Governance and Compliance

Corporate Governance

For the Executive Board and Supervisory Board of ProSiebenSat.1 Media SE, good corporate governance – and therefore compliance – is an essential component of responsible, transparent management and control, oriented to long-term value creation. The basic rules for the dualistic management and supervisory system are defined in ProSiebenSat.1 Media SE’s articles of incorporation and in the rules of procedure for the Executive Board and Supervisory Board. The German Corporate Governance Code (Deutscher Corporate Governance Kodex — DCGK) also establishes a standard for transparent control and management of the company, which is particularly aligned to the interests of the shareholders. Many of the principles contained in the DCGK have already been practiced at ProSiebenSat.1 for a long time. In accordance with the recommendation of Item 5.6 of the DCGK, the Supervisory Board conducts regular efficiency reviews. The major points of examination include the Supervisory Board’s view of its own mission, the organization of its activities, the independence of its members, the handling of potential conflicts of interest, and the composition of its committees.

In addition to efficient structures and processes for good governance, ProSiebenSat.1 Group places great value on openness and clarity in communication. This is an important requirement for maintaining and increasing the confidence of external stakeholders and our employees in the Group. Our public relations and investor relations work is guided by the transparency guidelines of the DCGK. We communicate fully, promptly and frankly with journalists, investors, analysts, shareholders and interested members of the public. For us, equal treatment of all players is a matter of course. We provide detailed information in German and English about our business activities, the ProSiebenSat.1 stock and the financial results on our Group website www.ProSiebenSat1.com.

In our Annual Report – published most recently on March 15, 2016 – we report comprehensively on corporate governance at ProSiebenSat.1. Every year, it includes

Compliance at ProSiebenSat.1

ProSiebenSat.1 Group follows a policy of compliance. In the following, we report on the fields of law identified as particularly relevant for ProSiebenSat.1 Group. The prevention of corruption and violations of antitrust law and media law are important success factors for the market position and the attainment of the targeted corporate objectives. Due to the increasing digitalization of our business operations, data protection and the associated preservation of personal rights also form a central pillar of the compliance-management system (CMS). Compliance with legal requirements for other fields of law relevant to ProSiebenSat.1 Group is addressed via separate governance systems. ProSiebenSat.1 does not tolerate rule-breaking. ProSiebenSat.1 Group has therefore set down fundamental guidelines and procedures in its Code of Compliance. These guidelines define our general standards for conduct in business, legal and ethical matters. They serve all members of the Executive Board, the management and the employees of ProSiebenSat.1 Group as a binding reference and regulatory framework for dealing with each other and with business partners, customers, suppliers and other third parties. This culture of integrity and compliance finds its way into our daily work, it is a component of the corporate processes. The Executive Board supports this by providing a suitable compliance organization and adequate and efficient compliance programs. These including consulting, training and measures derived from guidelines. ProSiebenSat.1 Group’s CMS is continuously being enhanced, improved and reviewed. The processes were analyzed by an independent consultant. The result of this risk assessment demonstrated that the compliance processes in place are effective.

In light of the CMS requirements and its individual Group structure, ProSiebenSat.1 is structured into centralized and decentralized compliance organizations. The centralized organization is made up of the Compliance Board, the Group Chief Compliance Officer (CCO) and the compliance subject-matter experts (SMEs). The decentralized compliance organization is represented by the Unit Compliance Officers (UCOs).

Centralized compliance organization

Centralized compliance organization (Graphic)Centralized compliance organization (Graphic)

A special role in the compliance organization is awarded to the Compliance Board, the function of which is to support the Executive Board with regard to the implementation, monitoring and enhancement of the CMS. The Compliance Board meets at least every two months. The permanent members comprise the CCO, an Executive Board member and the Group Chief Financial Officer (CFO). The Board’s task is to decide on the focus of the CMS, to investigate matters and to propose sanctions.

