Values-based compliance is an indispensable part of day-to-day business at Daimler, and for us, means acting in conformance with laws and regulations. Our objective is to ensure that all Daimler employees worldwide are always able to carry out their work in conformance with applicable laws, regulations, voluntary commitments and our values, as set out in binding form in our Integrity Code.

Our compliance activities focus on complying with all applicable anti-corruption regulations, the maintenance and promotion of fair competition, adherence to legal and regulatory stipulations regarding product development, respect for and the protection of human rights, adherence to data protection laws, compliance with sanctions lists and the prevention of money laundering.

Our Compliance Management System (CMS) consists of basic principles and measures intended to promote rule-based behavior throughout the company. The CMS is based on national and international standards and applies on a global scale at all Daimler AG units and majority holdings. The CMS consists of seven elements that build on one another.

Daimler-NB2018_26_Das_Daimler_Compliance_Management_System

Our compliance values and goals. Our Compliance Management System (CMS) is designed to help Daimler and its employees avoid inappropriate or illegal behavior, and our culture of integrity serves as the foundation for this approach. The measures needed for this are defined by our compliance and legal organizations in a process that also takes the company’s business requirements into account.
For further information on integrity at Daimler

Our compliance organization. Our compliance and legal organizations have set themselves the goal of ensuring Group-wide conformance with laws and regulations. Our compliance organization is structured in a divisional and regional manner, while our legal organization is structured regionally and along the value chain. These structures enable us to provide optimal support and advice to our divisions.

A contact person is made available to each function, division and region. In addition, a global network of local contact persons makes sure that our standards are met throughout the Group and also helps local management at Daimler facilities and sales companies implement our compliance program.

Compliance risks. We systematically pursue the goal of minimizing compliance risks, and we analyze and assess the compliance risks of all our business units every year. These analyses are based on centrally compiled information on all business units and take specific additional details into account as needed. The results of the analyses form the basis of our risk control.

Compliance program. Our compliance program comprises principles and measures designed to reduce compliance risks and prevent violations of regulations and laws. The individual measures, which are based on the knowledge gained through our systematic compliance analyses, focus on the following aspects:

The whistleblower system BPO (Business Practices Office)

enables Daimler employees and external whistleblowers to report misconduct anywhere in the world. The BPO is available around the clock to receive information that is sent by e-mail or normal mail, or by filling out a special form. An external toll-free hotline is also available in Brazil, the United States and South Africa. Reports can be submitted anonymously if local laws permit this. In Germany, reports to the BPO can also be submitted via a neutral intermediary, who in this case is an independent external attorney. The information provided to the BPO enables us to learn about potential risks and specific violations that pose a high risk to the company and its employees, and this in turn allows us to prevent damage to the company and its reputation. A globally valid corporate policy aims to ensure a fair and transparent approach that takes into account the principle of proportionality for the affected parties, while also giving protection to whistleblowers. In an effort to increase trust in our whistleblower system and make it even better known within the Group, we have established a continuous communication process that includes the periodic provision of information to employees about the type and number of reported violations. We also supply information materials such as country-specific information cards. In addition, we have produced an instructional video in ten languages and we repeatedly stage informational and dialog events at our locations as well.

The BPO process was developed further during the year under review. A risk-based initial assessment and standardized processes enable more rapid identification and effective processing of high-risk reports submitted to the BPO. The case categories used by the BPO have been updated and new categories have been added in order to incorporate the latest social and legal developments into the BPO process.

In the year under review, 89 new BPO cases were opened. A total of 101 cases were closed, 60 of them “with merit,” which means the initial suspicion was confirmed. Of these latter cases, five were categorized as “corruption” and seven as “theft, breach of trust and enrichment offenses of a significant magnitude or value.” Seven cases fell under the category “damage exceeding €100,000.” One case was in the category “physical injury.” With regard to those cases that are closed “with merit,” appropriate response measures are decided in line with the principles of proportionality and fairness. Fairness, which is the key principle in the overall process, applies to both whistleblowers and affected parties. In other words, affected parties are not judged in advance and the assumption of innocence applies until it has been proven that a violation has occurred. Whistleblowers who contact the BPO are also protected. They do not need to worry that their report might result in negative consequences for themselves.

