For Fresenius, compliance means doing the right thing. Our ethical values are based on more than just regulatory requirements. This means that we not only act in accordance with the law, but also according to applicable sector codices, our internal guidelines and values, and using internal controls to ensure that we adhere to the requirements. For our employees, this is the foundation of all our activities. In this way, we want to help ensure that everyone can rely on us as a partner of trust and integrity. Compliance should also ensure what is most important to us: the well-being of the patients we care for.
Our risk-oriented compliance management system is aligned with the activity of our business segments. Our key ambition is to prevent corruption and bribery in our business environment. Beyond that, prohibiting violations of antitrust law, data protection regulations, trade restrictions, and anti-money-laundering laws, preventing the financing of terrorism, and protecting human rights are also key areas, which we address with dedicated compliance measures.
Our goals and ambitions
Our aspiration is to integrate our comprehensive understanding of compliance into our daily business. The aim is to prevent violations, continuously improve our compliance management system, and to further evolve a living compliance culture, especially among our employees and the stakeholders we interact with. Exchange on best practices between our business segments plays a key role here. The business segments develop operational goals and measures on an annual basis to continuously strengthen the compliance management system.
In addition, we aim to ensure that we can comply with all applicable sanctions and requirements for export controls, even in the event of short-term changes in legislation, such as those experienced in 2023. We have no evidence that Fresenius has not complied with applicable sanctions and export control requirements.
Compliance goals
Download(XLS, 35 KB)| Timeframe | Status 2023 | Further information | |
|---|---|---|---|
| Reorganization of the existing Compliance organization with a functional reporting line | Internal timeline set | In progress | Compliance |
| Group-wide Human Rights organization with functional reporting | 2023 | Implemented | Human rights |
Key performance indicators (KPIs) and goals are being defined as part of our ongoing compliance monitoring process. Reporting is planned from the 2024 reporting year.
Our approach
Integrity, responsibility, and reliability form the core of our understanding of compliance.
As stated in our Fresenius Code of Conduct, we are fully committed to adhering to statutory regulations, internal guidelines, and voluntary commitments, as well as acting in accordance with ethical standards. Violations are not to be tolerated. If a violation is detected, we perform an investigation, initiate the necessary remediation measures, and impose sanctions if applicable. In addition, incidents prompt us to sharpen our compliance programs and prevention mechanisms.
We set up a dedicated risk-oriented compliance management system. It is based on three pillars: prevention, detection, and response. Our compliance measures are primarily aimed at using preventive measures to avoid compliance violations.
At the first and second management level below the Group Management Board, as well as below the management of the business segments, responsible compliance officers can also be evaluated according to defined compliance targets. Targets are components of the individual variable remuneration. The performance discussions of employees in the area of compliance are also based on compliance criteria, among other things.
Organization and responsibilities
Responsibility for compliance within the Fresenius Group lies with the Group Management Board and has been assigned to the Board member responsible for Legal, Compliance, Risk Management, ESG, Human Resources and the business segment Fresenius Vamed (subsequently ESG Board member). The Group Chief Compliance Officer of the Fresenius Group has a direct reporting line to this Member of the Group Management Board.
Within the executive boards of the business segments or their management, the responsibility for compliance is regulated by business allocation plans. The business segments also established their own compliance organizations, which reflect the requirements of the business organization, regulatory requirements, and the associated internal controls. The Group function Risk & Integrity advises the corporate functions, sets minimum standards for the compliance management system Group-wide, and manages the Group-wide compliance reporting.
Risk Steering Committee
The Risk Steering Committee (RSC) – under the management of the ESG Board member – discusses internal and external developments regarding the risk management and internal control system as an advisory body. This includes, for example, developments relevant for the compliance management system. In addition, the RSC advises on significant risks and prepares decision proposals for the Group Management Board. The meetings of the RSC are scheduled regularly, at least once per quarter. The members of the RSC are managers with functional responsibility within Group functions and representatives of the business segments.
