Why is this important?
Unlawful conduct and corruption are not only prosecutable, they also harm a company’s corporate culture, its reputation and its business relations. Clear guidelines and monitoring of those guidelines are needed in order to prevent corruption. In particular in markets where corruption is common, companies must analyse the potential conflicts and raise awareness among their employees. This calls for the topic to be firmly enshrined in the management culture. Internal processes which ensure conduct that complies with the law and policy from a company’s own employees and those of its business partners can minimise business risks and improve cooperation.
What do the terms mean?
Conduct that complies with the law relates to the avoidance of corruption and cartel arrangements and the observance of statutory provisions, e.g. regarding data protection, environmental protection or occupational health and safety (compliance). In contrast, conduct that complies with policy is about an organisation observing the rules of conduct it sets itself in the form of codes of conduct etc. (integrity). This criterion therefore encompasses both legality and legitimacy.
Due diligence relates to exercising due care when assessing risks with a view to identifying all the risks relevant to an organisation. The negative effects that exist or could arise as a result of a company’s business activities, products and services in terms of conduct that complies with the law and policy should be monitored and, in the event of violations, appropriate remedial action should be offered.
What needs to be borne in mind?
This criterion relates both to the observance of the law and policy in general (including, for example, the relevant environmental legislation) and to the prevention of corruption in particular. You should report on any formalised processes such as due diligence processes and compliance systems and also on specific measures such as the two-person-check principle. State how any violations of external rules and internal standards are identified and what action is then taken and who within the management bears responsibility for the area of conduct that complies with the law and policy. You may name standards that you use for guidance (e.g. the United Nations Global Compact).
You should also give details of whether and how the topic is enshrined in the corporate culture, for example whether the employees and executives are given regular training on the topics of compliance and integrity and whether and how people can turn to someone in confidence in the event of suspicions (ombudsperson, external/internal whistle-blowing systems) without fear of sanctions from line management.