Our goal is to be a role model for responsible business conduct in our sector as well as a trusted company. Ensuring that our interactions with business partners, our employees, the capital markets and the general public are conducted with integrity and within the bounds of the law is vital to our reputation and creates the basis for sustainable business success.
When we speak of compliance, we are referring to a range of topics that deal with adherence to legal requirements or to our own policies, with the goal of addressing identified risk potential and preventing any violations that could negatively impact our reputation or result in fines or penalties.
We take steps to promote honest and transparent business practices in compliance with the law by focusing on training executives and our employees in compliance-relevant content, on shaping sustainable and stable relationships with business partners and on integrating ESG metrics into our steering processes and incentive schemes.
The rules for ethical conduct set forth in our codes of conduct are further specified in our Human Rights Policy Statement as well as in our Anti-Corruption and Business Ethics Standards Policy. Our focus at all times is on preventing potential violations of legal requirements or internal guidelines.
Material impacts, risks and opportunities (ESRS 2 SBM–3)
As part of the materiality assessment, we identified positive impacts of our corporate culture as well as current risks.
MATERIAL IMPACTS AND RISKS IDENTIFIED
ESRS sustainability matter
Material impacts and their interaction with the business model1
Impact on the
value chain
Corporate culture
Corporate culture
Upholding high ethical, social and environmental standards helps promote good business practices and an inclusive corporate culture, which can have positive spill-over effects on the upstream value chain.
Positive
impact (potential)
Yes
Entity-specific
Fraud, conflicts of interest, antitrust law and competition
Unlawful competitive behavior and antitrust violations may be grounds for legal action, which could lead to fines and other financial losses and negatively impact our reputation.
Risk
(current)
No
Export controls and
embargo management
Doing business with countries or persons that are on sanctions lists or subject to embargoes can lead to significant fines, reputational damage and negative financial impacts.
Risk
(current)
Yes
1 The ESRS distinguish between “actual” and “potential” impacts and between “current” and “anticipated” risks. Actual impacts are those that occurred at least once during the business year; potential impacts did not occur. The effects of current risks could materialize during the current reporting period, whereas anticipated effects would not materialize until later periods.
Business conduct policies and corporate culture (ESRS G1–1)
We are committed to upholding all relevant international anti-corruption standards and statutes, including the United Nations Convention Against Corruption, and we are a member of the Partnering Against Corruption Initiative of the World Economic Forum. We provide all of our services in compliance with current legislation and our corporate values as defined in the applicable Group policies.
Our corporate culture provides our employees with a foundation for cooperating with each other in an atmosphere of trust, thus cultivating an environment in which business can be conducted in a transparent, legally compliant and ethical manner that can positively impact the upstream value chain.
We inform our employees about the value and significance of compliance for the Group via frequent communications in the Group intranet as well as through special campaigns and appropriate training courses. In the reporting year we held a Compliance Awareness Week focusing on the future of compliance, and we also implemented compliance measures customized to the business models of the different divisions and regions. The campaign was accompanied by messages from Board of Management members (tones from the top) and supported by awards for especially successful compliance solutions (best practices). Additional communications served to continuously raise awareness of compliance issues among our employees and to draw attention to the Group’s compliance channels with the aim of fostering internal dialog. With our actions we can also enable positive spillover effects on the upstream value chain.
The rules for ethical conduct set forth in our two codes of conduct are further specified in our respective policy statements on human rights and on corruption prevention. Our focus at all times is on preventing potential violations of legal requirements or internal guidelines. In combination with the accompanying training courses, our policy statements serve to give a clear direction while helping our employees identify situations in which the integrity of the company could be called into question. Our suppliers are able to familiarize themselves with our requirements via a training tool covering the Supplier Code of Conduct.
Corporate Internal Audit evaluates the effectiveness of our risk management system, our control mechanisms and our management and monitoring processes as well as compliance with Group policies, thereby contributing to their improvement. It does so by performing independent regular and ad hoc audits at all Group entities and at corporate headquarters on the authority of the Board of Management. The audit teams discuss the audit findings and agree on actions for improvements with the audited organizational units and their leaders. The Board of Management is informed of the findings on a regular basis. The Supervisory Board is provided with a summary once per year in addition to ad hoc reports as needed. We have described the competencies and capabilities of the Board of Management and the Supervisory Board as well as their roles under role of the Board of Management and Supervisory Board.
