Compliance Policies of Deutsche Börse Group

In the course of their professional activities, employees of Deutsche Börse Group and its service providers may obtain access to confidential information about Deutsche Börse AG and other issuers of financial instruments. Deutsche Börse Group has implemented a comprehensive framework including policies and procedures, monitoring and controls aimed at the prevention of insider dealing and market manipulation. An important instrument to ensure insider surveillance and in particular compliance with the prohibition of insider dealing, including the attempt thereof, includes the classification of employees in Compliance Levels depending on their exposure to compliance-relevant information, entailing various obligations and restrictions, e.g. for personal account dealing.

Price and market manipulation are willful illegal acts to influence demand, supply or the market price of financial instruments. The intention to manipulate is decisive, whether this actually has an impact on demand, supply, or the market price of financial instruments or not – already the attempt of these offences is punishable by law. The framework established at Deutsche Börse Group includes the obligation to satisfy notification and disclosure requirements as well as adequate financial market communication.

Awareness raising measures are provided to staff (regularly and event-driven) to support the adherence to the respective provisions of Deutsche Börse Group. Furthermore, Deutsche Börse Group has established a whistleblower system providing the opportunity to anonymously report known or suspected unethical conduct.

Being a market infrastructure provider with broad interaction with major market participants along the value chain, the potential for conflicts of interest is inherent in Deutsche Börse Group’s business. Moreover, individuals may be subject to circumstances in their professional as well as their personal lives that create the potential for conflicts of interest. Thus, it is of utmost importance that Deutsche Börse Group can identify and effectively manage potential or actual conflicts of interest between itself (including its management body members, employees, or any persons closely associated to them) and third parties. 

Conflicts of interest may arise in situations where the interests of one party interfere with (or appear to interfere with) the interests of another party. This can impair the ability of one or both conflict parties to act fairly and ethically, particularly either party’s objectivity in making a decision or participating in a decision-taking process in the course of its professional obligations.

See also the “Principles on the Management of Conflicts of Interest at Deutsche Börse Group” here. 

Awareness raising measures are provided to staff (regularly and event-driven) to support the adherence to the respective provisions of Deutsche Börse Group. Furthermore, Deutsche Börse Group has established a whistleblower system providing the opportunity to anonymously report known or suspected unethical conduct.

Bribery, and corruption in general, active or passive, are prohibited by all means. Deutsche Börse Group follows a stringent zero tolerance policy in this regard.

Transparency is one of the keys to preventing (the appearance of) corruption. Deutsche Börse Group has established a comprehensive framework aimed at the prevention of corruption, including policies and procedures outlining relevant notification, documentation and approval requirements.

Employees of Deutsche Börse Group shall act with honesty, objectivity, personal responsibility and in accordance with the highest standards of integrity through their professional and personal behaviour. They shall respect applicable laws and regulations in relevant jurisdictions. If an action merely appears to or actually does result in corruption, they must refrain from proceeding in any way.

Granting or accepting benefits should be aimed at promoting, maintaining and strengthening the overall business relationship. Such business purposes should clearly outweigh any personal aspects. Granting and accepting benefits requires a responsible attitude of all persons involved. Frequency, type and value of a benefit must be appropriate.

It is prohibited to exchange cash or cash equivalents (e.g. vouchers, gifts cards, gift certificates) in any form. Also, it is prohibited to offer, promise, give, demand, solicit or accept benefits in exchange for privileges, particularly facilitation payments.

Awareness raising measures are provided to staff (regularly and event-driven) to support the adherence to the respective provisions of Deutsche Börse Group. Furthermore, Deutsche Börse Group has established a whistleblower system providing the opportunity to anonymously report known or suspected unethical conduct.

The integrity of the banking and financial services marketplace depends heavily on the perception that it functions within a framework of high legal, professional and ethical standards. A reputation for integrity is one of the most valuable assets of a financial institution.

The purpose of Deutsche Börse Group’s anti financial crime (AFC) programme is to establish a framework to adhere to regulatory obligations impacting processes and procedures reasonably designed to mitigate the risk of money laundering (ML), terrorist financing (TF) or criminal offences (CO) that Deutsche Börse Group is exposed to. This also ensures that specific regulated entities of the Group meet their regulatory obligations imposed by their supervisory authorities.
 
