Energie AG’s compliance and anti-corruption goals are:
- To ensure compliance with laws, regulations, and all Group-wide guidelines and standards
- To prevent property damage and reputational damage
- Minimising/Avoiding liability risks and non-material damage
- To raise awareness among all Energie AG employees of compliance with guidelines and the Code of Conduct
- To promote a fully applied and consistent compliance culture
- Implementing effective prevention measures
- To improve legal certainty
- To ensure a values-conscious organisation culture
- To ensure fair competition
Compliance at Energie AG is based on a mutual understanding of values which is expressed in the Code of Conduct “This is how we think; this is how we act” and published for all stakeholders.
The Code of Conduct is the key element that supports action in compliance with laws and guidelines. It is the foundation for all business activities and decisions at the Energie AG Group. It is the basis for moral, ethical and legally sound behaviour on the part of all Group employees. The Code of Conduct is mandatory for everyone and contains essential rules concerning respectful conduct and open communication. All managers and employees throughout the Group have been and will continue to be informed about the in-house Code of Conduct. New employees receive the relevant compliance documents upon joining the company.
To establish compliance effectively throughout the Group of companies, a compliance management system was established, appropriate guidelines were authored and numerous face-to-face training sessions were held in recent years. The content, responsibilities, distributions of skills, and required documentation and reporting have all been decided. Information on compliance is provided to our staff in an e-learning format. Employees can decide for themselves when they want to use this interactive tool, allowing them to fit the sessions into their work routine in a way that best suits their needs.
No compliance incidents were reported in the 2018/2019 fiscal year.
The experts in the various areas of legal specialism monitor the relevant national and European legislative frameworks. The Compliance Organisation is involved in issues relevant to the Group as a whole.
The conduct of Netz O֒s management and employees in relation to lobbying activities is based on its own Code of Conduct in accordance with § 7 of the Austrian Lobbying Act (Lobbying- und Interessenvertretungs-Transparenz-Gesetz; LobbyG). Netz OÖ has created an equal treatment programme and appointed an equal treatment officer based on its legal obligations as an electricity and gas distribution grid operator.
The Group refers to legal databases, the latest codes, a range of legal commentaries, newsletters and legal registers from external providers to ensure that up-to-date versions of the relevant requirements are always used in our Legal Department’s operational activities. The Legal Department acts as one of a number of information channels, notifying the relevant departments and companies of new legal developments. The Group provides legal certainty and ensure compliance with the applicable requirements by attending seminars, specialist conferences, participating in various committees, keeping up to date with the latest legal developments and legislative plans, and scheduling visits to our individual locations.
The Compliance Forum was set up to ensure that compliance questions are handled in a consistent manner. Regular meetings help to ensure the necessary exchange of information and consistent treatment of compliance-related matters throughout the Group. All areas of the Group have the opportunity to submit compliance queries and receive compliance advice.
Promoting a Compliance-Conscious Culture
Management are responsible for promoting a compliance-conscious culture among staff. Energie AG ensures that our employees know the compliance values and put them into practice. The Group Management Board agreed measurable and adjustable compliance goals with management staff also during the 2018/2019 fiscal year.
Energie AG maintains a data protection management system to ensure Group-wide implementation and compliance with the provisions of the General Data Protection Regulation (EU 2016/679; GDPR, in effect since May 2018) and the new Austrian Data Protection Act 2018 (Datenschutzgesetz; DSG).
Energie AG’s Data Protection Policy explains the data protection management system’s essential operational framework. Energie AG is aware of the trust that our customers place in us. As a result, the Group treats security, integrity and trust as a top priority when handling personal data in day-to-day operations.
The data protection processes the Group has implemented log and process valid complaints regarding breaches of customer data protection, resulting in corrective action if necessary. The data protection management system underwent further development and operational implementation in the 2018/2019 fiscal year. In the year under review, three data protection violations under GDPR Article 33 were reported to the data protection authorities. As a result of the steps taken, the proceedings were discontinued.
Information Security Management
In order to be able to reliably guarantee continuous service to customers and other stakeholders in line with their needs, Energie AG has maintained a comprehensive, Group-wide information security management system for a number of years. Especially in the age of the digital transformation and cyber-attacks, detecting and countering risks and attacks of this nature is of great importance. To this end, Energie AG periodically and systematically analyses and evaluates threats to its information security, decides its stance on any risks and takes effective steps to control and reduce these risks.
