Particular emphasis is placed on the protection of customer interests, which is ensured by the Group-wide applicable Code of Conduct “This is how we think, this is how we act” together with internal monitoring, quality assurance, and complaint management systems.
Compliance at Energie AG is based on a mutual understanding of values, which is expressed in the Code of Conduct and published for all stakeholders, managers and employees. The Code of Conduct assures the compliance of our actions with the relevant laws and regulations. It forms the foundation for all business activities and decisions within Energie AG Group as well as for a morally, ethically and legally flawless conduct of all employees of the Group. The Code of Conduct is mandatory for all employees and contains essential rules concerning respectful conduct and open communication. All managers and employees throughout the Group have been and will continue to be informed about the in-house Code of Conduct.
Additionally, the “Code of Conduct for Contractors” newly developed in fiscal year 2021/2022 deals with safeguarding human dignity, responsible communications and data processing, environmental conduct and sustainability, as well as integrity and also sets out the consequences of violations of these principles and rules.
Internal and external audits serve the purpose of highlighting potential improvements and necessary actions that support the continuous development of the management systems. Audits are very important for Energie AG in this context as well as in light if the changing general conditions, especially with regard to the risks from the progressing digitalisation.
Compliance Management System
To establish compliance effectively throughout the Company, a compliance management system was established, appropriate guidelines were developed and numerous training sessions and awareness measures were implemented in recent years. The content, responsibilities, distributions of skills, and required documentation and reporting have all been decided. Information on compliance is provided to staff via e-learning, among other formats. Employees can decide for themselves when they want to use this interactive tool, allowing them to fit the sessions into their work routine in a way that best suits their needs.
Staff members may use Energie AG’s web-based whistleblower system to report, including anonymously, suspected compliance breaches to the Compliance Officer. Employees and external persons may also contact a compliance email address or telephone number to report their observations. Reports about suspicious activities (including from external persons) that are received elsewhere within the Group must be forwarded to the Compliance Officer without delay. All whistleblowers are assured strict confidentiality with regard to their identity as well as the contents of the reported circumstances.
As part of the Energie AG Group’s due diligence measures, the experts in the various areas of legal specialism monitor the relevant national and European legislative frameworks. The Compliance Organisation is involved in issues relevant to the Group as a whole.
In the interest of a continuous improvement process, the compliance management system was subjected to an external evaluation in 2021. The result confirmed that the system conforms with all essential elements required for certification to the international standard ISO 19600:2014.
The Group refers to legal databases, a range of legal commentaries, newsletters and legal registers from external providers to ensure that up-to-date versions of the relevant requirements are always used in the Legal Department’s operational activities. The Legal Department acts as one of a number of information channels, notifying the relevant departments and entities of new legal developments. The Group provides legal certainty and ensures compliance with the applicable requirements by attending seminars, specialist conferences, participating in various committees, keeping up to date with the latest legal developments and legislative plans, and scheduling visits to individual locations.
Internal control system
For further information about Energie AG’s internal control system, see the Group Management Report, Internal control system.
Energie AG’s entities and employees are subject to provisions regarding public officials (Amtsträger) within corruption law. Training sessions are held continuously to ensure the Group-wide implementation of the comprehensive compliance standards in force at the Energie AG Group to prevent corruption. The “Anti-Corruption” learning module offered in Austria has so far been completed by 80.0% of the employees in the country (previous year: 79.1%).
There were no incidents of corruption in the Energie AG Group in the 2021/2022 fiscal year or in the previous years.
Energie AG unconditionally declares its commitment to fair competition with its competitors, business partners and other market participants. With its comments on the necessary market behaviour, the antitrust law manual is primarily aimed at the sales-oriented divisions and is also available to all employees in the Energie AG Group via the Intranet. Since the 2018/2019 fiscal year, a Group-wide learning module has been available on the subject of antitrust law/competition law to ensure that all members of staff (in particular, new employees) demonstrably have access to a well-prepared treatment of the topic. The primary target groups for graduating this module are all sales and sales-related units as well as procurement staff.
The Austrian Federal Competition Authority (BWB) is conducting investigations throughout Austria into the area of collection and transport in the waste management industry. These investigations also entailed search warrants executed at the premises of Umwelt Service GmbH in March 2021 and April 2022. Umwelt Service GmbH is actively assisting in the investigation. There were no other incidents related to antitrust law.
Energie AG maintains a data protection management system to ensure Group-wide implementation and compliance with the provisions of the General Data Protection Regulation (EU 2016/679; GDPR) and the new Austrian Data Protection Act (Datenschutzgesetz; DSG 2018) that has been in effect since 2018.
Energie AG’s Data Protection Policy explains the data protection management system’s essential operational framework. Energie AG is aware of the trust that its customers place in the Company. As a result, security, integrity and trust is a top priority when handling personal data in day-to-day operations.
