- Our established compliance management system includes detailed policies and procedures for ensuring ethical business conduct.
- Communication and training safeguard a common understanding of what we mean by compliance.
- Our Legal Compliance and Integrity Office enforces compliance to our policies and codes of conduct.
We act to ensure that we live up to high ethical standards throughout SAP. Our policies govern the conduct of our management, employees, suppliers and partners, as well as critical areas of our business such as sales, vendor selection, and payroll. In addition, we train employees on the SAP Code of Business Conduct for Employees, which includes guidelines on bribery, antitrust, and a host of other topics. In the case of any breaches of compliance, we take appropriate remedial action.
Establishing Clear and Comprehensive Standards
Our compliance management system includes detailed policies and procedures for ensuring ethical business conduct. Audited by KPMG in 2012/2013, this system consists of the following components:
- Fostering a favorable compliance culture
- Defining objectives
- Determining and analyzing compliance risks
- Running a compliance program
- Creating a responsible compliance organization
- Communicating standards clearly
- Monitoring and improving the management system
Fostering a Compliant Culture Through the SAP Code of Business Conduct for Employees
One of our priorities has been to establish a common understanding of what we mean by compliance. The SAP Code of Business Conduct for Employees (“Code”) summarizes our standards, and all employees (including top executives) must recognize this Code when they join SAP. While providing a global framework, the Code is adapted locally and translated into local languages. Such adaptation cannot weaken any requirements of the global Code and, in some cases, may be even stricter. In many countries, employees must also renew their commitment on an annual basis. This is not a formality for us but a means to share one of the most important foundations of our company culture.
Our Code contains guidelines for all SAP employees and members of the Executive Board as they perform their daily work on behalf of SAP. It is binding for all employees throughout the world and sets the standard for our dealings with customers, partners, competitors, and vendors. Our Code is also a statement of our commitment to safeguarding our investors and customers against unfair competitive practices, corruption, and misleading statements. Our Executive Board approves our Code.
Specifically, our Code covers the following:
- Prohibition of bribery and corruption in all its forms, including facilitation or “grease payments”
- Gifts and business entertainment limits
- Full, fair, and accurate accounting
- Conflicts of interest
- Anti-competitive practices
Delivering Employee Training and Communication on Business Conduct
Every other year, all employees in customer-facing roles are required to participate in e-learning training on anti-corruption, competition law, and customer commitments. In 2015 additional employee groups were included in this training, such as employees in supporting roles including Corporate Affairs and Global Marketing. 1,103 employees in Global Marketing and 145 employees in Corporate Affairs were trained with an online module. These online training modules are available in nine languages. In addition, 20,213 employees in SAP’s P&I group completed an online training on governance for customer commitments. We also continued education on intellectual property (IP), covering how we protect SAP’s IP rights and the rights of third parties 2,401 employees completed our IP online training. All online modules include a knowledge test. The Legal Compliance and Integrity Office also held 106 classroom training sessions with 2,633 participants. In our annual Code of Business Conduct Certification 54,507 employees were invited to participate in the certification of the SAP Code of Business Conduct for Employees and 52,588 completed the certification. We established a collaboration with the HR onboarding teams so that general compliance information on relevant policies is included in the onboarding sessions run by HR for new hires. 6,302 new hires joined these sessions in 2015.
In 2015 we launched a compliance communication campaign where we inform all employees in quarterly newsletters on compliance focus topics. We provide general information on the topic, current cases that are in the press and a section for self-reflection where employees are confronted with a hypothetical compliance case. Links to compliance related information are also included, such as our Whistleblower anonymous reporting system, the Legal Compliance and Integrity Office, Corporate Audit, and SAP global policies. We also run polls in the Portal on compliance related questions periodically throughout the year. In addition, this year, based on a new question in the people survey, 73 % of our employees feel encouraged to report on circumstances that could result in criminal fines for individuals or SAP. In 2016 we will benchmark our results against the results of other companies who asked the same question.
In addition to our training, we take a number of other steps to ensure that employees are aware of our policies and anticorruption standards:
- The Legal Compliance and Integrity Office conducts awareness calls and meetings
- Local managers send e-mails to their subsidiaries
- Local Codes of Business Conduct are available in local languages where necessary
- All global policies and guidelines and additional information are available on SAP Corporate Portal
As part of the new SAP Global Security Policy, a mandatory training covering Information Security Fundamentals was rolled out to all employees in November 2015.
Setting Expectations for Our Business Activities
We have created other policies related to specific lines of business and business activities. These guidelines include:
- Regulation of the appointment and remuneration of sales agents: All agents, consultants, or other third parties assisting with a sales opportunity must enter a written contract with mandatory provisions related to corruption and other issues. Before any contract with a third-party sales agent is executed, an integrity check must be completed along with internal approval processes.
- SAP Partner Code of Conduct: Governs our expectations of ethical business conduct by our partners. Before working with SAP, all new partners must accept this code.
- SAP Supplier Code of Conduct: Governs SAP’s expectations of our vendors and suppliers.
- Corporate Social Responsibility Policy: Lays out rules for donations made under SAP’s corporate social responsibility (CSR) program to ensure that charitable donations are not used for improper purposes such as bribery. The CSR team vets all donations made under this program and conducts a validation process to ensure that the recipient charity is legitimate. For donations that are not supported by the CSR team, a Legal Compliance and Integrity Office-DoA, including Compliance approval, is in place.
- Global IP Policy: Provides a set of behavioral rules for SAP employees worldwide to comply with regulatory and legal requirements in the area of intellectual property law.
- Group accounting and revenue recognition guidelines: Detailed description of all IFRS accounting matters across entire SAP group.
