Other compliance programmes
The EDF group’s Ethics & Compliance Policy covers other compliance subjects and programmes, the operational implementation of which is carried out by expert divisions within the Group. Some of these subjects were completed in 2017 by memoranda of instructions designed to underpin their roll out in the Group’s entities.
Prevention of harassment and discriminationBanning any harassing or discriminatory behaviour, prevent and address every instance of physical or moral violence, intolerance or injustice in the workplace is one of the key commitments of the Group Ethics Charter. This is part of the regulatory and judicial context which, in many countries, incriminates not only the actions and behaviours themselves, but also employers who fail to implement sufficient preventative measures.
More specifically, directors take all necessary measures to prevent discrimination, harassment and physical and emotional violence in their entities by striving to make employees aware of the risks of harassment and discrimination, raise awareness among managers on ways of preventing and fighting harassment and discrimination, communicate regularly on the ethics and compliance whistleblowing system and apply the appropriate sanctions in the event of proven wrongdoings.
Two awareness-raising videos (one on harassment, the other on discrimination) were rolled out within the Group, and two Reference guides to prevent and handle bullying and sexual harassment have been prepared, and will be published in the first half of 2019. They are intended for management and the HR department, as well as for entities' Ethics and Compliance Managers.
Financial ethicsThe Ethics and Compliance Policy sets out the requirements to be followed to prevent market abuse, the risk of money laundering and the financing of terrorism, and those concerning compliance with the European EMIR regulation. An Ethical Code for Trading in Securities, updated in February 2017, complements this Policy.
Actions to raise awareness of stock market rules are conducted with Group employees, concerning particularly the precautions and obligations for holders of inside information.
The prevention of market abuse, money laundering and terrorist financing is explored in more detail in the code of conduct, Ethics and Compliance.
Preventing breaches of competition lawEDF group is making awareness of and adherence to competition law an absolute priority for its employees. With this in mind, the Group has implemented a Competition Law Compliance Programme since 2010. The programme aims to ensure that all operations of subsidiaries and entities of the Group in France and worldwide comply with competition law. It applies to all Group employees, particularly as regards their relations with customers, competitors, partners and suppliers.
The Compliance Programme covers all aspects of competition law: abuse of dominant position, anti-competitive agreements, concentrations and state aid. The programme involves many training sessions, either online or face-to-face, as well as outreach initiatives.
At the same time, a best practice guide, as well as regular notes and publications on developments in competition law are circulated widely.
The Ethics and Compliance Policy also requires the Group’s managers to set up employee training at their entities, covering the rules of competition law, a system to monitor employee compliance with the rules of competition law, and a mechanism for integrating competition law rules into the entity’s strategy approach.
The Legal Department’s Competition Law Unit devised a new general e-learning competition module with a more interactive format. Launched at the end of 2016, this Serious Game, known as: “Antitrust - Serious Game in Competition Law”, is accessible to all Group employees on the Group’s internal training portal, in multiple languages (French, English and Italian).
Personal data protectionThe protection of personal data (data privacy) is now governed in France by French Data Protection Law no. 78–17 of 6 January 1978, as amended, and EU Regulation 2016/679 of 27 April 2016, known as the General Data Protection Regulation (GDPR), which entered into force on 25 May 2018. EDF, which in 2006 appointed a Personal Data Officer (PDO), appointed its Data Protection Officer (DPO) on 25 May. They are the Lead Manager for the Group. The DPO is responsible for ensuring compliance with regulations relating to the protection of personal data within the Company, whether with regard to the personal data of its customers, employees, service providers or partners.
The work carried out to bring the Group in line with the requirements of the GDPR notably led to the appointment of around twenty DPOs at subsidiaries across France and Europe, under the leadership and coordination of EDF's DPO Lead Manager. The Group Data Protection Network has been strengthened at the subsidiaries, as well as within the Company's management departments, which have Data Protection Contacts, acting as the DPO’s representatives at their entity. Employees and service providers have been trained in personal data protection, in particular via a video course available on the Company’s intranet.
Compliance with industry regulationsPursuant to the Ethics and Compliance Policy (PECG), the entities concerned must implement a system to ensure compliance with the European REMIT Directive, the purpose of which is to ensure the transparency and integrity of the wholesale energy market, in particular by requiring market participants to declare any inside information they hold, to declare transactions and orders placed on the markets to energy regulators, and by formalising the ban on market abuse.
A “REMIT Group Compliance Officer” was appointed in September 2017, tasked with preventing risks of non-compliance with regulations, by developing an appropriate control environment. In this context, the Ethics and Compliance policy was supplemented by a Group memorandum of instructions and a memorandum of application for the regulation on the French energy market. Intended to formalise a common understanding of the key issues and the principles to be implemented, these guidelines meet the expectations of ACER (non-binding recommendations) and CRE (decision dated 25/03/2018) which stress the responsibility of market players in defining the rules for implementing the Regulation, according to their respective situations. Training programmes for the employees concerned are in place or under development at the main Group entities (EDF, EDF Energy and Edison).
The PECG also requires entities involved in exporting products on the list of dual-use products appended to EC regulation no. 428/2009 of 5 May 2009 (including exports within the EU) to implement a compliance procedure.
Compliance with international sanctions programmesThe Group Ethics and Compliance Policy requires the executive directors of Group entities concerned to implement a system to prevent the risk of international sanctions within their entities. The system involves a clause being inserted into each contract entitling EDF to terminate a business relationship with immediate effect in the event of failure to adhere to an international sanctions programme.
EDF has set up a procedure for checking on the integrity of business relations and, in support of this, has made tools available for the Ethics and Compliance Officer to verify that there is no risk of international sanctions. The mapping of sanctions drawn up by the European Union is posted online on the ethics and compliance intranet.
Duty of vigilance
Each year, according to Law N° 2017-399 of 27 March 2017 on the Duty of care of parent companies and ordering companies, EDF SA draws up a “Duty of Care plan” and a report on the implementation of the previous plan that it publishes in its Universal Registration Document.
The EDF Duty of Care plan, approved by the Executive Committee, includes reasonable vigilance measures adequate to identify risks and to prevent severe impacts on human rights and fundamental freedoms, health and safety, and the environment arising as a result of the activities of the company, its subsidiaries and subcontractors, and suppliers or project partners with whom an established business relationship is maintained, where these activities are linked to this relationship.
The executive directors must implement a “Duty of care” programme adapted to their entity and the projects they manage, including :
- Risk mapping by identification, assessment and classification of the risks of severe impacts on human rights and fundamental freedoms, health and safety and the environment. This map is established on criteria linked to the type of activity, the country of operation, the suppliers and subcontractors. It relies on value chain assessment processes;
- Adequate mitigation and preventive actions according to the risk map;
- Monitoring systems on the effective and efficient implementation of measures;
- Review of the actual implementation and the effectiveness of these actions, together with identified improvements;
- Training and awareness-raising of the employees concerned.
A Duty of Care Officer, appointed within the entities, coordinates the implementation of the programme.
A Duty of Care Chief Compliance Officer, is tasked with managing and coordinating the Duty of Care plan and reporting on its effective implementation based on feedback from the entities, in conjunction with the Group Legal Division, the Group Ethics and Compliance Division and the Group Risks Division. He manages the network of Duty of Care Officers.