In the long term, a company can only be successful if it acts with integrity, complies with statutory provisions worldwide and stands by its voluntary undertakings and ethical principles, even when this is the harder choice.
We remain committed to this principle – especially in light of the misconduct uncovered in the 2015 fiscal year, which runs contrary to all of the values that Volkswagen stands for. Compliance must be second nature to all Group employees.
By raising awareness and educating employees, Volkswagen aims to prevent potential breaches before they occur. Nevertheless, we are aware that even the best compliance management system can never entirely prevent criminal actions by individuals.
The principles set down in the Volkswagen Group’s Code of Conduct are of essential importance here. These guidelines have been communicated and can be accessed by all Group employees via the Volkswagen portal, and on the web pages of the Volkswagen Group. The Group’s Internal Audit, Security, Personnel Management and Legal departments are responsible for investigative measures and responses.
Since January 2016, the Group Chief Compliance Officer has reported directly to the Board Member for Integrity and Legal Affairs. The Group Chief Compliance Officer is supported in his work by 14 Chief Compliance Officers (responsible for the brands, Volkswagen Financial Services and Porsche Holding GmbH in Salzburg, Austria), who are in turn assisted by Compliance Officers in the Group companies. The compliance organization is networked together by various arrangements, including regional workshops. One networking event held in the organization in the reporting year was a major Governance, Risk & Compliance (GRC) Global Conference in Berlin. It was attended by some 300 employees from 30 nations and all Group brands, who shared their ideas in workshops and presentations focusing on current and upcoming issues in compliance and risk management.
Various bodies support the work of the compliance organization at Group and brand company level. These include the Compliance Board at senior management level and the core Compliance team, which pools Group expertise in compliance issues.
As Matthias Müller, CEO of Volkswagen AG, stated at a management event in Wolfsburg in 2016:
“We want to make integrity the basis for all our actions, anchored deeply throughout the entire Group. To this end, we will redouble our efforts as regards compliance with rules and regulations across the Group.” He continued, “Compliance is not the task of a single person or department: we as managers are all called upon to play a part.”
Compliance at Volkswagen
Volkswagen applies a holistic approach to compliance which integrates its compliance management system (CMS), risk management system (RMS) and internal control system (ICS). One way to identify and assess potential compliance risks is to use a standard process that is now in place across the Group. Thanks to this process for cataloging systemic risks, in the reporting year more than 2,400 assessments of potential compliance risks and the relevant remedial measures were reported by more than 100 units; more than 500 tests were staged within Group companies to evaluate the effectiveness of these measures. Based on the findings of such tests, preventive measures are drawn up and the appropriate compliance programs defined. During the selection process for new production locations, Group Production assesses the sites with a view to identifying potential corruption risks, among others.
In response to the diesel issue, we have developed activities targeting improved product compliance in the development and production process, as well as in quality assurance. Furthermore, development processes have been designed in such a way that even an attempt to circumvent mandatory regulations is easier to identify and prevent at an early stage. In this context, we have further strengthened conformity assessments for our products, among other things.
What is more, in the reporting period we expanded the range of services for providing our employees with advice and support, extending our advisory services and our range of online tutorials. We also published a new information guide for our staff on how to prevent money laundering.
The structure and procedures of the Volkswagen Group whistleblowing system have been completely reorganized. A guideline issued by the Group’s Board of Management sets out clear protections for both information providers and those under investigation. As of 2017, the Board Member for Integrity and Legal Affairs is responsible for the process of recording and analyzing the information reported by whistleblowers. As before, Group Internal Audit and Group Security are responsible for investigations.
Prevention through Information
To raise awareness of the importance of compliance, since 2010 all new employment contracts entered into between Volkswagen AG on the one hand, and both management staff and employees covered by collective agreements on the other, have included a reference to the Code of Conduct plus the obligation to comply with it. Completion of the online training module on the Code of Conduct is mandatory for all new employees. As of 2014, compliance with the Code of Conduct is one factor in calculating employees’ variable, performance-related pay component.
By means of appropriate preventive measures integrated in our existing management system, we foster compliance with the rules within our organization and sharpen our employees’ awareness. However, we are also aware that the risk of individual misconduct can never be completely eliminated. To raise employee awareness of compliance-related issues, we use both traditional communication channels such as employee magazines and information stands, and electronic media such as intranet portals, apps, blogs, audio-podcasts and online newsletters and guidelines. For example, our Anti-Corruption Guidelines are available to all employees, business partners and members of our governance bodies on the Volkswagen portal, as well as on the Internet.
Business partners of the Volkswagen Group are subject to a Business Partner Check, a risk-oriented assessment of their integrity. With the aid of the “Volkswagen Group requirements regarding sustainability in its relationships with business partners” (Code of Conduct for Business Partners), we raise supplier awareness of issues such as human rights.