Personnel measures taken in 2018 included the issuing of verbal and written warnings and final warnings, as well as separation agreements and ordinary and extraordinary terminations.

Compliance on the part of our business partners

We also require our business partners to adhere to clear compliance requirements because we regard our business partners’ integrity and behavior in conformity with regulations as a precondition for trusting cooperation. In the selection of our direct business partners, we therefore ensure that they comply with the law and observe ethical principles. In financial year 2018, we completed the implementation of our globally standardized process for the effective and efficient examination of all new and existing business partners (Business Partner Due Diligence Process). Our continuous monitoring here is designed to ensure we can identify possible integrity violations by our business partners. We also reserve the right to terminate cooperation with, or terminate the selection process for, any business partner who fails to comply with our standards.

In addition, we work with our procurement units to continuously improve our processes for selecting and cooperating with suppliers; our global Daimler Supplier Sustainability Standards apply here. On the basis of these standards and our Integrity Code, a specific Supplier Compliance Awareness Module was developed. This module is distributed to our suppliers. It contains provisions similar to those that can be found in the general Compliance Awareness Module for sales partners, which was introduced in 2016 and is designed to increase their awareness of compliance requirements.
What we expect from our business partners

Communication and training. Our extensive training courses are based on our Integrity Code. The training program is planned on the basis of an annual planning cycle that includes everything from a needs analysis to the evaluation of the entire training process. Among other things, the program covers the topics of integrity, compliance (including corruption prevention and technical compliance), data protection and antitrust law. Depending on the risk and the target group, we use classroom training or digital learning techniques such as web-based training courses.

Every employee who works at a majority-owned Daimler-controlled company can participate in a web-based and target-group-oriented training program consisting of several modules — a basic module, a module specifically for managers, and expert modules on antitrust law, data protection, technical compliance, non-cash rewards for employees and functionspecific topics such as procurement and sales. This program is being continuously expanded in line with the requirements of specific target groups.

Office employees are required to complete modules relevant to their role and function. The associated modules are assigned to them automatically or in a centralized process. These training modules are assigned when an employee is hired, promoted or transferred to a position that involves an increased risk. This approach ensures that personnel changes are properly addressed. In general, the program must be repeated approximately every three years. Factory employees can complete the web-based training program voluntarily.

The web-based training courses are supplemented by classroom training sessions that are conducted by central or local trainers. We provide our internal trainer network with modular training documents and materials for methodical implementation, such as trainer guideline and explanatory videos that can be used in a target group-specific manner in accordance with the risks associated with the participants’ jobs. In 2018, a total of approximately 220,000 employees from various levels of the hierarchy participated in classroom and web-based training programs.

We also offer our employees in the compliance and legal organizations target group-specific qualification measures. In addition, all new employees at these organizations receive a comprehensive introduction in an onboarding program.

All of these training measures contribute to the permanent establishment of ethical and compliant behavior at the company and also help our employees deal with specific issues that can occur at work. The same is true of the Daimler app for integrity, compliance and legal affairs.

The app can be downloaded and used by all employees with an iOS company-owned device. Among other things, the app enables mobile access to information on corruption prevention and antitrust law, and additional topics will be added in the coming financial year.

Information and qualification measures are also offered to individuals who perform supervisory and management functions. Within the framework of the onboarding program for new members of the Supervisory Board of Daimler AG, such members were provided with information about the antitrust compliance program and technical compliance management during the year under review. In addition, the Group’s Chief Compliance Officer reported to the Audit Committee of the Supervisory Board on the status of the compliance management system. In 2018, new members of the supervisory boards of Daimler holdings were provided with information on various issues relating to compliance, data protection and integrity. They also participated in a “Know Your Responsibilities” onboarding program to make them more aware of compliance-related topics (for example anti-corruption policies) and the importance of integrity at their companies. New members of executive bodies at companies in which Daimler is the majority shareholder are given a compact overview of key aspects of corporate governance via the Corporate Governance Navigator, which is a target group-focused module that supports them in their new role by providing information on their tasks and responsibilities, contact partners and units that deal with central issues addressed by the Integrity and Legal Affairs division and adjacent units.

In addition to our internal training measures, our training program also includes special courses on integrity and compliance (including corruption prevention) that are offered to our business partners in line with their specific risks. The courses are offered as web-based training or classroom training sessions. Daimler informs its business partners about the courses and invites them to participate.

