As an internationally operating company, a fair and transparent working environment is of great importance to us. The goal of our whistleblower system is to protect employees, customers, business partners and NTT DATA from any form of non-compliance.
The NTT DATA Business Solutions AG (“NDBS”), as well as those working for or with NDBS, agrees to comply with all applicable domestic and foreign laws, regulations, governmental rules, and requirements applicable to the business, promote compliance with applicable international standards, and to adhere to the Code of Business Conduct (our “Code”), while ensuring that business activities are always conducted with integrity and ethical conduct.
Everyone should do the right thing, even if no one is watching. We want to enable a compliant and an ethical culture that empowers and encourages our employees, clients, third parties and communities to do the right thing and to feel comfortable to “SpeakUp” when they see or suspect any misconduct in the business, including violations of our Code, internal policies, applicable laws and regulations, or are acting in a way that is not in keeping with our values.
In order to ensure a consistent approach to ethical reporting and investigations across our group, and to align this approach to best practice and international standards, NDBS has adopted a centralized reporting channel. An effective SpeakUp and whistleblowing process allows NDBS to demonstrate its global commitment to ethical practices.
This Policy describes our responsibility to ensure that all Reports are treated confidentially, fairly, ethically, responsibly and the measures we take to do this.
The purpose of this Policy is to:
This Policy is applicable to various interested parties of the company. These interested parties may fall into any of the following categories:
The Policy applies to all companies within the NDBS Group, which means all domestic and foreign companies in which NDBS directly or indirectly holds more than 50% of the shares or control is exercised by management responsibility.
All individuals have the responsibility to report incidents of unethical behavior. Incidents may be actual or suspected breaches of our Code, NDBS Policies, or any laws and regulations.
Concerns that should be raised under this Policy include, but are not limited to:
When making a Report, ensure that you exercise due care to provide honest, accurate information and as much detail as possible, including:
The more information that you provide in the Report, the easier it will be for our team to investigate.
Cooperation from the Reporter is helpful for NDBS to appropriately and effectively investigate Reports that are raised, so please respond to any follow up questions or requests for further information that you may receive from the relevant compliance department.
Any employee who fails to comply with this Policy including provisions relating to nonretaliation, may be subject to disciplinary action, including dismissal.
NDBS is responsible for compliance with any local laws and regulations that apply to its area of the business. If local laws and regulations establish more rigorous standards than provided for in this Policy or prohibit any activities outlined in this Policy, then local laws and regulations must be followed by the relevant operating entity.
All local variations, additional requirements and/or exceptions to this Policy must be reviewed by the NDBS Unit Chief Legal, Risk and Compliance Officer and recommended to the NDBS Global Legal, Risk and Compliance Department for approval, in line with the NDBS GAM.
We are committed to building a transparent and ethical culture that ensures that employees and third parties act with integrity in all that we do.
All employees and third parties must be aware of, understand and follow this Policy and any applicable addendum to it.
Employees will receive mandatory training on this Policy, any related policies, and where they may go to make a SpeakUp Report.
Individuals responsible for responding to Reports and/or performing investigations must be appropriately trained to ensure that they handle Reports, communicate with individuals who SpeakUp, and respond to Reports (including performance of any investigations) in a suitable manner.
The design, implementation and operating effectiveness of this Policy and its associated controls is subject to ongoing monitoring, review, and audit.
Compliance with this Policy is monitored on a periodic basis and reported to NDBS Global Legal, Risk and Compliance Department, the Unit Chief Legal, Risk and Compliance Officer and the relevant Unit governance structure.
This Policy is subject to continual review and improvement and will be reviewed by NDBS at least annually.
This Policy encourages you to raise concerns about known or suspected misconduct through a variety of channels (see section 3.1.1). We are committed to ensuring that at all times we treat Reports confidentially and act in a fair, ethical, responsible, and lawful way.
Incidents that are already the subject of legal action or which are related to such legal action are outside the scope of this Whistleblowing Policy and should be reported to the appropriate legal representative. If the employee (“Whistleblower”) reports an instance that relates to an existing legal action, the employee, if identified, will be advised to contact with an appropriate person involved in the legal action and, if not identified, the CCO will determine if the information needs to be forward to the legal representative. For the avoidance of doubt, in no circumstance is an employee prohibited from filing a Whistleblower report for an incident that exists independently of the legal action.