In addition to the updates in the RSC, the Group Chief Compliance Officer of Fresenius SE & Co. KGaA regularly provides the Group Management Board with comprehensive information on all Group-wide compliance initiatives and policies. The Supervisory Boards of Fresenius SE & Co. KGaA and Fresenius Management SE (FMSE) are informed about the progress of the compliance measures at least once a year, most recently in December 2023.
Functional reporting lines in the compliance organization
Since the beginning of 2023, all compliance representatives of the business segments have reported functionally to the Group Chief Compliance Officer of Fresenius SE & Co. KGaA. In 2023, we started to implement corresponding functional reporting lines in the business segments. Once the restructuring has been completed, all compliance officers will report to the respective Heads of Compliance of the business segments. The Group Chief Compliance Officer, the Chief Compliance Officers, or Heads of Compliance of each business segment and the Head of Group Reporting and Monitoring form the Group Compliance Management Team (GCMT). This management team meets on a monthly basis and sets the governance standards for compliance at Fresenius and supports the effective implementation of the compliance management system. The GCMT regularly examines the results of the compliance risk analysis, the compliance figures, the further development of the compliance management system and the results of monitoring measures.
The management teams of the business segments receive regular reports on compliance from their Chief Compliance Officers or Heads of Compliance.
Reporting paths
If Fresenius employees suspect misconduct, e. g., violations of laws, regulations, or internal guidelines, they can report the potential compliance incident to their supervisors or the responsible compliance officers. In addition, employees and third parties can report potential compliance incidents anonymously, where legally permitted, e. g., by telephone in more than 30 languages or online via whistleblower systems available in up to 8 languages and email addresses set up specifically for this purpose.
Incoming reports are treated confidentially as described in the respective guidelines to protect persons reporting. We take all potential compliance violations seriously. An initial assessment focuses on the plausibility and possible severity level of the potential violation. For this purpose, ombudsperson panels are also set up at Group level as well as in the business segments. The compliance departments or, depending on the severity of the cases, the ombudspanels, carry out preliminary assessments of reports received and initiate risk-appropriate investigations on a case-by-case basis. The severity of the compliance violation determines who is responsible for further investigation. If necessary, a dedicated team takes over the investigation, which may include internal experts, but can also comprise external support. Measures are implemented in a timely manner by the responsible management in close cooperation with the compliance officers. Depending on the type and severity of the misconduct, disciplinary sanctions or remedies under civil or criminal law may be imposed. After completion of the investigation, we use the results of internal reviews and reports to review our business processes. We implement corrective or improvement measures where necessary to prevent similar misconduct in the future.
Compliance cases are evaluated based on the Group-wide policies as well as on those of the business segments, which comply with the Group-wide policies. The Group Chief Compliance Officer informs the responsible board member immediately about compliance cases, which could lead to a potential high impact, based on an internal assessment. The Group Management Board also receives an annual overview of reported cases by category and business segment from the Group Chief Compliance Officer of Fresenius SE & Co. KGaA and is informed in detail about the investigations relevant to the Group.
In 2023, a total of 806 compliance reports (2022: 375) were received via the incident databases at Fresenius SE & Co. KGaA, and the business segments. They were recorded via various reporting paths.
We received the most complaints in the area of misuse of corporate assets and HR / Workplace, topics, which are part of this non-financial Group report. The increase in reports is, among others, due to the introduction of automated fraud prevention systems, and internal communication campaigns, which have proven to be efficient. Further information is provided in the Diversity chapter.
262 of the total reports received were not classified as relevant compliance reports following a detailed assessment by our responsible compliance teams. Such reports mainly concerned the areas of HR and patient satisfaction and were further processed by the relevant departments.