The aforementioned actions serve to mitigate the risk identified with respect to unlawful competition, antitrust violations or conducting business with countries or persons subject to sanctions as well as risks arising from goods subject to foreign trade embargoes or sanctions.
COMMITTEES AND GROUP POLICIES RELEVANT TO DHL GROUP EMPLOYEES
1 Chief Executive Officer, Board of Management member responsible for finance.2 Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG); chair: the CEO.3 Not available to the public.
Compliance management system for prevention and detection of corruption and bribery (ESRS G1–3)
One important aspect of compliance involves the legal requirements to prevent corruption and bribery. Stipulating and monitoring legally compliant conduct in our business activities and in our interactions with our employees is an essential task of all Group management bodies. Our compliance management system (CMS) has been implemented throughout the Group. Responsibility for designing the CMS lies with the Chief Compliance Officer, who reports directly to the CFO. Within the divisions, implementation of the CMS is the responsibility of divisional compliance officers.
The CMS includes, for example, elements to identify and analyze risk, elements to evaluate business partners, communications and training measures, monitoring and reporting as well as elements to derive action plans and targets. This process serves to define uniform minimum standards for the Group as a whole, which enables us to adhere to applicable law, for instance anti-corruption laws, as well as to the relevant internal policies such as our Anti-Corruption and Business Ethics Policy (“Anti-Corruption Policy”), Anti-Corruption and Business Ethics Policy.
Elements of the compliance management system
Whistleblower system
Potential compliance violations may be reported 24/7 via our publicly accessible incident reporting (whistleblower) system. Reports may also be made anonymously, whistleblower system. The technical platform for submitting reports is provided by an independent third party. The whistleblower system is available to anyone via the Group website. Potential violations may be reported in writing or by phone using a system- and question-based dialog function. The reports received are investigated for potential violations and resolved as part of a standardized process. Compliance metrics on reports and topics are recorded Group-wide in the compliance reporting tool (incident management dashboard), with the information reported flowing into the compliance report to be presented to the Board of Management. Reports on the CMS are submitted to the Board of Management and to the Supervisory Board’s Finance and Audit Committee once per year as well as ad hoc in the event the potential violation is serious.
Our top priority is to protect the whistleblower, as also provided for by the EU Whistleblower Protection Directive and the German Whistleblower Protection Act (Hinweisgeberschutzgesetz, HinSchG). An independent agency has certified the proper functioning of the whistleblower system’s anonymity function. Encryption and special security programs are used to ensure that reports remain anonymous. The deletion concept applies to personal data.
Training policies
Compliance training is mandatory for members of middle and upper management and for many employees. By offering training on compliance matters, we raise our employees’ awareness of potential compliance risks and enable our employees to manage those risks appropriately. Executives in middle and upper management may be at particular risk of becoming involved in corruption or bribery as a result of their roles. Board of Management members also take part in compliance training. Compliance training comprises our core compliance curriculum (anti-corruption, anti-trust and competition law, Code of Conduct) plus training on data protection, which our employees must complete every two years.
Targets and results, confirmed incidents of corruption or bribery (ESRS G1–4)
We use the share of valid compliance training certificates among executives in middle and upper management as a steering-relevant performance indicator. The certification rate was 99.1% in the year under review (2023: 98.6%). We thus exceeded our target of 98% for the reporting year. All members of our Board of Management have also successfully participated in the training. The goal for 2025 is for the share of valid certificates for compliance training in middle and upper management to remain at a high level of at least 98%. In the context of its 214 internal audits (2023: 219 internal audits), Corporate Internal Audit also reviewed our compliance management system processes and the implementation of agreed-upon follow-up actions. Findings from regular audits facilitate the identification of other compliance risks and help to continuously refine our compliance processes.
In 2024, there were no incidents of corruption or bribery that resulted in either convictions or fines.
Management of relationships with suppliers (ESRS G1–2)
We refer to a supplier as a natural person, a private or government entity, or a combination thereof that performs services or delivers goods based on a contract with DHL Group and/or a purchase order issued by a DHL Group subsidiary as well as potential suppliers that may be considered in a tendering process.
We use our Supplier Code of Conduct to implement our ethical, social and environmental standards in the upstream value chain with the goal of facilitating ethical business practices and positively impacting business conduct in general. The Supplier Code of Conduct sets forth clear requirements for working conditions (adequate wages and a healthy and safe workplace) and for the prevention of violence and harassment in the workplace as well as the avoidance of child labor. This is also done to protect our suppliers' workers who are engaged in our order fulfillment, in order to address the potential negative impacts identified. The Supplier Code of Conduct is a binding component of all Group supplier relationships. It requires our suppliers to adhere to our standards and to implement them in their own supply chains.
