Aspect 5: Fighting corruption Corruption and unfair business practices violate national and international law. We reject every form of corruption, which is why we focus on corruption avoidance measures. Ethical business practices and compliance SDG 16 We feel it is highly important that all staff and executive bodies in our Group act with integrity and comply with our values, rules of conduct, and applicable laws at all times. The goal of our compliance activities is to prevent violations and improper business behavior and to integrate compliance into our business processes early on and enduringly. Our customers need to be able to trust that our actions meet the highest standards for compliance and integrity around the world. This is essential if we are to be seen as a reliable partner. We have expressed our commitment to complying with ethical principles and current legal standards. We have anchored this pledge in our Guiding Principles and our Code of Conduct. The Code of Conduct is valid throughout the Group and will be introduced in all of our national companies. Group Compliance Management, our central compliance organization, also plays a key role in establishing corporate governance structures and a corporate culture that focus on integrity. It promotes a compliance culture and establishes a set of values centering around the issue of compliance at our Company, and encourages managers and employees to internalize these values. Our understanding of compliance therefore far exceeds simply conducting business legally, i.e., in line with laws and internal regulations, and aims to ensure everyone in our Group behaves with integrity. We have introduced a comprehensive compliance management system that addresses both of these aspects as a way to reduce risks and make sure conduct throughout the Group abides by the regulations in place. All our activities comply both with legal and statutory requirements and with our own policies and internal data privacy regulations. Responsibility for the compliance management system lies with the Board of Management department for Data Privacy, Legal Affairs and Compliance. In addition, one person at management or Board of Management level in each Group company is in charge of compliance. Our Chief Compliance Officer is responsible for the Group-wide design, advancement, and implementation of the compliance management system. Compliance officers implement the compliance management system and our compliance goals locally at the level of our operating segments and national companies. We take many different actions and measures to prevent and fight corruption. Our compliance management system is based on the Compliance Risk Assessment (CRA), which we use to identify and assess compliance risks and introduce suitable preventative measures. We have established an annual process for this purpose throughout the Group that we use to identify responsibilities and define clear assessment criteria that are documented in a traceable manner. The companies that will take part in the CRA are selected according to the level of maturity of their compliance management system (maturity-based model). In the reporting year, the CRA included 72 companies and covered almost 98 percent of the workforce (according to the headcount figures for the fully consolidated companies as of September 2018). The individual Group companies are responsible for conducting the CRA, with support and advice given from the central compliance organization. After the management/managing boards in the national companies have been informed of the CRA findings, these findings are used to outline the compliance program for the following year: Measures and responsibilities are defined and management approves the program. These activities are monitored closely to ensure the measures are carried out. We have our compliance management system regularly certified, with particular attention paid to anti-corruption measures. In 2016, 10 German companies were examined. During 2017 and 2018, 15 international companies received certification, 3 of these in the reporting year. We regularly provide risk-oriented and target group-specific compliance and anti-corruption training. We have set up the Ask me! advice portal to address all kinds of issues relating to compliance. The portal contains reliable information for employees on laws, internal policies, and rules of conduct relevant to their daily activities. Despite the best preventative measures, we are not always able to prevent breaches of law or violations of regulations at the Company. The Tell me! whistleblower portal is available to employees and external parties for reporting breaches or suspected breaches of the law or of internal policies and regulations. In 2018, 137 compliance-related tip-offs were submitted via the Tell me! portal (prior year: 146 tip-offs). Over the course of the year, 46 of these were confirmed to be cases of misconduct and dealt with accordingly. We systematically pursue all tip-offs, including those that reach us via other channels, within the scope of the legal framework available to us, and implement commensurate sanctions. We have introduced a Group-wide reporting process to control and monitor these activities. This primarily includes reporting on Group-wide compliance cases and the status of the compliance program. By signing our Supplier Code of Conduct, our suppliers undertake to refrain from any kind of corruption or conduct that could be interpreted as such. We expect, and work to ensure, that our suppliers observe these obligations, principles, and values, and take all necessary measures to prevent and penalize active and passive corruption. Since 2014, we have offered our suppliers regular e-learning training courses on compliance, besides providing them with a compliance guideline. We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. SDG 17