In the long term, a company can only be successful if it acts with integrity, complies with statutory provisions worldwide and stands by its voluntary undertakings and ethical principles, even when this is the harder choice.
We remain committed to this principle – especially in light of the misconduct uncovered in the 2015 financial year, which runs contrary to all of the values that Volkswagen stands for. Compliance must be second nature to all Group employees.
In raising awareness and educating employees, Volkswagen applies a preventive compliance approach designed to create a corporate culture that stops potential breaches before they occur. Nevertheless, we are aware that even the best compliance management system can never entirely prevent criminal actions by individuals.
The Internal Audit, Security, Personnel Management and Legal departments at Group level are responsible for investigative measures and responses. The guidelines laid down in the Volkswagen Group’s Code of Conduct are of essential importance here. These guidelines have been communicated and can be accessed by all Group employees via the Volkswagen portal, and on the Internet pages of the Volkswagen Group.
Since January 2016, the Group Chief Compliance Officer has reported directly to Dr. Christine Hohmann-Dennhardt, Board Member for Integrity and Legal Affairs. The Group Chief Compliance Officer is supported in his work by 14 Chief Compliance Officers (responsible for the brands, Volkswagen Financial Services and Porsche Holding GmbH in Salzburg, Austria), who are in turn assisted by Compliance Officers in the Group companies. The compliance organization is networked together by various measures including regional workshops.
Various bodies support the work of the compliance organization at Group and brand company level. This includes the Compliance Board at senior management level and the core Compliance team, which pools Group expertise in compliance issues.
“No business in the world justifies violating legal and ethical limits. Our key currency is not unit figures or the operating result. Our key currency is credibility and trust in our brands, our products and the people who work for our Company. […] Compliance and the rule of law are central to Volkswagen rather than being onerous duties, something that is confirmed by the creation of a new Group Board of Management position for Integrity and Legal Affairs.“Matthias Müller, Chairman of the Board of Management of Volkswagen AG, at a Group-wide information event for management, November 2015
Integrated Governance, Risk & Compliance Approach
Compliance is a key element of the Volkswagen Group’s Governance, Risk & Compliance (GRC) organization. Potential compliance risks are identified and assessed by the standard GRC process that is in place across the Group. During 2015, for example, more than 2,400 assessments of potential compliance risks and associated remedial measures were reported by more than 100 companies; more than 600 tests were staged within the companies to evaluate the effectiveness of the measures. Based on these findings, preventive measures are drawn up and the appropriate compliance programs defined. During the selection process for new production locations, Group Production assesses the sites with a view to potential corruption risks among others.
In 2015, we continued to drive forward our work in China in particular and intensified our compliance activities at Volkswagen Group subsidiaries and second-tier subsidiaries. We reacted to events surrounding the emissions issue by taking specific measures and launching campaigns. For example, we invited our employees to participate in a photo campaign called “Together for Volkswagen, Together for Compliance”, and their brisk response demonstrated their clear commitment to compliance.
Furthermore, in recent months, Matthias Müller, Chairman of the Board of Management, and Dr. Christine Hohmann-Dennhardt, Board Member for Integrity and Legal Affairs, have overseen the launch of various measures aimed – to the greatest extent possible – at preventing incidents such as the diesel issue in the future. In particular, these measures include initiatives for radically improving product compliance in the development and production process, as well as in quality assurance. Moreover, future development processes will be designed in such a way that even attempts to circumvent mandatory regulations will be easier to identify and prevent at an early stage. In the future, employees will be given more advice and support if they find themselves caught up in a dilemma or conflict of interests.
The structure and procedures of the Volkswagen Group whistleblowing system have been completely reorganized. As of 2017, the Board Member for Integrity and Legal Affairs will be responsible for the system. As before, the Group Internal Audit and Group Security units are responsible for investigations. A guideline issued by the Group’s Board of Management clearly sets out information providers’ entitlement to protection. However, the Group-wide system is also intended to secure a fair hearing for those under suspicion of non-compliance. The system focuses on additional points of contact and notification options for potential information providers. Regular communication is expected to enhance employees’ awareness and acceptance of the system, as well as their confidence in the system. All information on infringements or violations of laws or internal regulations will be examined and processed in accordance with published procedural principles and guarantees.
The risk system is also being placed on a more solid footing. Since 2016, reports on the current risk situation have been submitted to the Board of Management on a quarterly basis. This is intended to ensure that risks are addressed in a timely fashion and that wherever possible, care is taken to prevent them from arising in the first place. We are also involving our employees on the ground more directly in the assessment of compliance risks, helping them to avoid such risks and monitoring implemented measures more intensively.
Prevention through Information
To raise awareness of the importance of compliance, since 2010 all new employment contracts entered into between Volkswagen AG on the one hand, and both management staff and employees covered by collective agreements on the other, have included a reference to the Code of Conduct plus the obligation to comply with it. Completion of the online training module on the Code of Conduct is mandatory for all new employees. As of 2014, compliance with the Code of Conduct is one factor in calculating employees’ variable, performance-related pay component.
