compliance2Compliance Management System and Enterprise Risk Management

In the current context of the fight against corruption in Romania, the compliance and risk management cannot be ignored, even more because it takes effect only by involving all company employees.more because it takes effect only by involving all company employees.

Compliance Culture

For Telekom Romania, “Compliance” means more than observing laws and regulations. It means, the way we “want” to act, not the way we are “obliged” to act.
Theoretically speaking, compliance culture might be perceived by implementing special Policies and Procedures, set of principles, by having dedicated communication channels, so that every employee of the company could ask Compliance team questions and could report any breaches or abuses. Compliance culture might be enhanced also by periodically performing of Compliance Risk Assessment in the Company, and by having a training program aimed for mitigating the main risks areas. The ethical culture and integrity of behaviour are the core elements of our compliance programmes supporting principled performance. As part of society we strive to live up to the expectations of our stakeholders and act in a socially responsible manner, to be a strong player in the market and to be trustworthy for customers, business partners and, especially, for our employees. This summarizes best our compliance culture.

Compliance Management System

We have integrated the compliance principles in all our activities under the umbrella of the Compliance Management System (CMS) with the goal to support and strengthen our core operational principles: transparency, justice, professionalism, integrity and respect for the rule of law and for the ethical principles.
Our Compliance Management System is developed around 3 pillars:

  • Awareness about the risks of non-compliance and prevention of misconduct are the primary goals of our CMS. For their achievement we have developed specific training programs for our employees on topics like avoiding corruption and conflict of interests, fraud, personal data usage, financial statements manipulation and data privacy;
  • Detection and treatment of compliance issues represents the second pillar, supported by a clear reporting policy and reporting channels available for every stakeholder: employees, contractors, suppliers, clients, partners and general public;
  • Response is the third pillar of Compliance Management System, including activities such as: case management, consequence management and remediation.


Compliance Management Framework

compilance_management_structureOur Compliance Management System is based on the German audit standard PS 980 issued by the German Public Audit Institute.
Aligned with internationally recognized principles, the standard is primarily aimed at publicly listed companies. The elements it covers represent best practice and are therefore applicable to all companies. In common with the recently issued BS10500 antibribery standard, the German compliance management standard is based on principles and values, not rules, giving businesses of all sizes and from all sectors the scope to adapt the framework to their own unique requirements. The standard allows for a riskbased approach and is based around 7 interrelated and codependent
core principles:

  • Compliance culture;
  • Compliance objectives;
  • Compliance organisation;
  • Compliance risks;
  • Compliance programme;
  • Compliance communication;
  • Compliance monitoring and improvement.

Telekom Romania’ Compliance Management System and Antitrust System were examined by external auditors, being audited under the German Auditing Standard IDW PS 980, with a focus on prevention of corruption and antitrust violations.

Anti-Corruption Certification

In 2013, the auditors confirmed that the processes of the compliance organization are effective. In 2017 we aim to reach a re-certification with a focus on anti-corruption, among other Deutsche Telekom Group subsidiaries.
Antitrust Certification: The Antitrust System of Telekom Romania was examined as well by an independent auditing institution in 2104, according to the German standard IDW PS 980. The audit report certifies that Telekom Romania has an effective compliance management system to avoid antitrust violations and to recognize them in time. As part of this certification Telekom Romania, as well Deutsche Telekom AG and OTE were examined. To sum it up, compliance stands for clear rules and doing the right thing. At Telekom Romania compliance mean adhering to legal provisions, the Company’s internal policies and ethical principles.


Enterprise Risk Management



Enterprise Risk Management is a systematic approach of identifying, analyzing and evaluating risks in order to develop preventive strategies and ensure the effectiveness of existing control measures. Benefits:

  • Consistent risk assessment criteria;
  • Accurate and concise risk information for decision making;
  • Cost effective and efficient risk mitigation;
  • Ensure risk exposure remains within acceptable level(thresholds);
  • Protect staff, assets, property and reputation;
  • Meet compliance and government requirements.



It aims to manage risks to an acceptable level which has been determined by the Board of Directors and Management Team.
At the core of our ERM there are two key processes:

  • Enterprise Risk Landscape development and update based on key risk areas and specific risks arising in each of the areas;
  • Risk matrix – Heat Map, the assessment tool we use to identify all relevant risks, based on their impact and likelihood of occurrence.

Risk Landscape, ‘risk map’ of the group’s most critical risk areas, used to facilitate identification, monitoring and reporting of risks, with structured analysis per category (Strategic, Financial, Operational and Compliance).

Risk assessment entails:

  • Risk identification: identify and describe risks that could affect the achievement of corporate objectives;
  • Risk analysis: understand root causes of the identified risks, estimate impact and consequences, and review any existing controls;
  • Risk evaluation: compare risk analysis results with risk criteria in order to check whether the risk is within acceptable or tolerable limits.

Risk treatment: select and implement the best way to address the risk (Avoid, Reduce, Transfer, Accept).

Risk monitoring: continuously watch over the risk situation.

Information and Communication: communicate the right information, at the right time, to the right people.


Compliance in practice

Compliance training In 2015 our compliance training programme reached a total of 3,141 employees and it was focused on three key compliance topics: Anti-Corruption, Anti-Trust and Data Privacy on Telecommunication Secrecy. We have organized classroom training sessions and e-learning sessions during which we gave our employees the opportunity to challenge existing attitudes and to ‘practice’ online so they understand how a risky situation could present itself, how it could evolve and see the consequences of a
poor decision in a safe environment. Our Compliance training programme is developed around the internal guidelines and policies which, during 2015, have been updated and completed as part of continuous improvement of the Compliance Management System.




Compliance guidelines and policies framework

  • Policy on Avoiding Corruption and Other Conflicts of Interest
  • Internal Operations Regulation
  • Code of Ethics for Senior Financial Officers
  • Code of Conduct for the Protection of the Individual’s Rights to Privacy in the Handling of Personal Data
  • Policy on Accepting and Granting of Benefits
  • Events Policy
  • Policy on Avoidance of Sexual Harassment
  • Policy on Anti-trust Law
  • Policy on Employee Relations
  • Corporate Responsibility Policy
  • Social Charter
  • Benefits Policy
  • Fraud Policy
  • Donations and Sponsorship Policy
  • Supplier Code of Conduct
  • Whistleblowing Policy

During 2015, Telekom Romania was not part of any incidents of non-compliance with regulations regarding money laundering and corruption.