Telekom Logo
2020 Corporate Responsibility Report

Further development of the compliance management system through regular risk assessment

Our goal is to systematically identify, analyze and evaluate compliance risks for the company. Risk-oriented measures can then be derived to prevent legal and regulatory violations. For this reason, an overall compliance risk assessment (CRA) is carried out centrally by Group Compliance Management on an annual basis. It also includes Deutsche Telekom subsidiaries that are selected on a risk basis. For this we have established a Group-wide compliance management process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. In detail, the CRAs proceed as follows:

  • The companies that will take part in the CRA are selected according to the level of maturity of their compliance management system (maturity-based model). In 2020, 69 companies participated. That equates to a coverage of 94.27 percent (based on the number of employees of the fully consolidated companies at the end of 2019). Responsibility for conducting the CRA lies with the respective national company. The central compliance organization also assists with its implementation and provides a standardized methodology. Group Compliance Management then uses the findings from the CRA to derive risk-oriented Group-wide measures. The Board of Management and Audit img Committee of the Supervisory Board of Deutsche Telekom AG are regularly informed about the Group's compliance risk situation.
  • The national companies’ managements are responsible for the results of the compliance risk assessment. Activities and responsibilities for the following year’s compliance program are developed on the basis of these results. The management then passes a formal resolution to approve the program. The measures from the compliance program are monitored closely. Any potential risks for our company are listed in a Group risk map. It enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2020, the risk map covered 27 core risk categories, including, for example, corruption, anti-trust law violations, and violations of the Code of Human Rights & Social Principles. In view of the rapid pace of digitalization, we plan to add the topic of “digital ethics” to the risk map in 2021. Each national company can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.