In the long term, a company can only be successful if it acts with integrity, complies with statutory provisions worldwide and stands by its voluntary undertakings and ethical principles even when this is the harder choice. Our Compliance organization supports this approach.
We adopt a preventive compliance approach and foster a corporate culture that stops potential breaches before they occur. The Internal Audit, Security, Personnel Management and Legal departments at Group level are responsible for the necessary investigative measures and responses. The guidelines laid down in the Volkswagen Group’s Code of Conduct are of essential importance here. These have been communicated and can be accessed by all Group employees via the Volkswagen portal and on the Internet pages of the Volkswagen Group. 9
The Group Chief Compliance Officer reports directly to the Chairman of the Group Board of Management. He is supported in his work by 14 Chief Compliance Officers who are responsible for the brands, the Financial Services Division and Porsche Holding GmbH, Salzburg (Austria), and are in turn assisted by Compliance Officers in the Group companies. Employees in a total of 66 countries work for the Governance, Risk & Compliance (GRC) organization. Networking of the organization is promoted by measures including regional workshops.

Setting the Tone

Integrated Governance, Risk & Compliance Approach

Compliance is a key element of the Volkswagen Group’s Governance, Risk & Compliance (GRC) organization. Potential compliance risks are identified and assessed by the standard GRC process that is in place across the Group. As a result, in the reporting year more than 2,500 assessments of potential compliance risks and the relevant remedial measures were reported by over 90 companies; more than 550 tests were staged within the companies to evaluate the effectiveness of these measures. Risk assessments are drawn up in particular on the topics of active and passive corruption, conflicts of interest, competition law and antitrust law. Based on the findings, preventive measures are drawn up and the appropriate compliance programs defined. During the selection process for new production locations, Group Production assesses the locations not least with a view to potential corruption risks.

Expansion of Compliance in 2014

In 2014 the compliance agenda focused on the continuing expansion of the GRC organization, tightening compliance standards for the sales organization, international money-laundering prevention, and the handling of contracts for work or services. In addition, based on the “Volkswagen Group requirements regarding sustainability in its relationships with business partners” (Code of Conduct for Business Partners), supplier awareness of topics including human rights was increased. Business partners of the Volkswagen Group are subject to a Business Partner Check, a risk-oriented assessment of their integrity, also based on the “Volkswagen Group requirements regarding sustainability in its relationships with business partners” (Code of Conduct for Business Partners). To raise awareness of the importance of compliance, since 2010 all new employment contracts entered into between Volkswagen AG on the one part and both management staff and employees covered by collective agreements on the other have included a reference to the Code of Conduct and the obligation to comply with it. Completion of the online training module on the Code of Conduct is mandatory for all new employees. As of 2014, compliance with the Code of Conduct is one factor in calculating the variable, performance-based pay component.

Prevention through Information

By means of appropriate preventive measures integrated in our existing management system, we foster compliance with the rules within our organization and sharpen our employees’ awareness. However, we are also aware that the risk of individual misconduct can never be completely eliminated. To raise employee awareness of compliance-related issues we use both traditional communication channels such as employee magazines and information stands, and electronic media such as intranet portals, apps, blogs, audio-podcasts and online newsletters and guidelines. For example, our Anti-Corruption Guidelines are available to all employees, business partners and members of our governance bodies on the Volkswagen portal as well as the Internet. 23


Show table
Participants from the Group   2014   2013  
Classroom training
Code of Conduct 30,412 28,420
Anti-corruption 20,607 13,494
Competition and antitrust law 11,279 4,202
Money-laundering prevention 6,852 2,585
Human rights 6,011 881
Other compliance topics 31,529 69,426
Total participants 106,690 119,008
E-Learning programs
Code of Conduct / human rights 43,766 43,039
Anti-corruption 27,596 31,608
Competition and antitrust law 3,248 1,224
Money-laundering prevention 4,574 2,678
Other compliance topics n/a 4,917
Total participants 79,184 83,466

Across all regions, 5,728 managers participated in classroom training and E-Learning programs on the topic of anti-corruption.

On the topic of human rights, more than 6,000 employees worldwide received in 128 hours of training distributed across 329 classroom training courses. In addition, employees can learn more about this topic using our online E-Learning programs.

