Values-based compliance is an indispensable part of day-to-day business at Daimler, and for us, means acting in conformance with laws and regulations. Our objective is to ensure that all Daimler employees worldwide are always able to carry out their work in conformance with applicable laws, regulations, voluntary commitments and our values, as set out in binding form in our Integrity Code.
Our compliance activities focus on complying with all applicable anti-corruption regulations, the maintenance and promotion of fair competition, adherence to legal and regulatory stipulations regarding product development, respect for and the protection of human rights, adherence to data protection laws, compliance with sanctions lists and the prevention of money laundering.
Our Compliance Management System (CMS) consists of basic principles and measures intended to promote rule-based behavior throughout the company. The CMS is based on national and international standards and applies on a global scale at all Daimler AG units and majority holdings. The CMS consists of seven elements that build on one another.
Our compliance values and goals. Our Compliance Management System (CMS) is designed to help Daimler and its employees avoid inappropriate or illegal behavior, and our culture of integrity serves as the foundation for this approach. The measures needed for this are deﬁned by our compliance and legal organizations in a process that also takes the company’s business requirements into account.
For further information on integrity at Daimler
Our compliance organization. Our compliance and legal organizations have set themselves the goal of ensuring Group-wide conformance with laws and regulations. Our compliance organization is structured in a divisional and regional manner, while our legal organization is structured regionally and along the value chain. These structures enable us to provide optimal support and advice to our divisions.
A contact person is made available to each function, division and region. In addition, a global network of local contact persons makes sure that our standards are met throughout the Group and also helps local management at Daimler facilities and sales companies implement our compliance program.
Compliance risks. We systematically pursue the goal of minimizing compliance risks, and we analyze and assess the compliance risks of all our business units every year. These analyses are based on centrally compiled information on all business units and take speciﬁc additional details into account as needed. The results of the analyses form the basis of our risk control.
Compliance program. Our compliance program comprises principles and measures designed to reduce compliance risks and prevent violations of regulations and laws. The individual measures, which are based on the knowledge gained through our systematic compliance analyses, focus on the following aspects:
The whistleblower system BPO (Business Practices Oﬃce)
The BPO process was developed further during the year under review. A risk-based initial assessment and standardized processes enable more rapid identiﬁcation and eﬀective processing of high-risk reports submitted to the BPO. The case categories used by the BPO have been updated and new categories have been added in order to incorporate the latest social and legal developments into the BPO process.
In the year under review, 89 new BPO cases were opened. A total of 101 cases were closed, 60 of them “with merit,” which means the initial suspicion was conﬁrmed. Of these latter cases, ﬁve were categorized as “corruption” and seven as “theft, breach of trust and enrichment oﬀenses of a signiﬁcant magnitude or value.” Seven cases fell under the category “damage exceeding €100,000.” One case was in the category “physical injury.” With regard to those cases that are closed “with merit,” appropriate response measures are decided in line with the principles of proportionality and fairness. Fairness, which is the key principle in the overall process, applies to both whistleblowers and aﬀected parties. In other words, aﬀected parties are not judged in advance and the assumption of innocence applies until it has been proven that a violation has occurred. Whistleblowers who contact the BPO are also protected. They do not need to worry that their report might result in negative consequences for themselves.
Personnel measures taken in 2018 included the issuing of verbal and written warnings and ﬁnal warnings, as well as separation agreements and ordinary and extraordinary terminations.
Compliance on the part of our business partners
In addition, we work with our procurement units to continuously improve our processes for selecting and cooperating with suppliers; our global Daimler Supplier Sustainability Standards apply here. On the basis of these standards and our Integrity Code, a speciﬁc Supplier Compliance Awareness Module was developed. This module is distributed to our suppliers. It contains provisions similar to those that can be found in the general Compliance Awareness Module for sales partners, which was introduced in 2016 and is designed to increase their awareness of compliance requirements.
What we expect from our business partners
Communication and training. Our extensive training courses are based on our Integrity Code. The training program is planned on the basis of an annual planning cycle that includes everything from a needs analysis to the evaluation of the entire training process. Among other things, the program covers the topics of integrity, compliance (including corruption prevention and technical compliance), data protection and antitrust law. Depending on the risk and the target group, we use classroom training or digital learning techniques such as web-based training courses.
