Whistleblower Protection Guideline

Compliance and integrity are of great importance for METRO. The Management Board therefore requires all employees and members of the METRO managements to act in accordance with the law, the METRO Business Principles, our company guidelines and other internal regulations.

It is therefore crucial to be aware of any potential non-compliant behaviour that puts METRO at risk as well as to identify risks which are set or enhanced by METRO’s behaviour. Hence, the METRO AG Management Board promotes a culture of openness, trust and transparency and encourages employees as well as external parties to speak up and raise concerns about risks as well as actual or suspected misconduct. This is key to avert and safeguard METRO from any potential financial and/or reputational risk, to fulfil our aspiration of being a responsible partner in the value chain and secure our long-term success.

 

1.1 Objective
This guideline is intended to demonstrate the Management Board’s commitment towards protecting internal and external whistleblowers to actively encourage them to raise any concerns about compliance risks, actual or suspected misconduct, as well as other risks in METRO’s or its direct or indirect suppliers’ business operations. 

In this sense, the guideline defines specifications for the protection of whistleblowers and describes the process of reporting and processing on risks or actual or suspected misconduct.

 

1.2 Applicability and Target Group
This guideline applies to all employees of METRO. 

 

1.3 Scope
This guideline mainly describes:

• Protection of whistleblowers reporting incidents regarding compliance risks or any other suspected or actual misconduct or risks in METRO’s or its direct or indirect suppliers’ business operations. 
• Reporting and handling process.

Employees and external parties are encouraged to report any suspected or actual misconduct or wrongdoing or risks in METRO’s or its direct or indirect suppliers’ business operations particularly with regard to:

• Competition Law
• Corruption
• Fraud and embezzlement
• Money laundering and terrorist financing
• Conflict of Interest 
• Discrimination/harassment 
• Human rights
• Food and product safety 
• Environment protection 
• Consumer protection
• Data protection and IT security
• Tax offences
• Fair terms & conditions of employment
• Confidentiality & insider trading rules
• Other applicable laws or METRO guidelines 

Reports by employees or external parties can be a crucial instrument to detect, resolve and sanction misconduct within the company and its business environment. However, the submission of such reports must not lead to disadvantages for the whistleblower. It is forbidden to take sanctions against whistleblowers. This also applies to threats and attempts of sanctions.

The protection of whistleblowers is essential to encourage speaking up in any case of any risks as well as actual or suspected misconduct. METRO is therefore committed to ensure protection of those who report risks, violations or misconduct in good faith and to support an open and transparent culture.

Whistleblower protection applies to all internal and external employees, as well as business partners, applicants and other externals, and applies equally to whistleblowers and persons who are the subject of or affected by the report.

Effective whistleblower protection includes:

Protection of identity:

METRO ensures that the identity of whistleblowers is not disclosed without their explicit consent. The Reporting System (Whistleblower System) allows anonymous reporting.[1] However, in order to efficiently investigate reports, METRO encourages whistleblowers to disclose their identity. The identity may only be disclosed to the persons responsible for receiving reports or taking follow-up action.

Information about the identity of a whistleblower may without prior explicit consent only be disclosed to law enforcement authorities and/or based on an order in an administrative proceeding or a court decision.

Protection against retaliation:

When reporting in good faith, the whistleblower shall not suffer from any disadvantage as a result of speaking up. This shall extend to all types of harm, including dismissal, written or oral warnings, job sanctions or discrimination, punitive transfers, harassment, loss of status and benefits, and the like. Any employee or manager who retaliates against someone who has reported a violation in good faith will be subject to discipline procedures up to and including termination of employment.

No sanctions for unsubstantiated reporting: 

The whistleblower shall not be subject to sanctions for unsubstantiated reporting provided that disclosure is made in good faith.

Reporters might also refrain from speaking up when assuming that reports are not adequately followed-up and resolved. Therefore, METRO established a process to ensure appropriate handling and resolving of all reports. Due to legal requirements, Annex 1 sets out standards for how incidents should be recorded, how communication with whistleblowers should take place and when recorded incidents are anonymized.

 

3.1 Reporting channels
There are different ways to report. Employees may for example address issues to their line manager. 

Separately, each METRO company has set up a local internal reporting channel for violations. The respective contact person for these is the Local Compliance Officer. A complete contact list of the local internal reporting offices can be found on the intranet. Reports can be made in person, by telephone, by mail or also by letter to the local reporting offices of the company. The local report can of course also be submitted anonymously. 

