For Fresenius, compliance means doing the right thing. Our ethical values are based on more than just regulatory requirements. This means that we not only act in accordance with the law, but also according to applicable sector codices, and our internal guidelines and values. For our employees, this is the foundation of all our activities. For our business partners and suppliers, it is the standard Fresenius sets for cooperation. In this way, we want to help ensure that everyone can rely on us as a partner of trust and integrity.
Our risk-oriented compliance management systems are aligned with the business of each of our business segments. Our key ambition is to prevent corruption and bribery in our business environment. Beyond that, prohibiting violations of antitrust law, data protection regulations, trade restrictions, and anti-money-laundering laws, preventing the financing of terrorism, and protecting human rights are also key areas, which we address with dedicated compliance measures.
At Fresenius, we strongly believe that compliance protects what is most important to us: the well-being of the patients we care for. Compliance is firmly anchored in our corporate culture and guides us in our everyday work. Integrity, responsibility, and reliability form the core of our understanding of compliance. That is why we design all our measures in such a way that they prevent compliance violations.
As stated in our Fresenius Code of Conduct, we are fully committed to adhering to statutory regulations, internal guidelines, and voluntary commitments, as well as acting in accordance with ethical standards. Violations are not to be tolerated. If a violation is detected, we perform an investigation, initiate the necessary remediation measures, and impose sanctions if applicable. In addition, incidents prompt us to anchor ethical and compliant behavior even more firmly in our corporate culture, as well as to further sharpen our compliance programs and prevention mechanisms in order to prevent future violations.
In all business segments and at Fresenius SE & Co. KGaA, we have set up dedicated risk-oriented compliance management systems. These are based on three pillars: prevention, detection, and response. Our compliance measures are primarily aimed at using preventive measures to avoid compliance violations. Key preventive measures include comprehensive risk identification and risk assessment, appropriate and comprehensive policies and processes, regular training, and ongoing consultation. We also carry out internal controls in relevant processes to identify possible compliance violations and ensure that we act in accordance with the rules. In this regard, we have as well established internal controls in the compliance management processes.
One part of the ESG (Environment, Social, Governance) targets anchored in the compensation of the Management Board are governance aspects. These governance aspects have been translated into compliance targets. They are individual for each business segment and reflect the expectations of the Fresenius Management Board. For more information, please refer to the Compensation Report.
Our goal is to integrate our comprehensive understanding of compliance into our daily business. The aim is to prevent violations, continuously improve our compliance management systems, and to further evolve a living compliance culture among our employees and the stakeholders we interact with. Exchange on best practices between our business segments plays a key role here. The business segments develop operational goals and measures on an annual basis to further strengthen their compliance management systems.
Organization and responsibilities
Responsibility for compliance within the Fresenius Group lies with the Management Board and has been assigned to the board member responsible for Human Resources (Labor Relations Director), Risk Management and Legal of Fresenius Management SE (FMSE). The Group Chief Compliance Officer of the Fresenius Group has a direct reporting line to the Member of the Management Board, responsible for Human Resources (Labor Relations Director), Risk Management and Legal.
The business segments have established their own compliance organizations, which reflect the requirements of the business organization and regulatory requirements. This includes
- respective Corporate Compliance departments, which develop global compliance initiatives for their business segment and support their respective compliance officers,
- Compliance Committees which support the Heads of Compliance of the business segments in developing and monitoring the respective compliance management system. These functions report to the respective business segment management and functionally to the Group Chief Compliance Officer of the Fresenius Group, and
- Compliance responsibles in charge of organizational units of the respective segment.
In total, more than 400 employees throughout the Group are responsible for compliance tasks and support Fresenius managers and employees in all compliance-related matters.
The Group function Risk & Integrity of Fresenius SE & Co. KGaA advises the corporate functions of Fresenius SE & Co. KGaA, sets minimum standards for the compliance management systems Group-wide, and maintains the Group-wide compliance reporting. Within this Group function, the Group Risk Management department supports the operation of compliance tools and systems as well as the development of training courses.