The data protection processes the Group has implemented log and process valid complaints regarding breaches of customer data protection, resulting in corrective action if necessary. As was the case in the previous year, no reportable data protection violations pursuant to GDPR Article 33 were identified in the past fiscal year.
Promoting a compliance-conscious culture
Management are responsible for promoting a compliance-conscious culture among staff. Energie AG ensures that its employees know the compliance standards and the values from the Code of Conduct and put them into practice. Within the annual definition of targets, the Management Board has the opportunity to agree on measurable and adjustable compliance goals that form part of the management performance with the Company’s managers and executives. The managerial staff further confirm their adherence to the relevant and compulsory compliance requirements of Energie AG in these individual target agreements.
The conduct of Netz OÖ GmbH’s management and employees in relation to lobbying activities is based on its own Code of Conduct in accordance with § 7 of the Austrian Lobbying Act (LobbyG). Netz OÖ GmbH has created an equal treatment programme and appointed an equal treatment officer based on its legal obligations as an electricity and gas distribution grid operator.
The Compliance forum was set up to ensure that compliance questions are handled in a comprehensible manner. Regular meetings help to ensure the necessary exchange of information and consistent treatment of compliance-related matters throughout the Group. All areas of the Group have the opportunity to submit compliance queries and receive compliance advice.
Information security management
In order to be able to reliably guarantee continuous service to customers and other stakeholders in line with their needs, Energie AG has maintained a comprehensive, Group-wide information security management system for a number of years. Especially in the age of digitalisation and cyber-attacks, detecting and countering risks and attacks of this nature is of great importance. A risk-based assessment is made on the basis of a group-wide analysis of the impact on the process landscape (business impact analysis). It is carried out using a newly established governance risk compliance (GRC) system and forms the starting point for the subsequent risk assessment, in which Energie AG periodically and systematically analyses and evaluates threats to its information security, decides its stance on any risks and takes effective steps to control and reduce these risks.
The cyber risk and fidelity insurance taken out in fiscal year 2018/2019 has been updated and forms part of the information security management risk assessment 2021/2022. Key areas of activity are ISO 27001:2015-certified and are regularly reviewed. A recertification audit pursuant to ISO 27001:2015 was carried out in the 2021/2022 fiscal year in the department for Group IT Services of the Business Services GmbH. The requirements stemming from the Austrian Network and Information System Security Act (Netz- und Informationssystemsicherheitsgesetz; NISG), which aim to ensure a high degree of security for networks and information systems, were gradually implemented in the relevant areas in a timely manner. The Group-wide awareness campaign “Schlaufuchs” regularly informs users about the risks and dangers and offers yearly (electronic) training programmes.
In addition, Energie AG has taken a large number of steps to establish and maintain an adequate level of security. However, even the most strenuous effort cannot guarantee absolute security in today’s information and communication technology, meaning that there is always a certain residual risk. As a result, Energie AG has an emergency and crisis management system in place, enabling it to safely restore orderly operation and customer supply as quickly as possible in the event of a failure.
Owing to the current fundamental market conditions and ensuing market turbulences, almost all of Energie AG’s procurement areas are affected by massive price increases and enormous delivery delays. A forward-looking approach has so far served well in dampening these effects and safeguarding the core business areas of Energie AG. An example is the auditing of cable producers with a boycott-safe supply chain and reaffirmed fixed delivery dates.
The pertinent contractual terms and conditions Energie AG (excluding the Czech Republic Segment) has relied upon in fiscal year 2021/2022 require all contractors to disclose their subcontractors, suppliers and all of their respective upstream contractors and subcontractors. Contractors are obliged to replace any (sub)contractors if there are justified reasons that speak against the respective subcontractor and supplier.
Anyone contracting with Energie AG as a supplier must give an undertaking to perform orders in compliance with the relevant regulations, including all employee protection regulations, e.g. the Employee Protection Act, Regulation on the Protection of Construction Workers; the Employment of Foreign Nationals, undertaking to legally compliant waste disposal, and no prior convictions for wage and social dumping. For regional sourcing, please see Social affairs, Regional responsibility.
In purchasing processes, some environmentally relevant criteria are set as mandatory requirements in the text of requests for proposal. The supplier assessment provided for in the Group’s purchasing manual includes an environmental component. Tenders for transport services are awarded with a strong preference on low CO2 emissions. Tenders for cleaning services pay particular attention to the biodegradability of cleaning products. Purchases are geared to longevity, e.g. the average useful life of transformers is 45 years.
The majority of natural gas for customers and for the production of electricity and heat and operation of the gas reservoirs is sourced on stock markets and OTC trading venues in the following markets: TTF (Netherlands), THE (Germany), VTPa (Austria). There are no direct contracts with natural gas prospecting companies. The system does not provide information on the physical origin of the gas. The composition of the natural gas distributed within Europe has changed over the course of calendar year 2022. The Russian proportion has declined from around 40% in the year 2021 to around 20% (as of September 2022), while the proportion of LNG and gas from Norway has increased.