Compliance management system

The current CMS built on the CMS Policy is designed in accordance with legislative requirements and meets the best practices embedded in the following international standards:

• ISO 37001:2016 – Anti-bribery Management Systems
• ISO 37301:2021 – Compliance Management Systems

One of the fundamental pillars of the CMS is the regular and continuous risk assessment of compliance-related risks, both across CEZ Group‘s business functions and the main businesses. To assist in the practical management of CMS objectives, the Board of Directors of ČEZ, a. s., established as its advisory body the Corporate Compliance Committee.

Having a delegated authority over corporate compliance, the Committee evaluates current and potential compliance risks and assesses their impacts and management. Reports on the committee‘s activities are regularly submitted to the Board of Directors of ČEZ, a. s. (as part of the regular compliance report). The function of the Corporate Compliance Committee is supported, among other things, by the fact that its members include the Head of the Audit and Compliance department, the Head of the Legal Affairs department, and the Head of the Protection department of CEZ Group.

The CMS undergoes regular independent external assessment. In its most recent evaluation in 2021, Deloitte concluded that the compliance function at CEZ Group meets the requirements defined in ISO 37301:2021 – Compliance management systems – and the requirements of the methodology of the Supreme State Prosecutor’s Office on the application of Section 8(5) of the Act on Criminal Liability of Legal Entities and Proceedings Against Them. It was also confirmed that compliance at CEZ Group includes appropriate elements of prevention, detection, and response. The focus of compliance activities is regularly revised based on a compliance risk analyses.