The Veridos Compliance Management System
Laws, internal guidelines, corporate values: In order to promote these values, and to support and monitor compliance with these laws, Veridos Group has established a global Compliance Management System (CMS).
The Veridos CMS is designed to prevent possible breaches of the relevant anti-corruption and antitrust provisions, to uncover any breaches which do occur, and – where applicable – to impose penalties and take relevant measures to prevent such breaches in future. It works on the principle of prevent, detect, react.
Veridos’ CMS principle: “Prevent, detect, react”
Prevent
The background and foundation of the CMS lies in global risk assessment, which the Compliance Office conduct at regular intervals. Risks are identified, and the CMS and individual actions are modified according to the risk.
A further pillar of the CMS consists of the various guidelines and instructions relating to different compliance-related topics. This provides individual employees with the guidance needed to conduct their daily work routine in compliance with the law and company rules.
Group-wide training sessions constitute another key part of prevention. In order to increase the employees’ awareness of individual compliance issues, and to convey the company’s values to them, the Compliance Office provides a number of centralized training courses.
For prevention purposes, the Compliance Office also provides employees with information on individual, current issues via the intranet, and give advice to management and other departments.
Detect
In order to give employees, as well as external third parties, the opportunity to report breaches of applicable laws or guidelines, Veridos (together with a professional, external provider) provides a web-based whistleblowing tool. The tool allows the whistleblower to send a message anonymously, and to communicate anonymously with the relevant office at Veridos. Based on information received through various channels, or on irregularities revealed in the scope of corporate audits or compliance monitoring, the Compliance Office conducts internal investigations if required, in order to clarify the facts and discover any possible misconduct by employees. The Compliance Office coordinates its actions with representatives from various other departments (e.g. auditing, data protection, security, legal department, human resources) using incident boards.
React
After completion of the internal investigations, the compliance office – if available – recommends labor law sanctions to penalize the misconduct, as well as other measures to correct the shortcomings found.
In order to ensure that management and the Compliance Office are informed about all noncompliance – even potential instances – and any countermeasures taken, and put them in a position to turn around potential negative trends, Veridos has developed an extensive reporting procedure. The Compliance Office is notified of important events and international developments by Local Compliance Officers and individual departments. A quarterly compliance report issued by the Compliance Office enables the Management Board to understand and assess key events and developments in all areas. Independent of these reporting methods, the Compliance Office informs the Management Board on an ad hoc basis about relevant individual incidents so that it can assess and implement appropriate measures as quickly as possible.
Development and monitoring
Veridos subjects its CMS to a regular internal audit in order to maintain the high standard of the Veridos CMS, and to adapt individual regulations and processes to new legal requirements, new risks, and new market standards.
Global implementation and compliance with individual regulations and processes is monitored by the Compliance Office by means of corporate audits and specific compliance monitoring.
Compliance with Veridos standards by external parties
International standards and legal requirements also obligate Veridos to verify the integrity of its business partners. This applies both before entering into a new business relationship and at regular intervals within an existing partnership. Among other things, Veridos requires its business partners to provide full self-disclosure in the course of an risk-based evaluation, and to explicitly commit to ethical business practices.