NTT DATA Business Solutions AG (“NDBS”), as well as those working for or with NDBS, agrees to comply with all applicable domestic and foreign laws, regulations, governmental rules and requirements applicable to the business and to adhere to its own Code of Business Conduct, while ensuring that business activities are always conducted with integrity and ethical conduct.
A potential or actual violation of the Code of Business Conduct, applicable laws or governmental regulations may result in governmental investigations, prosecution, fines, injunctive relief and other sanctions for NDBS and those working for or with NDBS (to the extent they are responsible for the violation).
For this purpose, and with the goal of promoting the company ethical standards, NDBS is committed to maintaining a workplace that encourages the reporting of potential or actual violations of applicable laws and the Code of Business Conduct. NDBS promotes a culture of openness and responsibility for raising concerns and reporting suspected violations. These are able to be expressed without fear of being disadvantaged. The purpose of this Whistleblower Policy (“Policy”) is therefore to promote such awareness among all NDBS officers, employees and those working for or with NDBS and to enable them to report potential or actual violations (also referred to as ” whistleblowing incidents”) without fear of retaliation.
The aim of the Policy is therefore to:
- provide guidance to employees on how to report compliance incidents;
- give every employee the opportunity to raise concerns about non-compliance with legal and regulatory requirements, financial statements or reports;
- reassure each employee that they should not hesitate to report an incident if there are genuine and serious concerns and their confidentiality will be respected and the concerns raised will be followed up; and
- encourage all employees to report suspected misconduct such as fraud, corruption, unethical behavior and questionable business practices and to convey the knowledge that concerns will be taken seriously.
For clarity, the purpose of this policy is to supplement and not replace local organization processes (such as the People function) for employment grievances, general complaints or suggestions. Incidents reported through this policy must be made in good faith for interest of NDBS and not based upon malicious or ill intent towards other employees, supervisors or managers.
This Policy is applicable to various interested parties of the company. These interested parties may fall into any of the following categories:
- all employees of the NDBS;
- employees of other companies who are working for or with NDBS and who are involved in the company’s activities, whether working from any of the company’s offices or any other location;
- contractors, vendors, suppliers or agencies (or any of their employee’s) providing any goods or service to NDBS;
- customers of NDBS;
- any other persons associated with NDBS.
2.3 Definitions and Abbreviations
Mobbing: Bullying in the workplace in the context of this Policy means a conflictual communication in the workplace among colleagues or between superiors and subordinates, where the person attacked is inferior and is attacked systematically and for a long period of time, directly or indirectly, by one or more persons with the aim and/or effect of expelling and the person attacked experiences this as discrimination.
Ethics Committee: A Committee appointed by the Executive Board by proposal of the Chief Compliance Officer of five to seven NDBS employees to support decisions with ethical formed opinions and suggestions. The committee is composed of individuals from various disciplines and locations/regions to ensure diversity, different perspectives and an understanding of the company’s global business operations. There must be a balance between managers and non-managers. The Ethics Committee primarily acts reactively at the request of the Board of Directors or the (Chief) Compliance Manager and provides its independent position and opinion based on a questionable issue/process. The term of office of the persons on the Ethics Committee is 2 full calendar years (24 months) after appointment as a member of the Ethics Committee if not otherwise described in the Ethics Committee Guidelines.
Whistleblower: An employee who informs on a person or company engaged in violation of the Code of Business Conduct or suspected illegal activity.
CCO: Chief Compliance Officer
CEHL: Corporate Ethics Help Line
CoC: Code of Business Conduct
NDBS: NTT DATA Business Solutions AG and its affiliated companies
2.4 Other Applicable Documents
- other applicable documents: see document management system
- sources (see footnotes)
3. Whistleblowing Corporate Ethics Help Lines
3.1 Reporting of a Disclosure
All employees have the possibility and the duty to report incidents – which may be classified as violations of applicable laws, rules and regulations or the CoC – confidentially and, if desired, anonymously. The respective reporting options are described in Section 3.3. Each reporting option guarantees that the information will be taken note of and appropriate internal investigations will be initiated.
Every individual’s reporting is essential for the early detection, proper investigation, rectification and prevention of potential and actual violations. Failure to report a reasonable suspicion constitutes a violation of this Policy. Failure to do so may result in appropriate disciplinary action, depending on the severity of the incident, up to and including consequences under labor law (e.g. termination of employment) and claims for damages.
