Business Partner Compliance Due Diligence - Global Compact ...
Business Partner Compliance Due Diligence - Global Compact ...
Business Partner Compliance Due Diligence - Global Compact ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Siemens <strong>Compliance</strong> System<br />
Integration of <strong>Business</strong> <strong>Partner</strong> <strong>Due</strong> <strong>Diligence</strong> in<br />
a company’s Control Systems<br />
<strong>Global</strong> <strong>Compact</strong> Nordic Network Meeting<br />
Oslo, 7. November , 2011<br />
© Siemens AG 2008. All rights reserved
Introduction<br />
Page 2 November 2011<br />
Challenge<br />
“Third parties used as intermediaries are one of the most<br />
common channels through which bribes are made.”<br />
Transparency International<br />
<strong>Business</strong>es should work against<br />
corruption in all its forms, including<br />
extortion and bribery<br />
Implementation of a structured compliance due diligence process of<br />
business partners acting on behalf, or in the interest of a company<br />
Solution<br />
© Siemens AG 2008. All rights reserved
<strong>Compliance</strong> is one of the four main categories<br />
of the Internal Control System<br />
Enterprise Risk Management<br />
(ERM)<br />
Sources<br />
Risk and Internal Control<br />
Risk identification highlights gaps in internal controls<br />
and influences the identification of necessary control<br />
requirements as well as their monitoring.<br />
Monitoring of control requirements may result<br />
in the identification of unmitigated risks.<br />
Quarterly<br />
Update<br />
Internal Control System<br />
(ICS)<br />
The Policy & Control Masterbook (PCMB) comprises in total ~750 Siemens global control requirements<br />
and forms the basis for the Siemens “In Control” Statement.<br />
Corporate Circulars<br />
SOA 404 Annex 4<br />
ICS Self Assessment<br />
Catalogue<br />
ICS Task Force Output<br />
Others<br />
* CL CO = Corporate Legal <strong>Compliance</strong>; ** CCF = <strong>Compliance</strong> Control Framework<br />
Categories<br />
Strategic<br />
Operations<br />
Financial<br />
<strong>Compliance</strong><br />
CL CO* is governance<br />
owner of 44 control<br />
requirements<br />
thereof<br />
- 25 CCF**<br />
- 19 other sources,<br />
e.g. CL CO circulars<br />
Page 3 November 2011 © Siemens AG 2011. All rights reserved
IT-based tools make sure, that compliance policies and<br />
processes are implemented in an effective and reviewable way<br />
* Examples<br />
Policies*<br />
Project <strong>Business</strong><br />
<strong>Business</strong> <strong>Partner</strong><br />
Contributions<br />
e.g. Sponsoring, Donations<br />
Invitations (Entertainment)<br />
<strong>Compliance</strong><br />
Investigations<br />
Tools<br />
Limits of Authority<br />
LoA-Tool<br />
<strong>Business</strong> <strong>Partner</strong><br />
<strong>Compliance</strong> Tool<br />
SpoDoM Tool<br />
TRACI Tool<br />
Impact<br />
Internal:<br />
� <strong>Global</strong> implementation<br />
� Transparency<br />
� Standardized processes<br />
External:<br />
� Minimized corruption risk<br />
in the entire value chain.<br />
� Improved company<br />
reputation.<br />
Page 4 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Scope of <strong>Business</strong> <strong>Partner</strong>s<br />
Scope of <strong>Business</strong><br />
<strong>Partner</strong>s<br />
Risk Inventory<br />
Process<br />
(affiliation & liability)<br />
A clear and unambiguous definition of what a business partner constitutes,<br />
based on a structured risk inventory process, is the basis for efficient<br />
implementation of a standardized compliance due diligences process.<br />
Siemens Definition (Policy)<br />
<strong>Business</strong> <strong>Partner</strong> CDD mandatory for:<br />
Intermediaries<br />
sales consultants, agents,<br />
customs brokers, etc.<br />
Reseller / Distributor<br />
with specific red flags<br />
Consortium <strong>Partner</strong><br />
Sector specific risk definition<br />
Other <strong>Partner</strong>s<br />
other due diligences / checks<br />
Joint Venture <strong>Partner</strong>s<br />
covered by M&A <strong>Due</strong> <strong>Diligence</strong><br />
Product Suppliers<br />
covered by supplier evaluation,<br />
classification process, Code of<br />
Conduct<br />
Page 5 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Key Data<br />
With the key data section, Siemens entities can:<br />
- Identify whether a CDD has already been<br />
performed for a business partner or<br />
- Register new master data for a <strong>Business</strong> <strong>Partner</strong><br />
and for the due diligence.<br />
<strong>Business</strong> <strong>Partner</strong> Key Data are synchronized with<br />
the global Siemens Corporate Master Data.<br />
Page 6 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Risk Assessment<br />
The risk of the relationship<br />
with the business partner is<br />
evaluated by answering a set<br />
of “red flag” questions.<br />
A numeric scoring system<br />
underlying the questionnaire<br />
determines the risk level of a<br />
business relationship (i.e. lower,<br />
medium or higher risk).<br />
Red Flag Questions<br />
• previous experience with the BP<br />
• purpose of the relationship<br />
• interaction with government<br />
officials<br />
• activities performed by BP<br />
• country risk rating / TI/CPI index<br />
• type of compensation<br />
• payment terms – danger signs<br />
• Internet check<br />
Page 7 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
CDD Questionnaire<br />
• The number of questions in the due diligence questionnaire<br />
is determined by the risk level.<br />
In general, the higher the risk level, the more information is<br />
needed.<br />
• To acquire a complete and neutral picture of the business<br />
relationship, the CDD questionnaires include internal<br />
information obtained from the business partner as well as<br />
