The company discloses which measures, standards, systems and processes are in place to prevent unlawful conduct and, in particular, corruption, how they are verified, which results have been achieved to date and where it sees there to be risks. The company depicts how corruption and other contraventions in the company are prevented and exposed and what sanctions are imposed.
Compliance management system
Compliance covers compliance with all airport-related laws, specifications and regulations, national and international rules and standards and in-house rules and guidelines. Munich Airport has established a Group-wide compliance management system, which encompasses all organizational provisions ensuring compliance with the aforementioned rules. The Compliance department submits reports on the current status of the compliance management system to the Executive Board on a regular basis and to the Supervisory Board on an annual basis. Compliance risks are also communicated as part of the risk reporting to the Executive Board and shareholders if internal thresholds are exceeded. Regular dialog takes place between Risk Management and Compliance. Identifying and mitigating compliance risks
The Compliance department prepares the compliance risk analysis with input from the divisions and combines it with the subsidiaries’ compliance risk analyses every year. Compliance risks are assessed in the same way as the risk management process. Once the compliance risk analysis has been carried out, the Executive Board is notified of the results in a report. The annual Compliance report to the Supervisory Board of FMG also includes the results of the compliance risk analysis. If there is an elevated loss potential and concomitant high probability of occurrence despite all the countermeasures taken, a detailed description is provided in the report. In respect of 2018, there were no elevated compliance risks after the countermeasures taken were considered.Preventing corruption
The compliance guidelines and the guidelines covering gifts and invitations support managers and employees in ensuring legally compliant and ethical behavior at the workplace. They are published on the Intranet and are therefore available to all employees. The guidelines also reference other guidelines with which employees must comply, thus for example ensuring compliance with public procurement law with regard to procurement and contracting processes, data protection, and information security. These ensure that processes and procedures are transparent and traceable, both internally and externally.The position of anti-corruption officer is exercised by the head of the Compliance department.
- External calls for tenders In contracting and tendering procedures, Flughafen München GmbH requires bidders to submit a declaration of commitment stating that they will undertake everything necessary to preclude corruption. Compliance failures are liable to sanctions, such as exclusion from the contracting process.
- Internal standards of conduct within the FMG Group Binding regulations and standards of conduct apply to all managers and employees in the FMG Group, which regulate the handling of gifts and benefits, meal invitations, ancillary activities, as well as the handling of data and information and actions and behavior in relation to procurement.
There were no confirmed cases of corruption in 2018.
Communication and training A key task of the Compliance department is to train and advise employees and managers in compliance matters as a preventative measure to stop compliance breaches from occurring. Group compliance regularly provides training and publishes information to ensure that all employees and managers are familiar with the guidelines and any updates or amendments to them. Every year they must provide their signature to confirm that they have read the compliance documentation. In 2018, some 45 managers of the Munich Airport Group took part in the three-hour training module on compliance as part of the Leadership Excellence Program. In addition to the legal fundamentals and the responsibilities of managers, this also covers Munich Airport Group’s specific guidelines on compliance and the prevention of corruption. A total of 524 people have received training since the module started at the end of 2013. Participation in compliance training is documented. The Executive Board and Supervisory Board deal with compliance issues at regular intervals. A key task of the Compliance department is to train and advise employees and managers in compliance matters as a preventative measure to stop compliance breaches from occurring. Group compliance regularly provides training and publishes information to ensure that all employees and managers are familiar with the guidelines and any updates or amendments to them. Every year they must provide their signature to confirm that they have read the compliance documentation.
Electronic whistle-blower system Through an electronic whistle-blower system, the Business Keeper Monitoring System (BKMS®), Group employees, business partners, and customers can report behavior potentially damaging to our organization. People inside the Group and outside can also contact the Compliance department by other means of communication (telephone, e-mail, face-to-face discussions) if they wish to draw attention to compliance infringements and need advice. Tender documents inform potential bidders of the possibility of using the BKMS® should compliance infringements be suspected.
Data protection Munich Airport has taken extensive measures to comply with the General Data Protection Regulation (GDPR), which came into force on May 25, 2018, as well as the newly worded German Federal Data Protection Act (Bundesdatenschutzgesetz) . The project for implementing the GDPR Group-wide was completed to schedule, with individual subsidiaries managing the topic independently. Compliance with data protection is now established policy. Responsibility lies decentrally with the individual departments or subsidiaries for their respective processing processes. An awareness campaign with face-to-face and online training for Group employees as well as other ongoing training programs for managers and employees on data protection law and data security have contributed to raising awareness for the topic. Specialized, individual advice is also available in instances where people are unsure how to comply properly with data protection regulations. Where necessary, the Group companies have nominated data protection officers to perform consultancy and supervisory tasks in accordance with the GDPR. FMG’s data protection officer is also the data protection officer for most subsidiaries. Organizationally, the data protection officer is assigned to the Compliance department but operates independently and reports directly to the Executive Board. The Compliance department has also developed additional know-how in relation to data protection consulting in the Group. There were no known instances of complaints regarding breaches of customer privacy and losses of customer data.
Purchasing process Purchasing is required in particular to adhere to competition criteria and prevent maverick buying (procurement from outside of the standardized procurement channels). FMG applies the dual-control principle from the opening of the tender process to the invoice approval stage. The annual supplier assessment acts as an additional tool for quality control. Munich Airport is what is known as a sectoral contracting entity within the meaning of public procurement legislation (Law against Restraints on Competition (Gesetz gegen Wettbewerbsbeschränkungen; GWB)) and the Sector Ordinance (Sektorenverordnung; SektVO) as well as a licensor according to the Law governing the Awarding of Concession Contracts (GWB and KonzVgV).
include the procurement of services involving supplies, construction, and services. European public procurement legislation according to GWB and SektVO must be applied to procurement contracts of Flughafen München GmbH if the prerequisites from the following legal foundations exist:
Flughafen München GmbH then generally performs a Europe-wide, two-stage negotiation procedure with competitive bidding (suitability test). If the scope of application of the public procurement legislation is not established – for example, because the threshold value for Europe-wide award procedures is not reached – Flughafen München GmbH conducts a national invitation to tender. Only internal regulations apply here. The aim of these is to award contracts to the most competitive bidder. Public procurement legislation does not apply. For FMG, the following award principles on the basis of Section 97 GWB apply, inter alia: Principle of open competition
As many bidders as possible are to be given the opportunity to make their bid in a formal procedure. Principle of transparency
All bidders are to be given the same information. Where an award procedure is ongoing, the type of procedure may not be changed. Principle of equality/ban on discrimination
All bidders are to be treated equally. Awarding contracts in lots – large contracts are to be divided into individual specialist and partial lots, in order to give small and medium-sized companies the opportunity to apply within the framework of their performance ability. Profitability requirement
The contract is to be awarded to the most economically advantageous bid. Given the legal requirements on the airport as a sectoral contracting entity, no «locality bonus» may be granted to companies from the immediate or nearby vicinity when awarding contracts. Awarding concessions
More details on the application of the Law governing the Awarding of Concession Contracts can be provided on request by the central contact partners.