Telekom Logo
  • 2019 Corporate Responsibility Report

Compliance management enhanced with risk assessment

If we are going to be successful in preventing and countering legal infractions and regulatory breaches, then we need to adopt the correct approach to assessing compliance risks. That is why our compliance management system is centered around an annual compliance risk assessment. To help us carry this out, we have put in place a Group-wide compliance management process, allocated responsibilities, and defined assessment criteria. The individual steps in the compliance risk assessment, all of which are documented transparently, are as follows:

  • The companies that will take part in the compliance risk assessment are selected using a model based around how developed and complete their compliance programs are. A total of 80 companies took part in 2019. This equates to a coverage of just under 97 percent in terms of headcount. Responsibility for conducting the compliance risk assessment lies with the respective national company. Our central compliance organization provides support and advice in these matters.
  • The national companies’ managing boards are responsible for the results of the compliance risk assessment. Activities and responsibilities for the following year’s compliance program are developed on the basis of these results. The managing board then passes a formal resolution to approve the program. The compliance program measures are monitored closely.
  • We use the Group risk map to assess risks that are particularly significant to our company. The risk map enables Deutsche Telekom’s companies, with their various business models, to conduct systematic risk analyses. It currently covers 27 core risk categories, ranging from corruption and anti-trust law violations to contraventions of the Code of Human Rights & Social Principles. Each national company can add additional categories specific to their business needs. This involves defining which specific threat each risk poses to the national company and stating which measures have already been implemented to mitigate this risk. If necessary, additional measures are developed to reduce the risks to a manageable level.