Should the reporter feel uncomfortable with addressing concerns locally, he or she can make a (anonymous) report via the groupwide Whistleblower System. External parties also have the possibility to submit (anonymous) reports via the groupwide Whistleblower System. The Whistleblower System can be accessed both internally and externally via this link.

Apart from submitting a one-time report via the Whistleblower System, the Whistleblower System offers the possibility to set up a secure anonymous postbox, which can be used to continuously (also anonymously) communicate with the reporting office.

Further information on the reporting process can be found on the Intranet. 

Questions or suggestions can be submitted at any time to the Local Compliance Officer or to Corporate Compliance.

External parties may find additional information on the METRO Homepage.

In addition to the internal reporting channels, whistleblowers may also use external reporting channels. Information regarding reporting to external reporting offices can be found in Annex 2.

 

3.2 Handling and investigation process
All reports will be promptly reviewed and, if required, appropriate investigative and corrective action will be taken. Investigations are conducted in a manner that is confidential, fair and objective. Depending on the nature of the reported issue, the investigation processes vary e.g., in terms of handling on local or corporate level. Only those persons whose participation in this is required are included in the investigation.

After review and investigation of the report, appropriate measures are taken and, if necessary, recommendations issued to the responsible Management Board members. Feedback on the outcome will be provided to the whistleblower whenever possible. Whistleblowers who reported anonymously may track the status of the investigation and receive feedback through the secure anonymous postbox on the groupwide Whistleblower System that they are asked to set up when making a report. 

 

3.3 Rules of procedure
In order to foster the objective and efficient processing of reports, METRO has issued rules of procedure which demonstrate how reports are followed-up and how much time it the processing usually takes. For the rules of procedure, please see Annex 3.

Whistleblower Protection Guideline
Recording reports and communication with whistleblowers        

This annex sets out formal legal requirements for recording reports and communicating with whistleblowers. Reports regarding compliance risks need to be handled in accordance with the established Compliance Incident Handling Process (CIHP).

 

Basic requirements for recording reports submitted to Compliance:

1.   All relevant information regarding the reported issue whether received via the Whistleblower System or other local internal reporting channels needs to be recorded in the Compliance Case Management System. Personal data is to be included only where strictly necessary.

2.   Relevant information as well as status of the handling process needs to be updated in both Compliance Case Management System and Whistleblower System on a regular basis.

3.   Once an issue is resolved and any necessary measures have been (successfully) implemented (if applicable), the Local Compliance Officer has to set the status to “case closed”. Anonymization rules below apply.

4.   Access to information regarding compliance risks may be granted only on a strict need-to-know-basis (e. g. to the Compliance Incident Handling Committee).

5.   Information about the identity of a whistleblower may only be disclosed to the persons responsible for receiving reports or taking follow-up action if the disclosure is necessary for the internal investigation or if the whistleblower has given prior written consent to each disclosure separately.

6.   The Local Compliance Officer shall document all incoming reports made to the local internal reporting channel by means of a summary in the form of a note, an audio recording or a complete and accurate transcription of the wording in the form of a protocol.

o   The consent of the whistleblower is required for sound recordings or for the writing of a protocol.

o   The whistleblower shall be given the opportunity to check the note or the protocol, to correct it if necessary and to confirm it by signature.

 

Basic requirements for recording reports submitted to other functions:

All reports and follow-up actions have to be documented in writing.
2.   Reports regarding compliance risks which were not reported through the compliance reporting channels must be disclosed to the Local Compliance Officer. 

3.   Access to information regarding compliance risks may be granted only on a strict need-to-know-basis.

4.   Information about the identity of a whistleblower may only be disclosed to the persons responsible for receiving reports or taking follow-up action if the disclosure is necessary for the internal investigation or if the whistleblower has given prior written consent to each disclosure separately.

5.   All incoming reports shall be documented by means of a summary in the form of a note, an audio recording or a complete and accurate transcription of the wording in the form of a protocol.

o   The consent of the whistleblower is required for sound recordings or for the writing of a protocol.

o   The whistleblower shall be given the opportunity to check the note or the protocol, to correct it if necessary and to confirm it by signature.