Risk Steering Committee
The Risk Steering Committee (RSC) is chaired by the Management Board member responsible for Human Resources (Labor Relations Director), Risk Management and Legal. The RSC is further composed of the Group Chief Compliance Officer, the Chief Financial Officer (CFO), and the heads of the Legal and Internal Audit departments. If necessary, representatives of other governance departments attend the meetings of the RSC. The RSC is the advisory body that discusses internal and external developments regarding the risk management and internal control system. This includes developments relevant for the Compliance Management System, as well as important compliance initiatives such as the implementation of the German Act on Corporate Due Diligence Obligations in Supply Chains and the revision of the Group’s case management policy in accordance with European regulatory requirements. In addition, the RSC advises on significant risks and prepares decision proposals for the Fresenius Management Board. The meetings of the RSC are scheduled every six to eight weeks.
The business segments have established individual reporting lines to their respective management. The management teams of the business segments receive regular reports on compliance by their Compliance Officers.
Compliance cases are evaluated based on the Group-wide policies. The Group Chief Compliance Officer of Fresenius SE & Co. KGaA informs the board member responsible for Human Resources (Labor Relations Director), Risk Management and Legal of FMSE about compliance cases of high severity immediately. Both decide whether the respective case needs to be presented to the Management Board of FMSE. The Management Board of FMSE also receives from the Group Chief Compliance Officer of Fresenius SE & Co. KGaA an annual overview of reported cases by category and business segment.
In addition to the regular updates in the Risk Steering Committee, the Group Chief Compliance Officer of Fresenius SE & Co. KGaA provides the Management Board of FMSE with a regular comprehensive update of all group-wide Compliance initiatives and policies. The Supervisory Boards of both Fresenius SE & Co. KGaA and FMSE are regularly informed about progress of compliance measures, at least once a year, most recently in October 2022.
Best practice exchanges and compliance expert panels
To ensure ethical conduct, we continually review our business practices and exchange on best practices with our compliance colleagues worldwide. Regular exchanges in cross-divisional expert panels continued to take place in the reporting year. Areas of collaboration included foreign trade law, as well as anti-money laundering, whistleblower protection, and cross-border investigations.
Guidelines and regulations
The Fresenius Code of Conduct forms the framework for all rules applicable in the Fresenius Group. The Code of Conduct lays out the principles of conduct for all employees, including managers at all levels and members of the Management Board. The Code is aligned with international regulations, as explained below, and was adopted by the Management Board of FMSE. In addition, the four business segments have implemented their own Codes of Conduct, which reflect the Fresenius Code of Conduct principles and are adapted to the individual characteristics of each business segment. The applicable Code of Conduct is part of the employment contracts in almost all business segments and is available to all employees. It is also published on the Internet. Guidelines, organizational directives, and process descriptions supplement and further define the rules of the Code of Conduct.
These are our principles, which are also defined and described in detail in the Fresenius Code of Conduct:
Fresenius code of conduct
The design and implementation of our compliance management systems are based on international regulations and guidelines, such as the ISO standards on the set-up of compliance management systems and applicable audit standards of the Institute of Public Auditors in Germany, Incorporated Association IDW (PS 980). When implementing measures, we take into account the respective national or international legal frameworks.
Risk assessment and internal controls
The Management Board of FMSE is responsible for the quality and effectiveness of our risk management and internal control system.
It is regularly monitored by the Supervisory Board’s Audit Committee as well as audited by the Internal Audit department. The findings from these audits are used to continuously advance our risk management and internal control system. By using standardized methods, we regularly record, analyze, and evaluate compliance risks in each business segment and at Fresenius SE & Co. KGaA. As part of an integrated risk reporting, eleven core Compliance risk subgroups are regularly reported and assessed: Bribery and corruption, fraud and asset misappropriation, antitrust violations, money laundering / terrorism financing, data protection violations, trade restrictions, insider trading / market manipulation, compliance culture, retaliation, corporate governance, and human rights violations. In addition to these core compliance risks, the risk assessment also covers other significant business risks such as information security, environmental and occupational safety, quality assurance, and the protection of intellectual property, where the responsibility lies with other functions. The compliance responsibles exchange information on key findings from the respective risk assessments, which may result in additional Compliance Risk Subgroups to reflect new risk areas or risk clusters.