In 2016, around 187,000 employees across the Group took part in more than 6,000 classroom and e-learning courses on the topics of compliance in general, as well as money laundering, the Code of Conduct, competition and antitrust legislation, human rights and combating corruption. Online e-learning programs and classroom training courses are firmly anchored in existing corporate processes. Employees of Volkswagen AG, all brand companies and a large number of Group companies are able to obtain personal advice about compliance issues by contacting the compliance organization via a dedicated e-mail address.
E-learning programms and classroom training courses*
|Classroom training courses|
|Code of Conduct||27,631||21,067|
|Competition and antitrust law||16,021||11,592|
|Preventing money laundering||4,608||5,348|
|Other compliance topics||27,924||32,874|
|Code of Conduct / human rights||36,047||27,390|
|Competition and antitrust law||9,171||16,891|
|Preventing money laundering||13,234||13,951|
|* On the subject of human rights, more than 4,500 employees worldwide received more than 90 hours of training distributed across 240 classroom training courses. In addition, employees can learn more about this topic using our e-learning programs. Human rights issues are also a key part of the Group-wide “Minimum standards for security” used by the Group Security organization.
Across all regions, 6,049 managers participated in classroom training and e-learning courses on combating corruption.
Checks, Audits and Sanctions
Group Internal Audit regularly and systematically reviews processes within the Company, using approaches such as the internationally recognized COSO Enterprise Risk Management framework. It also carries out random checks irrespective of any suspicion of non-compliance and investigates whenever actual breaches are suspected. The worldwide ombudsman system in place since 2006 can be used to confidentially report corruption, fraudulent activities or other serious irregularities (such as human rights violations or ethical misconduct) in 11 different languages to two external lawyers appointed by the Group. Naturally, the people providing the information need not fear being punished by the Company for doing so.
As of December 2014, there is also the option of using an additional online channel to communicate with the ombudsmen. A technically secure digital mailbox allows suspected breaches to be reported – anonymously, if so desired. After checking them for plausibility, in 2016 the ombudsmen passed on 125 reports to the Volkswagen Group’s Anti-Corruption Officer, the Head of Group Internal Audit; the identities of the individuals providing the information were kept confidential if requested. In addition, information on a further 110 cases was given directly to the Anti-Corruption Officer. During local internal audits of the brands and Group companies, 481 reports were submitted to the Anti-Corruption Officer.
All such reports are followed up. For all breaches of the law and violations of internal regulations, necessary sanctions are first reviewed and then applied where necessary. In 2016, action was taken against a total of 121 employees across the Volkswagen Group as a result of the findings of investigations based on information received as described above. In 53 of these cases worldwide, the employee’s contract was terminated. Moreover, in the reporting year, following special audits that were based on information received, 10 contracts with business partners were terminated or not renewed due to non-compliance with contractual conditions for avoiding corruption.
A risk-oriented assessment of the Group’s core business processes provides the basis for the auditing program of Group Internal Audit, the China region, and the eight other Group Audit departments operated by brands with local audit functions. The business processes of all Volkswagen Group companies are systematically classified in terms of risks which, in the auditors’ view, are relevant to the audit. The issues with the highest risk levels are incorporated into the auditing programs. In 2016, a total of 1,274 audits were conducted across the Volkswagen Group worldwide. Among other things, these audits examine internal control mechanisms for the prevention of corruption (dual-control principle, segregation of functions), the existence of compliance guidelines and preventive measures. Another aspect of the audit function is advising the Volkswagen Group’s specialist departments. In particular, this advisory activity helps to define processes, ensure they are designed in compliance with internal standards, and that they can be applied worldwide. In addition, a Continuous Auditing System has been installed. This function is responsible for, among other things, using structured analysis of data in the financial systems to boost the effectiveness of the Internal Control System (ICS). The continuous auditing procedures help to identify specific weak points in the ICS more rapidly and so avoid losses.
In accordance with the normative standards issued by the German Institute for Internal Auditing (DIIR), internal audit functions should be audited externally at least once every five years. An external quality assessment of the Volkswagen Group’s internal audit system was carried out by an audit firm in the period between the third quarter of 2014 and the first quarter of 2015. In addition to central management and supervisory processes, this took into consideration the quality of the brands’ and regions’ internal audit functions (sample size: Volkswagen AG, AUDI AG, SEAT S.A., Volkswagen de Mexico, Volkswagen Group China). The audit firm confirmed that all the internal audit units examined are fully compliant with the underlying DIIR Standard No. 3 “Quality management in the internal audit activity” and in many areas, use leading internal audit methodologies and practices. In 2016, the internal quality management function also saw further development, and a continuous improvement process was initiated under the auspices of Group Internal Audit.