Particular emphasis is placed on the protection of customer interests, which is ensured by the Group-wide applicable Code of Conduct “This is how we think, this is how we act” together with internal monitoring, quality assurance, and complaint management systems.
Compliance at Energie AG is based on a mutual understanding of values, which is expressed in the Code of Conduct and published for all stakeholders, managers and employees. The Code of Conduct assures the compliance of our actions with the relevant laws and regulations and forms the foundation for all business activities and decisions within Energie AG Group. It is the basis for moral, ethical and legally sound behaviour on the part of all Group employees. The Code of Conduct is mandatory for all employees and contains essential rules concerning respectful conduct and open communication. All managers and employees throughout the Group have been and will continue to be informed about the in-house Code of Conduct.
Internal and external audits serve the purpose of highlighting potential improvements and necessary actions that support the continuous development of the management systems. Audits are very important for Energie AG in this context as well as in light if the changing general conditions, especially with regard to the risks from the progressing digitalisation.
Compliance Management System
To establish compliance effectively throughout the Company, a compliance management system was established, appropriate guidelines were developed and numerous training sessions and awareness measures were implemented in recent years. The content, responsibilities, distributions of skills, and required documentation and reporting have all been decided. Information on compliance is provided to staff via e-learning, among other formats. Employees can decide for themselves when they want to use this interactive tool, allowing them to fit the sessions into their work routine in a way that best suits their needs.
As part of the Energie AG Group's due diligence measures, the experts in the various areas of legal specialism monitor the relevant national and European legislative frameworks. The Compliance Organisation is involved in issues relevant to the Group as a whole.
In the interest of a continuous improvement process, the compliance management system was subjected to an external evaluation in 2021. The result confirmed that the system conforms with all essential elements required for certification to the international standard ISO 19600:2014.
The conduct of Netz OÖ GmbH’s management and employees in relation to lobbying activities is based on its own Code of Conduct in accordance with § 7 of the Austrian Lobbying Act (LobbyG). Netz OÖ GmbH has created an equal treatment programme and appointed an equal treatment officer based on its legal obligations as an electricity and gas distribution grid operator.
The Group refers to legal databases, a range of legal commentaries, newsletters and legal registers from external providers to ensure that up-to-date versions of the relevant requirements are always used in the Legal Department’s operational activities. The Legal Department acts as one of a number of information channels, notifying the relevant departments and entities of new legal developments. The Group provides legal certainty and ensures compliance with the applicable requirements by attending seminars, specialist conferences, participating in various committees, keeping up to date with the latest legal developments and legislative plans, and scheduling visits to individual locations.
For further information about Energie AG’s internal control system, see the Group Management Report, Internal control system.
Energie AG’s entities and employees are subject to provisions regarding public officials (Amtsträger) within corruption law. Training sessions are held continuously to ensure the Group-wide implementation of the comprehensive compliance standards in force at the Energie AG Group to prevent corruption. The “Anti-Corruption” learning module offered in Austria has so far been completed by 79.1% of the employees in the country (previous year: 78.8%).
There were no incidents of corruption in the Energie AG Group in the 2020/2021 fiscal year or in the previous years.
Energie AG unconditionally declares its commitment to fair competition with its competitors, business partners and other market participants. With its comments on the necessary market behaviour, the antitrust law manual is primarily aimed at the sales-oriented divisions and is also available to all employees in the Energie AG Group via the Intranet. Since the 2018/2019 fiscal year, a Group-wide learning module has been available on the subject of antitrust law/competition law to ensure that all members of staff (in particular, new employees) demonstrably have access to a well-prepared treatment of the topic. The primary target groups for graduating this module are all sales and sales-related units as well as procurement staff.
The Austrian Federal Competition Authority (BWB) is conducting investigations throughout Austria into the area of collection and transport in the waste management industry. In the course of these investigations, the premises of Umwelt Service GmbH at the Hörsching site were also searched in March 2021. Umwelt Service GmbH is actively assisting in the investigation. There were no other incidents related to antitrust law.
Energie AG maintains a data protection management system to ensure Group-wide implementation and compliance with the provisions of the General Data Protection Regulation (EU 2016/679; GDPR) and the new Austrian Data Protection Act 2018 (Datenschutzgesetz; DSG 2018).
Energie AG’s Data Protection Policy explains the data protection management system’s essential operational framework. Energie AG is aware of the trust that its customers place in the Company. As a result, the Group treats security, integrity and trust as a top priority when handling personal data in day-to-day operations.
The data protection processes the Group has implemented log and process valid complaints regarding breaches of customer data protection, resulting in corrective action if necessary. No reportable data protection violations under GDPR Article 33 were identified in the past fiscal year (previous year: one investigation, proceedings stopped).
Promoting a compliance-conscious culture
Management are responsible for promoting a compliance-conscious culture among staff. Energie AG ensures that its employees know the compliance values and the values from the Code of Conduct and put them into practice. Within the annual definition of targets, the Management Board has the opportunity to agree on measurable and adjustable compliance goals that form part of the management performance with the Company's managers and executives. The managerial staff further confirm their adherence to the relevant and compulsory compliance requirements of Energie AG in these individual target agreements.
The Compliance forum was set up to ensure that compliance questions are handled in a comprehensible manner. Regular meetings help to ensure the necessary exchange of information and consistent treatment of compliance-related matters throughout the Group. All areas of the Group have the opportunity to submit compliance queries and receive compliance advice.
Information security management
In order to be able to reliably guarantee continuous service to customers and other stakeholders in line with their needs, Energie AG has maintained a comprehensive, Group-wide information security management system for a number of years. Especially in the age of digitalisation and cyber-attacks, detecting and countering risks and attacks of this nature is of great importance. To this end, Energie AG periodically and systematically analyses and evaluates threats to its information security, decides its stance on any risks and takes effective steps to control and reduce these risks.
The cyber risk and fidelity insurance taken out in fiscal year 2018/2019 forms part of the information security management risk assessment 2020/2021. Key areas of activity are ISO 27001:2015-certified and are regularly reviewed. A supervisory audit pursuant to ISO 27001:2015 was carried our in the 2020/2021 fiscal year in the department for Group IT Services of the Business Services GmbH. The requirements stemming from the Austrian Network and Information System Security Act (Netz- und Informationssystemsicherheitsgesetz; NISG), which aim to ensure a high degree of security for networks and information systems, will be gradually implemented in the relevant areas in a timely manner. The Group-wide awareness campaign “Schlaufuchs” regularly informs users about the risks and dangers and offers yearly (electronic) training programmes.
In addition, Energie AG has taken a large number of steps to establish and maintain an adequate level of security. However, even the most strenuous effort cannot guarantee absolute security in today’s information and communication technology, meaning that there is always a certain residual risk. As a result, Energie AG has an emergency and crisis management system in place, enabling it to safely restore orderly operation and customer supply as quickly as possible in the event of a failure.
Anyone contracting with Energie AG as a supplier must give an undertaking to observe the Austrian requirements from employment and social law during the performance of the contract within Austria: Compliance with all employee protection regulations, e.g. the Employee Protection Act, Regulation on the Protection of Construction Workers; compliance with the act governing the Employment of Foreign Nationals, undertaking to legally compliant waste disposal, no prior convictions for wage and social dumping. For regional sourcing, please see Social affairs, Regional responsibility.
The majority of natural gas for customers and for the production of electricity and heat is sourced on stock markets and OTC trading venues in the following markets: TTF (Netherlands), THE (Germany), VTPa (Austria). Another part of sourcing is based on long-term contracts. The natural gas distributed in Central Europe mainly comes from Russia, a marginally small part from domestic production.