external information from independent sources.<br />
Page 8 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Risk Based CDD Questionnaires - content<br />
• Actions, tasks and services performed by the business partner<br />
• Terms and conditions of the proposed business relationship<br />
• Red flag questions (conflict of interest and compliance concerns)<br />
plus • Check against sanctioned party list and publicly available information<br />
• Connections with government officials<br />
• Evidences for qualification of the business partner (e.g. licences)<br />
• Information from external reliable sources (e.g. Dun & Bradstreet)<br />
• Current and previous litigation, criminal investigations and sanctions<br />
plus<br />
• check of BP’s key persons and key employees<br />
• Further external information and references<br />
• Check against an external anti-corruption database (performed by<br />
<strong>Compliance</strong>)<br />
Page 9 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Approval<br />
• The risk level determines the involvement of the<br />
management and <strong>Compliance</strong> in the approval.<br />
• Lower risk CDDs are only approved by the<br />
management of the Siemens unit.<br />
<strong>Compliance</strong> is involved in medium/higher risk<br />
CDDs.<br />
• The respective approver decides<br />
- whether the business partner is acceptable or<br />
- whether there is any objection to due diligence or<br />
- to submit the CDD back for clarification.<br />
Page 10 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Enhanced Approval - Review<br />
• In case of medium or higher risk CDDs, a <strong>Compliance</strong><br />
Officer of the Siemens unit checks the CDD by means of a<br />
structured and documented review and performs additional<br />
researches.<br />
• The Sector, Cluster or Corporate <strong>Compliance</strong> organization<br />
is involved in higher risk CDDs.<br />
• Approved due diligences are valid for three years and have<br />
to be repeated through a renewal process.<br />
Page 11 November 2011 © Siemens AG 2011. All rights reserved
<strong>Business</strong> <strong>Partner</strong> <strong>Compliance</strong> <strong>Due</strong> <strong>Diligence</strong> (CDD) Process<br />
Contracts<br />
• Additional information and contractual details, which<br />
become available after the approval of a CDD, can<br />
be registered in the “post-approval” process step.<br />
• Incidents, controls and reviews of the business<br />
partner relationship have to be documented.<br />
• Depending on the risk, contracts with business<br />
partners must include binding contract provisions.<br />
Page 12 November 2011 © Siemens AG 2011. All rights reserved
A number of factors play an important role in integrating<br />
adequate procedures into the organization<br />
Risk<br />
Management<br />
Policies<br />
Responsibility<br />
Tools<br />
Training<br />
Internal<br />
Control<br />
Reporting<br />
Page 13 November 2011<br />
<strong>Compliance</strong> Risk Assessments<br />
Other systems (ICS) to feedback information into the ERM system<br />
Based on findings from Risk Assessments and experience<br />
Clear and unambiguous policy, supported by standardized processes<br />
Clearly defined, communicated and followed up<br />
Anchored in business operations<br />
Key for enabling the organization to efficiently perform due diligences, while<br />
ensuring company-wide effectiveness - transparency<br />
Training of sensitive functions key to integrate into business operations<br />
Awareness and specific topic training<br />
Regular controls and management reviews based on updated risk inventory<br />
Continuous adaptation is key to sustained control<br />
Standardized Key Performance Indicators<br />
Regular reporting<br />
© Siemens AG 2008. All rights reserved
Thank you for your attention!<br />
Page 14 November 2011<br />
Wilhelm Klaveness<br />
Regional <strong>Compliance</strong> Officer<br />
Siemens Norway<br />
+47 98481199<br />
wilhelm.klaveness@siemens.com<br />
Want to learn more:<br />
http://www.siemens.com/sustainability/en/core-<br />
topics/collective-action/our-learnings.htm<br />
© Siemens AG © Siemens 2011. All AG 2008. rights All rights reserved.<br />
reserved
The Siemens <strong>Compliance</strong> System:<br />
Prevent – Detect – Respond<br />
Prevent Detect Respond<br />
� <strong>Compliance</strong> risk<br />
management<br />
� Policies and procedures<br />
� Training and<br />
communication<br />
� Advice and support<br />
� Integration in personnel<br />
processes<br />
� Collective Action<br />
Management responsibility<br />
� Whistle blowing channels<br />
“Tell us” and Ombudsman<br />
� <strong>Compliance</strong> controls<br />
� Monitoring and<br />
<strong>Compliance</strong> reviews<br />
� <strong>Compliance</strong> audits<br />
� <strong>Compliance</strong><br />
investigations<br />
� Consequences for<br />
misconduct<br />
� Remediation<br />
� <strong>Global</strong> case tracking<br />
Page 15 November 2011 © Siemens AG 2011. All rights reserved
In the change process, several elements were crucial in<br />
becoming a recognized leader in terms of integrity<br />
Immediate Actions Implementation<br />
Tone from<br />
the Top<br />
Independent<br />
investigation<br />
<strong>Compliance</strong><br />
Program<br />
<strong>Compliance</strong><br />
Organization<br />
<strong>Compliance</strong><br />
Training<br />
<strong>Compliance</strong><br />
Tools<br />
Support sustainable<br />
business!<br />
2006 2007 2008 2009<br />
2010<br />
DoJ/SEC<br />
settlement<br />
World Bank<br />
settlement<br />
Exchange of<br />
Leadership Team<br />
Centralization of<br />
bank accounts<br />
Conti-<br />
nuous<br />
Improvement<br />
Continuous<br />
Improvement<br />
Values &<br />
Integrity<br />
Collective<br />
Action<br />
Sustainable<br />
Development<br />
Page 16 November 2011 © Siemens AG 2011. All rights reserved