On the basis of a relevance analysis, ProSiebenSat.1’s CMS is chiefly devoted to the prevention of financial crime relating to corruption, compliance with requirements under antitrust and media law, and ensuring data protection, as these areas are important components of the company’s corporate strategy:

  • Anti-corruption: ProSiebenSat.1 aims to create transparency in its dealings with customers, suppliers and authorities in order to meet international standards for combating corruption and national and local requirements for combating corruption and bribery. The CMS therefore covers the prevention of criminal acts of corruption, especially the criminal offenses of taking and giving bribes in commercial practice (Sections 299 et seq. of the German Criminal Code (StGB)), granting benefits to public officials (Section 333 StGB) and bribing public officials (Section 334 StGB). In 2015, there were no incidences of corruption or public legal cases regarding corruption brought against the Group or ProSiebenSat.1 employees.

    The implementation of a systematic and standardized risk analysis for compliance risks is a material foundation of the CMS for ProSiebenSat.1 Group. Building on the relevance analysis, a compliance risk assessment is carried out as a second step. Specific weighting factors, such as the Corruption Perceptions Index, are included in the consolidation of the results into a risk portfolio for the Group.

  • Antitrust law: In the field of antitrust law, ProSiebenSat.1’s CMS covers the prevention of agreements and concerted practices that may adversely affect competition (Section 1 of the German Act against Restraints of Competition (GWB), Art. 101 of the Treaty on the Functioning of the European Union (TFEU)) and the prevention of the abuse of a dominant market position (Section 19 GWB, Art. 102 TFEU). For 2015, we have not identified any legal actions against ProSiebenSat.1 regarding anticompetitive behavior or violations of antitrust or monopoly legislation.

  • Media law: The requirements of the CMS according to media law concern licensing requirements, journalistic independence, the separation of advertising and programming, requirements for product placement, requirements according to laws for the protection of young people and the prevention of surreptitious advertising or the broadcast/distribution of illegal advertising. In 2015, no fines were imposed due to non-compliance with regulations concerning marketing communications, including advertising, promotion, and sponsorship. In ten cases, there were complaints and warnings from state media authorities. There were no complaints because of violations of voluntary codes.

    To protect journalistic independence and fundamental journalistic conditions, ProSiebenSat.1 Group formulated guidelines back in 2005 that all program creators in Germany are obliged to uphold. The “Guidelines for Ensuring Journalistic Independence” can be viewed on the corporate website and specify the understanding of the journalistic principles set forth in the Press Code of the German Press Council. The media group’s journalists and editors are accordingly free to shape their contributions and report independently of social, economic or political interest groups. At the same time, they are aware of their responsibility with regard to the spread of information and their contribution to public opinion. Those with editorial responsibility, especially editors in chief, are responsible for compliance with these guidelines and for their implementation in daily business.

    In the field of youth protection, ProSiebenSat.1 Group makes sure that programming on TV and online is age-appropriate. They work independently of the management and ensure that content which is inappropriate for children is broadcast only at the legally prescribed broadcasting times. They also guarantee technical methods of protection regarding the distribution of unsuitable content on the internet. Youth protection officers are therefore involved early on in the production and purchase of programs at ProSiebenSat.1. At an early stage, they assess screenplays, accompany productions and formats and compile reports. Independently, ProSiebenSat.1 Group’s TV and online editors receive regular training on youth protection requirements. In addition to internal guidelines and training, we are also committed to protecting young people via various organizations: The Company is represented on the Board of the Voluntary Self-Regulation of Television Association (Freiwillige Selbstkontrolle Fernsehen e. V., FSF) and the Board of the German Association for Voluntary Self-Regulation of Digital Media Service Providers (Freiwillige Selbstkontrolle Multimedia-Diensteanbieter e. V., FSM). The two associations are organizations for the voluntary self-regulation of private television broadcasters and multimedia service providers and are recognized as independent supervisory bodies for television and the internet by the Commission for the Protection of Minors in the Media (Kommission für Jugendmedienschutz, KJM).

