One of our four values is trust. Trust requires integrity, honesty and incorruptibility. Compliance with all the legal requirements that apply to Continental AG and its subsidiaries and its internal regulations by management and employees has therefore long been a goal of the company and an integral part of its corporate culture. In addition to our corporate guidelines, the BASICS, and the Corporate Governance Principles, this is reflected in particular in our Corporate Social Responsibility Principles and the Code of Conduct that is binding for all employees. The Executive Board is firmly committed to these principles and that of “zero tolerance,” particularly with regard to corruption and antitrust violations.
The basis of our Compliance Management System (CMS) is a comprehensive analysis of the compliance risks to which the company is exposed. The company and its business activities are examined in terms of potential compliance risks that can arise, for example, from its structures and processes, a specific market situation or even operations in certain geographic regions. This takes into account, for example, the results of regular corporation-wide reporting on compliance risks in the governance, risk and compliance (GRC) system, the findings of investigations by the Corporate Audit department, and external sources such as Transparency International’s Corruption Perception Index. This analysis is substantiated and expanded primarily by a series of discussions with management and employees at all levels and at our training events. The risk analysis is not a one-off procedure, but rather a process requiring constant review and updates.
The head of the Compliance department manages the compliance organization in operational terms. The person holding this position is subordinate to the corporate compliance officer, who reports directly to the chief financial officer. The focal area of the work of the Compliance department is preventing violations of antitrust and competition law, corruption, fraud and other property offenses, and infringements of regulations for the prevention of money laundering. For other areas in which there is a risk of compliance violations, responsibility for compliance management lies with the respective functions that have performed these duties competently for a long time and are supported in these tasks by the Compliance department.
The CMS consists of the three pillars of prevention, detection and response:
- The first pillar of CMS – prevention – includes employee training, in particular, in addition to the risk analysis. Here, we attach great importance to in-person events at which we can address employees personally and directly and discuss their questions. We use e-learning programs as well. Prevention is also fostered by consultation on specific matters with the Compliance department and by the internal publication of guidelines on topics such as antitrust law and contact with competitors, giving and receiving gifts, and sponsoring. Continental introduced a Business Partner Code of Conduct to prevent compliance violations by suppliers, service providers or similar third parties that could have negative repercussions for Continental, or that could be attributed to the company under laws such as the U.K. Bribery Act. This must be recognized as a basic requirement for doing business with Continental. If necessary, third-party due diligence can be performed with regard to compliance issues. Another key element of preventive compliance is communication measures, which are carried out on a regular basis. These include video tutorials on compliance, as well as Compliance Days and Compliance Games that are organized by the individual locations with the support of the compliance organization.
- The second pillar of CMS – detection – comprises regular and ad hoc audits. In addition, compliance is always a subject of audits carried out by Corporate Audit. Continental has set up a Compliance & Anti-Corruption Hotline to give employees and third parties outside the corporation the opportunity to report violations of legal regulations, its fundamental values and ethical standards. Information on any kind of potential violations, such as bribery or antitrust behavior, but also other offenses or accounting manipulation, can be reported anonymously via the hotline where permissible by law. Corporate Audit and the Compliance department investigate and pursue all tips received by this hotline. The hotline is available worldwide in many different languages. The number of tips received by the hotline has risen steadily over the past few years. We see this as a sign of increased awareness of compliance topics and as a success in our compliance work.
- The third pillar of CMS – response – deals with the consequences of compliance violations that have been identified. The Compliance department is involved in decisions on measures that may be required, including any individual sanctions. Furthermore, the Compliance department conducts a thorough analysis of such events to ensure that isolated incidents are not symptoms of failings in the system and to close any gaps in prevention.
The design, implementation and effectiveness of Continental AG’s CMS for the areas of anti-corruption, competition/antitrust law, fraud and other property offenses are audited by Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft (EY) in accordance with Audit Standard 980 of the Institut der Wirtschaftsprüfer e. V. (IDW). In 2016, EY issued an unqualified review opinion.
Material compliance-related matters and risks are described in more detail in the Report on Risks and Opportunities starting on page 93, and in the Notes to the Consolidated Financial Statements (Note 34).