Compliance reports
Download(XLS, 37 KB)| 2023 | 2022 | |
|---|---|---|
| Business Integrity | 51 | 88 |
| Data Protection | 25 | 26 |
| HR / Workplace | 274 | 155 |
| Misuse of company assets | 225 | 35 |
| Accounting / Reporting | 3 | 8 |
| Environment / Health / Safety | 34 | 23 |
| Human Rights | 47 | n.a.1 |
| Other | 147 | 40 |
| Total | 806 | 375 |
| 1 This category was not reported as separate category in 2022. | ||
Guidelines and regulations
The Fresenius Code of Conduct forms the framework for all rules applicable in the Fresenius Group. The Code of Conduct lays out the principles of conduct for all employees, including managers at all levels and members of the Group Management Board. The Code is aligned with recognized international regulations and was adopted by the Group Management Board. In addition, the business segments implemented their own Codes of Conduct, which are adapted to the individual characteristics of each business segment. The applicable Code of Conduct is part of the employment contracts and is available to all employees. Guidelines, organizational directives, and process descriptions supplement and further define the rules of the Codes of Conduct.
The design and implementation of our compliance management system is based on international regulations and guidelines, such as the ISO standards on the setup of compliance management systems and applicable audit standards of the Institute of Public Auditors in Germany, Incorporated Association IDW (PS 980). When implementing measures, we take into account the respective national or international legal frameworks. In addition, a law firm reviewed the design of the Corporate / Other’s segments compliance management system and concluded that it is organizationally effectively anchored and programmatically appropriately designed.
In the reporting year 2023, a new guideline for handling compliance incidents has been applied in the Group. Standard operating procedures (SOPs) define the related documentation for the case management, such as templates for investigation plans and investigation reports. Furthermore, they are revised on an ad-hoc basis to take into account the requirements of recent legislation updates and to further improve the quality and consistency of case management work across the globe.
In addition, we revised the Fresenius Code of Conduct for Business Partners and incorporated human rights aspects and requirements from the German Act on Corporate Due Diligence Obligations in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG).
Risk management
By using standardized methods, we regularly record, analyze, and evaluate compliance risks in the business segments and at Fresenius SE & Co. KGaA. As part of integrated risk reporting, defined core compliance risk subgroups are regularly reported and assessed, including, for example, bribery, corruption, and antitrust law. The compliance representatives exchange information on key findings from the respective risk assessments, which may result in additional compliance risk subgroups to reflect new risk areas or risk clusters.
The internal control system is an important part of Fresenius’ risk management. In addition to internal controls regarding the financial reporting, it includes control objectives for further critical processes, such as quality management and patient safety, cybersecurity and data protection, and sustainability. Fresenius documented relevant critical control objectives in a Group-wide framework, integrating the various management systems into the internal control system in a holistic manner.
We adapted our Group-wide integrated risk management tool as well as our risk methodology to implement applicable regulatory requirements and to further improve the reporting quality of risks. Risk entries are validated by subject matter experts, i. e., the Compliance function, in order to ensure the consistency and quality of these entries. Risk mitigation plans will be tracked and monitored to ensure a steady mitigation effect.
Due to the constantly changing external and internal requirements and environment, our risk management and internal control system is being continuously developed. 27 out of 153 control objectives are currently related to compliance processes, in particular in the areas anti-corruption, trade compliance, anti-money-laundering, and antitrust / competition compliance. In 2023, the internal control system was further expanded by the business segments, including structured training and communication measures.
In the reporting year, there were no incidents from the topics explained below that could have materially affected the reputation or financial position.
The Internal Audit departments conduct independent and risk-based audits to improve the effectiveness of compliance and anti-corruption. If weaknesses are identified, Internal Audit monitors the implementation of remediation actions taken by the respective management. In 2023, 11 internal audits with audit reference corruption were conducted at operating sites of the business segments. The audit engagement results were analyzed by the compliance organizations and incorporated into the continuous improvement of existing measures. Structural changes to the processes related to the compliance organizations were not required.
