Business Partner Compliance Due Diligence - Global Compact ...

Siemens Compliance System 

Integration of Business Partner Due Diligence in 

a company’s Control Systems 

Global Compact Nordic Network Meeting 

Oslo, 7. November , 2011 

© Siemens AG 2008. All rights reserved

Introduction 

Page 2 November 2011 

Challenge 

“Third parties used as intermediaries are one of the most 

common channels through which bribes are made.” 

Transparency International 

Businesses should work against 

corruption in all its forms, including 

extortion and bribery 

Implementation of a structured compliance due diligence process of 

business partners acting on behalf, or in the interest of a company 

Solution 


Compliance is one of the four main categories 

of the Internal Control System 

Enterprise Risk Management 

(ERM) 

Sources 

Risk and Internal Control 

Risk identification highlights gaps in internal controls 

and influences the identification of necessary control 

requirements as well as their monitoring. 

Monitoring of control requirements may result 

in the identification of unmitigated risks. 

Quarterly 

Update 

Internal Control System 

(ICS) 

The Policy & Control Masterbook (PCMB) comprises in total ~750 Siemens global control requirements 

and forms the basis for the Siemens “In Control” Statement. 

Corporate Circulars 

SOA 404 Annex 4 

ICS Self Assessment 

Catalogue 

ICS Task Force Output 

Others 

* CL CO = Corporate Legal Compliance; ** CCF = Compliance Control Framework 

Categories 

Strategic 

Operations 

Financial 

Compliance 

CL CO* is governance 

owner of 44 control 

requirements 

thereof 

- 25 CCF** 

- 19 other sources, 

e.g. CL CO circulars 

Page 3 November 2011 © Siemens AG 2011. All rights reserved

IT-based tools make sure, that compliance policies and 

processes are implemented in an effective and reviewable way 

* Examples 

Policies* 

Project Business 

Business Partner 

Contributions 

e.g. Sponsoring, Donations 

Invitations (Entertainment) 


Investigations 

Tools 

Limits of Authority 

LoA-Tool 

Business Partner 

Compliance Tool 

SpoDoM Tool 

TRACI Tool 

Impact 

Internal: 

� Global implementation 

� Transparency 

� Standardized processes 

External: 

� Minimized corruption risk 

in the entire value chain. 

� Improved company 

reputation. 


Business Partner Compliance Due Diligence (CDD) Process 

Scope of Business Partners 

Scope of Business 

Partners 

Risk Inventory 

Process 

(affiliation & liability) 

A clear and unambiguous definition of what a business partner constitutes, 

based on a structured risk inventory process, is the basis for efficient 

implementation of a standardized compliance due diligences process. 

Siemens Definition (Policy) 

Business Partner CDD mandatory for: 

Intermediaries 

sales consultants, agents, 

customs brokers, etc. 

Reseller / Distributor 

with specific red flags 

Consortium Partner 

Sector specific risk definition 

Other Partners 

other due diligences / checks 

Joint Venture Partners 

covered by M&A Due Diligence 

Product Suppliers 

covered by supplier evaluation, 

classification process, Code of 

Conduct 



Key Data 

With the key data section, Siemens entities can: 

- Identify whether a CDD has already been 

performed for a business partner or 

- Register new master data for a Business Partner 

and for the due diligence. 

Business Partner Key Data are synchronized with 

the global Siemens Corporate Master Data. 



Risk Assessment 

The risk of the relationship 

with the business partner is 

evaluated by answering a set 

of “red flag” questions. 

A numeric scoring system 

underlying the questionnaire 

determines the risk level of a 

business relationship (i.e. lower, 

medium or higher risk). 

Red Flag Questions 

• previous experience with the BP 

• purpose of the relationship 

• interaction with government 

officials 

• activities performed by BP 

• country risk rating / TI/CPI index 

• type of compensation 

• payment terms – danger signs 

• Internet check 



CDD Questionnaire 

• The number of questions in the due diligence questionnaire 

is determined by the risk level. 

In general, the higher the risk level, the more information is 

needed. 