- Segregation of duty: Applies to all IT processes
Additional policies or commitments related to sustainability are under the responsibility of the respective line of Business and can be found at Our Sustainability Commitments.
Conducting Compliance Risk Analysis
We review our business units and business activities for potential bribery or corruption on an ongoing basis. For example, we collect quantitative data annually about each subsidiary with employees and revenues in 96 SAP entities in 67 countries. This data includes revenue, number of employees, percentage of public sector business, number of fraud allegations or incidents, changes or updates to relevant laws, and other quantitative information. Based on that we determine a risk ranking of countries. To monitor our processes, the Legal Compliance and Integrity Office works closely with our Global Governance, Risk and Compliance Organization, to identify areas where a risk assessment is needed; we then drive remediation programs if necessary. In 2015 the outcome of stakeholder interviews run by the Global Governance Risk and Compliance organization was integrated into a scenario based risk assessment that will be launched beginning of 2016 in all SAP countries.
Generally, we find that our primary risks related to compliance concern corruption, antitrust, export controls, and IP (For more information, see our Risk Report). Our assessment also helps us create a general risk profile for subsidiary locations. Through analysis of our quantitative data, we determine which countries require our highest attention. Globally we ensure compliance to export controls, embargo and sanctions list with a formalized approval process for sales of all software solutions, which is regularly audited by external parties as well as internal audits.
Enforcing Policies Through our Legal Compliance and Integrity Office
The Legal Compliance and Integrity Office oversees the SAP Code of Business Conduct for Employees (“Code”), as well as all other related policies and our anticorruption program. Since January 1, 2015, the Chief Compliance Officer reports directly to the SAP Group CFO. The direct reporting line to the CFO recognizes the increased enforcement activity in the high-tech sector in recent years, plus the constantly changing ways in which fraud and corruption schemes surface in the business world. Our compliance approach must also constantly change and adapt to incorporate new best practices to stay relevant in our company’s business. The Office of Legal Compliance and Integrity consists of global compliance officers based at our headquartes and in our most important markets (especially where local language needs must be met). In addition, local subsidiaries have local compliance officers who assess issues and escalate them to the global level if necessary.
In addition to making regular reports to the CFO and Executive Board, the Chief Global Compliance Officer provides, at least annually, reports to the Audit Committee of the Supervisory Board. Matters of significance are brought to the attention of the Executive Board and the Audit Committee of the Supervisory Board on an as-needed basis. Reporting to these boards allows for regular monitoring and continuous improvement to our anti-corruption program. Our compliance program was audited and certified according to IBWPS 980 by KPMG in 2012 with regular internal audit follow-up in 2015.
We further promote compliance through the following practices:
- No employee will suffer demotion, penalty, or other adverse consequences for refusing to pay bribes, even if such refusal may result in the enterprise losing business.
- Employees at all levels of the organization are required to disclose conflicts of interest to the Legal Compliance and Integrity Office. In 2015 we piloted respective employee self-service scenarios in Germany and North Americas. Other countries to follow.
- The Legal Compliance and Integrity Office also invites employees to identify any potential conflicts during the annual process of renewing their commitment to our code. Disclosures are then followed up with guidance or mitigation if necessary.
Maintaining Processes for Incident Reporting and Remediation
Employees have a number of avenues to raise concerns to the Legal Compliance and Integrity Office when they believe there has been a breach of the SAP Code of Business Conduct for Employees or when they seek advice:
- Helpline (For more information, see the Governance – Policies and Statutes section of our public Web site SAP.com)
- Legal Compliance and Integrity Office mailbox
- Contact with local and global compliance officers via e-mail or telephone
- Whistleblower tool used primarily for financial reporting and auditing issues to ensure that anonymous reporting is possible
These channels are communicated to all employees on SAP Corporate Portal, and new hires are informed of them during the new hire process. Our helpline is published on SAP.com for external stakeholders. In addition, reporting channels are described in the SAP Partner Code of Conduct and the SAP Supplier Code of Conduct. Most of these mechanisms are available 24 hours per day and 7 days a week, and concerns are treated as confidentially as possible in light of subsequent investigation (concerns can also be raised anonymously through the whistleblower tool). However if they are raised, all concerns are investigated, and remedial action is taken if necessary.
Such remedial actions in incidents of corruption may include:
- Written warning (for example, when a policy was violated but it is not clear that actual corruption occurred)
A former Vice President of Sales who was employed by SAP International, Inc., pled guilty and was sentenced to prison for participating in a scheme to violate the Foreign Corrupt Practices Act (FCPA). SAP terminated his employment in April 2014 after learning of his misconduct. The U.S. Department of Justice (DOJ) declined to pursue criminal charges against SAP. The U.S. Securities and Exchange Commission (SEC) instituted administrative cease-and-desist proceedings regarding a books and records and internal control violation of the Securities Exchange Act of 1934. To settle this matter, SAP has agreed to forfeit the $3.7 million in profits, plus interest thereon, generated in connection with the inappropriate transactions. SAP’s settlement with the SEC does not involve any financial penalty or substantive bribery charge against the company.
Joining Collective Action to Combat Corruption
SAP is a member of the German chapter of Transparency International, a non-profit, non-partisan organization that combats corruption in government and international business and development. In addition, we are active in the Alliance for Integrity (AfIn). AfIn is a business-driven multi-stakeholder initiative promoting integrity in the economic system and coniditions for compliant and clean business. It was initiated by a number of multinational companies, business associations, the German Federal Ministry for Economic Cooperation and Development (BMZ), the Society for International Cooperation (GIZ), the German Global Compact Network and sequa, a non-profit development organization. The focus of the initiative is on implementing collective action on the ground.