekom AG is responsible for the Group-wide structure, advancement and implementation of the compliance management system. This individual also heads up the Group Compliance unit. We also have compliance officers (COs) at each of our operating segments and national companies These individuals are responsible for ensuring that the compliance management system and our compliance goals are implemented on site.
Goals of the compliance management system
At Deutsche Telekom, compliance refers to following the rules and doing the "right thing", which means compliance requires all employees to act with integrity. Within the meaning of our five Guiding Principles and Code of Conduct, integrity, and therefore compliance, forms the basis of all our business decisions and activities. It defines the behavior of all our employees when dealing with customers, employees and colleagues, investors, managers and Deutsche Telekom's general environment.
The goals of our compliance activities are based on these principles, the relevant regulations and legal standards as well as on our strategic objective of becoming the leading European telecommunications provider. Specifically, the purpose is to avoid compliance violations and business decisions that are not made with integrity. In addition, compliance should be integrated early on and permanently into business processes. This reduces liability risks for the company. Furthermore, compliance contributes to ensuring that our customers perceive us as a reliable partner. We ensure implementation of our overarching compliance goals in business activities by systematically applying the compliance management system in the areas of prevention, identification and response.
Focus on prevention
Each year, we carry out a Group-wide Compliance Risk Assessment. This helps us identify and assess our compliance risks and define focal points for conducting effective preventative measures, which are compiled in our compliance program.
The goal is to make sure that the conduct of our employees is ethical and compliant at all times, which is why we have set forth clear expectations on employee conduct in our Code of Conduct. We have introduced compliance-related Group policies for this purpose, such as regulations on anti-corruption measures, gifts, invitations, and events, as well as on handling consultants and agents. A policy database makes it easy for our employees to access and follow our policies (Group-wide implementation of the Code of Conduct).
Besides regular compliance training sessions, we also carry out comprehensive anti-corruption training (see GRI 205-2). We specifically address managers to act as multipliers to further raise awareness of compliance. Their feedback is analyzed carefully and used to initiate additional training sessions or other measures, if necessary.
Employees can also visit the "Ask me!" portal to have their compliance questions answered. The “Ask me!” advisory team gives answers in case of behavioral uncertainties. The portal contains an FAQ with exemplary cases and reliable information on laws, internal policies, and behavioral standards.
We have also introduced various measures to promote a culture of compliance at our company.
Identification and monitoring
Despite the best preventative measures, we are not always able to prevent breaches of law or serious violations of internal regulations at the company. We have created the Tell me! whistleblower portal to uncover non-compliant conduct. Our employees as well as external parties, e.g., business partners or customers, can use the portal to report misconduct (Protecting whistleblowers). Deutsche Telekom thoroughly investigates all reports within the limits of the legal framework and punishes such activity appropriately. We have introduced a Group-wide reporting process to control and monitor these activities, including regular internal and external audits of our compliance management activities.
Compliant interaction with business partners and suppliers
Our Code of Conduct specifies proper conduct for all of our employees. With our Code of Human Rights & Social Principles (a successor to the Social Charter), we make a commitment to protecting and promoting human rights including compliance with the ILO's core labor standards. Our Supplier Code of Conduct stipulates that our suppliers as well as their sub-contractors must comply with the principles and values set forth by our Code of Conduct and the Code of Human Rights & Social Principles that places suppliers under the obligation to take all steps necessary to prevent and punish active and passive forms of corruption. The Code of Conduct is part of the General Terms and Conditions for Purchasing but does not replace the laws and regulations of countries where our suppliers are active. Rather, its aim is to facilitate compliance with these laws and regulations and guarantee that they are implemented faithfully and effectively. We have been offering e-learning on compliance to our suppliers since 2014, as well as providing them with a compliance guideline.
We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. This applies to customers and suppliers as well as consultants (Consultant Policy), sales agents, development partners, and joint venture partners.
Integrity, respect and compliance with the law – this is the principle on which Deutsche Telekom’s business activities are based. Our Code of Conduct sets forth the central reference framework for legally compliant and moral conduct. We revised the Code in 2017, with the goal of focusing on issues of compliance and integrity and finding a positive way to raise employee awareness of, and motivation to tackle, these issues. The revised Code of Conduct continues to provide an overview of our understanding of values and of the basic principles that guide our actions. In some places, this overview provides more detail by referring to internal policies and regulations. The Code of Conduct makes a significant contribution to our business success by providing a fixed foundation for our business activities.
In 2017, we once again had our compliance management system certified with a focus on anti-corruption measures. This is our way of ensuring that we can confront risks consistently and that we have established effective processes in the company. After 10 companies were audited in Germany in 2016, we had 12 international companies certified in 2017.
The certification focused on processes in Procurement, Sales, HR, and Mergers & Acquisitions, as well as on events, donations, and sponsorships. The potential danger of corruption is greatest in these areas. The auditors completed their audit of the effectiveness of our compliance management system, and the system passed with flying colors. We document details regarding audit content and corporate departments that have undergone anti-corruption audits in our audit report.
Certificates and audit assessments play an ever-increasing role, for instance in bidding processes and decisions to award bids, offering a clear advantage whenever we are in competition with other companies. External auditors previously certified our compliance management system with a focus on anti-corruption measures and anti-trust law in 2010 and 2013.
A compliance management system is only effective if it is actually implemented in everyday activities. This is why we started the Transparent Company Culture initiative in 2016 with the intention of encouraging integrity and a speak-up culture within our company.