Daimler-NB2018_27_Trainingsprogramme_2018

Monitoring and improvement. Every year, we review the adequacy and effectiveness of our Compliance Management System and adapt it to global developments, changed risks and new legal requirements. We also monitor important core processes during the year on the basis of key performance indicators (KPIs) that include process duration and quality. To determine these indicators, we check, among other things, whether formal requirements are met and all information is complete. In addition, we analyze the knowledge gained through independent internal and external assessments and participate in selected benchmark studies.

These activities are used to define any required improvement measures, which are implemented by the responsible units and departments and then monitored on a regular basis. The relevant management bodies continuously receive reports on these monitoring activities.

Involvement of company management. Our divisional and regional compliance managers report to the Chief Compliance Officer. This guarantees the compliance managers’ independence from the business divisions. The Chief Compliance Officer, the Group General Counsel and the Vice President Legal Product & Technical Compliance report directly to the Member of the Board of Management for Integrity and Legal Affairs and to the Audit Committee of the Supervisory Board.

They also report regularly to the Board of Management of Daimler AG on matters such as the status of the Compliance Management System and its further development, the status of the whistleblower system and, if necessary, on other topics. In addition, the Group General Counsel regularly reports to the Antitrust Steering Committee and the Group Risk Management Committee, to which the Chief Compliance Officer and the Vice President Legal Product & Technical Compliance also report.

Important non-financial reporting topics. Eliminating corruption, preventing cartel arrangements, ensuring compliance with technical regulations, preventing money laundering and the financing of terrorism, and complying with sanctions — we introduced our Compliance Management System (CMS) in order to address exactly these issues, which are extremely important to us. The Data Compliance Management System that we are currently setting up is also based on the Daimler CMS, as is our Groupwide approach to respecting and upholding human rights.

Anti-corruption compliance.

Daimler has committed itself to fighting corruption in its own business activities. Along with complying with all applicable laws, this also involves adhering to the rules of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (1997) and the United Nations Convention against Corruption (2003). As a founding member of the UN Global Compact, Daimler also seeks to ensure that not only the company itself but also its business partners act in accordance with the principles of the compact. The most important goals here are to fight corruption around the world in order to enable fair competition, eliminate the damage corruption does to society and thus improve conditions for everyone. Our anti-corruption compliance program is based on our comprehensive Compliance Management System. The program is globally valid and primarily consists of an integrated risk assessment process that takes into account internal information such as a unit’s business model and external information such as the Corruption Perceptions Index from Transparency International, for example. Other program components include risk-based measures for avoiding corruption in all business activities (e.g. reviews of business partners and transactions) and measures to ensure that special care is taken in contacts with authorities and public officials. Our risk-minimization measures focus in particular on sales companies in high-risk countries and business relationships with wholesalers and general agencies worldwide.

The responsibility for implementing and monitoring measures lies with each company’s management, which cooperates closely with the specialist units within Integrity and Legal Affairs.

Daimler places the same strict requirements on all of its activities around the world. In addition, we continuously improve our methods and processes and use a variety of communication and training measures to make our employees around the world more aware of the importance of fighting corruption.
Further information on communication and training

Antitrust compliance.

Free and unfettered competition is one of the foundations of our social and economic system. Such competition creates growth and jobs and ensures that all of us as consumers have access to modern products at fair prices. Our Group-wide Anti trust Compliance Program is oriented to national and international standards. The program establishes a binding, globally valid Daimler standard that defines how matters of competition law are to be assessed. The Daimler standard is based on the standards of the European antitrust authorities and courts. The objective of the Daimler standard is a uniform level of compliance and advice in all countries and thus compliance with all local and international antitrust laws.

By means of an advisory hotline set up by our Legal department, as well as guidelines and practical support, we help our employees around the world recognize situations that might be critical from an antitrust perspective, and also act in compliance with regulations in their daily work, especially when dealing with competitors, cooperating with dealers and general agencies around the world, and participating in business association committees.

In addition to Daimler’s Legal department and its specialist advisers, the Group’s global units and their employees can turn to legal advisers in local units, who also ensure that our standards are consistently upheld. We also utilize a variety of communication measures to make our employees aware of the importance of competition and antitrust laws and issues.

