Compliance with international rules and the fair treatment of our business partners and competitors are among our Company’s guiding principles. Volkswagen’s commitment has gone beyond statutory and internal requirements; voluntary commitments and ethical principles also form an integral part of our corporate culture. Compliant behavior is a cornerstone of economic success and must be self-evident for all Group employees. One of our Company’s main tasks at the present time is to enhance awareness of this.
Commitment to compliance at the highest level
This view is expressly shared by the Company’s management. At a management event in Wolfsburg in 2016, Matthias Müller, Chairman of the Board of Management of Volkswagen AG, said: “We want to make integrity the basis for all of our actions, anchored deeply throughout the entire Group. To this end, we will redouble our efforts as regards compliance with rules and regulations across the Group.” He continued: “Compliance is not the task of a single person or department: we as managers are all called upon to play a part.”
In an article for the Volkswagen intranet, the member of the Board of Management responsible for Integrity and Legal Affairs emphasized: “We at Volkswagen want our business to be respectable – in both senses of the word. We can achieve that only by complying with laws and regulations, obeying our internal rules and honoring the voluntary commitments we have entered into. One thing is certain: we will enjoy long-term success only if our actions are marked by honesty and integrity. Let us all do everything in our power to ensure that we can be proud not only of what we achieve, but also of how we achieve it.”
Preventive compliance management system
Since 2016, responsibility for compliance has been assigned to the new Integrity and Legal Affairs position on the Board of Management, and it is also a key component of the Governance, Risk & Compliance (GRC) organization (see also Report on Risks and Opportunities). Volkswagen adopts, above all, a preventive approach to compliance that is designed to stop potential breaches before they occur by raising awareness and educating employees. This particularly includes the Code of Conduct and guidelines, communicating compliance, tutorials, training and advice measures, the business partner check as well as the ombudsman system (individual details pertaining to this listed below).
In addition, Volkswagen adopts a repressive approach to compliance. Group Internal Audit and Group Security regularly perform the necessary investigative activities, systematically monitor compliance and perform random checks regardless of any suspicion of infringements, and investigate specific suspected breaches. Responses are implemented by the Human Resources and Group Legal departments. These processes are closely interrelated, in line with the concept of a comprehensive compliance management system. Nevertheless, we are aware that even the best compliance management system can never entirely prevent the criminal actions of individuals.
The Group Chief Compliance Officer is supported by 14 chief compliance officers and compliance contact persons (staff who are responsible at the brands, Volkswagen Financial Services and Porsche Holding GmbH, Salzburg). They are supported by compliance officers in the Group companies. Networking activities of this organization during the reporting period included the major GRC Global Conference in Berlin, in which some 300 employees from 30 countries and representing 12 Group brands took part. In a variety of workshops and presentations, the participants had an opportunity to share their ideas on current and future aspects of compliance and risk management.
In addition, various bodies support the work of the compliance organization at Group and brand company levels. These include the Compliance Council at senior management level and the Compliance Core Team, which pools compliance expertise from different departments.
Focal points in 2016
Each year, detailed compliance risk assessments are carried out across the Group as part of the standard GRC process. The results are factored into the risk analyses performed by the Volkswagen Group, the brands and the companies, as well as into compliance program planning.
In response to the diesel issue, we worked on measures to ensure enhanced product compliance, both in the development and production process and as regards quality assurance. Furthermore, the way development processes are designed makes it even easier to identify and prevent even the mere attempt to circumvent binding rules. In this context, we have further strengthened, among other things, the conformity assessments for our products.
What is more, in the reporting period we expanded the range of services aimed at providing employees with advice and support, extending our advisory services and our range of online tutorials. We also published a new information guide for our staff on the prevention of money laundering.
The structure and processes of the Volkswagen Group’s whistleblower system were reorganized. The Board of Management has adopted a Group-wide guideline for the whistleblower system that sets out, in particular, clear rights for protecting whistleblowers and those under investigation. As of 2017, the Integrity and Legal Affairs position on the Board of Management will be responsible for the process of recording and analyzing the information reported by whistleblowers. In particular, Group Internal Audit and Group Security will be tasked with investigating whistleblower reports.
Code of Conduct and guidelines
We have communicated the Code of Conduct, including the obligation to comply with laws, to employees at the brand companies; it is a key component of our compliance training. It is also integrated into our operational processes. For example, all new employment contracts entered into between Volkswagen AG on the one hand and both management staff and employees covered by collective agreements on the other hand include a reference to the Code of Conduct and the obligation to comply with it. In addition, compliance with the Code of Conduct remained a component of our employees’ annual reviews in the reporting period and was thus taken into account when calculating their variable, performance-related remuneration.
