Sustainability Report 2018

Compliance

Why Compliance is important to us

At Bilfinger, compliance refers to adherence to all applicable laws, internal policies, internationally recognized standards of behavior, and voluntary commitments in all our business activities. Compliant behavior is the very foundation for a successful business development at Bilfinger. Integrity and compliance are therefore vital components of strategy and corporate culture for us.

For this reason, a first-class compliance system implemented and adhered to in all Bilfinger business units and subsidiaries in Germany and abroad is of utmost importance to us. Our compliance focus is primarily on the areas of anti-corruption, antitrust, and data protection because these can have a significant impact on our business activities.

The topic of compliance is of particular importance for us because deficits in our compliance system could lead to substantial legal consequences, significant fines, damage to the company’s reputation, and high costs for the rectification of such deficits. In the past, this has been the case once: As a result of violations of the US Foreign Corrupt Practices Act (FCPA) in the years prior to 2005, a Deferred Prosecution Agreement () was signed in 2013 with the US Department of Justice which, among other things, called for the monitoring of our compliance system by a Compliance Monitor. The DPA was extended in 2016 until the end of 2018.

On December 6, 2018, Bilfinger’s compliance system was certified by the Monitor. He thus confirmed that Bilfinger has met its obligations within the scope of the DPA. The role of the Monitor also ended for Bilfinger with the termination of the DPA.

Our concept

Corporate Legal & Compliance is responsible for the area of compliance. The department is headed by the General Counsel and Chief Compliance Officer. He reports directly to the Chairman of the Executive Board and has an additional reporting line to the Chairman of the Supervisory Board.

The compliance program developed by Corporate Legal & Compliance pursues the objective of preventing compliance violations through preventive measures, recognizing early any type of misconduct and, in the case of confirmed violations, to react quickly and to punish misconduct consistently. The respective compliance program covers all business areas and processes.

Compliance objectives at Bilfinger

Compliance targets (graphic)

The basis for our compliance program is integrity in dealing with customers, suppliers, business partners, and colleagues. It forms the foundation of our corporate culture. In order to embed this culture along with the importance of compliance throughout the company and in its business processes, Bilfinger introduced a new Code of Conduct in 2017 that is binding upon all employees worldwide.

In addition, since 2017, numerous new Group Policies have been formulated and implemented, which include rules on compliant behavior in special work situations, for example when dealing with third parties, accepting or giving gifts, or in cases of conflicts of interest. These policies are reviewed on a regular basis and revised whenever necessary in order to ensure that our compliance system meets, at all times, the ever-changing demands of everyday work.

Managers have a special role to play in the implementation of our Code of Conduct and the compliance policies: They must act as role models. The annual performance evaluation of managers therefore includes an individual integrity assessment that then forms part of the annual dialogue on career development. In addition, variable remuneration for managers at management levels 1 and 2 includes an individual integrity factor. This factor is determined annually and reflects the extent to which managers implement the topics of integrity and compliance into their daily actions and how much they actively support and promote them in their environment.

The Compliance Review Board (CRB) manages and monitors the organization and implementation of our compliance system and helps to anchor compliance as a management task in all areas of the business. It is comprised of the Executive Board as well as a number of the heads of the Corporate Departments and meets at least quarterly under the chairmanship of the General Counsel and Chief Compliance Officer. The CRB is supported by divisional compliance review boards, which manage and monitor the implementation of the compliance program in the divisions.

Our subsidiaries are supported by a Compliance Manager. In addition, internal control systems (ICS) are implemented in our subsidiaries which, in the organization of the compliance and control measures, take into consideration the relevant risk profile and the respective local company requirements and necessities.

The Internal Audit & Controls department also assumes control functions. Within the scope of anti-corruption audits, it verifies the implementation of the compliance guidelines and processes in the individual business units.

How we intend to reach our goals

Key to this compliance program is a detailed and regular assessment and evaluation of compliance risk factors in the divisions and companies of the Group. Only in this way are we able to adequately classify risks and to counter them at an early stage with appropriate measures.

We update the risk landscape of our subsidiaries regularly and, on this basis, derive specific measures to manage the risks. Bilfinger’s overall risk profile results from the combination of these individual risks and, in turn, represents the basis for the implementation of Group-wide measures to manage risks.

The goal of our compliance program, above all else, is to prevent future misconduct. To this end, we rely primarily on information, communications, clear guidelines, training, supporting compliance IT tools as well as specific, practical compliance accompaniment and consulting for employees. Among the topics we focus on is making our employees aware of potential compliance violations. For this reason, we further expanded our compliance training program globally again in 2018. The uniformly organized training modules include both on-site training and e-learning programs in order to maximize the reach of our training measures. We not only convey knowledge but also explain compliance-relevant questions on the basis of case studies. In 2018, managers also held workshops with their respective teams in which case studies relevant for the area – so-called “Compliance Moments” – were discussed.