The internal control system is an important part of Fresenius’ risk management. In addition to internal controls regarding the financial reporting, it includes control objectives for further critical processes, such as quality management and patient safety, cybersecurity and data protection, and sustainability. Fresenius has documented relevant critical control objectives in a Group-wide framework, integrating the various management systems into the internal control system in a holistic manner.
Dealing with third parties
Our Code of Conduct and the related guidelines for Fresenius Group employees also regulate our relations with business partners and suppliers. We expect them to comply with applicable laws and standards as well as ethical standards of conduct in daily business and have specified this in our Fresenius Code of Conduct for Business Partners. Our ambitions to avoid corruption and bribery are laid down in our Codes of Conduct. Among other topics, the Codes explicitly prohibit corruption and bribery and oblige our partners to comply with relevant national and international anti-corruption laws. Business segments with significant exposure to the interaction with healthcare professionals have specific rules for these interactions, as explained in the section Transparency in the healthcare sector in this chapter. In addition to risk-based business partner due diligence, we inform our business partners about these requirements before entering a business relationship. The Codes of Conduct of the Fresenius Group are publicly accessible, for more information see the Supply chain section.
Fresenius’ government relations activity is managed by a dedicated political affairs department. Our representative office in Berlin and an EU Relations Office in Brussels are available as contact points for politicians and the representatives. The primary task of the political affairs department is to advise policy makers on policy initiatives that require expertise in medicine and the healthcare industry. Any political activity by Fresenius’ employees and representatives is governed by our Code of Conduct, reflecting our rules, as well as by the applicable legal standards regarding our relations with external partners and the public. Information on lobbying expenditures is published as required by law in the business segments and countries concerned.
Business partner and investment due diligence
All business segments and Fresenius SE & Co. KGaA conduct risk-based due diligence on business partners before entering into a business relationship. In each business segment, the business partners to be screened are selected on a risk-based basis according to defined criteria. A risk profile of the partner is drawn up and targeted measures are initiated: accordingly, the compliance contract clauses are based on the partner’s risk profile to prevent corrupt actions. We also reserve the right to terminate the contract in the event of misconduct.
Whenever we decide on potential acquisitions and investments, we take compliance risks into account in due diligence measures, among other things via the Acquisition and Investment Council (AIC), which reviews planned acquisitions and investments in a defined process for Fresenius Kabi, Fresenius Helios, Fresenius Vamed, and Fresenius SE & Co. KGaA. Every acquisition and investment proposal submitted to the Management Board must first be discussed, reviewed, and evaluated by the AIC. The AIC is made up of managers from various functions, including Business Integrity. If necessary, we initiate safeguarding measures and include, for example, compliance declarations and guarantees in the contracts. Following an acquisition, we integrate the new company into our compliance management systems as quickly as possible.
Dealing with conflicts of interest
Integrity also means that our employees clearly separate private interest from that of the company. They make decisions for Fresenius based on objective criteria. Our employees are obliged to make potential conflicts of interest transparent to their supervisors as soon as they have identified the conflict and before the business action is taken. The affected employee and his or her supervisor have to identity the exact circumstances. The supervisor will deduct from these circumstances a risk analysis and initiate the appropriate measures.
To avoid potential conflicts of interest and assure patients of independent treatment options, our Guidelines for Dealing with Business Partners and Customers regulate the handling of donations. They state that Fresenius donates for scientific or charitable purposes and without expecting any consideration on a voluntary basis only. Donations and other contributions to political organizations are provided in accordance with applicable legislation. Fresenius Helios prohibits unilateral monetary allocations and sponsorships from industry.
Fresenius supports its employees in dealing responsibly with conflicts of interest by defining clear requirements and providing guidance, as well as answers to the most frequent questions, on the intranet. Training and regular updates of information complement the activities at the Group level and within the business segments. Our Corporate Compliance department is also available as a contact partner for all questions.
We have implemented Group-wide guidelines and dedicated controls for cash transactions and banking transactions, such as the dual-control principle. We also monitor cash transactions that exceed a certain threshold. In this way, we want to ensure that all financial transactions are correctly accounted for, authorized, and processed. Through automated processes, we can identify compliance risks at an early stage. Evaluations of compliance with threshold values as well as other verification processes for supplier master data in affected business segments also provide valuable guidance.