The objective is to ensure that, in particular, ML and TF risks identified by Deutsche Börse AG and, where applicable, respective obliged subsidiaries, are appropriately mitigated. This is achieved by establishing minimum governing policies, principles and standards, and implementing a control framework which is approved by Deutsche Börse AG’s Executive Board. Further Deutsche Börse Group is committed to protect itself as well as market participants from potential exposure to CO. All measurements aim at to protecting Deutsche Börse AG and its subordinated legal entities including its employees, shareholders and customers, in particular from ML, TF and CO.
 
The AFC programme provides guidance to all Deutsche Börse Group employees, requiring them to conduct their business in accordance with applicable anti-money laundering (AML) laws, rules and regulations, and includes but is not limited to:

• The appointment of a Group Money Laundering Reporting Officer (MLRO) and a deputy MLRO, and of equivalent MLROs and deputies in the regulated local legal entities of Deutsche Börse Group
• A sound risk management to prevent the Group from being misused for ML, TF and CO by a documented Group-wide risk analysis, which serves as the starting point to design and effectively implement internal safeguards and to direct resources on a risk-based manner into appropriate risk mitigating measures
• The establishment of a Customer Due Diligence (CDD) programme which incorporates customer identification and verification, Know Your Customer (KYC) processes, accompanying the entire customer lifecycle and the continuous monitoring and screening of the customer relationship
• Conducting Enhanced Due Diligence (EDD) on customers assessed as higher risk, such as politically exposed persons (PEPs) in senior positions, their relatives and close associates
• The establishment of processes and systems designed to monitor customer transactions to identify suspicious activity
• The investigation and subsequent reporting of suspicious activity to the competent authorities
• Mandated regular independent testing and regular AML training of Deutsche Börse Group’s employees

Data protection serves to protect the personal data of natural persons. This is intended to protect the privacy of employees and customers, as well as third parties such as service providers. To ensure data protection, the processing of personal data is only permitted on the basis of appropriate legitimacy and in compliance with data protection principles.

Measures are taken to comply with data protection regulations, in particular regarding the appropriate and transparent processing of personal data and are continuously improved. The Executive Board has appointed a Data Protection Officer and established a Group Data Protection function to support in complying with the Data Protection Framework based on the principles of the EU General Data Protection Regulation. In addition, it works towards the sustainable development of the data protection culture in the Group, considering current business requirements and legal changes in training and awareness-raising measures.

Deutsche Börse Group has implemented a group-wide Data Protection Policy, having the General Data Protection Regulation (GDPR) as a baseline, supplemented by additional national requirements as applicable. According to Deutsche Börse Group's Supplier Policies, all suppliers have to acknowledge their data protection role according to GDPR standards. Deutsche Börse Group concludes contracts with all suppliers incorporating all applicable data protection requirements e.g., Data Processing Agreement. Before a supplier is being onboarded, the supplier has to confirm to adhere to data protection requirements. The Disciplinary Actions Policy outlines measures may be taken in case of a breach of the Data Protection Policy.

The Group Data Protection function performs the role of Data Protection Officer for Group companies insofar as this is required by law and a mandate has been given to the central function. As part of this, the Data Protection function provides information and advice on data protection requirements. Furthermore, the Data Protection function is the contact person for the Data Protection supervisory authorities and supports the business units in their data protection risk assessments.

The control framework of the data protection organization is integrated into the structure of compliance assurance measures as a second line of defense. The Data Protection Officers inform the respective board members annually and on an ad hoc basis about the status of data protection in the company and the measures taken to expand the data protection framework.

Group Data Protection has an annual control plan and performs ad hoc controls on a risk-based priority. Deutsche Börse Group has also established an internal audit function acting as third line of defense. External audits are done within the annual non-financial declaration of the company by the appointed public accountant. Furthermore, Deutsche Börse Group entities are subject to supervision of the competent data protection authorities at the different locations.