Compliance

To be successful over the long term, a company must comply with laws and prevent violations of laws and regulations. Individual employees or board members of the REWE Group could be held personally liable for failures to observe laws, directives or codes (including demands to pay damages or criminal law penalties). Such violations could also harm the company’s image. A trade and tourism company faces particular compliance risks related to price fixing, the exercise of market pressure in dealings with suppliers and personal undue advantages.

Principles

Integrity and fairness in business transactions as well as in interaction with others are important fundamental principles in the mission statement of the REWE Group. In the Code of Conduct of the REWE Group , the company has also defined mandatory standards that apply to the actions of all individuals working on behalf of the REWE Group – including managers and the company’s top executives. 

Responsibility

In February 2009, the REWE Group named a chief compliance officer. And, in June 2010, the internal Corporate Department of Governance & Compliance began to integrate and coordinate the activities of the REWE Group. Decentralised compliance officers are available to the department as expert contact partners in the respective business units and country companies. A number of codes of conduct that apply to managers and employees has been implemented and an external ombudsman hired as part of the compliance management system (CMS) of the REWE Group.

Objective

The aim of the CMS is to deter violations of legal regulations and internal company policies and, thus, prevent damage to the company and stop company bodies and employees from being held personally liable. The CMS focuses on around 120 REWE Group companies, which are selected according to certain criteria such as level of revenue and headcount. This achieves a high level of coverage. Acquisitions are gradually integrated into the CMS. In 2021, for instance, the integration of the Lekkerland Group as the new business segment Convenience into the compliance processes of the REWE Group was begun. The integration is scheduled to be completed in 2022.

Implementation

As part of an efficient CMS based on the IDW PS 980 standard, the REWE Group has set up a compliance programme that comprises a number of preventive steps – including risk assessments, training and consultations. The CMS was submitted to a readiness check by a highly respected auditing firm in 2015. As a result, an assessment of the CMS based on the recognised auditing standard (PS 980) of the Institute of Public Auditors in Germany has been prepared since 2016. The objective of the audit is to continuously refine the existing system. Processes and work packages were developed and implemented for this purpose through the end of 2018. As a result of limited resources and the impact of the coronavirus pandemic, some of the defined work packages could not be implemented throughout the combine in 2021. This situation has caused a delay in the performance of an appropriateness test as the second certification stage for companies in the compliance scope.

The Corporate Department of Governance & Compliance has been responsible for combine guideline management at the REWE Group since 2016. A group-wide process has been implemented for this. All group guidelines relevant to compliance are available to all employees in an interactive IT tool. Employees are also informed about all changes and additions to relevant combine guidelines in the intranet, among other areas.

With the help of an IT-supported tool, corruption risks are systematically recorded and evaluated for the entire REWE Group (nationally and internationally). The work focuses on both domestic and international company locations. As a result, all company locations in the compliance scope are assessed. Appropriate measures are developed on the basis of the risks recorded and evaluated. “Commercial bribery” was identified as a key corruption risk.

The conditions, guidelines and processes for combine-wide risk management related to the compliance risks anti-trust breaches and corruption are developed by the Corporate Department of Governance & Compliance. Since 2011, annual compliance risk analyses have been conducted and appropriate risk-management measures have been devised and implemented. As part of the integration project Governance Risk & Compliance (GRC), business operation risks and compliance risks are jointly compiled, evaluated according to the same criteria and integrated into a group-wide system solution (for more information about risk management, see the Combined Management Report for business year 2021, pages 24–30).

All administrative employees who work in business areas with the learning management system are required to attend an e-learning course called Compliance Basics. During the course, employees learn how to properly deal with gifts (anti-corruption). The course is complemented by another e-learning module on the topic of ethics, a course that primarily introduces students to the fundamental aspects of the REWE Group’s Code of Conduct and ways to handle whistleblower information. Both courses include a repeat format that employees can use to refresh their compliance knowledge. The introduction was initiated in 2020 on a step-by-step basis and in a number of different languages. The work was successfully completed at the end of the year. All modules have been available since then throughout the Group on the appropriate learning management system. At smaller companies that are not part of a learning management system, the compliance departments responsible for the issue there are required to teach the content of the e-learning course during in-person classes or in some other appropriate manner.

