Compliance and data protection

Deka-internal compliance officers provide advice, train employees and develop standards for the Deka Group as a whole. As a financial services provider, data protection is also of particular importance to Deka.

What compliance means at Deka

Compliance means that the Deka Group acts in accordance with statutory and regulatory provisions. This includes, for example, prohibiting Deka employees from demanding or accepting gifts or invitations. They also cannot provide any gifts themselves – at least, not if doing so might adversely affect the interests of the Deka Group or its clients.

The Compliance area is responsible for the following:
  • Capital market and real estate compliance
  • The Central Office for Financial Crimes – which combines these areas:
    • Prevention of money laundering
    • Prevention of terrorist financing
    • Measures to prevent fraud, other criminal offices, and corruption
    • Implementation of financial sanctions and embargoes
  • Regulatory Compliance

Compliance with standards
  • Tax compliance
  • Information security management (including data protection)
are managed within different departments of DekaBank. 

Duties of the Compliance area

The internal Deka Compliance area develops standards and guidelines for the entire Deka Group, based on statutory and regulatory requirements in all cases. The experts in the Compliance area also provide training and advice for employees. This helps the individual DekaBank organisational units and subsidiaries implement the standards. They are also contacts for all employees with questions about integrity.

In addition, the Deka Compliance area is also repeatedly involved in processes and projects, such as:
  • Processes for new products
  • Significant changes in process organisation and organisational structure
  • Outsourcing aimed at ensuring that the Deka Group fulfils regulatory requirements and identifies potential conflicts of interest at an early stage and, if possible, avoids them
In order to identify and prevent irregularities, the Deka Compliance unit checks compliance with standards in the Deka functional units – and even in its own area. These controls are an integral part of the compliance management system of the Deka Group.
In order to identify and reduce potential compliance risks, the area performs monitoring and controls for all levels of the entire banking business as the second line of defence in the so-called “three lines of defence model (TLoD)”.

Deka has also implemented its own whistleblower system. It ensures that all Deka Group employees and external parties can submit confidential reports if they notice someone breaching compliance provisions.

What data protection means at Deka

The DekaBank Data Protection unit ensures compliance with all provisions of this nature, such as the provisions of the General Data Protection Regulation (GDPR) and German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). These provisions protect individuals from having their personal rights impaired by processing their personal data.

Deka established its own data protection management system in order to implement the requirements of the GDPR and BDSG. It defines all internal processes and ensures that statutory data protection requirements are implemented when, for example, data processing is planned, set up, put into operation or taken out of operation. All of the processes are documented in an overarching data protection concept that governs, for example, the processing of personal data. This also includes protecting the rights of the parties concerned, or fulfilling duties to provide information to clients and employees



Read more about Deka data protection in our Sustainability Report.