The results of our annual compliance risk analysis serve as the basis for the formulation of measures that address antitrust risks. The responsibility for designing, implementing and monitoring measures lies with each company’s management. Managers in turn cooperate closely with Integrity and Legal Affairs, which also provides information on how to implement the measures effectively. Units that face a higher potential risk in particular must also systematically assess the adequacy and effectiveness of locally implemented antitrust compliance measures at regular intervals. In addition, our Legal and Corporate Audit departments conduct additional monitoring activities at our company’s units, as well as random audits on the basis of a predefined audit plan in order to ensure that antitrust laws are complied with and internal processes are carried out properly. This helps us continuously improve the effectiveness of our Antitrust Compliance Program and adapt it to global developments and new legal requirements. The associated methods and processes are being constantly refined and improved.

In order to ensure an independent external assessment of our Antitrust Compliance Program, KPMG AG Wirtschaftsprüfungsgesellschaft audited the Compliance Management System for antitrust law in accordance with the 980 standard of the Institute of Public Auditors in Germany. This audit, which was based on the principles of appropriateness and effective implementation, was successfully completed at the end of 2016.
Antitrust law proceedings in the Notes to the Consolidated Financial Statements: AR 2018

Technical compliance.

For us, technical compliance means adhering to technical regulations, standards and laws while taking into account the basic aims of relevant laws and regulations. In order to address the specific risks associated with the product development process, we combined the existing systems and additional measures and processes at all divisions of Daimler AG into a technical Compliance Management System (tCMS). The purpose of the tCMS is to ensure legal and regulatory conformity within the product development process and to provide our employees with security and guidance through values, structures and processes.

The technical Compliance Management System is managed Groupwide by a unit independent of all divisions that consists of employees with expertise in various fields, such as development, legal affairs, integrity and compliance. The head of this unit — the Vice President Legal Product & Technical Compliance — reports directly to the member of the Daimler AG Board of Management responsible for Integrity and Legal Affairs. Our divisional structure enables us to optimally support and advise our divisions. The unit’s tasks include the organization of the technical Compliance Management System and its associated governance elements and providing legal advice to the divisions.

In order to further strengthen the tCMS, dedicated units with experts for technical compliance have been created in the development departments at the Cars, Vans, Trucks and Buses divisions. In addition, there is a network of technical compliance contact partners within the development departments who serve as a link between operating units and the compliance organization. These partners support the development departments in matters of technical compliance. Complex questions regarding technical compliance are evaluated and then decided unanimously in an interdisciplinary process that takes into account technical and legal criteria. Our “Infopoint Integrity” is also available as a contact and advice center for topics related to technical compliance, while our BPO whistleblower system is available for reporting on technical compliance violations.

The Technical Integrity initiative, as part of the tCMS, aims to ensure responsible behavior during the product development process, particularly in situations where legal provisions may be unclear. As part of the initiative, the tCMS organization has formulated so-called principles of behavior with the relevant development departments in order to support employees with their own efforts. These principles have been discussed with employees at dialog events held around the world. Various measures communicate them to all employees and selected training courses expand upon them.

Development at all divisions have increased their awareness of issues relating to integrity, compliance and legal stipulations in the product development process thanks to various communications measures such as “Tone from the Top” mailings and posters and their participation in special training and dialog events. Dialog events have also been held worldwide with more than 750 managers from development and development-related departments at the various divisions in order to ensure that technical compliance and integrity are permanently established in our organization. In addition, more than 19,500 employees from the development departments of all divisions worldwide took part in classroom training courses on technical compliance in the year under review.

The effectiveness of our tCMS is monitored annually in a process that also results in the development of measures to improve the system wherever necessary.

Data compliance.

As a consequence of the European Union’s new General Data Protection Regulation (GDPR), which went into effect on May 25, 2018, we are consolidating all existing data protection measures, processes and systems throughout the Group into a single Data Compliance Management System. This system is based on the Daimler Compliance Management System (CMS), whose approach helps us meet the company’s accountability requirement and the data processor’s obligation to demonstrate the basis of the processing of personal data as described in the GDPR.