By means of appropriate preventive measures integrated in our existing management system, we foster compliance with the rules within our organization and sharpen our employees’ awareness. However, we are also aware that the risk of individual misconduct can never be completely eliminated. To raise employee awareness of compliance-related issues, we use both traditional communication channels such as employee magazines and information stands, and electronic media such as intranet portals, apps, blogs, audio-podcasts and online newsletters and guidelines. For example, our Anti-Corruption Guidelines are available to all employees, business partners and members of our governance bodies on the Volkswagen portal, as well as on the Internet.
Business partners of the Volkswagen Group are subject to a Business Partner Check, a risk-oriented assessment of their integrity. With the aid of the “Volkswagen Group requirements regarding sustainability in its relationships with business partners” (Code of Conduct for Business Partners), we raise supplier awareness of issues such as human rights.
On the topic of human rights, more than 4,000 employees worldwide received over 170 hours of training distributed across 340 classroom training courses. In addition, employees can learn more about this topic using our online e-learning programs. Human rights issues are also embedded in our Group-wide “Minimum Standards for Security”, with which all employees working in Group Security must comply.
In 2015, more than 192,000 employees across the Group took part in over 4,800 classroom and e-learning courses on the topic of compliance in general, as well as money laundering, the Code of Conduct, competition and antitrust legislation, human rights and combatting corruption. Online e-learning programs and classroom training courses are firmly anchored in existing corporate processes. Employees of Volkswagen AG, all brand companies and a large number of Group companies are able to obtain personal advice on compliance issues by contacting the compliance organization via a dedicated e-mail address.
Checks, Audits and Sanctions
Group Internal Audit regularly and systematically reviews processes within the Company, using approaches such as the internationally recognized COSO Enterprise Risk Management framework. It also carries out random checks irrespective of any suspicion of non-compliance and investigates whenever actual breaches are suspected. The worldwide ombudsman system in place since 2006 can be used to confidentially report corruption, fraudulent activities or other serious irregularities (such as human rights violations or ethical misconduct) in 11 different languages to two external lawyers appointed by the Group. Naturally, the people providing the information need not fear being punished by the Company for doing so.
As of December 2014, there is also the option of using an additional online channel to communicate with the ombudsmen. A technically secure digital mailbox allows suspected breaches to be reported – anonymously, if so desired. After checking them for plausibility, in 2015 the ombudsmen passed on 79 reports to the Volkswagen Group’s Anti-Corruption Officer, the Head of Group Internal Audit; the details of the people making the reports were kept confidential if requested. In addition, information on a further 111 cases was given directly to the Anti-Corruption Officer. During local internal audits of the brands and Group companies, 331 reports were submitted to the Anti-Corruption Officer. All such reports are followed up. For all breaches of the law and violations of internal regulations, necessary sanctions are first reviewed and then applied where necessary.
In 2015, action was taken against a total of 153 employees across the Volkswagen Group worldwide as a result of findings of investigations based on information received as described above. In 78 of these cases, the employee’s contract was terminated. Moreover, in the reporting year, following special audits that were either scheduled or based on information received, 21 contracts with business partners were terminated or not renewed due to non-compliance with contractual conditions or statutory or regulatory violations such as, for example, corruption.
The basis for the auditing program of Group Internal Audit and 20 other local audit functions at brand and affiliated companies is provided by a risk-oriented analysis of the Group’s core business processes. The business processes of all Volkswagen Group companies are systematically classified in terms of risks which, from the auditors’ perspective, are relevant to the audit. The topics with the highest risk levels are incorporated into the auditing programs. In 2015, a total of 1,775 audits were conducted across the Volkswagen Group worldwide. Among other things, the audits examine internal control mechanisms for the prevention of corruption (dual-control principle, segregation of functions), the existence of compliance guidelines and preventive measures. Another aspect of the audit function is advising the specialist areas of the Volkswagen Group. In particular, this helps define processes, and ensures they are designed in compliance with internal standards and can be applied worldwide. In addition, the audit function uses various continuous auditing procedures based on the structured analysis of data from the financial systems. These help to identify possible weak points in the Internal Control System and Risk Management System (ICS/RMS), hence further opportunities for process optimization.
In accordance with the normative standards issued by the German Institute for Internal Auditing (DIIR), internal audit functions should be audited externally at least once every five years. An external quality assessment of the Volkswagen Group’s internal audit system was carried out by an audit firm in the period between the third quarter of 2014 and the first quarter of 2015. In addition to central management and supervisory processes, this took into consideration the quality of the brands’ and regions’ internal audit functions (sample size: Volkswagen AG, Audi AG, SEAT S.A., Volkswagen de México, Volkswagen Group China). The external auditor confirmed that all of the internal audit units examined are fully compliant with the underlying DIIR Standard No. 3 “Quality management in the internal audit activity” and, in many areas, use leading internal audit methodologies and practices.