Controls for cash transactions and banking transactions are part of our Internal Controls Framework and will be regularly tested and adjusted, if required. For more information, please refer to the Opportunities and Risk Report.
Business segments within the scope of the Money Laundering Act for traders in goods have established appropriate measures to address money laundering risks. These measures include internal controls, such as the prohibition of certain cash payments, as well as risk analysis and review processes for relevant transactions. The controls implemented are embedded in policies and appropriate training is provided.
To provide people worldwide with access to lifesaving medicine and medical equipment, Fresenius also supplies products to countries that are subject to trade restrictions. However, such deliveries have been exempted from the relevant sanctions and Fresenius expects the scope of the exemption to remain unchanged. It is particularly important to us to comply with all currently applicable legal provisions, e. g., with regard to sanctions or export controls. To this end, we have introduced various measures in the business segments concerned, such as special IT system checks for deliveries that are subject to import or export restrictions. In our corporate and business segments we have dedicated experts for trade compliance and a trade compliance program in place. Regular exchange calls among experts and with the management are held to ensure up-to-date knowledge on trade and economic sanctions. There are also centralized monitoring programs at Fresenius for certain countries subject to applicable sanction programs. The trade compliance program will be continuously updated to reflect the latest sanctions regulations. We aim to ensure that we can comply with all applicable sanctions and requirements for export controls, even in the event of short-term changes in legislation, such as experienced in 2022. We have no evidence that Fresenius has not complied with applicable sanctions and export control requirements.
As a global healthcare group, we implement projects in over 100 countries and provide services to hospitals and healthcare facilities. Due to our business activities, we are subject to various local tax obligations.
In the countries in which we operate, we not only support the development of healthcare systems, but also create jobs that contribute to local tax revenue. This enables us to make a significant contribution to preserving the macroeconomic stability of national economies. At the same time, we want our business activities and the contributions we make to be accompanied by compensation for the demands on resources, infrastructure, services, labor and administration.
The basis for paying taxes are the business activities of Fresenius SE & Co. KGaA or one of our subsidiaries in a country. When choosing a location, other aspects such as the availability of qualified personnel, or political, economic, legal and regulatory framework conditions play a role in addition to strategic business issues. In the course of an overall assessment, the possibility of minimizing currency risks as well as tax considerations can also influence the choice of location.
Adhering to laws is the central principle of our understanding of compliance. This also includes compliance with all globally applicable tax obligations. This applies firstly to the Group’s income taxes, which must be regularly explained as part of IFRS financial reporting (International Financial Reporting Standards), and secondly to sales and wage taxes, which we pay in the various countries. Our goal is to fulfill all tax obligations seamlessly and punctually, and to always work within the legal framework. We refrain from implementing tax structures without business purpose or commercial reason.
The chief responsibility for the tax affairs of the Fresenius Group lies with the Management Board of FMSE. The functional responsibility for tax affairs is delegated by the CFO to the management of the corporate tax department of Fresenius SE & Co. KGaA. As a result of Fresenius Medical Care’s listing on the stock exchange, the business segment has its own governance structure, also with regard to tax compliance.
The corporate tax department is generally responsible for the tax affairs of Fresenius SE & Co. KGaA. In addition, it provides various services for the individual subgroups and advises decision-makers in the departments at Group and subsidiary level on the fulfillment of their tax obligations. The department also actively proposes ways in which corporate structures and business transactions and processes can be implemented. This approach is intended to minimize risks and promote corporate objectives through forward-looking tax planning.
At the level of the business segments and their subsidiaries, the respective division or local CFO are generally responsible for tax affairs. These are supported either by the local tax departments, external advisers or the corporate tax department.
Employees in the respective roles are informed that compliance with and correct handling of the applicable rules are of central importance for the Fresenius Group. Information on ways to report suspected acts of non-compliance can be found in the section Reporting channels and dealing with potential compliance violations of the Fresenius separate Group Non-financial Report 2021.
We published our Group Tax Policy on our website.