Our Code of Conduct and the related guidelines for Fresenius Group employees also regulate our relations with business partners and suppliers. We expect them to comply with applicable laws and standards, as well as ethical standards of conduct, in daily business and specified this in our Fresenius Code of Conduct for Business Partners. Among other topics, the Codes explicitly prohibit corruption and bribery and oblige our partners to comply with relevant and applicable national and international anti-corruption laws. Business segments with significant exposure to interaction with healthcare professionals have specific rules for these interactions, as explained in the Transparency in the healthcare sector section in the Strategy and management chapter. We inform our business partners about these requirements before entering a business relationship and perform a risk-based business partner due diligence. The Codes of Conduct of the Fresenius Group are publicly accessible. An overview of the most relevant stakeholder groups is provided in the Strategy and management chapter.
Fresenius’ government relations activity is managed by a dedicated Political Affairs department. Our representative office in Berlin and an EU Relations Office in Brussels are available as contact points for politicians and the representatives. The primary task of the department is to advise policy makers on policy initiatives that require expertise in medicine and the healthcare industry. Any political activity by Fresenius’ employees and representatives is governed by our Code of Conduct, as well as by the applicable legal standards regarding our relations with external partners and the public. Information on lobbying expenditures is published as required by law in the business segments and countries concerned.
All business segments and Fresenius SE & Co. KGaA conduct risk-based due diligence on business partners before entering into a business relationship. This also includes human rights aspects, as detailed in the Human rights section. The business partners to be screened are selected on a risk-based basis according to defined criteria. A risk profile of the partner is drawn up and targeted measures are initiated: accordingly, the compliance contract clauses are based on the partner’s risk profile to prevent corrupt actions. We also reserve the right to terminate the contract in the event of misconduct. In 2023, we conducted various audits of business partners, of which 939 alone related to human rights risks. Further information can be found in the Human rights section.
All business segments and Fresenius SE & Co. KGaA perform regular checks of all business partners against the applicable sanctioned party lists. Whenever we decide on potential acquisitions and investments, we take compliance risks into account in due diligence measures, among other things via the Acquisition and Investment Council (AIC), which reviews planned acquisitions and investments in a defined process for the business segments and Fresenius SE & Co. KGaA. Every acquisition and investment proposal submitted to the Group Management Board must first be discussed, reviewed, and evaluated by the AIC. If necessary, we initiate safeguarding measures and include, for example, compliance declarations and guarantees in the contracts. Following an acquisition, we integrate the new company into our compliance management system as quickly as possible.
We want to avoid potential conflicts of interest and assure patients of appropriate treatment options. In this context, integrity also means that our employees clearly separate private interest from that of the company. They make decisions for Fresenius based on objective criteria. Our employees are obliged to make potential conflicts of interest transparent to their supervisors as soon as they have identified the conflict and before the business action is taken. The affected employee and his or her supervisor have to discuss the exact circumstances. The supervisor will derive a risk analysis from these circumstances and initiate the appropriate measures.
Fresenius supports its employees in dealing responsibly with conflicts of interest by defining clear requirements and providing guidance, as well as answers to the most frequent questions, on the intranet. Training and regular updates of information complement the activities at the Group level and within the business segments. Our Compliance departments are also available as a contact partner for all related questions.
Our Guidelines for Dealing with Business Partners and Customers regulate the handling of donations. They state that Fresenius donates for scientific or charitable purposes and without expecting any consideration, on a voluntary basis only. Donations and other contributions to political organizations are provided in accordance with applicable legislation. Fresenius Helios prohibits unilateral monetary allocations and sponsorships from industry.
Controls for cash transactions and banking transactions are part of our Internal Controls Framework and will be regularly tested and adjusted, if required. For more information, please refer to the Opportunities and Risk Report.
Fresenius has established appropriate measures to address money laundering risks. These measures include internal controls, such as the prohibition of certain cash payments, as well as risk analysis and review processes for relevant transactions. We report suspicious transactions to the authorities. The controls implemented are embedded in policies and appropriate training is provided.
To provide people worldwide with access to lifesaving medicine and medical equipment, Fresenius also supplies products to countries that are subject to trade restrictions. However, appropriate sanction mechanisms typically provide exemptions for such deliveries, and Fresenius expects that the scope of such exemptions will remain unchanged. It is particularly important to us to comply with all currently applicable legal provisions, e. g., with regard to sanctions or export controls. To this end, we introduced various measures, such as special IT system checks for deliveries that are subject to import or export restrictions. In our responsible central Group function and in our business segments, we have dedicated experts for trade compliance and a trade compliance program in place.
