The Compliance corporate centre plays a major role in ensuring that DekaBank always acts in line with the applicable statutory and regulatory arrangements as well as its own – sometimes even stricter – guidelines. It covers all issues relating to capital-market and real-estate compliance, MaRisk compliance, tax compliance and information security management. It is also responsible for combating money laundering, terrorism financing, implementing EU sanctions and embargoes and preventing fraud and other criminal activities.
The corporate centre develops Group-wide standards and guidelines on relevant issues and provides corresponding training programmes and advice on their implementation. It is also heavily involved in projects and processes geared´towards ensuring that the Deka Group meets regulatory requirements and that potential conflicts of interest are identified at an early stage and avoided as far as possible. The corporate centre carries out monitoring and control tasks at all levels of banking operations and is dedicated to the systematic management of potential compliance risks.
In the Federal Republic of Germany, data protection is regulated by the German Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the corresponding state data protection laws. The purpose of BDSG, as set out in Section 1 of the Act, is to protect individuals from any infringement of their (constitutionally protected) personal rights caused by the handling of their personal data.
DekaBank’s Data Protection unit works to ensure that the BDSG and other data protection regulations are observed within the Deka Group in Germany. The Data Protection Officer reports directly to the Board of Management or, in his capacity as an external Data Protection Officer, to the management of subsidiaries. To avoid conflicts of interest, the Data Protection Officer is independent of the Compliance corporate centre and is based in a separate unit in the Legal corporate centre.
In order to ensure that the requirements of data protection law are complied with, DekaBank’s Data Protection unit has set up a data protection management system. It has established processes to ensure that statutory requirements concerning data protection are implemented during the planning, commissioning and operation data processing systems and after those data systems are withdrawn from use. The processes are also documented in a comprehensive data protection concept. This describes, among other things, which aspects must be taken into consideration during the processing of the personal data.
Inter alia, the Data Protection unit uses the following measures to ensure that data protection processes are implemented: