REWE Group Sustainability Report 2018

Compliance

A legally compliant behaviour and the prevention of legal and regulatory violations ensure the long-term success of a company. Violations of regulations can have personal consequences (including claims for damages or criminal charges) for individual employees or board members of REWE Group. This, in turn, could lead to a loss of reputation. A trade and tourism company faces particular compliance risks in the areas of price-fixing, the exercise of market power against suppliers and personal gain.

GRI 205: Anti-corruption

GRI 206: Anti-competitive behaviour

GRI 307: Environmental compliance

GRI 419: Socioeconomic compliance

Management approach

Integrity and fairness in business transactions as well as in interaction with others are important fundamental principles in the mission statement of REWE Group. With the code of conduct of REWE Group, the company has also defined standards of behaviour that are obligatory for all individuals who work on behalf of REWE Group.

In the course of introducing an anti-corruption system, various codes of conduct were implemented for managers and employees. In addition, an internal anti-corruption officer and an external ombudsman were appointed. In February 2009, REWE Group named a chief compliance officer, and, in June 2010, the Governance & Compliance headquarters department began to combine and coordinate the activities of REWE Group. Since 2011, the department has been supported in its work by decentralised compliance officers as expert contact partners in the respective business units and country companies. Violations regarding corruption can be reported to the responsible compliance officers or the external ombudsman using a combine-wide whistleblower system. The officers are contact points for all employees of REWE Group or third parties who have reason to think that such violations have occurred.

However, formal complaints can also be addressed to a number of different departments at REWE Group, including Management, Compliance, Quality Management and Purchasing. They can also be sent directly to the stores themselves.

The aim of REWE Group’s Compliance Management System (CMS) is to prevent violations of laws and internal company rules and, thus, to preclude damage to the company and personal liability of the company’s bodies and employees. As part of an efficient CMS based on the IDW PS 980 standard, REWE Group has set up a compliance programme that comprises a number of preventive steps: Since mid-2011, regular compliance risk analyses have been conducted with the goal of developing further preventive measures. Training for employees and special rules governing ways to handle gifts made to top executives or purchasing departments are also included. In 2015, the CMS was submitted to an external readiness check by a highly respected auditing firm. As a follow-up step, the CMS has been reviewed on the basis of the recognised audit standard (PS 980) of the Institute of Public Auditors (IDW) in Germany since 2016. The objective of the audit is to continuously improve the existing system. For this purpose, processes and work packages were developed and implemented by the end of 2018. Following this, the second certification step, the appropriateness test, was started. The Governance & Compliance headquarters department is responsible for the combine guideline management of REWE Group since 2016. Within the scope of the reorganisation, a company-wide process and a new IT system were implemented. Compliance-relevant combine guidelines were successively transferred to the new tool where they are available to all employees.

GRI 205-1:

Operations assessed for risks related to corruption

With the help of an IT-supported tool, corruption risks are systematically recorded and evaluated for the entire REWE Group (nationally and internationally). Appropriate measures are then developed on the basis of this information. “Commercial bribery” was identified as a key corruption risk – particularly in the business area of Purchasing.

The basic conditions, guidelines and processes for a uniform risk management system throughout the combine with regard to the compliance risks of antitrust breaches and corruption will be created by the Governance & Compliance headquarters department. Annual compliance risk analyses have been carried out and appropriate measures to control risks have been developed and implemented since 2011. As part of the integration project Governance Risk & Compliance (GRC), business operation risks and compliance risks are jointly collected, evaluated according to the same criteria and integrated into a group-wide system solution (for more information about risk management, see the Combined Management Report for the 2018 Business Year, pages 27–33).

GRI 205-2:

Communication and training about anti-corruption policies and procedures

All employees in administration throughout Germany must take part in the e-learning module “Compliance Basics” which explains how to handle gifts (anti-corruption). In 2018, work began on designing two new e-learning modules on the code of conduct and anti-corruption. Refresher formats are also provided for both courses to ensure the knowledge imparted is regularly refreshed. All modules will be available group-wide on the relevant learning management systems from 2019 onwards. The training addresses managers and employees alike. Numerous classroom training sessions and workshops were also organised during the financial year, in which employees were taught how to fulfil compliance requirements. The training concept applies a risk-focused approach that calls for training to be held on a regular basis. In this way, nearly all relevant employees will have received the training within a period of two to three years.

REWE Group has been providing information about compliance, particularly whistleblower management, on its website. Its code of conduct can also be downloaded there. In addition, every employee of REWE Group can find important compliance information on the intranet and in various team rooms.

Total number of employees having undergone anti-corruption policy and procedure training in the organisation
2016 2016 2017 2017 2018 2018
Non-management level, absolute Management level, absolute Non-management level, absolute Management level, absolute Non-management level, absolute Management level, absolute
Retail Germany 318 35 734 98 19 1
Retail International 3,679 637 1,796 284 1,403 141
DIY Stores 33 9 53 0 37 0
Travel and Tourism 506 15 483 172 0 0
Other 461 93 556 105 65 11
Total 4,997 789 3,622 659 1,524 153

GRI 205-3:

Confirmed incidents of corruption and actions taken

Whistleblower tips received by compliance officers are systematically entered in the compliance tip tool. They are then reviewed and forwarded to the appropriate department, in particular Auditing, for clarification. This department examines the allegations and reports the results and measures to be taken as a result to the Governance & Compliance headquarters department. It is the responsibility of the operational units to implement these measures, which can involve such matters as labour or criminal issues.

In 2018, five significant tips about corruption were received by the Compliance department, all relating to “Commercial bribery”. Labour-law disciplinary steps and other measures were taken. REWE Group protects the names of whistleblowers and affected individuals as part of its whistleblower management system.

Together with decentralised compliance officers, the Governance & Compliance headquarters department holds regular workshops for the purpose of modifying the compliance programme and implementing preventive measures to minimise compliance risks.

GRI 206-1:

Legal actions for anti-competitive behaviour, anti-trust, and monopoly practices

REWE Group does not report legal actions or the results of such actions as this information is subject to special confidentiality obligations.

GRI 307-1:

Non-compliance with environmental laws and regulations

REWE Group does not provide disclosures about the monetary value of significant fines and the total number of non-monetary penalties due to non-compliance with environmental laws and regulations as this information does not have the necessary level of quality available throughout the combine. There are no plans to gather this information in future as the effort to acquire the data is not proportional to the benefits obtained from gathering it.

GRI 419-1:

Non-compliance with laws and regulations in the social and economic area

REWE Group does not provide disclosures about the monetary value of significant fines and the total number of non-monetary penalties due to non-compliance with laws and regulations as this information does not have the necessary level of quality available throughout the combine. There are no plans to gather this information in future as the effort to acquire the data is not proportional to the benefits obtained from gathering it. Legal risks are reported in the Combined Management Report for the 2018 Business Year from page 31. Other provisions for court, litigation and legal consulting costs are reported in note 33 of the Combined Management Report for the 2018 Business Year from page 114.

More topics:

REWE Group Portrait

GRI 102-1 – 102-7, 102-10

Employee Structure

GRI 102-8, 102-41

Supply Chain

GRI 102-9

Risk Management

GRI 102-11

Industry Initiatives and Memberships

GRI 102-12, 102-13

Principles and Guidelines

GRI 102-16, 102-17

Sustainability Strategy

GRI 102-18 – 102-21

Stakeholder Dialogue

GRI 102-40, 102-42 – 102-44

Materiality Analysis

GRI 102-45 – 102-47, 102-49

Report Profile

GRI 102-48, 102-50 – 102-56

Economic Performance

GRI 201

Public Policy

GRI 415

Data protection

GRI 418