Number of persons trained in Compliance-related questions

Training module

 

Total number of persons per target group

 

Number of trained persons (absolute)

 

Share of trained employees (relative)

*

This information relates to financial years 2017 and 2018

E-learning module "Anti-Corruption & Bribery"

 

13,782

 

12,938

 

93.88%

E-learning module "Code of Conduct"

 

3,666

 

3,125

 

85.24%

E-learning module "Code of Conduct Refresher 2018"

 

10,062

 

9,528

 

94.69%

On-site training – module "Third Party Due Diligence"

 

2,003

 

1,938*

 

96.75%

On-site training – module "Anti–Corruption & Bribery"

 

4,362

 

3,804

 

87.21%

Since 2016, all employees also have access to a central that offers support in all compliance-related questions.

Table
Number of inquiries to the Compliance Help Desk

 

 

Number (absolute)

 

Share (relative)

AMO allegations
(e.g. bullying, discrimination, harassment, conflicts of interest, fraud, breach of trust, theft, embezzlement, money laundering, illegal employment, personnel issues)

 

16

 

2%

Group policies and internal standards
(e.g. Code of Conduct, compliance review in the hiring and promotion process, delegation trips, third party due diligence, gifts, entertainment and hospitality, conflicts of interest, donations for charitable purposes and sponsoring)

 

84

 

8%

Tool – gifts, entertainment and hospitality
(e.g. reporting on gifts, entertainment and hospitality, tool administration)

 

409

 

37%

Tool – third party due diligence
(e.g. integrity hits, re–opening of scope check and risk assessment, tool administration)

 

427

 

39%

Compliance trainings

 

42

 

4%

inquiries related to other compliance topics

 

113

 

10%

Total

 

1.091

 

100%

Chart
Number of inquiries to the Compliance Help Desk (2018)
Inquiries to the Compliance Help Desk (2018) (pie chart (switch))

In order to deliver our services, we are dependent on cooperation with numerous business partners. Because compliant behavior on the part of our business partners is an indispensable requirement for us, we revised the process for evaluating their integrity in 2017 and made risk-oriented adjustments (third party due diligence). When carrying out such integrity audits, the business units of Bilfinger and their purchasing departments are supported by the Compliance department in the risk evaluation. This risk assessment process has been conducted since mid-2017 with the help of a central IT-supported tool.

To ensure that each employee at each location has a compliance contact person on site or close by, we established an international network of Compliance Representatives in June 2018. The Compliance Representatives are specially trained employees who, in addition to their primary functions in the company, support their colleagues with compliance and integrity questions and thus strengthen the presence and visibility of the topic of compliance at their locations.

The Compliance Representatives regularly exchange information among themselves and, through their participation in meetings of the Executive Management of their units, ensure that the experience and challenges of the individual locations are taken into account in the further development of the compliance program.

In addition to prevention, the early detection of potential misconduct is a key component of the Bilfinger Compliance Program. A diverse range of internal sources are used for this purpose. There is a whistleblower system in place for the receipt, documentation, and processing of suspicious cases in connection with possible violations of our Code of Conduct. Both our employees and external parties can, on a confidential basis and, if desired, also anonymously provide information on potential misconduct on the part of Bilfinger employees. Results from Internal Audit & Controls, Compliance and Human Resources as well as data from Bilfinger’s processes also serve to identify suspected cases of misconduct.

Information on compliance violations, investigations initiated and employment-related consequences

 

 

2018

 

2017

1

Reports in the period from January 1 to December 31 of the respective year.

2

Includes investigations as a result of information received in the financial year and previous years.

3

Includes disciplinary measures as a result of investigations in the financial year and previous years.

Indications of compliance violations1

 

82

 

125

Investigations initiated2

 

69

 

97

Disciplinary measures as a result investigations3

 

32

 

37

The Allegation Management Office deals with all relevant notifications related to suspicious cases from both internal and external sources, beginning with irregularities identified within the scope of internal audits through to cases that are communicated confidentially (whistleblowing). In cooperation with the Compliance Organization, the Allegation Management Office conducts a preliminary review of the information received and forwards it to the Independent Allegation Management Committee for evaluation and a decision on the steps to be taken next. The Independent Allegation Management Committee – a committee of experts from Corporate Legal & Compliance, Internal Audit, Tax and Human Resources – evaluates each reported suspected case and, where necessary, initiates internal investigations. In this context, all involved persons and/or the respective suspicious cases are dealt with fairly, consistently, transparently, and sustainably irrespective of status or position.

If misconduct is identified, the Disciplinary Committee headed by the member of the Executive Board responsible for personnel, decides on the measures and sanctions that are to be taken. Possible sanctions range from an informal warning through to immediate termination including negative financial consequences. The same misconduct consistently leads to the same sanctions, regardless of the position or importance of an employee.

DPA
Deferred Prosecution Agreement
View Glossary
Compliance Help Desk
Central point of contact for clearing up compliance-related questions at Bilfinger
View Glossary
Due diligence
A review to determine strengths, weaknesses and risks conducted with an appropriate degree of thoroughness
View Glossary