Sustainability Report 2017

Governance, Risk & Compliance

For 50Hertz, sustainable corporate governance includes purposeful corporate structures with clear responsibility and control functions. Our organisational structure is based on common corporate governance requirements, while at the same time including company-internal requirements. These have been set out in the Corporate Charter and internal policies, and focus on particularly important fields of action and positions. The EU has agreed on a policy and target package that contains targets for climate protection and energy consumption up to 2020. The Federal Republic of Germany has adopted policies for an environmentally responsible, reliable and affordable energy supply. On this basis, the business activities of 50Hertz are subject to numerous national and European regulations, according to which we align our actions.

Legal Framework Conditions

The framework for our business activity is provided in particular by the following important national laws and European regulations and directives:

  • The Energy Industry Act (EnWG)
  • The Renewable Energies Act (EEG)
  • The Combined Heat and Power Act (KWKG)
  • The Federal Emissions Control Act (BImSchG)
  • The Federal Nature Conservation Act (BNatSchG)
  • The Law on the Digitisation of the Energy transition
  • The Energy Efficiency Directive of the European Union (EU)
  • The Habitats Directive of the EU and
  • The Birds Directive of the EU.

An overview of the key strategies, laws and regulations can be found on the Federal Ministry for Economic Affairs and Energy's website

In 2017, numerous laws in the field of energy changed substantially. In the newly adopted Grid Fees Modernisation Act (NEMoG), 50Hertz’ long-standing demand for nationwide allocation of transmission grid fees has been heard. With the amendments to the Spatial Planning Act and the Federal Nature Protection Law as well as a law for the modernisation of the environmental impact assessment, the legislator partially adapted the framework conditions for the expansion of the grid. In the change to the Electricity Grid Access Regulation, published on 23 December 2017 in the Federal Law Gazette, the German transmission system operators were given requirements for maintaining the single German bidding zone. At European level, the EU Commission, the European Parliament and the Council are continuing negotiations on the so-called Winter Package (Clean Energy for all Europeans Package). This will have a significant impact on the core business of the transmission system operators.

Clean Energy for all Europeans Package

In November 2016, the EU Commission has presented the draft of the “Clean Energy for all Europeans” legislative package (the so-called EU Winter Package) compiling a total of four directives and four regulations. These include proposals to improve EU-wide further coordination of national energy policies to reform energy efficiency policies and promote renewable energy sources, as well as a European power market design and cooperation between the transmission system operators. The EU Commission’s legislative package is to set a framework for EU energy policy over the coming years, and pays particular attention to the establishment of an EU energy union of Member States.

More information on the Clean Energy for All Europeans Package can be found on the European Commission's website.

The legislator has a strong influence on 50Hertz’ business activities. This is why our positions are brought into the political process transparently and are publicly available at all times. The communications and public affairs department is responsible for this. We therefore practice political communication responsibly and refrain from making party donations in any form. The company-wide guidance coordinated with the Board of Management on decision-making practices in the political environment was updated in 2017 to include a chapter on “Ethical principles for political representation of interests”. This specified that 50Hertz does not make donations to politicians, parties or political institutions. In the case of sponsorship, attention is paid to appropriate consideration and balance. The responsibility for donations to foundations and associations affiliated with parties is centrally anchored in the communications and public affairs department. Our employees who are active in the areas of public and external affairs are familiarised with these policies and recommendations in specific training programmes, so they can base their communication and actions on clearly defined principles. 50Hertz is also entered in the “EU Transparency Register”. This transparency register is a publicly accessible database, in which all of the activities of interest groups at policy level are recorded. The Code of Conduct of the EU Transparency Register requires that all players must adhere to directives and regulations on dealing with political decision-makers. We have voluntarily undertaken to comply with this Code of Conduct.

Compliance and Anticorruption

In its corporate activity, 50Hertz complies with the law. We do not give corruption a chance. In our Company Charter as well as our internal policy for corruption prevention, we have specified what we consider to be ethically correct corporate conduct. We implement these principles as organisational measures. These apply company-wide and are binding for all employees as well as for the 50Hertz Board of Management.

In June 2017, the European Money Laundering Directive was adopted into national law. As 50Hertz does not conduct any cash operations, the introduction of risk management within the meaning of money laundering law was not necessary. However, we are expressly committed in this context to conscientious compliance with the general duty of care obligations. Therefore, our supplier manual includes reference criteria and these criteria are further specified for managers responsible for the different balancing zones. Contradictions in the legal registry entries have been corrected.