In order to be able to react appropriately to the rapidly changing sanctions situation, the Group Management Board implemented additional monitoring and approval processes to ensure that trade compliance approvals and the review of all involved business partners are mandatory for each delivery into a country subject to such sanction program. In addition, automated IT-based checks for each transaction at Fresenius Kabi are an integral part of the trade compliance program.
Training
Compliance training is a high priority for Fresenius. Our employees are offered training on compliance issues via various formats – such as in-house training, live webinars, and on-demand video training – covering basic topics such as our Code of Conduct and corporate guidelines. Depending on the employee group, more specific topics such as anti-corruption, antitrust law, anti-money-laundering, data protection, and information security are also included – especially for particularly high-risk areas.
Participation in essential basic training, such as on the Code of Conduct, is mandatory. Mandatory e-learnings will be distributed to all employees of the defined target group. Employees are prompted and reminded to participate in mandatory training courses. To promote a risk-conscious and value-oriented corporate culture, we train executives using a dialog-based approach.
To support the development of the Fresenius compliance program, focus training topics were set in 2023: the Group function Risk & Integrity developed and provided various training materials regarding the Code of Conduct, fraud, human rights, and internal control systems for all business segments.
In the reporting year 2023, the Group function Risk & Integrity rolled out three training modules on the topics of Business Integrity, Financial Compliance, and Finance Integrity across the Group for the first time.
Furthermore, all new employees of Fresenius SE & Co. KGaA who started work by December 1, 2023, have been assigned to mandatory training on the Code of Conduct.
Training is a key component of our compliance culture that is continuously developed further and is designed and implemented in a practical manner.
Tax compliance
As a global healthcare Group, we implement projects in more than 60 countries, distribute healthcare products and provide services to hospitals and healthcare facilities. Due to our business activities, we are subject to various local tax obligations.
In the countries in which we operate, we not only support the development of healthcare systems, but also create jobs that contribute to local tax revenue. This enables us to make a significant contribution to preserving the macroeconomic stability of national economies. At the same time, we want our business activities and the contributions we make to be accompanied by compensation for the demands on resources, infrastructure, services, labor, and administration.
The basis for paying taxes are the business activities of Fresenius SE & Co. KGaA or one of our subsidiaries in a country. When choosing a location, other aspects such as the availability of qualified personnel, or political, economic, legal, and regulatory framework conditions play a role in addition to strategic business issues. In the course of an overall assessment, the possibility of minimizing currency risks as well as tax considerations can also influence the choice of location.
Adhering to all globally applicable tax obligations is the central principle of our understanding of compliance. This applies firstly to the Group’s income taxes, which must be regularly explained as part of IFRS (International Financial Reporting Standards- IFRS) financial reporting, and secondly to sales and wage taxes, which we pay in the various countries. Our goal is to fulfill all tax obligations seamlessly and punctually, and to always work within the legal framework. We refrain from implementing tax structures without business purpose or commercial reason.
The chief responsibility for the tax affairs of Fresenius lies with the Group Management Board. The functional responsibility for tax affairs is delegated by the Chief Financial Officer (CFO) to the management of the Corporate Tax department of Fresenius SE & Co. KGaA.
The Corporate Tax department is generally responsible for the tax affairs of Fresenius SE & Co. KGaA. In addition, it provides various services for the individual business segments and advises decision-makers in the departments at Group and subsidiary level on the fulfillment of their tax obligations. The department also actively proposes ways in which corporate structures and business transactions and processes can be implemented. This approach is intended to minimize risks and promote corporate objectives through forward-looking tax planning.
At the level of the business segments and their subsidiaries, the respective division or local CFOs are generally responsible for tax affairs. These are supported either by the local tax departments, external advisers, or the Corporate Tax department.