The establishment of the Data Compliance Management System was accompanied by the creation of a new Data Compliance unit within the compliance organization. This unit defines the program elements and controls their implementation throughout the Group. At the same time, the Chief Officer Corporate Data Protection and his team continue to perform the tasks required by law to ensure compliance with data protection rules. The Chief Officer Corporate Data Protection is independent and reports directly to the Board of Management member for Integrity and Legal Affairs. The Chief Officer Corporate Data Protection informs and advises the data controllers and the specialist departments, serves as a contact partner for complaints regarding data protection, monitors compliance with data protection rules, provides advice on the implementation of data protection impact assessments and cooperates with the regulatory authorities. We are currently realigning the existing network of local data protection coordinators and merging this network into our compliance network.

Our Corporate Data Protection Policy creates Group-wide standards for handling the data of employees, customers and business partners. The internal processes necessitated by the GDPR and the requirements of the Compliance Management System are reflected in a new version of the Corporate Data Protection Policy.

A key component of the Data Compliance Management System is the Data Compliance Risk Assessment, which involves a systematic analysis and evaluation of data protection risks at all business units. These analyses are based on centrally compiled information on all business units; specific additional details are taken into account in line with the given risk assessment. The results of the analyses form the basis of our risk management and risk minimization activities. The analyses enable us to adopt a risk-based approach for the further development of our Data Compliance Management System.

The results of the annual Data Compliance Risk Assessment serve as the basis for the formulation of measures that address all possible data protection risks. The elements of our data compliance program include the provisions of the General Data Protection Regulation (relating, for example, to the right to be informed, the rights of data subjects and concepts for data erasure), the stipulations of local data protection laws, communication and training measures and various data protection consulting services. The responsibility for designing and implementing measures lies with each company’s management. Managers in turn cooperate closely with Integrity and Legal Affairs, which also provides support with implementation.

A monitoring plan is used to assess the effectiveness and efficiency of the implementation of the various measures at the business units. These reviews are used to define improvement measures, which are implemented by the responsible units and departments and then monitored on a regular basis.
Further information about compliance with data protection requirements

Anti-financial crime compliance.

Money laundering and the financing of terrorism pose considerable sociopolitical risks. For this reason, the prevention of money laundering and the implementation of anti money laundering measures have been defined as central compliance goals in our Integrity Code. With our core business and our global production and sale of vehicles, we and companies controlled by the Group are subject to the provisions of the German Money Laundering Act (GwG), which applies to “commercial sellers of goods.” As a result, we are required to implement Group-wide and thus worldwide measures to prevent and combat money laundering and the financing of terrorism (anti-money laundering — AML — and counter terrorist financing — CTF — policies).

An integrated Group-wide compliance approach has been implemented in the Anti-Financial Crime (AFC) department in order to link prevention of the circumvention of supranational and national sanctions with measures to prevent and combat money laundering, organized crime and other criminal economic activity and the financing of terrorism. This is important, as these risks can not only have a negative impact on society; they can also cause long-term damage to our reputation, as well as financial damage that can negatively affect our companies and our shareholders and stakeholders.

The organizational structure of the AFC specialist unit serves as the central Group organization for ensuring compliance with the GwG across all divisions. This structure also brings together under one roof our two Centers of Competence for Preventing and Combating Money Laundering and the Financing of Terrorism (CoC AML) and the Center of Competence for Checks against Sanctions Lists (CoC CSL).

The objective of the sanctions compliance process is to ensure the performance of systematic reviews to determine whether the names of affected natural or juridical persons or organizations can be found on any sanctions list around the globe (checks against sanctions lists — CSL). The review thus involves checking supranational sanctions lists such as those published by the United Nations (UN) and the European Union (EU), as well as national sanctions lists, in particular those published by the United States, that may be applicable in certain situations.

As required by law, such reviews are conducted for customers and business partners, for example in sales and procurement, as well as for employees and strategic cooperation partners. The provisions of data protection law are complied with when such checks against sanctions lists are performed. Our integrated compliance approach aims to ensure that we can effectively prevent and combat money laundering and the financing of terrorism.

Information about significant legal proceedings against companies within the Daimler Group is provided in the Annual Report for the reporting year 2018 as well as in the relevant quarterly reports. These reports also contain information on governmental information requests, inquiries, investigations, administrative orders and proceedings as well as litigation relating to environmental, securities, criminal, antitrust and other laws and regulations in connection with diesel exhaust emissions.
Risk and Opportunity Report
Legal proceedings in the Notes to the Consolidated Financial Statements: AR 2018