Compliance management system
Approved in 2019, the Compliance Management System (CMS) Policy covers the topics of corporate ethics, bribery and corruption prevention, criminal risks, competition rules, etc. Given its broad scope, the CMS Policy creates a unified and effective tool for managing risks of non–compliance and rules of conduct. One of the fundamental pillars of our CMS is the regular and continuous risk assessment of compliance–related risks, both across CEZ Group’s business functions and the main businesses.
The current CMS built on the CMS Policy is designed in accordance with legislative requirements and meets the best practices embedded in the following international compliance standards:
- ISO 37001:2016 – Anti-Corruption Management System
- ISO 37301:2021 – Compliance Management Systems
Group's CMS mainly covers the following agenda:
Enforcing CEZ Group's corporate commitment that its conduct in business and related relationships (both external and internal) is in full compliance with relevant ethical and legal rules.
Enforcing corruption prevention through a set of measures to ensure that the behavior of CEZ Group employees and business partners complies with legal and ethical requirements to prevent corrupt behavior.
Protecting CEZ Group's legitimate interests by minimizing the occurrence and/or impact of criminal risks, including the management of the criminal agenda.
Minimizing the risk of procedural failure in the administrative and regulatory area and managing communication with administrative and regulatory authorities in designated cases.
Ensuring compliance of CEZ Group's conduct in business relations with competition rules, preventing anti-competitive behavior.
Ensuring compliance of CEZ Group's activities with relevant financial regulation, preventing systemic deficiencies, and violations of financial regulation rules.
To assist in the practical management of CMS objectives, the Board of Directors established as its advisory body the Corporate Compliance Committee. Having a delegated authority over corporate compliance, the Committee evaluates current and potential compliance risks and assesses their impacts and management. In addition, the Committee regularly reports to the Board of Directors on its activities, main events, performance, and the results of CMS, which the Board approves.
Our CMS undergoes a regular independent external evaluation. The latest Deloitte’s findings concluded that the CMS was at the level of ISO standard 37301:2021 – Compliance management systems – Requirements with guidance for use. Moreover, the audit company confirmed that CMS included vital compliance elements – prevention, detection, and response.
Training and communication
Training and communication are two key elements of our CMS, designed to ensure that all our employees are aware of and comply with the principles and rules set out by our internal policies. Training on ethics (Code of Conduct) and anti–bribery rules is mandatory for all employees during on–boarding and at least once a year. The 45–minute training session on preventing corruption and conflicts of interest reflects the complexity of this topic. In addition, individuals in relevant positions are regularly trained in policies and procedures to address other topics, e.g., anti–money laundering, competition rules, whistleblowing and regulatory compliance.
In addition, the Audit and Compliance Department communicates compliance–related issues in the company magazine and on the intranet, based on an annual communication plan. The Audit and Compliance Department uses these communication channels to promote awareness, prevent unethical conduct, introduce key compliance topics, and explain their importance to the entire CEZ Group.