Fresenius does not specifically settle in certain countries in order merely to generate tax benefits or create tax structures — the focus is always on the business activities of our companies. A few subsidiaries are located in countries known as tax havens. The Fresenius Group took over the majority of these companies as a result of acquisitions. The maintenance of these structures is always examined and evaluated in detail in the course of acquisitions.
The Fresenius Group maintains a cooperative, honest and respectful relationship with the tax authorities and other public institutions. To achieve this, regional and cultural differences in the respective countries are always taken into account.
The Fresenius Group has internal control systems in place in order to meet its tax compliance objectives. Globally, these are subject to the requirements of our Group-wide Fresenius Code of Conduct and Group Internal Controls Framework. Based on this, the respective organizations have their own standards. In this way, we ensure that the Fresenius Group complies with the tax and reporting requirements in all legal systems in which it operates. At the same time, the tax processes are also subject to review by external auditors.
As a global healthcare group, Fresenius is subject to numerous tax laws and regulations. In all four business segments and at the level of Fresenius SE & Co. KGaA, we have implemented risk-management systems that also cover tax risks. Risks arising from this are constantly identified, systematically recorded and assessed, taking into account the probability of occurrence and the possible financial risk. The risks identified through this process are reported in the external financial reporting. Emphasis is placed on preventing any acts of non-compliance regarding taxes before they occur.
The Management Board of FMSE is responsible for the Group's risk management system. Further details on the risk management system can be found in the Annual Report 2022.
We aim to make our business operations as efficient as possible. We therefore bundle requirements, map central business structures where it makes strategic sense, and produce locally wherever possible to ensure that patients receive the care they need quickly. This global distribution of business activities also leads to transactions between the individual companies of the Fresenius Group worldwide. The pricing of these intercompany transactions is based on the internationally recognized arm's length principle and is in line with the OECD transfer pricing guidelines(Organization for Economic Cooperation and Development – OECD) and the respective local transfer pricing rules. This ensures that profits are generated and taxed where value is created. In addition, we undertake to comply with the relevant transfer pricing documentation requirements in the countries in which the Fresenius Group units operate. We follow a three-tiered coordinated approach consisting of:
- master file (master documentation)
- local (country) file (country-specific, company-related documentation)
- Country-by-Country Report (country specific report).
We support initiatives such as the initiatives of the OECD regarding Base Erosion and Profit Shifting (BEPS) and Co-operative Compliance. Co-operative Compliance is an initiative to promote better tax compliance, whereby tax authorities and taxpayers benefit equally from more transparency.
Effective Tax RateDownload(XLS, 35 KB)
|Effective Tax Rate
|1 adjusted tax rate
Compliance training is a high priority for Fresenius. Our employees are offered training on compliance issues, covering basic topics such as our Code of Conduct and corporate guidelines. Depending on the employee group, more specific topics such as anti-corruption, antitrust law, anti-money-laundering, data protection, and information security are also included – especially for particularly high-risk areas.
To convey the content in a targeted manner, we rely on individual concepts tailored to the respective department and employees. We use various formats such as in-house training, live webinars, on-demand video training, and traditional online training. Participation in essential basic training, such as on the Code of Conduct, is mandatory. Mandatory e-learnings will be distributed to all employees of the defined target group.
Employees are prompted and reminded to participate in mandatory training courses, for example with automatic registration, or manual registration by compliance departments, human resources, or managers. To promote a risk-conscious and value-oriented corporate culture, we train executives using a dialog-based approach.
We refresh awareness for Compliance topics by the use of pictures, news flashes, videos, games and compliance podcasts in the Intranet.
Reporting channels and dealing with potential compliance violations
If Fresenius employees suspect misconduct, e. g., violations of laws, regulations or internal guidelines, they can contact their supervisors or the responsible compliance officers and report the potential compliance incident. They can also report potential compliance incidents anonymously, where legally permitted, e. g., by telephone or online via whistleblower systems and e-mail addresses set up specifically for this purpose. All business segments have established appropriate mechanisms based on the requirements of the UN Guiding Principles on Business and Human Rights (UNGP) and the German Act on Corporate Due Diligence Obligations in Supply Chains. Further, all segments have prepared to comply with the laws implementing the new EU regulation regarding the protection of whistleblowers. The whistleblower systems are available via the Fresenius Group website and the websites of the business segments not only to employees, but also to third parties, e. g., customers, suppliers, and other partners, in a total of more than 30 languages.
