We have clearly expressed our commitment to complying with ethical principles and current legal standards. This commitment has been incorporated in our Guiding Principles and Code of Conduct. We have introduced a comprehensive compliance management system. This is a way to effectively combat risks and make sure conduct throughout the Group is based on integrity and complies with our principles and regulations. All activities related to compliance management fulfill legal regulations and our Binding Corporate Rules on Privacy. This policy regulates how personal data is handled at Deutsche Telekom. Responsibility for the compliance management system lies with the top management level at Deutsche Telekom in the Board department for Data Privacy, Legal Affairs and Compliance. In addition, there is a member in each company of Deutsche Telekom at the Management or Board level who is responsible for compliance. The Chief Compliance Officer of Deutsche Telekom AG is responsible for the Group-wide structure, advancement and implementation of the compliance management system. This individual also heads up the Group Compliance unit. We also have compliance officers (COs) at each of our operating segments and national companies These individuals are responsible for ensuring that the compliance management system and our compliance goals are implemented on site.
Goals of the compliance management system
At Deutsche Telekom, compliance refers to following the rules and doing the "right thing", which means compliance requires all employees to act with integrity. Within the meaning of our five Guiding Principles and Code of Conduct, integrity, and therefore compliance, forms the basis of all our business decisions and activities. It defines the behavior of all our employees when dealing with customers, employees and colleagues, investors, managers and Deutsche Telekom's general environment.
The goals of our compliance activities are based on these principles, the relevant regulations and legal standards as well as on our strategic objective of becoming the leading European telecommunications provider. Specifically, the purpose is to avoid compliance violations and business decisions that are not made with integrity. In addition, compliance should be integrated early on and permanently into business processes. This reduces liability risks for the company. Furthermore, compliance contributes to ensuring that our customers perceive us as a reliable partner. We ensure implementation of our overarching compliance goals in business activities by systematically applying the compliance management system in the areas of prevention, identification and response.
Focus on prevention
Each year, we carry out a Group-wide Compliance Risk Assessment. This helps us identify and assess our compliance risks and define focal points for conducting effective preventative measures, which are compiled in our compliance program.
The goal is to make sure that the conduct of our employees is ethical and compliant at all times, which is why we have set forth clear expectations on employee conduct in our Code of Conduct. We have introduced compliance-related Group policies for this purpose, such as regulations on anti-corruption measures, gifts, invitations, and events, as well as on handling consultants and agents. A policy database makes it easy for our employees to access and follow our policies (Group-wide implementation of the Code of Conduct).
Besides regular compliance training sessions, we also carry out comprehensive anti-corruption training (see GRI 205-2). We specifically address managers to act as multipliers to further raise awareness of compliance. Their feedback is analyzed carefully and used to initiate additional training sessions or other measures, if necessary.
Employees can also visit the "Ask me!" portal to have their compliance questions answered. The portal contains FAQs with example cases, as well as information on laws, internal policies, and behavioral standards. Our employees can use it to contact the "Ask me!" advisory team, which will provide them with dependable answers if they are unsure about how they should act.
We have also introduced various measures to promote a culture of compliance at our company.
Identification and monitoring
Despite the best preventative measures, we are not always able to prevent breaches of law or serious violations of internal regulations at the company. We have created the Tell me! whistleblower portal to uncover non-compliant conduct. Our employees as well as external parties, e.g., business partners or customers, can use the portal to report misconduct (Protecting whistleblowers). Deutsche Telekom thoroughly investigates all reports within the limits of the legal framework and punishes such activity appropriately. We have introduced a Group-wide reporting process to control and monitor these activities, including regular internal and external audits of our compliance management activities.
Compliant interaction with business partners and suppliers
Our Code of Conduct specifies proper conduct for all of our employees. With our Code of Human Rights & Social Principles, we make a commitment to protecting and promoting human rights including compliance with the International Labour Organization's core labor standards. Our Supplier Code of Conduct stipulates that our suppliers must comply with the principles and values set forth by our Code of Conduct and the Code of Human Rights & Social Principles. We also expect our suppliers to require the same of their sub-contractors. Our suppliers are also under the obligation to take all steps necessary to prevent and punish active and passive forms of corruption. The Code of Conduct is part of the General Terms and Conditions for Purchasing, but does not replace the laws and regulations of countries where our suppliers are active. Rather, its aim is to facilitate compliance with these laws and regulations and guarantee that they are implemented faithfully and effectively. We have been offering e-learning on compliance to our suppliers since 2014.