Possible violations that may fall under this Policy include but are not limited to:
- abuse of authority;
- bribery or corrupt practices or violations;
- breach of contract;
- negligence causing substantial and specific risk to public health and safety of all;
- manipulation of company data/records;
- financial irregularities, including fraud or suspected fraud or deficiencies in internal control and audit, or intentional errors in the preparation of financial statements or the misstatements of financial reports;
- any unlawful act whether criminal or civil;
- theft or unlawful disclosure of confidential and internal information;
- intentional violation of laws and/or regulations, where such violation could lead to legal actions against the company;
- wastage / misappropriation of company funds / assets;
- breach of company Policy;
- mobbing, discrimination and sexual harassment and assault in the workplace.
Incidents that are already the subject of legal action or which are related to such legal action are outside the scope of this Whistleblowing Policy and should be reported to the appropriate legal representative. If the employee reports a instance that relates to an existing legal action, the employee, if identified, will be advised to contact with an appropriate person involved in the legal action and, if not identified, the CCO will determine if the information needs to be forward to the legal representative.
For the avoidance of doubt, in no circumstance is an employee prohibited from filining a Whistleblower reportfor an incident has exist independently of the legal action.
3.2 Protection of a Whistleblower
In accordance with Section 3.5 of this Policy, NDBS shall ensure that all reports that reach the CCO, or other Compliance Contact persons, by whatever communication channel are treated with the utmost confidentiality. As long as the confidentiality of the report does not constitute a violation of applicable laws then NDBS is not obligated to involve the law enforcement authorities of the country and in these circumstances all reports will remain anonymous.
All reports that are made honestly and with the best intentions are free of any consequences and disadvantages for the Whistleblower. However, this presupposes that:
- the communication/disclosure is made in good faith
- the person reasonably believes that information, and any allegations contained in it, are substantially true, and
- the person is not acting for personal gain.
A Whistleblower who makes a report, and anyone who assists them, under these conditions is protected from disciplinary actions, even if the allegations prove to be groundless. Thus, all reports made under this Policy will protect Whistleblowers from any form of retaliation. Retaliation includes, for example, discrimination, harassment or revenge in any form.
If an employee abuses the reporting process (e.g., by maliciously reporting an incident even though the reporter knows it is untrue), disciplinary action will be taken against that individual. The same applies to anyone who harasses an employee by deliberately reporting an untrue incident through this reporting procedure. If deemed appropriate or necessary, appropriate legal action may also be taken against such false reporters.
3.3 Reporting options for Whistleblowing incidents
NDBS offers different options for employees to report a potential or actual violation. Anyone who has knowledge of an actual or potential violation of the provisions of the CoC, as well as questions or concerns regarding an actual or potential violation, must report the matter promptly through one of the reporting channels.
Employees are encouraged, as the first step, to report the known or suspected violations of the NDBS CoCor applicable laws through their local process of either reporting to a direct supervisor People function or the local compliance officer and process. However, if the employee a) is fearful of confidentiality or retaliation by reporting the incident to the local process; (b) the matter is a significant issue/incident of potential global impact such as bribery or fraudulent financial reporting or (c) if local compliance failed to address the incident, the employee can report it directly to the global compliance department or the outside Whistleblower line.
If the Whistleblower reports anonymously, the report must include as many details as possible in order to allow for an investigation. For this reason, we encourage the Whistleblower to be identify with knowledge that identity will remain confidential to the extent permitted by law and that NDBS has a policy that strictly prohibits retaliation and intimidation for a good faith report.
3.3.1 On Local level:
Supervisor/Responsible Management: the employee has the opportunity at any time to contact his or her supervisor or responsible manager or, People (Human Resource) department directly, either anonymously or openly, by e-mail, telephone or in person. If the employee has reason to believe that their immediate supervisor or someone named above is involved in the violation, there is also the option of reporting the violation to the local or regional Compliance Manager. This also applies if the employee is not satisfied with the response they have received, e.g. from his/her supervisor, or with the actions taken by his/her supervisor.
Local/regional Compliance Manager: Alternatively, if the direct supervisor or management should not be involved, the local or regional Compliance Manager can be contacted. An overview of all compliance managers or the persons responsible for Whistleblowing incidents can be found here. The email will be received by the respective Compliance Manager shown in the list.
3.3.2 On Global level:
On a global level, a Whistleblower incident can be reported to the Chief Compliance Officer or the Corporate Global Compliance Team. Possible violations can be reported in person, by phone or by e-mail. It is also possible to report violations anonymously via the anonymous e-mail address [email protected] The Chief Compliance Officer is obliged to maintain confidentiality and, if desired, the anonymity of the Whistleblower, unless disclosure is mandatory due to criminal or governmental investigations. The CCO is not bound by instructions and has a written agreement that grants them full and complete independence in their investigations.