Training for suppliers and our employees
Our procurement employees are regularly trained to identify potential supplier-related risks early on. We convey our expectations to our suppliers via our supplier portal and introduce our selection processes. Suppliers can use the supplier portal to familiarize themselves with our Supplier Code of Conduct in advance, which we provide in numerous languages along with the corresponding training module. From there, they can also access our whistleblower system, which they can use at any time to report potential violations of the Supplier Code of Conduct or statutory provisions as well as cybersecurity incidents.
Supplier selection process and assessment of potential high-risk suppliers
Corporate Procurement selects suppliers that meet our standards as set forth in our Supplier Code of Conduct. The selection process is based on a standardized assessment procedure that also takes into account the different requirements and possible risk profiles of our business models and procurement categories. The following internal Group policies set out in detail the requirements that are considered in our supplier assessment process. The requirements apply to the supplier selection process as well as to the supplier assessments carried out in the course of the business relationship:
Minimum supplier due diligence standards (Corporate Procurement Policy)
The minimum requirements for risk assessment are based on risk potential, which we re-evaluate annually depending on the procurement category and the geographical location of the supplier. The risk assessment is influenced by the procurement category and various other types of risk within the relevant risk domains ESG, the economy, technology, law and politics, and cybersecurity. We also consider factors such as diversity and respect for human rights in the risk assessment in addition to external criteria for determining risk potential such as the Corruption Perception Index issued by Transparency International and/or Verisk Maplecroft’s risk classification system. The final assessment of risk potential is based on an evaluation of the probability of occurrence and possible impact. The Group-wide risk management system for supplier evaluations is continuously reviewed for potential improvements and adjusted as necessary.
Our assessment procedure is flexible and adaptive and therefore takes account of the different requirements of our business models. The following evaluation tools can be used individually or in combination with each other, depending on the requirements of the specific tendering process, or they may be used to review existing contractual relationships.
SUPPLIER MANAGEMENT EVALUATION TOOLS
Self-assessment questionnaires
Virtual or onsite audits
Certification issued by a third party
Risk rating issued by a third party
Checking suppliers against sanctions lists
If supplier practices are identified that are not in line with our standards, this could result in the supplier being excluded from tenders. Should a serious breach or material shortcoming be identified among existing suppliers, we jointly agree on specific actions for improvement with the supplier and follow up on their implementation. We reserve the right to terminate the supplier relationship if we do not identify sufficient improvements when re-assessing the supplier.
Metrics and targets
We evaluate the effectiveness of our supplier management processes using the metrics of “supplier spend covered by an accepted supplier code of conduct” and “potential high-risk suppliers assessed.” Each month, the progress made with regard to supplier spend is reported to management, and the performance of this metric is discussed with the CEO and CFO. The second metric is calculated on an annual basis.
We measure our ability to enforce compliance with our standards in the upstream value chain with the metric “Supplier spend covered by an accepted supplier code of conduct”. We consider as an accepted supplier code of conduct:
Our own Supplier Code of Conduct;
If the supplier has implemented a code of conduct that we classify as equivalent;
If both contracting parties are supplier and customer at the same time, they can mutually recognize each other’s own company code of conduct, provided they have been classified as equivalent.
Supplier spend covered by an accepted supplier code of conduct comprises the eligible expenditures reported via our Group-wide procurement dashboard. The calculation of this metric excludes, for example, taxes, rents or costs for internal allocation. In the reporting year, we were able to increase Supplier spend covered by an accepted supplier code of conduct to more than €39 billion (2023: >€35 billion), which corresponds to more than 90% of eligible supplier spend. This development reflects the general increase in procurement expenditure within the Group.
With the additional metric “Potential high-risk suppliers assessed” we measure our ability to contractually enforce adherence to the standards set forth in our Supplier Code of Conduct in the upstream value chain. Suppliers with an ongoing business relationship and potential new suppliers are assessed if they are identified as having high risk potential in accordance with the criteria outlined above or on the basis of an individual risk characteristic. We have assessed more than 6,000 potential high-risk suppliers in the year under review (2023: >4,000). The increase in the number of suppliers assessed was thanks to improvements in process efficiency, investments in new IT systems and the provision of additional resources. We are planning to revise this metric for 2025.
