Compliance management system
Approved in 2019, the Compliance Management System (CMS) Policy covers the topics of corporate ethics, bribery and corruption prevention, criminal risks, competition rules, etc. Given its broad scope, the CMS Policy creates a unified and effective tool for managing risks of non-compliance and rules of conduct. One of the fundamental pillars of our CMS is the regular and continuous risk assessment of compliance-related risks, both across CEZ Group’s business functions and the main businesses.
The current CMS built on the CMS Policy is designed in accordance with legislative requirements and meets the best practices embedded in the following international compliance standards:
- ISO 37001:2016 – Anti-Corruption Management System
- ISO 37301:2021 – Compliance Management Systems
Group's CMS mainly covers the following agenda:
Enforcing CEZ Group's corporate commitment that its conduct in business and related relationships (both external and internal) is in full compliance with relevant ethical and legal rules.
Enforcing corruption prevention through a set of measures to ensure that the behavior of CEZ Group employees and business partners complies with legal and ethical requirements to prevent corrupt behavior.
Protecting CEZ Group's legitimate interests by minimizing the occurrence and/or impact of criminal risks, including the management of the criminal agenda.
Minimizing the risk of procedural failure in the administrative and regulatory area and managing communication with administrative and regulatory authorities in designated cases.
Ensuring compliance of CEZ Group's conduct in business relations with competition rules, preventing anti-competitive behavior.
Ensuring compliance of CEZ Group's activities with relevant financial regulation, preventing systemic deficiencies, and violations of financial regulation rules.
The management and development of CEZ Group's CMS is the responsibility of the central compliance unit, which together with the internal audit department ensures the independent performance of these assurance functions in CEZ Group. Together, these departments form the Audit and Compliance Department, whose head is appointed and removed by the Board of Directors of ČEZ after discussion at the Audit Committee. The Head of Audit and Compliance has direct access to the Company's management, attends all meetings of the Board of Directors of ČEZ and management meetings as a guest.
To assist in the practical management of CMS objectives, the Board of Directors established an advisory body, the Corporate Compliance Committee. Having a delegated authority over corporate compliance, the Committee evaluates current and potential compliance risks and assesses their impacts and management. In addition, the Committee regularly reports to the Board of Directors on its activities, main events, performance, and the results of CMS, which the Board approves.
Our CMS undergoes a regular independent external evaluation. The latest Deloitte’s findings concluded that the CMS was at the level of ISO standard 37301:2021 – Compliance management systems – Requirements with guidance for use. Moreover, the audit company reaffirmed that CMS included vital compliance elements – prevention, detection, and response.
Prevention and communication
Training and communication are two key elements of our CMS, designed to ensure that all our employees are aware of and comply with the principles and rules set out by our internal policies. Training on ethics and anti-bribery rules is mandatory for all employees during on-boarding and at least once a year. The 45-minute training session on preventing corruption and conflicts of interest reflects the complexity of this topic. In addition, individuals in relevant positions are regularly trained in policies and procedures to address other topics, e.g., anti-money laundering and regulatory compliance.
Reinforcing the right values among employees is important to protect the company’s reputation. To maintain the highest level of integrity, business ethics and anti-corruption training takes place annually starting in 2022. Our target is to have a minimum of 95% of employees complete the course each year.
Internal policies, including the Anti-Corruption and CMS Policy, as well as the CEZ Group Code of Conduct, are available on our corporate website and on the employee portal.
In addition, the Audit and Compliance Department communicates compliance-related issues in the company magazine and on the intranet, based on an annual communication plan. The Audit and Compliance Department uses these communication channels to promote awareness, prevent unethical conduct, introduce key compliance topics, and explain their importance to the entire CEZ Group.