Group information

Compliance Report

COMPLIANCE – UNDERSTANDING AND PRINCIPLES

Compliance is an integral part of DB Group’s corporate and management culture. We understand compliance to mean that all of our business activities fully comply with applicable laws and internal rules.

We already defined these principles last year in a Code of Conduct that is binding for all employees, executives, managing directors and members of the Management Board. The purpose of the Code is to ensure that our dealings with customers, business associates, competitors, employees and the owner are based on integrity and fair and legal behavior. The Code of Conduct also reflects the significantly expanded understanding of what compliance means. While the main emphasis of compliance activities in the past was on investigating and prosecuting white-collar criminality, today’s understanding of compliance is broader and has a preventive focus.

Redefined compliance organization

During the course of the year under review our central compliance organization was almost completely restructured and will be further expanded by the addition of decentral units. The purpose of this was to ensure that compliance is firmly anchored where business actually takes place and responsibilities are located. The new regional contact persons will be able to better respond to local conditions and business-specific requirements. They will also bring a broader – and above all more individualized – focus, for example at our subsidiary companies in Germany or within the framework of consulting projects abroad. This move sets the signals for modern, globally oriented compliance-risk management. In addition to implementing the organizational and personnel changes, the major tasks handled during the year under review included the completion of an analysis examining weak areas for compliance, the structure of the whistle-blower management system, the continual further development of the training concept, as well as the introduction of a compliance-risk management system based on a systematic risk analysis.

Introduction of compliance-risk analysis

During the year under review we developed and installed a systematic compliance-risk analysis. Within the framework of a precisely targeted analysis of our compliance risks, all business units and selected companies across the Group were evaluated and classified. In addition to the fundamental business activities, the analysis covered basic issues related to corporate culture, corporate governance and very specific subjects such as corruption, property offenses, anti-trust law, environmental protection and privacy. The results present a comprehensive overview of risks facing the business units and certain subsidiary companies. Commensurate countermeasures were agreed on at the end of this process for the purpose of hindering or stopping white-collar crime, conflicts of interest and unfair competitive practices, among other issues.

Compliance training expanded

Within the framework of our prevention work we developed a comprehensive awareness-raising and training program for our employees in Germany and abroad. We use face-to-face events, workshops and numerous E-Learning modules to teach participants key legal requirements and internal guidelines in a practiceoriented manner. This is how we are anchoring our Group-wide standards of business behavior.

Advisory services offered by the Compliance Help Desk team to employees and executives also provide them with greater certainty for handling various situations within the Group. During the year under review the Help Desk team received inquiries concerning a wide range of compliance-related issues from all Group areas.

Focus on compliance with anti-trust law

A separate unit staffed with specialized lawyers has been established for handling compliance issues related to anti-trust laws. This unit serves the entire Group. An updated guideline defining correct behavior vis-a-vis competitors was published in 22 languages during the year under review and sets uniform standards across the Group. Moreover, separate guidelines describe the special requirements involved in abiding with the provisions of anti-trust law in the various markets and business areas where we are active.

Executives and employees are made aware of anti-trust law issues and trained as part of Group-wide face-to-face training sessions. The training sessions are customized to meet the exact needs of the individual business unit where the training is being held.

Our anti-trust lawyers trained about 3,500 employees in anti-trust law in 40 countries between 2008 and 2010. As of the year under review the face-to-face training sessions have been expanded to cover the business units in the Passenger Transport division. In view of the advances made in liberalizing the markets, anti-trust law considerations also play an important role in international activities.

Furthermore, more than 20,000 employees participated in an E-Learning program during the year under review. These Internet-based programs present the major rules of anti-trust law as it applies to specific business units.

Our experts for anti-trust law compliance continuously advise employees from all Group companies regarding concrete issues related to anti-trust law, like developing cooperating agreements or formulating commercial conditions. Our compliance teams conduct risk analyses in Group companies whose business practices are likely to be impacted by anti-trust law. They also analyze the competitive situation in various markets for potential conflicts with anti-trust law. This way we can take effective action to counter possible weaknesses at an early stage.

GREATER VALUE PLACED ON PRIVACY

Another core element of our compliance work is the exemplary anchoring of privacy across the Group. This was significantly upgraded and newly positioned as a customer and employee-oriented quality feature. We established a fundamentally new privacy organization structure in the previous year, which has resulted in a growing sensitivity in the handling of person-related data and observing the related legal requirements.

A new Group Privacy Officer (GPO) was appointed in May 2010, who is responsible for privacy matters within the Group and reports directly to the Management Board. However, pursuant to the terms of the Privacy Act, the GPO acts autonomously. Employee privacy issues and customer privacy issues are handled by two separate departments which were especially established for these purposes. In the future the central privacy organization will be supported nationally by specialist personnel and authorized privacy organization representatives. Their task is to ensure the effective implementation of privacy rules in the individual operational and organizational units.

Group works council agreement reached on employee privacy

In addition to the updated organization and structure of the privacy section we also made a fundamental change in the way employee data is handled within the Group. Following intensive negotiations, representatives of the employee and employer sides signed a cornerstone paper on employee privacy on November 24, 2010. This paper defines the various aspects needed to ensure that the privacy rights of employees are observed and also establishes the foundation for a fair and transparent Group privacy protection policy. This agreement represents a new start in view of the events that took place in 2009. It should contribute to restoring the trust of our employees, executives, business associates and customers.

Regular and broad-based privacy audits will ensure that quality is being maintained in this area as they will check if the privacy rules are being observed across the Group. The resulting findings will also be made available to the representatives of interest groups in the future. Due to the regulating cycle of agreed measures and checks, privacy audits contribute towards ensuring the effectiveness of the measures and to a sustained improvement of the privacy level within Group companies.

Privacy advisory board established

The work of the Group privacy organization was complemented in May 2010 by the establishment of a privacy advisory board. The independent advisory body supports the Management Board in the area of privacy questions. The advisory board acts autonomously and consists of twelve members. Mr. Klaus-Dieter Hommel, Deputy Chairman, of the Railway and Transport Workers Union (EVG) will chair the advisory board. The privacy advisory board meets four times a year. Its members consist of employee representatives as well as privacy experts from the worlds of science, associations and business.

Last modified: 27.06.2011