The training is directed at managers and employees to an equal degree on the basis of a risk-focused approach. During the financial year, the company systematically offered training that was primarily provided as e-learning courses due to the coronavirus pandemic and workshops in which employees received subject-matter-specific information about compliance-appropriate behaviour. This approach will enable virtually all employees to be systematically trained about the subject over a period of two to three years.

The REWE Group provides information about compliance on its website. This information focuses in particular on tip-off management. Users can also download the Code of Conduct there. All employees of the REWE Group can find essential information about compliance in the intranet as well.

Decentralised compliance officers (DCO) and compliance delegates are available to all employees in each business segment of the REWE Group. This is also the case for the Corporate Department of Governance & Compliance. All employees of the REWE Group have an opportunity to anonymously speak with these contact partners about compliance issues at any time. They can contact them in a letter, an e-mail or a phone call to a hotline set up for this specific purpose.

Violations of legal regulations or internal rules, particularly regarding corruption, can be reported to a combine-wide whistleblower system. This facilitates a uniform Group-wide and transparent approach for dealing with whistleblower information. However, formal complaints can also be addressed to a number of different departments at REWE Group, including Management, Compliance, Quality Management and Purchasing. They can be addressed directly to the stores as well.

Any employee of the REWE Group or a third party – including suppliers and business partners – can report tips to the compliance officer responsible for the issue or an external ombudsman. Information is relevant for compliance if there is a suspicion of a criminal or administrative offence or another breach of the rules (including internal policies). This particularly includes incidents of corruption or anti-trust breaches.

Contacts and phone numbers can be found at https://www.rewe-group.com/de/unternehmen/compliance.

Once tips have been systematically recorded in the compliance tip-off tool, an assignment is made to the Corporate Department of Governance & Compliance or the appropriate DCO. The facts are then clarified, for example by the Group Audit Department, the Store Audit Department, external lawyers or the internal compliance organisation. Members of these groups will examine the allegations and report the results and measures to be taken as a result to the Corporate Department of Governance & Compliance. It is the responsibility of the operative units to implement these measures, which can involve such matters as labour or criminal issues. After clarification, the whistleblower will receive confirmation of completion. If whistleblower information proves to be unfounded, all personal data will be erased in line with the locally applicable statutory data protection requirements.

A combine-wide, web-based reporting channel is scheduled to be set up in 2022. Employees and third parties will be able to use this channel to pass on compliance tips. The tips may be submitted anonymously if requested. Nonetheless, the compliance organisation will be able to use a mailbox function to communicate with the whistleblower. The introduction of this digital reporting channel is designed in particular to completely implement requirements expected to be issued in connection with Directive (EU) 2019/1937 dated 23/10/2019 (the whistleblowing directive). At the time of this report, this directive had not been introduced into German law.

The compliance department received seven tips about corruption in 2021. As a matter of principle, sanctions are imposed if violations are confirmed. For instance, business relations are terminated if a business partner is found to have violated anti-corruption regulations. The REWE Group has pledged to protect the identity of whistleblowers and affected individuals as part of its whistleblower management system. For example, comprehensive information about those affected or disciplinary actions may not be provided for data protection reasons because it may lead to inferences regarding personal data.

Together with decentralised compliance officers, the Corporate Department of Governance & Compliance holds annual workshops for the purpose of jointly refining the compliance programme and implementing preventive measures to minimise compliance risks.

The REWE Group does not report about investigations and their results because this information is covered by special confidentiality policies.

The REWE Group provides no information about the monetary amount of significant fines and the total number of non-monetary penalties imposed for failures to comply with environmental laws and regulations because of the inconsistent quality of this information throughout the combine. There are no plans to gather this information in future as the effort to acquire the data is not proportional to the benefits obtained from gathering it.

The REWE Group provides no information about the monetary amount of significant fines and the total number of non-monetary penalties imposed for failures to comply with laws and regulations because of the inconsistent quality of this information throughout the combine. There are no plans to gather this information in future as the effort to acquire the data is not proportional to the benefits obtained from gathering it.

Additional information about compliance risks can be found in the Group Management Report for business year 2021 starting on page 28. Other provisions for court, litigation and legal-consulting costs are reported in note 35 of the Group Management Report for business year 2021 on page 138.