In addition to the Code of Conduct, the Volkswagen Group's compliance framework incorporates the anti-corruption guidelines, including checklists and the express prohibition of facilitation payments, as well as guidelines on competition, antitrust law and anti-money laundering. Organizational instructions on dealing with gifts and invitations as well as on making donations also apply across the Group.
Employees have access to the compliance rules and regulations via the special compliance pages on the Company intranet.
The GRC organization provided information on various compliance issues to the Group’s brands and companies over the year, using a wide range of traditional communication channels. These include reports in various employee magazines produced by the brands, companies and locations. Digital media such as intranet portals, smartphone and tablet apps, blogs and newsletters are also frequently used to provide compliance information.
Learning programs, training and advice
Providing information to employees at all levels continues to be a core component of our compliance activities. In 2016, approximately 187,000 employees across the Group participated in a variety of training courses on compliance-related topics such as the Code of Conduct, anti-corruption, human rights, anti-money laundering, and competition and antitrust law. In addition to traditional lectures and online tutorials, case studies, role-playing games and other interactive formats form an integral part of the training provided to employees and managers. In addition, a management talk on risk management and compliance is offered to newly appointed senior managers of Volkswagen AG. All new Volkswagen AG employees are required to complete an online tutorial and an online test on the Group’s Code of Conduct. The subject of human rights forms an integral part of this tutorial. Among other things, a compliance app for smartphones and tablets is available to Volkswagen AG’s employees as a self-learning tool. Employees of all brand companies and a large number of Group companies are able to obtain personal advice about compliance issues, usually by contacting the compliance organization via a dedicated e-mail address. An IT-based information and advisory tool is available at Volkswagen AG’s German locations.
Business partner check
We also expect our business partners to act with integrity and ensure regulatory compliance. For this reason, Volkswagen verifies the integrity of its business partners (business partner check) in a risk-oriented approach. This check allows us to find out about potential business partners before entering into a relationship with them, thus reducing the risk of starting a partnership that could be damaging to the Company or its business.
The Group-wide ombudsman system can be used to report any breaches or suspicions regarding corruption, illegal economic activity, or other irregularities, such as violations of human rights and unethical conduct. The reports, which are sent to two external lawyers appointed by the Group, may be submitted in any of the major languages used by the Group. Since 2014, employees providing information have had the option of communicating with the ombudsmen via an additional online channel; breaches can be reported using a technically highly secure electronic mailbox. It goes without saying that the people providing the information need not fear any sanctions from the Company for their actions. After carrying out a corresponding plausibility check, the ombudsmen passed on 125 reports from people – whose details were kept confidential if requested – to Volkswagen AG’s Group Internal Audit department in 2016. Furthermore, 110 reports were submitted directly to the Head of Group Internal Audit. The local auditing departments of the brands and Group companies received a total of 481 reports. All information was or is being followed up. By the time the project has been categorically completed, all reports will have been processed and a final evaluation prepared.
We review the effectiveness of the compliance measures taken at the Volkswagen Group’s brands and companies annually using an integrated survey, which forms part of the standard GRC process. We check the effectiveness of selected countermeasures as well as the management controls used to respond to compliance risks. In addition, independent reviews by the Group Internal Audit function at the corporate units and the regular exchange of information with external bodies help ensure continuous improvement of the compliance management system.
In accordance with the normative standards issued by Deutsches Institut für Interne Revision e.V. (German Institute for Internal Auditing – DIIR), internal audit functions should be audited externally every five years. An external quality assessment of the Volkswagen Group’s internal audit system was carried out by an audit firm in the period between the third quarter of 2014 and the first quarter of 2015. In addition to central management and supervisory processes, this took into consideration the quality of the brands’ and regions’ internal audit functions (sample size: Volkswagen AG, AUDI AG, SEAT S.A., Volkswagen de Mexico, Volkswagen Group China). The auditors confirmed that all of the internal audit units examined are fully compliant with the underlying DIIR Standard No. 3 “Quality management in the internal audit activity” and, in many areas, use leading internal audit methodologies and practices. During the reporting period, the internal quality management process was further developed and a continuous improvement process was also performed under the direction of Group Internal Audit.