One of our basic values is trust. Trust requires integrity, honesty and incorruptibility. Compliance with all the legal requirements that apply to Continental AG and its subsidiaries and its internal regulations by management and employees has therefore long been a goal of the company and an integral part of its corporate culture. In addition to our corporate guidelines, the BASICS and the Corporate Governance Principles, this is reflected in particular in our Corporate Social Responsibility Principles and the Code of Conduct that is binding for all employees. The Executive Board is firmly committed to these principles and that of “zero tolerance,” particularly with regard to corruption and antitrust violations.
The basis of our Compliance Management System (CMS) is a comprehensive analysis of the compliance risks to which the company is exposed. The company and its business activities are examined in terms of potential compliance risks that can arise, for example, from its structures and processes, a specific market situation or even operations in certain geographic regions. This takes into account, for example, the results of a regular corporation-wide risk reporting in addition to external sources such as the Transparency International’s Corruption Perception Index. This analysis is substantiated and expanded primarily by a series of discussions with management and employees at all levels. The risk analysis is not a oneoff procedure, but rather a process requiring constant review and updates.
The head of the Compliance department manages the compliance organization in operational terms. The person holding this position is subordinate to the corporate compliance officer, who reports directly to the chief financial officer. The focal area of the work of the Compliance department is preventing violations of antitrust and competition law, corruption, fraud and other property offenses. For other areas in which there is a risk of compliance violations, responsibility for compliance management lies with the respective functions that have performed these duties competently for a long time and are supported in these tasks by the Compliance department.
The CMS consists of the three pillars of prevention, detection and response:
- The first pillar of CMS – prevention – includes employee training, in particular, in addition to the risk analysis. Here, we attach great importance to in-person events at which we can address employees personally and directly and discuss their questions. We use e-learning programs as well. Prevention is also fostered by consultation on specific matters with the Compliance department and by the internal publication of guidelines on topics such as antitrust law and contact with competitors, giving and receiving gifts, and sponsoring. Continental introduced a Business Partner Code of Conduct to prevent compliance violations by suppliers, service providers or similar third parties that could have negative repercussions for Continental, or that could be attributed to the company under laws such as the U.K. Bribery Act. This must be recognized as a basic requirement for doing business with Continental. If necessary, supplier due diligence can be performed with regard to compliance issues.
- The second pillar of CMS – detection – comprises regular and ad hoc audits. In addition, compliance is always a subject of audits carried out by Corporate Audit. Continental AG has set up a Compliance & Anti-Corruption Hotline to give the employees and third parties outside the corporation the opportunity to report violations of legal regulations, its fundamental values and ethical standards. Information on any kind of potential violations, such as bribery or antitrust behavior, but also other offenses or accounting manipulation, can be reported anonymously via the hotline where permissible by law. Corporate Audit and the Compliance department investigate and pursue all tips received by this hotline. The hotline is available worldwide in many different languages. The number of tips received by the hotline has risen steadily over the past few years. We see this as a sign of increased awareness of compliance topics and as a success in our compliance work.
- The third pillar of CMS – response – deals with the consequences of compliance violations that have been identified. The Compliance department is involved in decisions on measures that may be required, including any individual sanctions. Furthermore, the Compliance department conducts a thorough analysis of such events to ensure that isolated incidents are not symptoms of failings in the system and to close any gaps in prevention.
In 2011, Continental AG had the concept of its CMS for the areas of anti-corruption, competition/antitrust law, fraud and other property offenses audited by Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft (EY) in accordance with Audit Standard 980 of the Institut der Wirtschaftsprüfer e. V. (IDW). EY issued an unqualified review opinion. In 2012, EY audited the implementation of the CMS in accordance with IDW Audit Standard 980 and came to the same conclusion in early 2013. In spring 2016, the audit of the effectiveness of the CMS by EY in accordance with IDW Audit Standard 980 was successfully completed.
Material compliance-related matters and risks are described in more detail in the Report on Risks and Opportunities starting on page 99, and in the Notes to the Consolidated Financial Statements (Note 32).