3.3.3 Group-wide level:
On a group-wide level, it is possible to report a whistleblower incident to the NTT Group via the group-wide contact. This Group-wide Corporate Ethics Help Line enables NTT Group employees and those working for the respective business partners to raise concerns. The Corporate Ethics Help Line is managed and operated by an external law firm in Tokyo, Japan. This ensures that the reports submitted remain anonymous. NTT Group’s external lawyers will in no event (including non-anonymous reports) forward the name of the employee who uses the Whistleblower Line to report an incident to NDBS or its affiliates. If an employee who has reported an incident via the external group-wide Corporate Ethics Help Line wants their name be forwarded by the lawyer, he or she must inform the lawyer in writing.
3.4 Content of a Disclosure
By reporting a potential incident, the Whistleblower should provide as much information about the suspected violation as possible. Where possible, the Whistleblower should at least provide the following:
- details of the person(s) who have been engaged or allegedly involved in the whistleblower incident;
- the nature of the whistleblower incident (what has happened in chronological order);
- any evidence or witnesses available to support the allegation of whistleblower incident;
- a description of documents to which the whistleblower incident relates; and
- the timeframe (time and location and name of company) during which the suspected violation is believed to have occurred.
3.5 Investigation Process
All notifications under this Policy will be investigated promptly and appropriately. Any employee working for or with NDBS is required to cooperate in the investigation of reports if contacted in the course of such investigation. Failure to cooperate with an investigation and the intentional false or misleading disclosure of information during an investigation may result in disciplinary action by NDBS.
A Whistleblower who discloses their identity will be contacted by the responsible person (Compliance Officer, CCO) as soon as possible, but at the latest within two weeks of receipt of the report. If the incident is very urgent, the Whistleblower will be contacted immediately, but at the latest within five (5) working days. In some cases, the investigation may require that the report be forwarded to an internal or external investigator for assistance.
If the Whistleblower submits the report anonymously, NDBS will not be able to contact the Whistleblower for further information or follow-up discussions. The Whistleblower is not entitled to receive further information regarding their report.
It is the responsibility of the investigator to conduct the investigation promptly and in an appropriate manner. It is their task to evaluate, investigate and justify or refute the report.
During the investigation, the investigator may interview alleged witnesses and/or the Whistleblower and collect all necessary information. Depending on the nature and severity of the alleged incident, NDBS may or may not be required to refer the matter to a regulatory or law enforcement agency.
The Executive Management Board or the CCO may choose to activate the NDBS Ethics Committee to form an independent opinion about the process steps under the given circumstances and the results found during the investigation.
At the end of the investigation, the Compliance investigation team will submit a confidential report to the management board and/or the highest management level of the respective country, which will ultimately decide on the action to be taken.
4. Confidentiality and Retention of Documents
All information provided in the context of a report and disclosed or obtained in the course of an investigation shall remain confidential, including the identity of the Whistleblower and the identities of all parties involved in the investigation, except to the extent necessary to conduct the investigation and take remedial action in accordance with applicable law.
Whistleblowers have the option of reporting violations anonymously or marking them as anonymous. In this case, all reasonable steps will be taken to protect the Whistleblower’s anonymity. However, some criminal or governmental investigations may require disclosure of the source or Whistleblower, otherwise it may not be possible to reach a final conclusion. In these cases anonymity cannot be guaranteed in every case. If NDBS is required to disclose the identity of the Whistleblower, NDBS will inform the Whistleblower at the earliest possible stage.
It is important to understand that the Whistleblower or employees participating in the investigation process are bound by confidentiality at all times during and after the investigation.
If the report is not anonymous, NDBS may, in its sole discretion and as appropriate, keep the Whistleblower informed of the status of the investigation of the report (but not of the details), always with due regard to applicable law and privacy considerations of the individuals against whom allegations are made.
All documents relating to reporting, investigation and enforcement under this Policy will be retained for a period and then destroyed by NDBS in accordance with applicable law. Access to all reports and records is restricted to a need to know basis only and in all instances subject to confidentiality obligations. Reports and resulting investigations or resulting actions will not be made public unless required by law or other regulations.
5. Company’s Power
NDBS may unilaterally change, amend or suspend this Policy at any time without notice. This may be necessary, inter alia, to maintain compliance with applicable laws and/or to accommodate organizational changes within NDBS. NDBS may also establish additional rules and procedures to give effect to the intent of this Policy and the goal of good corporate governance.
An order to violate any of these rules or the law constitutes an abuse of power. In the case of a conflict between a country-specific law and this Policy, the local law shall take precedence.
For any queries about this Policy please contact the Corporate Compliance Team: [email protected]