We treat all Reports in a confidential and sensitive manner and only share information relating to SpeakUp Reports on a need-to-know basis.
Except to the extent necessary to conduct the investigation and take remedial action, at all times SpeakUp Reports, including all information disclosed or obtained in the course of an investigation, including the identity of the Reporter and all parties involved in the investigation must be protected against unauthorized access, use, loss, damage, or abuse through the implementation of reasonable and appropriate technical and organizational measures to ensure the ongoing confidentiality, integrity, availability, and resilience of information gathered in SpeakUp Reports.
The Reporter and all employees participating in the investigation process are always bound by confidentiality during and after the investigation.
You can choose to remain anonymous or to share your identity at the time of making a Report, or at any time thereafter.
Our SpeakUp platform maintains your anonymity at all times, unless you choose to share your identity with us in your Report. If you choose to Report anonymously, the Report must include as many details as possible in order to enable us to investigate the Report. Please make sure that you continuously check back into the SpeakUp system to receive any communication or questions from the compliance or investigatory team, should we have any questions that relate to your Report.
Your Report will be identified through a unique case number that will be provided to you at the time of making your Report. Please note your case number and keep it safe. Your case number enables you to keep track of your Report and any actions taken to respond to your Report. It will also enable us to request any further clarification or information from you.
We do, however, encourage you to share your identity in your Report as in some cases, anonymity may limit our ability to effectively investigate your Report and take appropriate action. Your identity will be kept confidential at all times and only disclosed on a need-to-know basis.
If you share your identity with us and we need to disclose your identity to other parties in conformity with the applicable laws (e.g., relevant authorities) in order to effectively respond to your Report and such disclosure is necessary and appropriate, we will notify you in advance to such disclosure.
We are committed to ensuring that personal data processed for the purpose of whistleblowing and responding to Reports will be processed in a transparent, fair, ethical and lawful way in accordance with our SpeakUp & Whistleblowing Privacy Notice published on the Webpage.
Personal data processed for the purpose of whistleblowing and responding to Reports, in accordance with this Policy, will be kept confidential and will only be used for the purposes described in this Policy and the SpeakUp & Whistleblowing Privacy Notice, and/or to comply with applicable laws and regulations and/or in the public interest.
All Reports made in good faith will be treated fairly, ethically, and responsibly, in accordance with applicable laws and regulations. If an individual makes a Report in good faith, which is not confirmed by a subsequent enquiry or investigation, no detrimental action will be taken against the individual making the Report.
It is a violation of our Code and this Policy to knowingly make a false accusation or defamatory and/or misleading Report. Any person who is found to have made a Report in bad faith, may be subject to disciplinary or other legal action.
We have a strict non-retaliation policy and will not tolerate any harassment or victimization towards anyone for whistleblowing in good faith. Retaliation includes any direct or indirect acts or omissions, prompted by the Report, that may cause unjustified detriment to individuals who have made a Report or to any individual, other than the Reporter, who is also protected under this Policy, including without limitations the following:
(a) facilitators (any person who promotes or encourages the Reporter to communicate the Report or who helps the Reporter to provide meaningful or necessary information in relation to the Report).
(b) individuals, such as colleagues or relatives of the Reporter.
(c) legal entities with any link to the Reporter.
(d) any individuals working under the supervision and direction of contractors, subcontractors and suppliers.
If you experience any form of retaliation, or you notice any form of retaliation against anyone else, for whistleblowing in good faith about known or suspected unethical behavior or misconduct, immediately report this via one of our SpeakUp channels. A report on retaliation against an individual who has made a Report is treated like any other Report and the same procedure is followed.
We are committed to supporting all individuals who SpeakUp in good faith and, where requested, may assist individuals to make a Report and provide appropriate assistance where required.
All Reports will follow the SpeakUp process outlined below.
There are several SpeakUp and Whistleblowing channels available to you to make a Report when you know of or suspect misconduct in our business.
We encourage employees, clients, third parties and other stakeholders to come to us first, before approaching any external bodies, institutions, authorities or the media, by using the channels described below.
There are several channels available to employees to make a Report, including:
Our 24/7 anonymous and confidential SpeakUp platform, as follows:
When making a SpeakUp Report over the phone, make sure to pronounce clearly, and ideally spell out any names or locations. Once you are finished, simply hang-up.