We strive to continuously improve our processes and further optimize the complaint mechanisms. Based on the requirements of the UNGP, the German Act on Corporate Due Diligence Obligations in Supply Chains, and the European Union Directive on the protection of whistleblowers and their implementation in national law, we have reviewed our systems and processes and adjusted them accordingly. We are therefore convinced that the complaint mechanism of Fresenius SE & Co. KGaA in its current form meets the currently applicable requirements. Thus, the business segments observe the developments in this area and adapt their processes as needed, based on the mentioned legal requirements and international applicable frameworks. This encompasses measures to support a culture in which legal and ethical concerns may be communicated without fear of retaliation. Fresenius Medical Care has an anti-retaliation policy in place to protect employees against any reprisal. Fresenius Kabi has put in place an updated case management Standard Operating Procedure (SOP) which also includes a strict non-retaliation policy.
Incoming reports are treated confidentially as described in the respective guidelines to protect persons reporting. Depending on the severity of the case, the business segments adhere to the reporting structure as outlined in the Reporting structure section. We take all potential compliance violations seriously. An initial assessment focuses on the plausibility and possible severity level of the potential violation. For this purpose, also ombudsperson panels are set up at Fresenius SE & Co. KGaA, Fresenius Kabi, Fresenius Helios, and Fresenius Vamed. These carry out preliminary assessments of reports received and initiate risk-appropriate investigations of reports on a case-by-case basis. The severity of the compliance violation determines who is responsible for further investigation. If necessary, a dedicated team takes over the investigation, which may include internal professionals or external support. Measures are implemented in a timely manner by the responsible management in close cooperation with the compliance officers. Depending on the type and severity of the misconduct, disciplinary sanctions or remedies under civil or criminal law may be imposed. We take every case of potential misconduct as an opportunity to review our corporate processes for improvements. After completion of the investigation, we use the results of internal reviews and reports to review our business processes. We implement corrective or improvement measures where necessary to prevent similar misconduct in the future. Fresenius Medical Care as well has a defined procedure in which all reported cases of potential misconduct are investigated, individual measures are taken to remedy them, and implementation is tracked. We report the compliance reports received in 2022 in the Evaluation section.
Transparency in the healthcare sector
In the healthcare sector, transparency is of major importance with regard to business conduct, patient information and quality of care. More information can be found in the Patient and product safety section.
Fresenius Group companies adhere to laws and our ethical principles that
- require us to track and report publicly payments made to healthcare professionals and organizations;
- require us to issue written notification or approval and to disclose the purpose and scope of the interaction between a Fresenius Group company and healthcare professionals, such as in healthcare facilities;
- require us to publicly disclose data pursued in clinical trials as well as disclose to patients the information gathered in patient studies. This is linked to the public right to transparency regarding data used to approve new medicines, as well as provisions to adhere to relevant data protection standards; for more information see Data Protection section;
- require transparency in pricing and reimbursement procedures for pharmaceutical products.
We are committed to respecting the codes and principles associated with membership of various associations. In addition, Fresenius Group companies disclose all donations to healthcare professionals in accordance with the publication requirements applicable to them.
Progress and measures in 2022
In order to further foster a functional Group-wide compliance organization, the Management Board of FMSE decided that the compliance professionals will functionally report to the Heads of Compliance of each business segment, effective in 2023. Where such reporting structures have not been established, they will be initiated. The Heads of Compliance of each segment and the Head of Group Compliance Reporting and Monitoring form the Group Compliance Management Team (GCMT). This expert group sets governance standards for Compliance across Fresenius and supports the effective implementation of the Compliance management system.
Continual improvement of the Fresenius compliance program
In 2022, the business segments planned and implemented various compliance initiatives to drive further improvement or to respond to new regulatory requirements. For Fresenius as a Group, a dedicated Human Rights Office has been tasked with coordinating the preparation for the German Act on Corporate Due Diligence Obligations in Supply Chains. For more information, please refer to the Supply chain section. A revised Group-wide Case Management SOP will reflect the requirements under the applicable whistleblower protection laws in Europe.