Every employee who works at a majority-owned Daimler-controlled company can participate in a web-based and target-group-oriented training program consisting of several modules — a basic module, a module specifically for managers, and expert modules on antitrust law, data protection, technical compliance, non-cash rewards for employees and functionspeciﬁc topics such as procurement and sales. This program is being continuously expanded in line with the requirements of speciﬁc target groups.
Oﬃce employees are required to complete modules relevant to their role and function. The associated modules are assigned to them automatically or in a centralized process. These training modules are assigned when an employee is hired, promoted or transferred to a position that involves an increased risk. This approach ensures that personnel changes are properly addressed. In general, the program must be repeated approximately every three years. Factory employees can complete the web-based training program voluntarily.
The web-based training courses are supplemented by classroom training sessions that are conducted by central or local trainers. We provide our internal trainer network with modular training documents and materials for methodical implementation, such as trainer guideline and explanatory videos that can be used in a target group-speciﬁc manner in accordance with the risks associated with the participants’ jobs. In 2018, a total of approximately 220,000 employees from various levels of the hierarchy participated in classroom and web-based training programs.
We also oﬀer our employees in the compliance and legal organizations target group-speciﬁc qualiﬁcation measures. In addition, all new employees at these organizations receive a comprehensive introduction in an onboarding program.
All of these training measures contribute to the permanent establishment of ethical and compliant behavior at the company and also help our employees deal with speciﬁc issues that can occur at work. The same is true of the Daimler app for integrity, compliance and legal aﬀairs.
The app can be downloaded and used by all employees with an iOS company-owned device. Among other things, the app enables mobile access to information on corruption prevention and antitrust law, and additional topics will be added in the coming ﬁnancial year.
Information and qualiﬁcation measures are also oﬀered to individuals who perform supervisory and management functions. Within the framework of the onboarding program for new members of the Supervisory Board of Daimler AG, such members were provided with information about the antitrust compliance program and technical compliance management during the year under review. In addition, the Group’s Chief Compliance Oﬃcer reported to the Audit Committee of the Supervisory Board on the status of the compliance management system. In 2018, new members of the supervisory boards of Daimler holdings were provided with information on various issues relating to compliance, data protection and integrity. They also participated in a “Know Your Responsibilities” onboarding program to make them more aware of compliance-related topics (for example anti-corruption policies) and the importance of integrity at their companies. New members of executive bodies at companies in which Daimler is the majority shareholder are given a compact overview of key aspects of corporate governance via the Corporate Governance Navigator, which is a target group-focused module that supports them in their new role by providing information on their tasks and responsibilities, contact partners and units that deal with central issues addressed by the Integrity and Legal Aﬀairs division and adjacent units.
In addition to our internal training measures, our training program also includes special courses on integrity and compliance (including corruption prevention) that are oﬀered to our business partners in line with their speciﬁc risks. The courses are oﬀered as web-based training or classroom training sessions. Daimler informs its business partners about the courses and invites them to participate.
Monitoring and improvement. Every year, we review the adequacy and eﬀectiveness of our Compliance Management System and adapt it to global developments, changed risks and new legal requirements. We also monitor important core processes during the year on the basis of key performance indicators (KPIs) that include process duration and quality. To determine these indicators, we check, among other things, whether formal requirements are met and all information is complete. In addition, we analyze the knowledge gained through independent internal and external assessments and participate in selected benchmark studies.
These activities are used to deﬁne any required improvement measures, which are implemented by the responsible units and departments and then monitored on a regular basis. The relevant management bodies continuously receive reports on these monitoring activities.
Involvement of company management. Our divisional and regional compliance managers report to the Chief Compliance Oﬃcer. This guarantees the compliance managers’ independence from the business divisions. The Chief Compliance Oﬃcer, the Group General Counsel and the Vice President Legal Product & Technical Compliance report directly to the Member of the Board of Management for Integrity and Legal Aﬀairs and to the Audit Committee of the Supervisory Board.
They also report regularly to the Board of Management of Daimler AG on matters such as the status of the Compliance Management System and its further development, the status of the whistleblower system and, if necessary, on other topics. In addition, the Group General Counsel regularly reports to the Antitrust Steering Committee and the Group Risk Management Committee, to which the Chief Compliance Oﬃcer and the Vice President Legal Product & Technical Compliance also report.
