- Management structures realigned
- Review of internal control framework continued
A complex business like ours needs to be supported by sound governance structures, and strong organizational and risk frameworks. Together, these foster adequate decision-making and risk management processes.
Responsible governance implies, at a minimum, having an organizational framework in place to encourage compliance with laws and regulations. For us, it also implies operating according to high ethical standards, including those addressing environmental and social challenges. We do this through our policy framework and mechanisms for senior management that align to statutory requirements, as well as through strengthening our control framework.
Our system of corporate governance provides the basis for the responsible management of Deutsche Bank and is anchored in the Corporate Governance Fundamentals, consisting of a set of principles that are the foundation of our daily work. These principles fall into four categories: Fundamental Principles, guiding all actions and decisions of the Management Board and its delegated representatives; principles governing the trust-based cooperation between the Management Board, Supervisory Board, and key external stakeholders, especially supervisory authorities; principles relating to Deutsche Bank’s internal governance, which are a key foundation for the bank’s operational structure and for delegation of authorities and responsibilities; and, finally, Core Organizational Principles, which set the overarching framework for the Group-wide organization of Deutsche Bank. Further information: Corporate Governance report, Compensation report
Our approach to responsible governance underpins our corporate culture, which remains essential for Deutsche Bank’s long-term success and its stakeholder relationships. Corporate culture is not only fostered through top–down leadership; it also requires employees at all levels to understand the importance of personal accountability, risk, and values of integrity. See chapter People Our Code of Business Conduct and Ethics helps to achieve this. Further information: Code of Conduct
Finally, we engage in open dialog with the public in order to build understanding on topics of mutual interest. We are a signatory to the UN Global Compact and the UN Principles for Responsible Investment.
Our policies and guidelines reflect our commitment to a wide range of external standards, principles and initiatives, see also CR Portal international standards including:
- German Corporate Governance Code
- UN Guiding Principles on Business and Human Rights
- IFC Performance Standards / EHS Guidelines
- OECD Guidelines for Multinational Enterprises
- International Labor Organization standards
- Roundtable on Sustainable Palm Oil
- The Wolfsberg Principles
- Financial Action Task Force on Money Laundering
Three Lines of Defense
Creating a robust control environment is a top priority for Deutsche Bank. Under the Three Lines of Defense (3 LoD) program, we continue to review our internal control framework and reinforce accountabilities for non-financial risks across the business. The overall goal is to help reduce risks associated with our people, systems and conduct-related failures.
Our first line of defense is the business division and Group Technology & Operations (GTO). These units are ultimately accountable for all risks and controls in their area. The second line includes Risk, Compliance, Anti-Financial Crime, Human Resources, Legal, Group Data Protection, Finance, and Tax. Here, Control Functions are accountable for the group-wide policy frameworks defining minimum control standards and performing independent risk and control assessments. Operational Risk Management teams hold the complete portfolio view and are responsible for the overarching framework. The third line of defense is Group Audit, which provides independent and objective assurance on the effectiveness of risk management, internal controls, and governance processes.
In 2015, we refined and further enhanced our 3 LoD program including:
- Strengthening non-financial risk management and control in the first LoD through further build-out of Divisional Control Units, consolidating and accelerating control enhancements, and improving risk and control management processes covering 1,100 full-time employees.
- Enhancing the second LoD by realigning independent control responsibilities under four Board-level positions: Chief Risk Officer (Operational Risk Management), Chief Regulatory Officer (Compliance, Anti-Financial Crime and G&RA), Chief Administrative Officer (Legal, HR), and Chief Finance Officer (Finance, Tax). Group-wide control frameworks were also strengthened across Embargoes & Sanctions, Anti-Bribery and Corruption, Anti-Money Laundering and Anti-Fraud functions.
- Implementing a new Risk and Control Assessment framework, including a new IT platform; this fosters a consistent Group-wide approach across first and second lines. This will be completed by 2016.
- Strengthening non-financial risk governance through a new Non-Financial Risk Committee chaired by the Chief Risk Officer and Operational Risk Management. To enhance its oversight and control mandate, we have provided further guidance to Regional and Country Managers with around 50 decision processes, gap analyses, and initial remediation on critical areas such as Anti-Financial Crime and Compliance.