We conducted a large-scale employee survey in this context in the spring of 2017 to find out more about Deutsche Telekom's corporate culture and how it is being lived – especially with a view towards compliance topics. About 52,000 employees in 25 national and international Deutsche Telekom companies took part in the online survey. There were also one-to-one interviews and discussions with focus groups. The European School of Management and Technology (ESMT Berlin) and Hertie School of Governance were our research partners in this extensive study.
The initiative was supported by an expert committee created specifically for this purpose. The committee was comprised of Deutsche Telekom employees as well as representatives from non-governmental organizations, the business and scientific communities and society. The experts' task was to guide and assess the study. The results are positive overall. The vast majority of employees is committed to Deutsche Telekom's rules and is not willing to act in an unethical manner. The strengths of the compliance culture include, among others, the clarity of the rules, the willingness of employees to report misconduct and the ethical conduct of direct supervisors. An admitted weakness is the fact that there is a small group of employees who are willing to break the rules. Identified weaknesses were intensely discussed by the Board of Management and included in a set of measures for further strengthening the value-oriented compliance culture at Deutsche Telekom.
The Speak-up Culture initiative: Constructive criticism expressly wanted
One measure from the Transparent Corporate Culture initiative is that the Speak-up Culture initiative will continue to be implemented with various focal areas. The goal of the campaign is to encourage objection within the company where this is necessary. Employees should be encouraged to correctly and successfully address grievances in critical situations, just as managers should be open to hearing these grievances. An environment should also be created wherein "critical minds" can voice their opinions. Both classroom and online courses will be offered, nationally and internationally, to this end.
Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge. The increasingly dynamic development of global markets and intensified international competition also influence our compliance strategy.
In line with the Group's international orientation, we discuss strategic issues with an international compliance advisory team twice a year. The team is a trend-setter of sorts for designing and implementing balanced compliance structures at Deutsche Telekom. We have also been promoting Group-wide compliance cooperation for years through meetings of the representatives of all compliance organizations from our international subsidiaries.
Compliance Days in Warsaw: Be together – Talk together – Create together
The International Compliance Days took place for the 13th time in May 2017. Under the motto "Be together – Talk together – Create together", around 100 compliance officers from more than 20 countries met in Warsaw, Poland. During the two-day event, experts discussed current compliance topics such as digitalization and veto rights and attended workshops where they worked together on further refining these topics.
Deutsche Telekom rated one of the most ethical companies in the world in 2018
The Arizona-based Ethisphere Institute ranked Deutsche Telekom as one of the world's most ethical companies in 2018. We received this honor upon our first attempt, since this is the first time that we took part in this survey. In Germany, we are the sole recipient of this honor. Ethisphere commends the excellent performance of companies with the highest ethical competence worldwide. In addition to Deutsche Telekom and T-Mobile US, the ethics institute recognized another 133 companies in 23 countries and 57 industries as "2018 World’s Most Ethical Companies".
We take many different actions and measures to prevent and fight corruption. The compliance risk assessment forms the foundation of our compliance management system. It helps us identify and evaluate compliance risks and develop appropriate preventive measures. We have established an annual process for this purpose Group-wide. It identifies responsible officers and defines clear assessment criteria that are documented in a traceable manner. The companies that will take part in the compliance risk assessment are selected using a model centered on how developed and complete their compliance programs are. 73 companies participated in the assessment process in 2017.
Our Group risk map is a key component of the compliance risk assessment that we use to assess risks that are particularly significant to our company. The risk map enables Deutsche Telekom's companies with their various business models to conduct systematic risk analyses. It currently covers 27 core risk categories ranging from corruption and anti-trust law violations to violations of the Group Code of Conduct. Each national company can add additional categories specific to their business needs. This involves defining which specific threat each risk poses to the national company and stating which measures have already been implemented to mitigate this risk. If necessary, additional measures are developed to reduce the risks to a manageable level. Responsibility for conducting the compliance risk assessment lies with the respective national company. Our central compliance organization provides support and advice in these matters.
The national companies' managing boards are informed of the results of the compliance risk assessment. Subsequently, the compliance program for the following year is defined, including specific measures and responsibilities. The managing board then passes a formal resolution to approve the program. The compliance program measures are monitored closely.
Investigation of suspected corruption based on clear criteria
Deutsche Telekom has specified clear criteria for investigating suspected cases of corruption. We start investigations if a violation of legal or internal regulations is reported with a sufficient degree of detail. Any tips that meet this requirement are investigated thoroughly. Any violations we uncover are punished appropriately. In some cases employment relationships have even been terminated for good cause. Claims for damages may also be asserted. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
In 2017, 146 compliance-related reports were made to Deutsche Telekom via the "Tell me!" portal (108 reports were made in the previous year). 24 of those are still being reviewed for plausibility and investigations are being made into 66 plausible reports (as of January 16, 2018). 43 of these were confirmed as actual misconduct and were punished accordingly. 12 cases are still in the investigation phase. In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. Most of the tip-offs received in 2017 related to potential cases of commission fraud, manipulation of targets, misappropriation, theft and fraud.
In principle, we always follow up on all compliance-relevant tip-offs, even those that reach us through other channels.
Deutsche Telekom AG regularly joins forces with national and international organizations that deal specifically with compliance-related issues, including combating corruption. As a member of associations and organizations such as the Compliance & Integrity forum of ZfW (Center for Business Ethics), DICO (Deutsches Institut für Compliance e.V. - German Institute for Compliance), Bitkom (Federal Association for Information Technology, Telecommunications and New Media), Deutsche Telekom makes use of the opportunity to exchange ideas and experiences related to compliance. Thanks to this collaborative approach and exchange of experiences, Deutsche Telekom AG not only makes a valuable contribution to anti-corruption within the Group, but also to initiatives in this field worldwide. Deutsche Telekom AG uses the findings to work on continually improving its compliance management system.