Unlawful conduct and corruption are not only prosecutable – they also harm a company’s corporate culture, its reputation and its business relations. Clear guidelines and monitoring of those guidelines are needed in order to prevent corruption. In particular in markets where corruption is common, companies must analyse the potential conflicts and raise awareness among their employees. This calls for the topic to be firmly enshrined in the management culture. Internal processes which ensure conduct that complies with the law and policy from a company’s own employees and those of its business partners can minimise business risks and improve cooperation.
What needs to be borne in mind?
This criterion relates both to the observance of the law and policy in general (including, for example, the relevant environmental legislation) and to the prevention of corruption in particular. You should report on any formalised processes such as due diligence processes and compliance systems and also on specific measures such as the two-person-check principle. State how any violations of external rules and internal standards are identified and what action is then taken and who within the management bears responsibility for the area of conduct that complies with the law and policy. You may name standards that you use for guidance (e.g. the United Nations Global Compact).
You should also give details of whether and how the topic is enshrined in the corporate culture, for example whether the employees and executives are given regular training on the topics of compliance and integrity and whether and how people can turn to someone in confidence in the event of suspicions (ombudsperson, external/internal whistle-blowing systems) without fearing sanctions from their line manager.
Report on the strategies, concrete measures, standards, systems and processes in place to prevent unlawful conduct and, in particular, corruption. Give details of how corruption and other contraventions in the company are prevented and exposed and what sanctions are imposed.
State how implementation of the strategies, measures, standards, systems and processes is verified.
State who within your company is responsible for the topic of compliance and how management is involved.
State how managers and staff are made aware of this topic.
State whether previous goals were achieved and, if so, to what extent, and disclose any goals which were not achieved and why.
Report on the material risks arising from your business activities, your business relations and your products and/or services that are likely to have a negative impact on conduct that complies with the law and policy .
Conduct that complies with the law relates to the avoidance of corruption and cartel arrangements and the observance of statutory provisions, e.g. regarding data protection, environmental protection or occupational health and safety (compliance). In contrast, conduct that complies with policy is about an organisation observing the rules of conduct it sets itself in the form of codes of conduct etc. (integrity). This criterion therefore encompasses both legality and legitimacy.
Due diligence relates to exercising due care when assessing risks with a view to identifying all the risks relevant to an organisation. The negative effects that exist or could arise as a result of a company’s business activities, products and services in terms of conduct that complies with the law and policy should be monitored and, in the event of violations, appropriate remedial action should be offered.
Reporting in line with the German CSR Directive Implementation Act
(German legislation implementing the Directive 2014/95/EU)
Preventing corruption and bribery
If you also wish to use your Code declaration to comply with the reporting obligation in accordance with the CSR Directive Implementation Act (CSR-RUG), the checklist below will give you guidance regarding how the Code Office checks it for formal completeness. You can provide the relevant information concerning preventing corruption and bribery under Code criteria 19 and 20. Questions set in italics are already covered in your responses to the corresponding Code aspects.
1. Report on the management policy pursued:
a. Goals and planned goal achievement time frames.
b. How corporate governance is incorporated into the policy (criterion 20, aspect 3).
c. Strategies and concrete measures for achieving the goals (criterion 20, aspect 1).
d. Internal processes for monitoring implementation of the measures (criterion 20, aspect 2).
2. Report on the results of the policy:
a. Whether and to what extent previous goals were achieved (criterion 20, aspect 4).
b. Whether and how it is determined that the policy needs modifying and what conclusions are then drawn.
3. Report on the risks:
a. How the risks were identified and the material risks were filtered out (due diligence processes).
b. Material risks arising from your business activities that are highly likely to have a negative impact on conduct that complies with the law and policy (criterion 20, aspect 6).
c. Material risks arising from your business relations that are highly likely to have a negative impact on conduct that complies with the law and policy (criterion 20, aspect 6).
d. Material risks arising from your products and services that are highly likely to have a negative impact on conduct that complies with the law and policy (criterion 20, aspect 6).