We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. This applies to customers and suppliers as well as consultants (Consultant Policy), sales agents, development partners, and joint venture partners.
Responsible use of artificial intelligence (AI)
Under the leadership of Group Compliance Management, we adopted guidelines on the ethical use of artificial intelligence (AI) in 2018. They define how we at Deutsche Telekom should use AI responsibly and how we should develop our AI-based products and services in the future. We do not claim that our guidelines constitute universally valid rules on the responsible use of AI, but instead want to develop them further in dialog with our employees and external stakeholders.
Integrity, respect and compliance with the law – this is the principle on which Deutsche Telekom's business activities are based. Our Code of Conduct sets forth the central reference framework for legally compliant and moral conduct. We revised the Code in 2017, with the goal of focusing on issues of compliance and integrity and finding a positive way to raise employee awareness of, and motivation to tackle, these issues. The revised Code of Conduct continues to provide an overview of our understanding of values and of the basic principles that guide our actions. In some places, this overview provides more detail by referring to internal policies and regulations. The Code of Conduct makes a significant contribution to our business success by providing a fixed foundation for our business activities.
In 2018, we once again had our compliance management system certified with a focus on anti-corruption measures. This is our way of ensuring that we can confront risks consistently and that we have established effective processes in the company. Three further international companies were certified in 2018 (2017: 12 companies; 2016: 10).
The certification focused on processes in Procurement, Sales, HR, and Mergers & Acquisitions, as well as on events, donations, and sponsorships. The potential danger of corruption is greatest in these areas. The auditors completed their audit of the effectiveness of our compliance management system, and the system passed with flying colors. We document details regarding audit content and corporate departments that have undergone anti-corruption audits in our audit report.
Certificates and audit assessments play an ever-increasing role, for instance in bidding processes and decisions to award bids, offering a clear advantage whenever we are in competition with other companies. External auditors previously certified our compliance management system with a focus on anti-corruption measures and anti-trust law in 2010 and 2013.
A compliance management system is only effective if it is actually implemented in everyday activities. This is why we started the Transparent Company Culture initiative in 2016 with the intention of encouraging integrity and a speak-up culture within our company. In the following year we launched a large-scale study on the culture of compliance at Deutsche Telekom. On the basis of the results, we put together a broad set of measures to encourage the speak-up culture at the company. We continued these measures in 2018.
The results of our study on the culture of compliance
In 2018 we conducted an online survey in which 29,000 employees from national and international Deutsche Telekom companies took part. The European School of Management and Technology (ESMT Berlin) and Hertie School of Governance were our research partners in this extensive study. The initiative was supported by an expert committee created specifically for this purpose. The committee was comprised of Deutsche Telekom employees as well as representatives from non-governmental organizations, the business and scientific communities and society.
The results are very positive overall. 97 percent of those surveyed are committed to Deutsche Telekom's rules and are not willing to act in an unethical manner. The vast majority stand by their own values and would not stray from them, even under pressure. A large proportion of those surveyed also state that they would report specific misconduct uncompromisingly. The strengths of the compliance culture include, among others, the clarity of the rules. One weakness that was identified was the lack of an open feedback culture. Some employees are wary about raising problems. Others have had a negative experience when doing so. Identified weaknesses were intensely discussed by the Board of Management and included in a set of measures for further strengthening the value-oriented compliance culture at the Group.
Current measures in 2018
One of these measures is the Speak-up Culture initiative. Employees should be encouraged to openly address grievances in critical situations, just as managers should be open to hearing these grievances. An environment should also be created wherein "critical minds" can voice their opinions. Both classroom and online courses are offered, nationally and internationally, to this end. We also want to reduce employees' inhibitions about addressing grievances and delicate issues. To foster that, we offer voluntary "Speak Up!" training courses for employees where we show them communication techniques that can be used in difficult situations.
As part of that, we staged special "Ethical Leadership" training courses with all members of the Board of Management and their management teams in 2018, with the goal of encouraging them to reflect on their own ethical conduct. We are also currently reviewing our recruiting processes so that ethical conduct will be taken into account more systematically in the future when new managers are hired.