Important non-ﬁnancial reporting topics. Eliminating corruption, preventing cartel arrangements, ensuring compliance with technical regulations, preventing money laundering and the ﬁnancing of terrorism, and complying with sanctions — we introduced our Compliance Management System (CMS) in order to address exactly these issues, which are extremely important to us. The Data Compliance Management System that we are currently setting up is also based on the Daimler CMS, as is our Groupwide approach to respecting and upholding human rights.
The responsibility for implementing and monitoring measures lies with each company’s management, which cooperates closely with the specialist units within Integrity and Legal Aﬀairs.
Daimler places the same strict requirements on all of its activities around the world. In addition, we continuously improve our methods and processes and use a variety of communication and training measures to make our employees around the world more aware of the importance of ﬁghting corruption.
Further information on communication and training
By means of an advisory hotline set up by our Legal department, as well as guidelines and practical support, we help our employees around the world recognize situations that might be critical from an antitrust perspective, and also act in compliance with regulations in their daily work, especially when dealing with competitors, cooperating with dealers and general agencies around the world, and participating in business association committees.
In addition to Daimler’s Legal department and its specialist advisers, the Group’s global units and their employees can turn to legal advisers in local units, who also ensure that our standards are consistently upheld. We also utilize a variety of communication measures to make our employees aware of the importance of competition and antitrust laws and issues.
The results of our annual compliance risk analysis serve as the basis for the formulation of measures that address antitrust risks. The responsibility for designing, implementing and monitoring measures lies with each company’s management. Managers in turn cooperate closely with Integrity and Legal Aﬀairs, which also provides information on how to implement the measures eﬀectively. Units that face a higher potential risk in particular must also systematically assess the adequacy and eﬀectiveness of locally implemented antitrust compliance measures at regular intervals. In addition, our Legal and Corporate Audit departments conduct additional monitoring activities at our company’s units, as well as random audits on the basis of a predeﬁned audit plan in order to ensure that antitrust laws are complied with and internal processes are carried out properly. This helps us continuously improve the eﬀectiveness of our Antitrust Compliance Program and adapt it to global developments and new legal requirements. The associated methods and processes are being constantly reﬁned and improved.
In order to ensure an independent external assessment of our Antitrust Compliance Program, KPMG AG Wirtschaftsprüfungsgesellschaft audited the Compliance Management System for antitrust law in accordance with the 980 standard of the Institute of Public Auditors in Germany. This audit, which was based on the principles of appropriateness and eﬀective implementation, was successfully completed at the end of 2016.
Antitrust law proceedings in the Notes to the Consolidated Financial Statements: AR 2018
The technical Compliance Management System is managed Groupwide by a unit independent of all divisions that consists of employees with expertise in various ﬁelds, such as development, legal aﬀairs, integrity and compliance. The head of this unit — the Vice President Legal Product & Technical Compliance — reports directly to the member of the Daimler AG Board of Management responsible for Integrity and Legal Aﬀairs. Our divisional structure enables us to optimally support and advise our divisions. The unit’s tasks include the organization of the technical Compliance Management System and its associated governance elements and providing legal advice to the divisions.
In order to further strengthen the tCMS, dedicated units with experts for technical compliance have been created in the development departments at the Cars, Vans, Trucks and Buses divisions. In addition, there is a network of technical compliance contact partners within the development departments who serve as a link between operating units and the compliance organization. These partners support the development departments in matters of technical compliance. Complex questions regarding technical compliance are evaluated and then decided unanimously in an interdisciplinary process that takes into account technical and legal criteria. Our “Infopoint Integrity” is also available as a contact and advice center for topics related to technical compliance, while our BPO whistleblower system is available for reporting on technical compliance violations.
The Technical Integrity initiative, as part of the tCMS, aims to ensure responsible behavior during the product development process, particularly in situations where legal provisions may be unclear. As part of the initiative, the tCMS organization has formulated so-called principles of behavior with the relevant development departments in order to support employees with their own eﬀorts. These principles have been discussed with employees at dialog events held around the world. Various measures communicate them to all employees and selected training courses expand upon them.
Development at all divisions have increased their awareness of issues relating to integrity, compliance and legal stipulations in the product development process thanks to various communications measures such as “Tone from the Top” mailings and posters and their participation in special training and dialog events. Dialog events have also been held worldwide with more than 750 managers from development and development-related departments at the various divisions in order to ensure that technical compliance and integrity are permanently established in our organization. In addition, more than 19,500 employees from the development departments of all divisions worldwide took part in classroom training courses on technical compliance in the year under review.
