Aspect 5: Fighting corruption Corruption and unfair business practices violate national and international law. We reject every form of corruption, which is why we focus on corruption avoidance measures. Ethical business practices and compliance SDG 16 We feel it is highly important that all staff and executive bodies in our Group act with integrity and comply with our values, rules of conduct, and applicable laws at all times. The goal of our compliance activities is to prevent violations and improper business behavior and to integrate compliance into our business processes early on and enduringly. Our customers need to be able to trust that our actions meet the highest standards for compliance and integrity around the world. This is essential if we are to be seen as a reliable partner. We have expressed our commitment to complying with ethical principles and current legal standards. We have anchored this pledge in our Guiding Principles and our Code of Conduct. The Code of Conduct is valid throughout the Group and has been introduced in all of our national companies. Group Compliance Management, our central compliance organization, also plays a key role in establishing corporate governance structures and a corporate culture that focus on integrity. It promotes a compliance culture and establishes a set of values centering around the issue of compliance at our Group, and encourages managers and employees to internalize these values. Our understanding of compliance therefore far exceeds simply conducting business legally, i.e., in line with laws and internal regulations, and aims to ensure everyone in our Group behaves with integrity. We have introduced a comprehensive compliance management system that addresses both of these aspects as a way to reduce risks and make sure conduct throughout the Group abides by the regulations in place. All our activities comply both with legal and statutory requirements and with our own policies and internal data privacy regulations. Responsibility for the compliance management system lies with the Board of Management department for Data Privacy, Legal Affairs and Compliance. Its individual units Data Privacy, Legal Affairs, and Compliance were reassigned to the extended Human Resources and Legal Affairs Board of Management department as of January 1, 2019. In addition, one person at management or board of management level in each Group company is in charge of compliance. Our Chief Compliance Officer is responsible for the Group-wide design, advancement, and implementation of the compliance management system. Compliance officers implement the compliance management system and our compliance goals locally at the level of our operating segments and national companies. We take many different actions and measures to prevent and fight corruption. Our compliance management system is based on the Compliance Risk Assessments (CRAs), which we use to identify and assess compliance risks and introduce suitable preventative measures. To this end, we have introduced a Group-wide process to be carried out annually. The companies that will take part in the CRAs are selected according to the level of maturity of their compliance management system (maturity-based model). In the reporting year, the CRAs included 80 companies and covered almost 97 percent of the workforce (according to the headcount figures for the fully consolidated companies as of September 2019). The individual Group companies are responsible for conducting the CRA, with support and advice given from the central compliance organization. We have our compliance management system regularly certified, with particular attention paid to anti-corruption measures. Since 2016, a total of 25 German and international companies have been reviewed. We regularly provide risk-oriented and target group-specific compliance and anti-corruption training. We have set up the Ask me! advice portal to address all kinds of issues relating to compliance. The portal contains reliable information for employees on laws, internal policies, and rules of conduct relevant to their daily activities. Despite the best preventative measures, we are not always able to prevent breaches of law or violations of regulations at the Company. The Tell me! whistleblower portal is available to employees and external parties for reporting breaches or suspected breaches of the law or of internal policies and regulations. In 2019, 122 compliance-related tip-offs were submitted via the Tell me! portal (prior year: 137 tip-offs). Over the course of the year, 38 of these were confirmed to be cases of misconduct and dealt with accordingly. We systematically pursue all tip-offs, including those that reach us via other channels, within the scope of the legal framework available to us, and implement commensurate sanctions. We have introduced a Group-wide reporting process to control and monitor these activities. By signing our Supplier Code of Conduct, our suppliers undertake to refrain from any kind of corruption or conduct that could be interpreted as such. We expect, and work to ensure, that our suppliers observe these obligations, principles, and values, and take all necessary measures to prevent and penalize active and passive corruption. Since 2014, we have offered our suppliers regular e-learning training courses on compliance, besides providing them with a compliance guideline. We select our business partners based on compliance criteria and conduct risk-oriented compliance business assessments. SDG 17