 

Legal requirements for all functions regarding the communication with whistleblowers:

Regardless the type of reporting channel, the whistleblower will receive an initial reply (acknowledgement of receipt) from the internal reporting office as soon as possible, but max. within 7 days. The first feedback to the whistleblower needs to be submitted by the internal reporting office as soon as possible but at the latest within 3 months after acknowledgement of receipt. The internal reporting office must inform the whistleblower of any follow-up action taken. The whistleblower will receive a final feedback no later than 6 months after acknowledgement of receipt. In exceptional cases justifying a broader or more thorough investigation, a longer deadline may be warranted.

Protection of whistleblower must be ensured according to this "Whistleblower Protection Guideline".

 

Anonymization rules:

1.   Once the reported issue is resolved and status is set to “case closed”, anonymization of personal data has to be applied strictly after

a)   7 years from resolving the incident if incident related personal information is reasonably expected to be needed in the future. 

b)   3 years from resolving the incident in all other cases.

These deadlines allow the ability to act on possible subsequent legal disputes, to initiate follow-up investigations if necessary or to take into account newly received evidence on previously resolved incidents. Generally, after 3 years, or in the specific cases with a substantially higher likelihood of subsequent legal disputes after 7 years, it is no longer expected that the personal data is required.

Note: If local data protection laws provide shorter retention periods, these should be applied.

2.   Personal data is all information that relates to a person and particularly includes

a)   Information that directly identifies a person, e. g. names of individuals and 

b)   Information that makes a person identifiable (e. g. staff number, precise job titles, etc.).

3.   For the avoidance of doubt: The record of the incident is kept, just the personal data is anonymized.

Whistleblower Protection Guideline
Information regarding external reporting offices 

1. External federal reporting offices 

Federal Financial Supervisory Authority (BaFin)

BaFin accepts (anonymous) reports via an electronic whistleblower system, by e-mail, mail, telephone or in person. Whistleblower can find further details on BaFin’s website (

https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=2BaF6&c=-1&language=eng 

Federal Cartel Office 

The Federal Cartel Office accepts (anonymous) reports via an electronic whistleblower system, by e-mail, mail, telephone or in person. Whistleblower can find further details on BaFin’s website ().

https://www.bkms-system.net/bkwebanon/report/channels?id=bkarta&language=eng 

Federal Office of Justice

The Federal Office of Justice accepts (anonymous) reports via an electronic whistleblower system. Whistleblower can find further details on Federal Office of Justice’s website

https://www.bundesjustizamt.de/DE/MeldestelledesBundes/MeldestelledesBundes_node.html 

 

2. External reporting offices of the European Union 

European Anti-Fraud Office (OLAF)

OLAF accepts (anonymous) reports via an electronic whistleblower system or by mail. Whistleblower can find further details on OLAF‘s website (https://anti-fraud.ec.europa.eu/olaf-and-you/report-fraud_en).

European Union Aviation Safety Agency (EASA)

EASA accepts (anonymous) reports via an electronic whistleblower system. Whistleblower can find further details on EASA‘s website (https://www.easa.europa.eu/en/confidential-safety-reporting). 

European Securities and Markets Authority (ESMA)

ESMA accepts reports by e-mail or mail. Whistleblower can find further details on ESMA‘s website (https://esma.integrityline.app/?lang=en)

European Medicines Agency (EMA)

EMA accepts (anonymous) reports by e-mail or mail. Whistleblower can find further details on EMA‘s website (https://www.ema.europa.eu/en/about-us/how-we-work/external-whistleblowing-policy#how-to-report-a-concern-section). 

 

Annex 2 is updated on an ongoing basis.

Whistleblower Protection Guideline 
Rules of procedure 

These rules of procedure ensure the objective and efficient handling of reports, show how reports are followed up and how much time it usually takes to process them.

Integrity and compliance are of utmost importance for METRO. Therefore, it is crucial for METRO to identify any potential non-compliant behaviour and risk. The METRO AG Management Board supports a culture of trust, openness and transparency and encourages all employees and external parties to openly raise concerns about existing or suspected misconduct or risks. 