The eﬀectiveness of our tCMS is monitored annually in a process that also results in the development of measures to improve the system wherever necessary.
The establishment of the Data Compliance Management System was accompanied by the creation of a new Data Compliance unit within the compliance organization. This unit deﬁnes the program elements and controls their implementation throughout the Group. At the same time, the Chief Oﬃcer Corporate Data Protection and his team continue to perform the tasks required by law to ensure compliance with data protection rules. The Chief Oﬃcer Corporate Data Protection is independent and reports directly to the Board of Management member for Integrity and Legal Aﬀairs. The Chief Oﬃcer Corporate Data Protection informs and advises the data controllers and the specialist departments, serves as a contact partner for complaints regarding data protection, monitors compliance with data protection rules, provides advice on the implementation of data protection impact assessments and cooperates with the regulatory authorities. We are currently realigning the existing network of local data protection coordinators and merging this network into our compliance network.
Our Corporate Data Protection Policy creates Group-wide standards for handling the data of employees, customers and business partners. The internal processes necessitated by the GDPR and the requirements of the Compliance Management System are reﬂected in a new version of the Corporate Data Protection Policy.
A key component of the Data Compliance Management System is the Data Compliance Risk Assessment, which involves a systematic analysis and evaluation of data protection risks at all business units. These analyses are based on centrally compiled information on all business units; speciﬁc additional details are taken into account in line with the given risk assessment. The results of the analyses form the basis of our risk management and risk minimization activities. The analyses enable us to adopt a risk-based approach for the further development of our Data Compliance Management System.
The results of the annual Data Compliance Risk Assessment serve as the basis for the formulation of measures that address all possible data protection risks. The elements of our data compliance program include the provisions of the General Data Protection Regulation (relating, for example, to the right to be informed, the rights of data subjects and concepts for data erasure), the stipulations of local data protection laws, communication and training measures and various data protection consulting services. The responsibility for designing and implementing measures lies with each company’s management. Managers in turn cooperate closely with Integrity and Legal Aﬀairs, which also provides support with implementation.
A monitoring plan is used to assess the eﬀectiveness and eﬃciency of the implementation of the various measures at the business units. These reviews are used to deﬁne improvement measures, which are implemented by the responsible units and departments and then monitored on a regular basis.
Further information about compliance with data protection requirements
Anti-ﬁnancial crime compliance.
An integrated Group-wide compliance approach has been implemented in the Anti-Financial Crime (AFC) department in order to link prevention of the circumvention of supranational and national sanctions with measures to prevent and combat money laundering, organized crime and other criminal economic activity and the ﬁnancing of terrorism. This is important, as these risks can not only have a negative impact on society; they can also cause long-term damage to our reputation, as well as ﬁnancial damage that can negatively aﬀect our companies and our shareholders and stakeholders.
The organizational structure of the AFC specialist unit serves as the central Group organization for ensuring compliance with the GwG across all divisions. This structure also brings together under one roof our two Centers of Competence for Preventing and Combating Money Laundering and the Financing of Terrorism (CoC AML) and the Center of Competence for Checks against Sanctions Lists (CoC CSL).
The objective of the sanctions compliance process is to ensure the performance of systematic reviews to determine whether the names of aﬀected natural or juridical persons or organizations can be found on any sanctions list around the globe (checks against sanctions lists — CSL). The review thus involves checking supranational sanctions lists such as those published by the United Nations (UN) and the European Union (EU), as well as national sanctions lists, in particular those published by the United States, that may be applicable in certain situations.
As required by law, such reviews are conducted for customers and business partners, for example in sales and procurement, as well as for employees and strategic cooperation partners. The provisions of data protection law are complied with when such checks against sanctions lists are performed. Our integrated compliance approach aims to ensure that we can eﬀectively prevent and combat money laundering and the ﬁnancing of terrorism.
Information about signiﬁcant legal proceedings against companies within the Daimler Group is provided in the Annual Report for the reporting year 2018 as well as in the relevant quarterly reports. These reports also contain information on governmental information requests, inquiries, investigations, administrative orders and proceedings as well as litigation relating to environmental, securities, criminal, antitrust and other laws and regulations in connection with diesel exhaust emissions.
Risk and Opportunity Report
Legal proceedings in the Notes to the Consolidated Financial Statements: AR 2018