On United Nations International Anti-Corruption Day, many Volkswagen locations held a variety of multi-channel activities related to corruption prevention. A film was also made for the event and shown internationally. In 2014 over 185,000 employees across the Group took part in 4,444 classroom and online courses on the topics of compliance in general, money laundering, the Code of Conduct, competition and antitrust legislation, human rights and combatting corruption. Online E-Learning programs and classroom training are firmly anchored in existing corporate processes. Employees of all brand companies and a large number of Group companies are able to obtain personal advice about compliance issues, usually by contacting the compliance organization via a dedicated e-mail address. In the fall of 2014, a letter specifically addressed to all employees of Group Security and Plant Security at Volkswagen AG once again called attention to the Group Code of Conduct, including its human rights requirements.

In 2014 over 185,000 participants attended courses on compliance-related topics.

Checks, Audits, Sanctions and Data Protection

Group Internal Audit regularly and systematically reviews processes within the Company, using approaches such as the internationally recognized COSO Enterprise Risk Management framework. It also carries out random checks irrespective of any suspicion of non-compliance and investigates whenever breaches are actually suspected.
The worldwide ombudsman system in place since 2006 can be used to confidentially report corruption, fraudulent activities, or other serious irregularities (such as human rights violations or ethical misconduct) in ten different languages to two external lawyers appointed by the Group. Naturally, the people providing the information need not fear being punished by the Company for doing so. As of December 2014, there is also the option of using an additional online channel to communicate with the ombudsmen. A technically secure digital mailbox allows suspected breaches to be reported – anonymously, if so desired. In 2014, the ombudsmen passed on 51 reports by people – whose details remained confidential if requested – to the Volkswagen Group’s Anti-Corruption Officer, the Head of Group Internal Audit. In addition, the Anti-Corruption Officer received information on a further 89 cases directly. One case was identified by the person reporting it as a possible human rights violation. During local internal audits of the brands and Group companies, 365 reports of suspected fraud were submitted. All information is followed up. All breaches of the law or internal regulations are appropriately punished. In 2014 action was taken against a total of 132 employees across the Volkswagen Group as a result of findings of investigations based on information received. In 72 of these cases worldwide, the employee’s contract was terminated. Moreover, during the reporting year, 16 contracts with business partners were terminated or not renewed because of infringements related to corruption.
The basis for the auditing program of Group Internal Audit and of 19 other local audit functions at the brands and affiliated companies is provided by a risk-oriented assessment of the Group’s core business processes. The business processes of all Volkswagen Group companies are systematically classified in terms of risks which, from the point of view of the auditors, are relevant to the audit. The topics with the highest risk levels are integrated into the auditing programs. In 2014 a total of 1,723 audits were conducted at 304 companies. Among other things, the audits also examine internal control mechanisms for the prevention of corruption (four-eye principle, segregation of functions), the existence of compliance guidelines and preventive measures.
Another aspect of the audit function is advising the specialist areas of the Volkswagen Group. In particular, this helps define processes and ensures they are designed in compliance with internal standards and can be applied worldwide.
In addition, Group Internal Audit has set up a Continuous Monitoring unit. It is tasked not least with supporting the effectiveness of the internal control system, based on structured data analysis of the financial systems. This allows potential weak spots to be discovered quickly, preventing major damage from occurring.

In a new approach to training, participants team up to resolve compliance issues in a GRC board game.

Volkswagen Compliance provides information at the 2014 International Suppliers’ Fair (IZB) in Wolfsburg.

Data protection, i.e. ensuring the privacy of personal data, is an important corporate principle. With this in mind, the data protection organization in the Volkswagen Group is continuously being enhanced and progressively networked. It is active on three levels: Group (Group data protection office), brand (brand spokesperson for data protection), and Group companies (data protection officers or contacts).
The aim of the Group-wide data protection organization is to provide a uniformly high level of protection for personal data within the Volkswagen Group. In addition, the organization provides a basis for the standardization and regular adaptation of data protection requirements in the Group, for example in the cases of networked vehicles and Group-wide IT systems.
Further information on compliance at the Volkswagen Group can be found in the 2014 Annual Report. 24