Information on ways to report suspected acts of non-compliance can be found in the Reporting paths section. We have published our Group Tax Policy on our website.
Fresenius does not specifically settle in certain countries in order merely to generate tax benefits or create tax structures: the focus is always on the business activities of our companies. A few subsidiaries are located in countries known as tax havens. The Fresenius Group took over the majority of these companies as a result of acquisitions. The maintenance of these structures is always examined and evaluated in detail in the course of acquisitions.
The Fresenius Group maintains a cooperative, honest, and respectful relationship with the tax authorities and other public institutions. To achieve this, regional and cultural differences in the respective countries are always taken into account.
The Fresenius Group has internal control systems in place in order to meet its tax compliance objectives. Globally, these are subject to the requirements of our Group-wide Fresenius Code of Conduct and Group Internal Controls Framework. Based on this, the respective organizations have their own standards. In this way, we ensure that the Fresenius Group complies with the tax and reporting requirements in all legal systems in which it operates. At the same time, the tax processes are also subject to review by external auditors.
In all business segments and at Group level, we implemented risk-management systems that also cover tax risks. These are constantly identified, systematically recorded and assessed, taking into account the probability of occurrence and the possible financial risk. The risks identified through this process are reported in the external financial reporting. Emphasis is placed on preventing any acts of non-compliance regarding taxes before they occur.
The Group Management Board is responsible for the Group’s risk management system. Further details on the risk management system can be found in the Opportunities and Risk Report.
We aim to make our business operations as efficient as possible. We therefore bundle requirements, map central business structures where it makes strategic sense, and produce locally wherever possible to ensure that patients receive the care they need quickly. This global distribution of business activities also leads to transactions between the individual companies of the Fresenius Group worldwide. The pricing of these intercompany transactions is based on the internationally recognized arm’s length principle and is in line with the OECD transfer pricing guidelines (Organization for Economic Cooperation and Development – OECD) and the respective local transfer pricing rules. This ensures that profits are generated and taxed where value is created. In addition, we undertake to comply with the relevant transfer pricing documentation requirements in the countries in which the Fresenius Group units operate. We follow a three-tiered coordinated approach consisting of:
- master file (master documentation)
- local (country) file (country-specific, company-related documentation)
- Country-by-Country Report (country-specific report)
We support initiatives such as the initiatives of the OECD regarding Base Erosion and Profit Shifting (BEPS) and Co-operative Compliance. Co-operative Compliance is an initiative to promote better tax compliance, whereby tax authorities and taxpayers benefit equally from more transparency.
Effective tax rate1, 2
Download(XLS, 36 KB)| in % | 20233 | 2022 | 2021 | 2020 | 2019 |
|---|---|---|---|---|---|
| Europe | -695.2 | 30.8 | 24.2 | 25.5 | 23.9 |
| Thereof Germany | 303.6 | 56.3 | n.a. | n.a. | n.a. |
| Thereof Spain | 27.8 | 19.5 | n.a. | n.a. | n.a. |
| North America | 18.4 | 21.2 | 21.1 | 22.2 | 20.1 |
| Thereof USA | 18.1 | 21.1 | n.a. | n.a. | n.a. |
| Asia-Pacific | 21.1 | 16.8 | 23.4 | 18.2 | 23.6 |
| Thereof China | 15.7 | 20.54 | n.a. | n.a. | n.a. |
| Latin America | 26.5 | 32.9 | 26.4 | -27.5 | 57.1 |
| Africa | -24.5 | -11.7 | 28.0 | -193.8 | 63.6 |
| Group | 66.7 | 24.8 | 22.8 | 24.2 | 22.6 |
| 1 Not audited. | |||||
| 2 Until 2022 including Fresenius Medical Care. | |||||
| 3 Special items in fiscal year 2023 are explained on page 299 of the Notes. | |||||
| 4 Adjusted tax rate. | |||||
Contact
Fresenius SE & Co. KGaA
Group ESG
sustainability@fresenius.com