We are currently preparing surveys of our employees, with the objective of enhancing our culture of communication even more purposefully on the basis of their feedback.
Different legal practices and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge. The increasingly dynamic development of global markets and intensified international competition also influence our compliance strategy.
In line with the Group's international orientation, we discuss strategic issues with an international compliance advisory team twice a year. The team is a trend-setter of sorts for designing and implementing balanced compliance structures at Deutsche Telekom. We have also been promoting Group-wide compliance cooperation for years through meetings of the representatives of all compliance organizations from our international subsidiaries.
Compliance Days 2018 in Barcelona: "Work internationally – Go digital – Stay compliant"
Our International Compliance Days took place for the 14th time in April 2018: Under the motto "Work internationally – Go digital – Stay compliant," around 100 compliance officers from more than 20 countries met in Barcelona, Spain. During the two-day event, experts discussed current compliance topics such as digitalization, Speak-up Culture, and principles of ethical leadership.
Deutsche Telekom rated one of the most ethical companies in the world in 2019
The Arizona-based Ethisphere Institute ranked Deutsche Telekom as one of the world’s most ethical companies in 2018. We have now taken part in this survey for the second time and received this accolade – as the only company in Germany to do so. Ethisphere commends the excellent performance of companies with the highest ethical competence worldwide. In addition to Deutsche Telekom and T-Mobile USA, the ethics institute recognized another 128 companies in 21 countries and 50 industries as “2019 World’s Most Ethical Companies”.
We take many different actions and measures to prevent and fight corruption. The compliance risk assessment forms the foundation of our compliance management system. It helps us identify and evaluate compliance risks and develop appropriate preventive measures. We have established an annual process for this purpose Group-wide. It identifies responsible officers and defines clear assessment criteria that are documented in a traceable manner. The companies that will take part in the compliance risk assessment are selected using a model centered on how developed and complete their compliance programs are. 72 companies participated in the assessment process in 2018. It thus covered just under 98 percent of employees.
Our Group risk map is a key component of the compliance risk assessment that we use to assess risks that are particularly significant to our company. The risk map enables Deutsche Telekom's companies with their various business models to conduct systematic risk analyses. It currently covers 27 core risk categories ranging from corruption and anti-trust law violations to violations of the Group Code of Conduct. Each national company can add additional categories specific to their business needs. This involves defining which specific threat each risk poses to the national company and stating which measures have already been implemented to mitigate this risk. If necessary, additional measures are developed to reduce the risks to a manageable level. Responsibility for conducting the compliance risk assessment lies with the respective national company. Our central compliance organization provides support and advice in these matters.
The national companies' managing boards are informed of the results of the compliance risk assessment. Subsequently, the compliance program for the following year is defined, including specific measures and responsibilities. The managing board then passes a formal resolution to approve the program. The compliance program measures are monitored closely.
Investigation of suspected corruption based on clear criteria
Deutsche Telekom has specified clear criteria for investigating suspected cases of corruption. We start investigations if a violation of legal or internal regulations is reported with a sufficient degree of detail. Any tips that meet this requirement are investigated thoroughly. Any violations we uncover are punished appropriately. In some cases employment relationships have even been terminated for good cause. Claims for damages may also be asserted. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
In 2018, 137 compliance-related reports were made to Deutsche Telekom via the "Tell me!" portal (146 reports were made in the previous year). 29 of those are still being reviewed for plausibility and investigations are being made into 68 plausible reports (as of January 3, 2019). 46 of these were confirmed as actual misconduct and were punished accordingly. Nine cases are still in the investigation phase. In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. Most of the tip-offs received in 2018 focused on “financial interests” (possible cases of fraud, breach of trust, misappropriation, theft, manipulation of targets, and unfair sales methods).
In principle, we always follow up on all compliance-relevant tip-offs, even those that reach us through other channels.
Deutsche Telekom AG regularly joins forces with national and international organizations that deal specifically with compliance-related issues, including anti-corruption. As a member of associations and organizations such as the Compliance & Integrity forum of ZfW (Center for Business Ethics) and BITKOM (Federal Association for Information Technology, Telecommunications and New Media), we make use of the opportunity to exchange ideas and experiences related to compliance. Thanks to our collaborative approach and exchange of experiences, we not only make a contribution to anti-corruption within the Group, but also to initiatives in this field worldwide. We use the findings to work on continually improving our compliance management system.