Employees and external parties are encouraged to report suspected or existing misconduct or risks in METRO's business operations, but also in the business operations of its direct and indirect suppliers, especially in the following areas:

• Competition Law 
• Corruption 
• Fraud and embezzlement
• Money laundering and terrorist financing 
• Conflicts of Interest 
• Discrimination/harassment 
• Human rights 
• Food and product safety 
• Environment protection
• Consumer protection 
• Data protection and IT security 
• Tax offences 
• Fair terms & conditions of employment
• Confidentiality & insider trading rules 
• Other applicable laws or METRO regulations

METRO takes every report seriously. METRO commits to effectively protect whistleblowers and to save them from any disadvantages that may arise in connection with the report. The effective protection of whistleblowers includes:

Protection of identity

The identity of the whistleblower, but also of all other persons mentioned in the report, is protected. The identity of whistleblowers will not be disclosed without explicit consent. The identity may only be disclosed to the persons responsible for receiving reports or taking follow-up action.

Information about the identity of a whistleblower may, without prior explicit consent, only be disclosed to law enforcement authorities and/or based on an order in an administrative proceeding or a court decision.

Protection against adverse treatment

When reporting in good faith, the whistleblower shall not suffer from any disadvantage as a result of speaking up. This shall extend to all types of harm, including dismissal, written or oral warnings, job sanctions or discrimination, punitive transfers, harassment, loss of status and benefits, and the like. Any employee or manager who retaliates against someone who has reported a violation or risk in good faith will be subject to discipline procedures up to and including termination of employment.

Protection against sanctions or unfounded reports

The whistleblower shall not be subject to sanctions for unsubstantiated reporting provided that disclosure is made in good faith.

 

1. Receipt of the report

Reports can be submitted via the groupwide whistleblower system. Employees can also submit reports in person, by telephone or e-mail to the Local Compliance Officer. 

Employees and external parties have the possibility to report anonymously without providing any contact details. They can also decide to stay anonymous during the entire report handling process. The whistleblower system offers the possibility to set up a secure anonymous postbox, which can be used to continuously (also anonymously) communicate with the reporting office.

Irrespective of the decision to provide contact details, the identity of the whistleblower will be kept confidential at all times and the identity will not be disclosed without their prior consent.

Each incoming report will be assigned to a person responsible for the initial processing (reporting office). With regard to this assignment, these persons act impartially, are independent in fulfilling their duties, not bound by instructions and obliged to maintain confidentiality.

All incoming reports are documented. Provided that the opportunity of further contact has been used, the whistleblower receives an acknowledgement of receipt within 7 days. Together with the acknowledgement of receipt the reporting office provides information on the further handling process and remains in constant exchange with the whistleblower.

 

2. Plausibility check of the report 

In order to ensure that the complaints procedure functions properly and to prevent abuse, the reporting office immediately verifies the received report for plausibility. If the report is incomplete or inconclusive, and the whistleblower has decided to give the opportunity to contact him, the reporting office may contact the whistleblower and request further information. 

If the report is inconclusive or is not subject to METRO's area of responsibility, the whistleblower will be informed that the report will not be pursued further and the specific reasons for this decision.

If a report is conclusive and plausible, the reporting office will forward the report to the competent investigative body and informs the whistleblower, provided the whistleblower has given the opportunity to do so. Generally, the information will be provided together with the confirmation of receipt. In principle, however, the examination of the validity can take up to 2 weeks.

 

3. Clarification of the facts 

In order to ensure an objective, transparent and consistent clarification of each report, the investigative body will take the necessary measures to examine the report and to sufficiently clarify the facts. To this end, comprehensive investigative measures may be initiated and, if possible and necessary, the whistleblower can be asked for further information. The investigations are always carried out by specialised investigators in compliance with applicable laws. 

If the report proves to be unfounded, the proceedings are terminated and the whistleblower will be informed and provided with the relevant reasons. 

The clarification of the facts can usually take up to 3 months, in exceptional cases which require extensive investigations, it may take longer.

 

4. Measures

METRO works towards a comprehensive clarification of the reported issues. Identified risks are assessed and, if necessary, addressed by appropriate measures. In the event of existing or imminent violations, appropriate remedial action will be taken using envisaged procedures. 

The whistleblower is usually informed within 3 months about planned and already taken measures. The reporting office remains in contact with the whistleblower until the conclusion of the procedure, provided that the whistleblower decided to give the opportunity to contact him.

 

5. Ongoing review of effectiveness 

The knowledge gained from the complaints procedure is continuously evaluated and used to improve METRO's complaints procedure and related risk management systems. A functioning and efficient complaints procedure can point out existing risks and help METRO to maintain its integrity in the future.