INTEGRATED
REPORT
2019

Counteracting corruption and bribery

GRI indicators:
Capitals:

We are committed to ensuring a fair and transparent business model for the ORLEN Group which guarantees trust, safety, free competition and value for all Stakeholders.

GRI:
  • 103-1
  • 103-2

Anti-corruption and anti-bribery activities are carried out by the Control and Security Office in cooperation with the Financial Control, Risk Management and Compliance Office as well as the Audit Office. The scope of responsibility of individual offices has been described in the ‘Report on Non-Financial Information of the ORLEN Group and PKN ORLEN S.A. for 2019’.

The anti-corruption and anti-bribery policies and internal regulations include:

  • ORLEN Group Anti-Corruption Policy – a declaration that our business objectives are to be pursued in a transparent, fair and ethical manner. The policy is designed to raise employee awareness, encourage positive attitudes and behaviours, and streamline procedures and business process oversight. The document underscores the importance of training and awareness-raising among employees and the responsibility of company managements for creating conditions that help to prevent and counteract corruption at the ORLEN Group.
  • Enterprise Risk Management Policy and Procedure – laying down the principles of Enterprise Risk Management for PKN ORLEN and the roles and responsibilities of each individual involved in the process.
  • Rules of control and verification procedures carried out at PKN ORLEN – a document prepared on the basis of the applicable Organisational Rules of PKN ORLEN in order to lay down the principles of control and verification procedures conducted by the Control and Security Office.
  • ORLEN Group anti-money laundering and terrorist financing rules and instructions – laying down detailed procedures to be followed in counteracting money laundering and terrorist financing at the ORLEN Group. The rules are addressed to all companies’ employees in customer-facing positions, have direct access to financial documents or participate in the execution of transactions.
  • ORLEN Group Regulatory Risk Management Policy – governs regulatory risk management processes resulting from existing or proposed legal acts, excluding tax risks.
  • Anonymous Misconduct Reporting System – the system provides a framework for identifying potential irregularities and instances of misconduct, which can be reported via indicated information channels.
  • PKN ORLEN Rules for Accepting and Offering Gifts – define how PKN ORLEN employees must behave when accepting or giving gifts.

Other policies and internal acts are described in the ‘Report on Non-Financial Information of the ORLEN Group and PKN ORLEN S.A. for 2019’.

In accordance with the Code of Best Practice for WSE Listed Companies, PKN ORLEN has in place effective functional control, risk management and compliance supervision systems, as well as an internal audit and control function. The simultaneous operation of all those systems and functions allows the Group to exercise ongoing and effective anti-corruption supervision.

PKN ORLEN has implemented a structured management control system, comprising a set of comprehensive procedures. The procedures are managed through a dedicated IT system which ensures their consistency through multifaceted agreements as well as approvals at each level in the organisation.

Key roles in the Risk Management System have been presented in the section ‘Risk Management’.

In order to minimise the risk of misconduct and corruption, PKN ORLEN has adopted the popular Three Lines of Defence Model. The first line of defence involves risk management by employees and business units, and controls related to the operational processes. The second line is compliance functions, and the third – internal audit and control, supporting the correct functioning of the specified prevention measures.

First line of defence/prevention – the Integrated Enterprise Risk Management System

Risk management is a continuous process, however it is revised in response to the ever-changing economic environment.

Second line of defence/prevention – the Compliance function

PKN ORLEN’s compliance function is based on the following four elements:

  • the ERM system, which supports the process of assessment of financial and operational risk compliance with regard to the effectiveness of controls and the ERM Policy and Procedure
  • the internal audit and control function – with respect to compliance of the processes with internal regulations
  • assessment of compliance with integrated management systems (ISO)
  • managing the risk of non-compliance with legal regulations, standards and ethical norms based on the requirements of the PKN ORLEN Compliance System documentation, with a particular focus on risks related to the Company’s business sector.

The Company’s Integrated Management System takes into account the findings of audits and reviews as well as complaints and grievances. Additionally, preventive/corrective measures are taken to address any irregularities identified in the above processes. All these activities are designed to ensure compliance with the adopted reference standards: ISO 9001 (quality management system), ISO 14001 (environmental management system), PN-N-18001 (occupational health and safety management system), and ISO 27001 (information security management system ), ISCC system (a certification system for biomass and biofuels), Factory Production Control System, and Food Safety Management System.

Once a year, based on the reviews, a comprehensive report about the organisation’s Integrated Management System is prepared, submitted to the Company’s Management Board and posted on the intranet.

PKN ORLEN’s compliance with or preparedness (alignment level) for applicable laws or draft legislation is monitored on an ongoing basis and reported to the PKN ORLEN Management Board. Where necessary, appropriate steps are taken to ensure that the Company meets the requirements of Polish and EU laws and regulations.

Financial Control

The Financial Control Department carries out financial audits aimed at identifying any economic irregularities and fraud, verifying if PKN ORLEN and ORLEN Group employees respect the applicable laws, internal policies and professional standards, estimating the impact of any potential irregularities or misconduct, defining corrective measures and designating responsible persons, as well as assessing internal policies. The audited area is scrutinised mainly against legal compliance, relevance, cost efficiency, reliability, efficiency and legitimacy criteria, with the interests of PKN ORLEN and ORLEN Group companies taken into consideration.

Independence of the Financial Control Department is assured through appropriate functional reporting lines within the Company’s organisational structure.

Financial audit activities are performed on the basis of annual plans approved by the President of the PKN ORLEN Management Board. Regardless of the audit plan in place, the Financial Control Department can also perform ad hoc and investigative audits upon requests submitted to the Head of the Financial Control, Risk and Compliance Management Office by Members of the PKN ORLEN Management Board and individual business functions.