  • Data protection: For a media company like ProSiebenSat.1, data protection is of particularly high importance, especially in light of advancing digitalization and new services such as addressable TV. In addition to statutory provisions, the Company’s internal guidelines are binding for the handling of personal data and their automatic collection, processing and use. ProSiebenSat.1 has set down its data protection principles in its data protection policy, the Code of Compliance and in further data protection provisions. Among other things, the guidelines precisely dictate the data protection processes in the Group.

Data protection processes

 

 

 

Prior checking

Commissioned data processing

Disclosures to authorities

Implementation of a risk analysis incl. compliance review in connection with the introduction/amendment of automatic procedures for processing personal data according to Section 4f of the German Federal Data Protection Act (BDSG) in order to address data-protection-law requirements at an early stage.

Process for legal composition of order processing agreements and implementation of the statutory prior review as per Section 11 BDSG.

Process for legal sharing of personal data with authorities.

 

 

 

Rights of the data subject

Data breach notification

Transmission control

Legal processing of data subjects’ requests:

  • Complaints management
  • Rights of access (Section 34 BDSG)
  • Right to correction (Section 35 BDSG)
  • Right to erasure (Section 35 BDSG)
  • Rights of objection (Section 35 BDSG)

Process for the legal notification of data protection incidences (= unlawful access to personal data by third parties) as per Section 42a BDSG and Section 15a of the German Teleservices Act (TMG).

Process for legal and secure sharing of personal data with third parties.

ProSiebenSat.1 Group has great respect for the privacy of all individuals whose data is collected, processed or used. Therefore, no personal information is processed or used unless full compliance with applicable laws is ensured in advance. This is based in particular on sector and industry standards and best practices. Partly thanks to the data protection processes implemented, there were no complaints from customers concerning breaches of privacy in 2015. The Bavarian Data Protection Authority consulted with ProSiebenSat.1 Digital GmbH regarding the processing of personal data in connection with the HbbTV offerings. In November 2015, we took a stand and since then didn’t receive any queries from the authorities. We assume, that we have answered the request of the authority satisfyingly. Moreover, in 2015 we have not registered any cases of data leaks or data theft. Ensuring the protection of all data now and in the future is a fundamental objective of ProSiebenSat.1 Group.

Alongside data protection, information security is also in the commercial interest of ProSiebenSat.1 Group. A loss, manipulation or unauthorized disclosure of business-critical information could lead to significant financial losses or reputational damage. The sufficient security of business processes, IT, infrastructure and critical information is therefore a strategic factor for the competitiveness and continued existence of ProSiebenSat.1 Media SE. Fundamentally, information security at ProSiebenSat.1 has four strategic objectives:

  • Maximize business continuity
  • Minimize business losses
  • Prevent and minimize the effects of security breaches
  • Limit risks

Failures of systems, applications, or networks are as much potential risks as violations of data integrity and data confidentiality. The continuously increasing scope of information processing and networking and the advancement of technology are increasing complexity in the interplay with people-process technology on the one hand, and on the other hand there is rising vulnerability within company-wide information processing. Targeted attacks and other threat scenarios show that politically, economically or ideologically motivated groups represent a growing challenge. The Group therefore has an Information Security Management System (ISMS), which ensures comprehensive protection for the Group’s information assets in a structured and risk-based manner. The effectiveness of the security standards is examined regularly by the Internal Audit department.

As part of our Information Security Management System, the following properties of the information are secured by technical and organizational measures:

  • Confidentiality: Ensuring that only authorized individuals have access to information.
  • Integrity: Protection of completeness and correctness of information, systems and procedures.
  • Availability: Ensuring that information, information services and systems are available for authorized users, processes and functions.

To ensure that all employees are aware of the relevant fields of law, ProSiebenSat.1 has developed a two-part training concept comprising e-learning and classroom training. In 2015, we trained around 11,500 participants throughout the Group on various compliance issues. General online compliance training was carried out with content regarding anti-corruption and antitrust law (around 5,000 participants), data protection and media, copyright, advertising and competition law (around 2,800 participants each). In addition, around 900 participants took part in classroom training on youth protection, IT security, and more.