The G+D Compliance Management System
Laws, internal guidelines, corporate values: In order to promote these values, and to support and monitor compliance with these laws, G+D Group has established a global Compliance Management System (CMS).
The G+D CMS is designed to prevent possible breaches of the relevant anti-corruption and antitrust provisions, to uncover any breaches which do occur, and – where applicable – to impose penalties and take relevant measures to prevent such breaches in future. It works on the principle of prevent, detect, react.
G+D’s CMS principle: “Prevent, detect, react”
The background and foundation of the CMS lies in global risk assessment, which the Compliance Offices conduct at regular intervals. Risks are identified, and the CMS and individual actions are modified according to the risk.
A further pillar of the CMS consists of the various guidelines and instructions relating to different compliance-related topics. This provides individual employees with the guidance needed to conduct their daily work routine in compliance with the law and company rules.
Group-wide training sessions constitute another key part of prevention. In order to increase the employees’ awareness of individual compliance issues, and to convey the company’s values to them, the Compliance Offices provide a number of centralized training courses.
For prevention purposes, the Compliance Offices also provide employees with information on individual, current issues via the intranet, and give advice to management and other departments.
In order to give employees, as well as external third parties, the opportunity to report breaches of applicable laws or guidelines, G+D (together with a professional, external provider) provides a web-based Whistleblowing Tool. The tool allows the whistleblower to send a message anonymously, and to communicate anonymously with the relevant office at G+D. Based on information received through various channels, or on irregularities revealed in the scope of corporate audits or compliance monitoring, the Compliance Offices conduct internal investigations if required, in order to clarify the facts and discover any possible misconduct by employees. The Compliance Offices coordinate their actions with representatives from various other departments (e.g. auditing, data protection, security, legal department, human resources) using incident boards.
After completion of the internal investigations, the compliance offices – if available – recommend labor law sanctions to penalize the misconduct, as well as other measures to correct the shortcomings found.
In order to ensure that management and the Compliance Offices are informed about all noncompliance – even potential instances – and any countermeasures taken, and put them in a position to turn around potential negative trends, G+D has developed an extensive reporting procedure. The Compliance Office is notified of important events and international developments by Local Compliance Officers and individual departments. A quarterly compliance report issued by the Compliance Offices enables the Management Board to understand and assess key events and developments in all areas. The Giesecke+Devrient GmbH Management Board reports annually to the Supervisory Board regarding the development of the CMS. Independent of these reporting methods, the Compliance Offices inform the Management Board on an ad hoc basis about relevant individual incidents so that it can assess and implement appropriate measures as quickly as possible.
Development and monitoring
G+D subjects its CMS to a regular internal audit in order to maintain the high standard of the G+D CMS, and to adapt individual regulations and processes to new legal requirements, new risks, and new market standards.
Global implementation and compliance with individual regulations and processes is monitored by the Compliance Office by means of corporate audits and specific compliance monitoring.
Compliance with G+D standards by external parties
International standards and legal requirements also obligate G+D to verify the integrity of its business partners. This applies both before entering into a new business relationship and at regular intervals within an existing partnership. Among other things, G+D requires its business partners to provide full self-disclosure in the course of an risk-based evaluation, and to explicitly commit to ethical business practices.