• To acquire a complete and neutral picture of the business 

relationship, the CDD questionnaires include internal 

information obtained from the business partner as well as 

external information from independent sources. 



Risk Based CDD Questionnaires - content 

• Actions, tasks and services performed by the business partner 

• Terms and conditions of the proposed business relationship 

• Red flag questions (conflict of interest and compliance concerns) 

plus • Check against sanctioned party list and publicly available information 

• Connections with government officials 

• Evidences for qualification of the business partner (e.g. licences) 

• Information from external reliable sources (e.g. Dun & Bradstreet) 

• Current and previous litigation, criminal investigations and sanctions 

plus 

• check of BP’s key persons and key employees 

• Further external information and references 

• Check against an external anti-corruption database (performed by 

Compliance) 



Approval 

• The risk level determines the involvement of the 

management and Compliance in the approval. 

• Lower risk CDDs are only approved by the 

management of the Siemens unit. 

Compliance is involved in medium/higher risk 

CDDs. 

• The respective approver decides 

- whether the business partner is acceptable or 

- whether there is any objection to due diligence or 

- to submit the CDD back for clarification. 



Enhanced Approval - Review 

• In case of medium or higher risk CDDs, a Compliance 

Officer of the Siemens unit checks the CDD by means of a 

structured and documented review and performs additional 

researches. 

• The Sector, Cluster or Corporate Compliance organization 

is involved in higher risk CDDs. 

• Approved due diligences are valid for three years and have 

to be repeated through a renewal process. 



Contracts 

• Additional information and contractual details, which 

become available after the approval of a CDD, can 

be registered in the “post-approval” process step. 

• Incidents, controls and reviews of the business 

partner relationship have to be documented. 

• Depending on the risk, contracts with business 

partners must include binding contract provisions. 


A number of factors play an important role in integrating 

adequate procedures into the organization 

Risk 

Management 

Policies 

Responsibility 

Tools 

Training 

Internal 

Control 

Reporting 


Compliance Risk Assessments 

Other systems (ICS) to feedback information into the ERM system 

Based on findings from Risk Assessments and experience 

Clear and unambiguous policy, supported by standardized processes 

Clearly defined, communicated and followed up 

Anchored in business operations 

Key for enabling the organization to efficiently perform due diligences, while 

ensuring company-wide effectiveness - transparency 

Training of sensitive functions key to integrate into business operations 

Awareness and specific topic training 

Regular controls and management reviews based on updated risk inventory 

Continuous adaptation is key to sustained control 

Standardized Key Performance Indicators 

Regular reporting 


Thank you for your attention! 


Wilhelm Klaveness 

Regional Compliance Officer 

Siemens Norway 

+47 98481199 

wilhelm.klaveness@siemens.com 

Want to learn more: 

http://www.siemens.com/sustainability/en/core- 

topics/collective-action/our-learnings.htm 

© Siemens AG © Siemens 2011. All AG 2008. rights All rights reserved. 

reserved

The Siemens Compliance System: 

Prevent – Detect – Respond 

Prevent Detect Respond 

� Compliance risk 

management 

� Policies and procedures 

� Training and 

communication 

� Advice and support 

� Integration in personnel 

processes 

� Collective Action 

Management responsibility 

� Whistle blowing channels 

“Tell us” and Ombudsman 

� Compliance controls 

� Monitoring and 

Compliance reviews 

� Compliance audits 

� Compliance 

investigations 

� Consequences for 

misconduct 

� Remediation 

� Global case tracking 


In the change process, several elements were crucial in 

becoming a recognized leader in terms of integrity 

Immediate Actions Implementation 

Tone from 

the Top 

Independent 

investigation 


Program 


Organization 


Training 


Tools 

Support sustainable 

business! 

2006 2007 2008 2009 

2010 

DoJ/SEC 

settlement 

World Bank 

settlement 

Exchange of 

Leadership Team 

Centralization of 

bank accounts 

Conti- 

nuous 

Improvement 

Continuous 

Improvement 

Values & 

Integrity 

Collective 

Action 

Sustainable 

Development

Business Partner Compliance Due Diligence - Global Compact ...

Create successful ePaper yourself

Delete template?

Save as template?