Fresenius Kabi conducted a compliance culture survey and thereby opened another channel for its employees to voice views about the company’s compliance culture, particularly in relation to speak up culture, case reporting and case management. The business segment also updated its reporting categories for its complaint management, offering simpler clusters of violations to potential whistleblowers, that include categories relevant for reporting human rights violations.
Further, new guidelines and regulations within the business segments were addressed as follows: Fresenius Kabi updated its Code of Conduct in the reporting year, taking into account more recent developments such as anti-money laundering, sustainability, cybersecurity, social media, environment, and human rights. The business segment also updated its case management SOP and collateral documentation, such as templates for investigation plans and investigation reports, to take into account the requirements of the recent legislation updates and to further increase the quality and consistency of case management work across the globe. Fresenius Helios also revised its case management guideline. All business segments also decided to continue the further implementation of the Internal Controls Framework.
To support this development of the Fresenius compliance program, focus training topics were set in 2022:
- The Group function Risk & Integrity developed and provided various training materials regarding the Code of Conduct, anti-money-laundering, anti-corruption, antitrust, trade compliance, fraud and internal control systems for all business segments. The function also published ICS training material and explanatory videos on the intranet All about ICS. By doing so, employees will be able to learn and apply their knowledge in a realistic scenario.
- Fresenius Kabi continued its intensive efforts to train its personnel on antitrust risks and created a new comprehensive antitrust training course that has been made available internally on the intranet and was also rolled out as an eLearning to sensitive functions in various languages. Selected groups were additionally trained in webinar sessions on particular antitrust topics for their area of responsibility. Fresenius Kabi rolled out its global anti-bribery and anti-corruption eLearning again, as a refresher training.
- Fresenius Helios offered training courses on fraud and rolled out dedicated trainings on specific aspects of anti-corruption, such as accepting benefits as business employees, donations, granting benefits to healthcare professionals and healthcare organizations, and conflicts of interest.
- In the reporting year, Helios Spain began preparing additional training courses for the risks identified in the compliance risk assessment in addition to the existing training courses on the Code of Conduct.
- Fresenius Vamed focused on data protection, anti-money laundering and trade compliance trainings.
- Fresenius Medical Care has its own compliance management system and a correspondingly coordinated training program.
Risk assessment and internal controls
In 2022, the business segments expanded their risk assessment processes, which they continued to carry out to include bottom-up information.
We made further improvements within our Group-wide integrated risk management tool to implement applicable regulatory requirements. Risk entries are validated by subject matter experts, i. e., the Compliance function, in order to ensure the consistency and quality of these entries. Risk mitigation plans will be tracked and monitored to ensure a steady mitigation effect.
Due to the constantly changing external and internal requirements and environment, our risk management and internal control system is being continuously developed. Currently 25 out of 139 control objectives are related to compliance processes, in particular in the areas anti-corruption, trade compliance, anti-money laundering, antitrust / competition compliance. In 2022, the internal control system has been further expanded by the business segments, including structured scoping and performance of control testing.
Dedicated monitoring programs for trade compliance
Since sanctions have been imposed against certain countries because of the war between Russia and Ukraine, the Management Board of Fresenius SE & Co. KGaA has implemented a monitoring mechanism to ensure that trade compliance approvals and the review of business partners are mandatory for each delivery into a country subject to a sanction program. In addition, automated IT-based checks for each transaction at Fresenius Kabi are an integral part of the trade compliance program.
Developments in the business partner due diligence
The business partner due diligence process is being enhanced to achieve more accuracy and efficiency in addressing risks with its third parties and integrated the requirements of the German Act on Corporate Due Diligence Obligations in Supply Chains. Human rights due diligence as one aspect of our overall business partner due diligence enables us to better understand our suppliers and their modus operandi. This way, we monitor potential risks occurring from the supply chain while adhering to our commitments to conducting business in a responsible manner, to human rights, and to our commitment to compliance and integrity. Further information on human rights due diligence and our 2022 progress can be found in the Supply chain section.