On the basis of findings presented in the Financial Audit Reports, follow-up instructions are issued which specify and prioritise measures to be taken to eliminate any irregularities or improve the performance of the audited area. The implementation of follow-up instructions is monitored continuously until it is confirmed that the corrective measures have been implemented.

Reports summarising the financial audits and the monitoring of implementation of follow-up instructions are drawn up for the PKN ORLEN Management Board twice a year.

Third line of defence / prevention – internal audit and control function

The audit function is performed by the Audit Office. Its purposes include independent, impartial and objective evaluation of functional control systems and analysis of business processes in accordance with the generally applicable laws and internal policies.

The activities of the Audit Office conform to the International Standards for the Professional Practice of Internal Auditing (IIA).

Independence of the Audit Office is assured through appropriate functional and administrative reporting lines within the Company’s organisational structure.

The Audit Office performs its functions (audits, consultancy projects and business analyses) on the basis of an annual audit plan approved by the Company’s Management Board. The annual plan is presented to the Audit Committee of the Company’s Supervisory Board in order to obtain its opinion, and then is submitted directly to the Supervisory Board for approval.

As part of their activities, the Audit Office and the Control and Security Office verify on an ongoing basis if processes are executed in line with the applicable internal regulations. Ad hoc audits may also be conducted by the Audit Office when and as requested by the Company’s Supervisory or Management Board.

The Audit Office continuously monitors its recommendations, based on which it prepares a report twice a year, stating to what extent they have been implemented. All monitoring reports are submitted to the Company’s Management Board and the Audit Committee of the Company’s Supervisory Board, which is in charge of ongoing assessment of the entire organisation’s functioning.

The Control and Security Office, on the basis of the ongoing monitoring of recommendations and follow-up orders, prepares a report on the status and scope of implementation of the recommendations. Its activities have either a preventive or detective nature. They are complemented by activities performed by ORLEN Ochrona, which has due authorisations and appropriate tools, including the ability to use the services of business intelligence agencies and detectives. If any instance of corruption is suspected, relevant steps are taken in close cooperation with law enforcement agencies, including the police and Central Anti-Corruption Bureau (CBA). The simultaneous operation of all the systems and functions described above allows the Group to exercise ongoing and effective anti-corruption supervision.

In 2019, the Control and Security Office launched systemic training delivered on an annual basis across business functions with the highest risk of misconduct, in the form of classroom or e-learning training provided to ORLEN Group employees and new hires. The topics covered included criminal liability and disciplinary sanctions for corruption offences, identification of such offences, procedures to be followed in the case of suspected corruption by employees, whistleblowing options and channels, accepting and giving of gifts and building safe relationships with business partners. In 2019, a total of 4,057 people were trained across the ORLEN Group, including the companies’ management boards.

GRI:
  • 103-3

The Anti-Corruption Policy has been in force in the ORLEN Group since 2018 and there is a Anti-Corruption Compliance Officer. The Officer cooperates directly with the Management Boards of the ORLEN Group companies which have no separate security departments. In 2020, the Rules of Anonymous Misconduct Reporting are to be updated with solutions introduced, inter alia, by Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law COM/2018/218. This ensures compliance with the EU legal requirements, the duty of care and the Warsaw Stock Exchange anti-corruption standards.

GRI:
  • 205-2

The ORLEN Group’s Anti-Corruption Policy is available at www.orlen.pl and on the intranet. Our trading partners and representatives are notified about the policy and rules for counteracting corruption at the time of establishment of the business relationship. In addition, when registering on the Connect procurement platform, suppliers also receive information on the anti-corruption policies and rules. In 2019, all members of the Management Board (100%) were made familiar with the ORLEN Group’s Anti-Corruption Policy.

In accordance with the procedure for educating the Group’s workforce on the internal regulations, the policy was made known to all (100%) employees. In 2019, training in this area was provided to all members of the Management Board (100%) and 279 employees, while nearly 200 employees completed an e-learning course.

GRI:
  • 205-1

At PKN ORLEN and the ORLEN Group companies covered by the Enterprise Risk Management (ERM) System, the following risks in the anti-corruption and bribery area have been identified and assessed, depending on each company’s specific characteristics:

  • Fraud and other misconduct – the risk of employees acting unethically and committing fraud or other misconduct. The risk of fraud and other misconduct has been identified in 34 processes in the areas of retail, wholesale, procurement, marketing, safety, and finance.
  • Misconduct by customers, employees or agents involved in the sales process – the risk of an inappropriate sales process or system or inappropriate sales system safeguards enabling customers or employees to commit financial fraud. The risk of misconduct by customers, employees or agents in the sales process has been identified in three processes in the areas of retail, wholesale, and marketing.
  • Violation or improper implementation of ethical standards – the risk of ORLEN Group employees violating corporate ethical standards or of ethical standards being ineffectively established, implemented and enforced and inconsistent with corporate objectives. The risk has been identified in the Value System and Rules of Conduct process.

The risks related to anti-corruption and bribery were assessed in a controls effectiveness review conducted by the relevant business areas in respect of 38 processes and in an independent review performed by the Internal Control Department based on the irregularities identified during inspections.

In 2019, the ERM System covered: PKN ORLEN, ANWIL, ORLEN Lietuva Group, Unipetrol Group, ORLEN Deutschland GmbH, ORLEN Paliwa and ORLEN Centrum Usług Korporacyjnych, which represent close to 10% of all the ORLEN Group companies.

In 2019, as part of an annual risk self-assessment process and risk controls tests at PKN ORLEN, 552 risks were assessed based on tests of 999 controls in 176 business processes. The ORLEN Group companies assessed 633 risks and 1,807 controls in 169 processes.1

1The data does not include: ORLEN Lietuva Group and ORLEN Deutschland GmbH, where a self-assessment process is being carried out in 2020.

Search results