Deka-internal compliance officers provide advice, train employees and develop standards for the Deka Group as a whole. As a financial services provider, data protection is also of particular importance to Deka.
What compliance means at Deka
Compliance means that the Deka Group acts in accordance with statutory and regulatory provisions. This includes, for example, prohibiting Deka employees from demanding or accepting gifts or invitations. They also cannot provide any gifts themselves – at least, not if doing so might adversely affect the interests of the Deka Group or its clients.
The Compliance area is responsible for the following:
Capital market and real estate compliance
The Central Office for Financial Crimes – which combines these areas:
Prevention of money laundering
Prevention of terrorist financing
Measures to prevent fraud, other criminal offices, and corruption
Implementation of financial sanctions and embargoes
Compliance with standards
Information security management (including data protection)
are managed within different departments of DekaBank.
Duties of the Compliance area
The internal Deka Compliance area develops standards and guidelines for the entire Deka Group, based on statutory and regulatory requirements in all cases. The experts in the Compliance area also provide training and advice for employees. This helps the individual DekaBank organisational units and subsidiaries implement the standards. They are also contacts for all employees with questions about integrity.
In addition, the Deka Compliance area is also repeatedly involved in processes and projects, such as:
Processes for new products
Significant changes in process organisation and organisational structure
Outsourcing aimed at ensuring that the Deka Group fulfils regulatory requirements and identifies potential conflicts of interest at an early stage and, if possible, avoids them
In order to identify and prevent irregularities, the Deka Compliance unit checks compliance with standards in the Deka functional units – and even in its own area. These controls are an integral part of the compliance management system of the Deka Group.
In order to identify potential compliance risks and work towards their reduction with suitable measures, the unit carries out monitoring and control tasks as a second line of defence in the so-called "3 Lines of Defence" model (3LoD).
Deka has also implemented its own whistleblower system. The Deka Group's compliance system includes a whistleblower system. This ensures that information from employees and also from external persons about potential and actual breaches of legal regulations and requirements, in particular the Money Laundering Act, as well as illegal or dishonest actions, can be reported in confidence to DekaBank's external ombudsman. The ombudsman examines the facts of the case and forwards the relevant information to DekaBank while maintaining confidentiality.
What data protection and information security means at Deka
The DekaBank Data Protection unit ensures compliance with all provisions of this nature, such as the provisions of the General Data Protection Regulation (GDPR) and German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). These provisions protect individuals from having their personal rights impaired by processing their personal data.
Deka established its own data protection management system in order to implement the requirements of the GDPR and BDSG. It defines all internal processes and ensures that statutory data protection requirements are implemented when, for example, data processing is planned, set up, put into operation or taken out of operation. All of the processes are documented in an overarching data protection concept that governs, for example, the processing of personal data. This also includes protecting the rights of the parties concerned, or fulfilling duties to provide information to clients and employees.
In addition to policies and processes, the information security management system primarily comprises technical functions designed to ensure an appropriate level of information risk. The aim is to protect the bank and its customers as well as partners from information risks while ensuring confidentiality, integrity, and availability.