Veridos’ CMS principle: “Prevent, detect, react”

Prevent

The background and foundation of the CMS lies in global risk assessment, which the Compliance Office conduct at regular intervals. Risks are identified, and the CMS and individual actions are modified according to the risk.

A further pillar of the CMS consists of the various guidelines and instructions relating to different compliance-related topics. This provides individual employees with the guidance needed to conduct their daily work routine in compliance with the law and company rules.
Group-wide training sessions constitute another key part of prevention. In order to increase the employees’ awareness of individual compliance issues, and to convey the company’s values to them, the Compliance Office provides a number of centralized training courses.

For prevention purposes, the Compliance Office also provides employees with information on individual, current issues via the intranet, and give advice to management and other departments.

Detect

In order to give employees, as well as external third parties, the opportunity to report breaches of applicable laws or guidelines, Veridos (together with a professional, external provider) provides a web-based whistleblowing tool. The tool allows the whistleblower to send a message anonymously, and to communicate anonymously with the relevant office at Veridos. Based on information received through various channels, or on irregularities revealed in the scope of corporate audits or compliance monitoring, the Compliance Office conducts internal investigations if required, in order to clarify the facts and discover any possible misconduct by employees. The Compliance Office coordinates its actions with representatives from various other departments (e.g. auditing, data protection, security, legal department, human resources) using incident boards.

React

After completion of the internal investigations, the compliance office – if available – recommends labor law sanctions to penalize the misconduct, as well as other measures to correct the shortcomings found.

In order to ensure that management and the Compliance Office are informed about all noncompliance – even potential instances – and any countermeasures taken, and put them in a position to turn around potential negative trends, Veridos has developed an extensive reporting procedure. The Compliance Office is notified of important events and international developments by Local Compliance Officers and individual departments. A quarterly compliance report issued by the Compliance Office enables the Management Board to understand and assess key events and developments in all areas. Independent of these reporting methods, the Compliance Office informs the Management Board on an ad hoc basis about relevant individual incidents so that it can assess and implement appropriate measures as quickly as possible.

Development and monitoring

Veridos subjects its CMS to a regular internal audit in order to maintain the high standard of the Veridos CMS, and to adapt individual regulations and processes to new legal requirements, new risks, and new market standards.
Global implementation and compliance with individual regulations and processes is monitored by the Compliance Office by means of corporate audits and specific compliance monitoring.

Compliance with Veridos standards by external parties

International standards and legal requirements also obligate Veridos to verify the integrity of its business partners. This applies both before entering into a new business relationship and at regular intervals within an existing partnership. Among other things, Veridos requires its business partners to provide full self-disclosure in the course of an risk-based evaluation, and to explicitly commit to ethical business practices.