Fresenius Medical Care sharpened its focus on several ongoing compliance initiatives. Prior to entering new business relationships, and as part of its continuous monitoring of existing business relationships, the company assesses third parties for compliance risks. In 2022, the business segment assessed and approved around 21,000 third parties. In addition, Fresenius Medical Care continued to implement its third-party training approach at global level. Target groups are sales partners, such as distributors, re-sellers, wholesalers, commercial or sales agents, and any other third parties involved in the sales of the products that potentially interact with government officials or healthcare professionals. The business segment also conducted 15 anti-corruption-related audits of third-party business partners. 80% of internal audits included a compliance focus.
Fresenius Kabi published its updated SOP and collateral guidelines on Business Partner Due Diligence to enhance and refine its processes and conducted related training for key stakeholders, as well as updated its contractual compliance clauses for business partners and suppliers. Furthermore, Fresenius Kabi has combined the previously separate codes for suppliers (Suppliers Code of Conduct) and for business partners (Business Partner Code of Conduct) into a Third-Party Code of Conduct and published it at the end of the year. This also includes the expectations of suppliers and business partners with regards to human rights and environmental standards / duties of care in the supply chain.
Despite the differences in business and risk profile in each business segment, we strive to uniformly evaluate the design of the compliance management systems on a Group level. In 2022, aspects of the effectiveness of compliance measures were surveyed after the Group function Risk & Integrity department of Fresenius SE & Co. KGaA reviewed the maturity of the compliance measures of the business segments and Fresenius SE & Co. KGaA for all compliance risk areas by using a harmonized Compliance Management System Reporting methodology. The results were presented to the Management Board and Supervisory Board.
Audits and inspections
The Internal Audit departments conduct independent audits to improve the effectiveness of the risk management, control and governance processes at Fresenius SE & Co. KGaA and in the business segments. Aspects of compliance and anti-corruption are also taken into account on a risk basis. If weaknesses are identified, Internal Audit monitors the implementation of remediation actions taken by the respective management. In 2022, 21 internal audits with a focus on corruption were conducted at operating sites of the business segments Fresenius Helios, Fresenius Kabi, Fresenius Vamed and Fresenius Corporate. The audit engagement results were analyzed by the compliance organizations and incorporated into the continuous improvement of existing measures. Structural changes of the processes related to the compliance organizations were not required.
At Helios Germany, adherence to the business segment’s transparency regulations is monitored on a random basis in regular transparency reviews.
With the Compliance Cockpit, Fresenius Kabi has a tool that provides managers of each subsidiary with an annual overview of compliance-relevant key parameters based on external and internal indicators. Fresenius Kabi reviews these key parameters annually and defines monitoring measures for those subsidiaries with an increased risk profile. Fresenius Kabi also conducts regular reviews of compliance initiatives in the form of workshops. Fresenius Kabi’s compliance organization organized various international workshops again in 2022. The workshops not only served as intensive training for local employees, but also enabled compliance officers to review and, if necessary, improve their understanding of compliance, the effectiveness of local implementation of internal guidelines, and the development and improvement of central compliance initiatives.
Reports in 2022
In 2022, a total of 375 compliance reports1 were received via the incident databases at Fresenius SE & Co. KGaA, and the business segments Fresenius Kabi, Fresenius Helios, and Fresenius Vamed. They were collected via different input channels as shown in the graph. The compliance reports were principally assigned to the following topic groups: Business Integrity (88 reports, incl. Anti-Corruption, Antitrust, Anti-Money-Laundering etc.), Data Protection (26 reports), HR / Workplace (155 reports), Misappropriation of Corporate Assets (35 reports, incl. Conflicts of Interest), Accounting, Auditing and Financial Reporting (8 reports), Environment, Health and Safety (23 reports), and other (40 reports). We received the most complaints in the area of Business Integrity and workplace-related, in particular, in clinics. Each complaint is reviewed under our case management processes and, if substantiated, appropriate remedial measures will be taken.
Messages by input channel
1 For Fresenius Medical Care in North America, the hotline system was used for multiple reporting purposes: In addition to the reporting of compliance concerns, reports can also be made on patient care and safety. Therefore, cases from Fresenius Medical Care are not consolidated on a Group level. This leads to a corresponding reduction of compliance reports in comparison to the previous year.