In order to minimise the risk of corruption, we regularly train all employees involved in the purchasing process on the basics of procurement, anticorruption and rule-compliant behaviour. Therefore, in 2017, five training courses involving a total of 55 workers took place across all business locations. 14 training courses have taken place since 2016 for 151 employees throughout the company across all locations. For 2018, three training courses for approximately 40 further participants are planned.

Since 2010, a directive has regulated our whistle-blower system and prescribes the establishment of an internal Compliance Committee and an external Ombudsman. The Compliance Committee consists of one member each from Legal and Human Resources as well as the Compliance Coordinator. Once a year, the Ombudsman reports to the committee in writing on his activities and informs of the number of notices received. If the Ombudsman forwards a substantiated notice of an offence to 50Hertz, the Compliance Committee is convened immediately. It addresses the respective case and if necessary initiates internal steps. The committee reports to the 50Hertz Board of Management once a year and as required.

In 2017, the Ombudsman did not receive any corruption notices. The Compliance Committee was convened anyway, as the committee became aware of a proposed contribution to the capital reserves of a foundation. An internal investigation was launched, during which a lack of clarity concerning the process was identified but no breach of a directive could be identified. In the reporting year 2017, no significant fines were legally imposed against 50Hertz in relation to the general business activities, line construction or grid operation. For the delimitation of administrative offences, the reporting threshold was set at EUR 25,000.

Risk Management

In our corporate activities, we always weigh up opportunities and risks to us and our social environment. Therefore, 50Hertz regularly records and assesses the following areas in the context of systematic risk management:

Risk areas

  • Protection of life and limb
  • Profit and loss
  • Liquidity
  • Reputation
  • Security of supply.

50Hertz strives at all times to prevent risks that jeopardise the existence of the company, to reduce risk positions as purposefully as possible and to optimise the risks-opportunities profile. This is why we have set out in a risk policy how risks are systematically identified, assessed and monitored by us on a quarterly basis. At an annual risk conference, all head of departments as risk owners and the risk managers meet with the Board of Management to discuss the central risks and risk-related topics. In the context of our social responsibility, among other things, these concern occupational safety and new requirements under environmental legislation.

In the sense of a holistic approach to risk management, we involve our suppliers and the associated processes. We have anchored requirements regarding occupational safety and environmental protection in our purchasing and procurement policy, which are binding for all suppliers. In the future, we will analyse our influence on the structure of sustainable supply chains in detail, expand upon documents relevant to our suppliers on sustainability-related aspects and make our business partners even more aware of occupational safety, health protection and environmental protection topics.

You can also read our section „Preferred Employer“.

Right: 130 guests attended the Supplier Day 2017 in the 50Hertz Netzquartier in 2017. Left: Uwe Herzfeld, Head of Purchasing at 50Hertz: making the representatives of our suppliers aware of the sustainability topics.

In order to minimise risks to our social environment and, at the same time, explore opportunities to further shape it sustainably, we engage in an intensive and open dialogue with all stakeholder groups affected by our activities.

You can also read our section “Committed Partner”.

IT Security

Being an operator of so-called critical infrastructure, the IT security law applies for 50Hertz: We need to ensure information security. 50Hertz is therefore obliged to organise the processing, storage and communication of information in such a way that the availability, confidentiality and integrity of information and systems is sufficiently secured. On the basis of an IT security catalogue by the Federal Network Agency (Bundesnetzagentur, BNetzA), we introduced and had an information security management system certified according to ISO 27001 in January 2018. With the introduction of this system, we reviewed our internal IT processes and the interfaces to our partners and made them even more secure and efficient.

In 2017, the Federal Office for Security in Information Technology (BSI) forwarded a total of 32 security instructions and warnings to 50Hertz. These were assessed and processed by our IT division. Recommended protective measures were – insofar as possible – implemented. Concrete attacks on our systems were not detected. The operational tasks of IT security also include detecting, analysing and removing viruses and spam e-mails as well as monitoring the Internet presences of 50Hertz. In the past year, no cyberattacks on 50Hertz were registered.

Critical Infrastructure

Critical infrastructures are facilities, technical assets and elements thereof that are immensely important for the functioning of the commonwealth. Their failure or detraction would result in significant bottlenecks of supply, threats to public safety or other dramatic consequences. These infrastructures include, for example, the following sectors:

  • Energy and water supply
  • Information technology and telecommunications
  • Medical care

Ensuring the protection of such critical infrastructure is a core task of state and corporate security provision and a central theme of security politics in Germany. Being an operator of such critical infrastructure, 50Hertz bears a high level of social responsibility. With the advanced digitisation of technical assets and operations, the need to guarantee information security accordingly is increasing. The legal framework is set by the IT security catalogue according to §11, para. 1a EnWG of the Federal Network Agency for Electricity, Gas, Telecommunications Post and Rail (BNetzA).