In the 2018/2019 fiscal year, the Group issued and subsequently concluded an EU-wide invitation to tender for the provision of cyber risk and fidelity insurance. Key areas of activity are ISO 27001-certified and are regularly reviewed. The requirements stemming from the Austrian Network and Information System Security Act (Netz- und Informationssystemsicherheitsgesetz; NISG), which aim to ensure a high degree of security for networks and information systems, will be gradually implemented in the relevant areas. Staff users undergo annual (electronic) training programmes and are proactively notified of any particular threats. For instance, an email phishing attack was simulated and users’ security awareness strengthened.
In addition, Energie AG has taken a large number of steps to establish and maintain an adequate level of security. However, even the most strenuous effort cannot guarantee absolute security in today’s information and communication technology, meaning that there is always a certain residual risk. As a result, Energie AG has an emergency and crisis management system in place, enabling it to safely restore orderly operation and customer supply as quickly as possible in the event of a failure.
Internal control system
Our corporate governance provides a framework of rules for the management and supervision of Energie AG, with the aim of sustainably safeguarding the company’s value for the long term. The Austrian Company Law Amendment Act of 2008 (URÄG) enshrined the obligation for corporations to establish an appropriate internal control system (ICS) in the Austrian Stock Corporation Act (AktG) and the Austrian Limited Liability Companies Act (GmbHG). The effectiveness of an established ICS, risk management and audit system must be monitored by the Audit Committee.
Energie AG’s governance is structured in line with the “three lines of defence” model.
Our business processes and the appropriate organisational form are based on Energie AG’s activities and objectives as a company. The business process framework maintained in the QSE system forms the basis for describing and evaluating the ICS control measures, which are adapted to address the risks inherent in the process. These control measures are regularly tested by means of operational audits, with the control design’s effectiveness and the control measures’ implementation reviewed on a cyclical basis in the Group audit. The data pool developed from these activities is documented throughout the Group in an audit-compliant manner and used to create targeted reports for the Management Board and supervisory bodies.
For further information about Energie AG’s internal control system, see the Internal control system chapter of the Management Report.
Energie AG’s entities and employees are subject to provisions regarding public officials (Amtsträger) within corruption law. There are comprehensive compliance standards in force at the Energie AG Group to prevent corruption. Training courses to this effect are provided on an ongoing, Group-wide basis. The “Anti-Corruption” learning module offered in Austria has so far been completed by 67.7% of our employees in the country (previous year: 72.0%). The deviation from the previous year is due to changes in personnel.
There were no incidents of corruption in the Energie AG Group in the 2018/2019 fiscal year.
Energie AG unconditionally declares its commitment to fair competition with its competitors, business partners and other market participants. For this reason, Group-wide training courses on antitrust law were held and the existing antitrust manual was updated. With its comments on the necessary market behaviour, the manual is primarily aimed at the sales-oriented divisions and is also available to all employees in the Energie AG Group via the Intranet.
Since the 2018/2019 fiscal year, a Group-wide learning module has been available on the subject of antitrust law/competition law to ensure that all members of staff (in particular, new employees) demonstrably have access to a well-prepared treatment of the topic. The primary target groups for graduating this module are all sales and sales-related units as well as procurement staff.
Respect for human rights
Respect for human rights is a natural part of life for the Energie AG Group. Energie AG expects all business partners to adhere to the statutory framework, along with the applicable laws and standards on human rights. In terms of respect for human rights, the Group cannot discern any material risks for compliance with the applicable legal standards in the European Union and in Europe. Risks in the earlier links of the supply chain cannot be entirely ruled out. For this reason, the Group exercises due diligence in procurement.
Equal treatment has been identified as a human rights issue that could fall within our direct sphere of influence, although there is no significant risk in this regard. The parties available for employees to contact in the event of possible discrimination are the compliance officer, the Works Council or their respective supervisor. In the 2018/2019 fiscal year, no incidents of discrimination were reported to compliance staff, nor were any legal proceedings underway.
Energie AG does not tolerate any discriminatory conduct or any unequal treatment, whether on the basis of national or ethnic origin, religion, age, gender or other traits. Diversity presents valuable potential for Energie AG as an international company group. Energie AG respects the unique nature of each individual, and are committed to tolerant and respectful conduct as well as open communication. The effects of this include promoting a climate of appreciation and respect for all employees within the company. Behaviours aiming towards fair and trusting interaction with one another are supported.
Linz, 3 December 2019
The Management Board of Energie AG Oberösterreich
Chief Executive Officer
KommR. Prof. Ing. DDr.
Werner Steinecker MBA
Chairman of the Management Board
KommR. Mag. Dr.
Member of the Management Board
Stefan Stallinger MBA
Member of the Management Board