Have a pen ready when making your Report on our SpeakUp platform. You will be required to set up a password and you will thereafter receive a reference number for the specific Report. It is important that you write this down and keep it safe, as you need it to be able to track the progress of your Report and provide any additional information. You will be asked to enter this number each time you access the SpeakUp platform.
If you have left a voice message via the phone on our SpeakUp Platform, our response will be communicated back to you as a voice message, when you log on again via the phone to receive the communication.
All Reports received through the SpeakUp platform will be anonymous (unless you volunteer to provide your personal data) and will be received by NDBS. The Report will then be assessed and referred to the relevant Unit Chief Legal, Risk and Compliance Officer.
You are encouraged, as the first step, to Report the known or suspected violations of the Code of Conduct, policies or applicable laws through your local process of either reporting to your direct line manager, the local compliance department or the people function, where relevant.
However,
(a) if you are fearful of confidentiality or retaliation by reporting the incident to the local process; or
(b) the matter is a significant issue/incident of potential global impact such as bribery or fraudulent financial reporting or
(c) if local compliance failed to address the incident, then you can report it directly to the Unit Chief Legal, Risk and Compliance Officer or via the anonymous SpeakUp platform.
Once you have submitted your Report it will be translated, if required, and we will acknowledge receipt of your Report within seven calendar days.
In some instances, we may need further clarification or information from you to support our ability to respond to your Report and will reach out to you for more information.
All Reports under this Policy will be investigated promptly and appropriately. Once we have all the initial information, we will carefully assess your Report and determine the appropriate actions required to be taken to address your concerns. Such actions may include internal enquiries and investigations.
All investigations are conducted in a professional, objective, unbiased, factual, and consistent manner, in accordance with relevant laws and regulations, and are performed by qualified personnel. The Unit Chief Legal, Risk and Compliance Officer will identify and appoint the appropriate personnel or third party to perform the investigation. If needed, third party experts (e.g., lawyers or accountants) can be engaged to assist in investigations. The duration of an investigation will depend on the circumstances of the case, including the number of allegations, witnesses, and other factors. We will provide feedback within a timeframe of 3 months from the acknowledgment of receipt of the Report.
Details of the case, your identity, and the identity of anyone else mentioned in the Report, are kept confidential throughout and after the investigation and are only shared on a need-to-know basis.
Any employee is required to cooperate in the investigation of Reports if contacted in the course of such an investigation. Failure to cooperate with an investigation and the intentional false or misleading disclosure of information during an investigation may result in disciplinary action by NDBS.
During the investigation, the investigator may interview alleged witnesses and/or the Reporter and collect all necessary information. Depending on the nature and severity of the alleged incident, NDBS may or may not be required to refer the matter to a regulatory or law enforcement agency.
Once the investigation is complete and after reviewing all findings, we will decide on an appropriate, fair, ethical, and lawful course of action.
Where possible, you will be informed of the overall findings (i.e., whether unethical behavior or misconduct has occurred) and, where permitted, any further actions to be taken and regular feedback will be provided regarding the progress of the matter.
Please note that we may not be able to give you full details of the outcome of a matter (or related actions taken) for reasons of confidentiality, privacy, and the legal rights of all concerned.
If you are unsatisfied with the decision made specifically against you, or a decision that impacts you, in a particular case, that has been formally communicated to you upon closure of an investigation, you may raise an appeal against that decision against you. Appeals in relation to closed cases will be directed to NDBS for consideration, who shall determine whether to consider the appeal on a discretionary basis.
Any appeal directed to NDBS must be brought within 30 days of final feedback being provided to the Reporter by the Unit Chief Legal, Risk and Compliance Officer.
NDBS may unilaterally change, amend, or suspend this Policy at any time without notice. This may be necessary, inter alia, to maintain compliance with applicable laws and/or to accommodate organizational changes within NDBS. NDBS may also establish additional rules and procedures to give effect to the intent of this Policy and the goal of good corporate governance.
An order to violate any of these rules or the law constitutes an abuse of power.
In the case of a conflict between a country-specific law and this Policy, the local law shall take precedence.
For any queries about this Policy please contact the Global Legal, Risk and Compliance Team.
