Doing What’s Right Briefing Booklet for Line Managers
Welcome As we work together to build the ‘Digital Vodafone’ of the future, we need to make sure that we always conduct ourselves in the right way. It’s not only ‘what we do’, it’s also ‘why and how we do it’. How we work together, treat one another, protect our customers and our company is a fundamental part of being an admired company. Our Code of Conduct is in our DNA and it sets out what we expect from each and every employee, contractor and director at all times. We call this
Doing What’s Right.
1 | Overview of this booklet
Overview of this booklet
Our Code of Conduct is in our DNA and sets out what we expect from each and every employee, contractor and director. We expect everyone to read and abide by the values and behaviours outlined in the Code.
Overview of this booklet | 2
Key principles Some of the key principles that are explained further in this booklet are:
Code of Conduct
Conflicts of Interest
We act with integrity in our relationships with employees, customers, suppliers and the community
We understand the difference between potential and actual conflicts and know how to manage those
Speak Up
Anti-Bribery
We all know when and how to Speak Up
We never offer or accept any form of bribe
Competition Law
Health and Safety
We act in a competitive, fair and lawful way
We always abide by 'The Absolute rules' and intervene if we see someone behaving unsafely
Privacy
Security
We know what personal data of customers and employees is, where it is and how to use it properly
We are each responsible and accountable for protecting and securing Vodafone and its customers
Business Resilience
Anti-Money Laundering
We are collectively responsible for ensuring continuation of critical business activities and delivery of our services
By preventing and detecting money laundering and terrorist financing, we keep our financial services safe and accessible
Taking our DNA and bringing it to life starts with you
3 | Overview of this booklet
Line manager action required As a line manager, you are responsible for ensuring that your team understands these principles and messages, and for challenging their behaviour when it does not live up to those standards. This booklet has been designed to help you achieve this. Your required action: Use your team meetings over the coming year to cover all the topics in this booklet. We recommend you do this section by section, 10 minutes at a time. Doing What’s Right should be a regular item on your team agenda. There are 8 sections in this booklet. Each section is composed of :
The key messages every employee needs to know
A manager checklist that will help you deliver these messages
A picture or an infographic that can help you prepare for the session
Being an ethical company starts with you
Contact us at: GroupCompliance@vodafone.com if you have any questions or comments. Overview of this booklet | 4
Code of Conduct Section 1
Principle: We act with integrity in our relationships with employees, customers, suppliers and the community.
Click here to know more 5 | Overview of this booklet
Key messages It’s not only ‘what we do’, it’s also ‘why and how we do it’. Working with integrity and developing trust is the key to making Vodafone both more successful and a better place to work. Developing trust with customers and colleagues is a hard work. It takes time and effort to build, but can be lost easily, in just a short instance. When making decisions in your day-to-day role please ask yourself the following questions.
Impact on trust Will this decision harm the trust that I have developed with my customers or colleagues?
Newspaper test How would this decision be perceived by the external world, e.g. if it was put on the front page of the newspaper?
Long term view Is this decision the best one that I can make for Vodafone, considering both the long and short term effects?
Overview Code of this of Conduct booklet | 6
Challenge it or Speak Up If you see a behaviour that you feel is not in line with our Code of Conduct, please directly challenge it or use the Speak Up process. If as a line manager, you have a concern reported to you that involves ethical, legal or financial mismanagement, please report it to your local HR director.
Conflicts of Interest A large part of integrity is about transparency. If you find yourself in a situation where your own and Vodafone’s interests potentially conflict, please discuss an appropriate resolution with, and get approval from, your line manager and relevant HR contact, and register the conflict of interest on our global register. An example of a potential conflict might be a close relationship with a senior manager of a supplier or competitor. If you as a line manager are told about a potential conflict of interest, please ensure that you work with your local HR team to find a solution and log the conflict on the register.
Actual conflicts of interest are prohibited at Vodafone– for example holding an outside employment position which detracts from your ability to devote appropriate time and attention to your responsibilities within Vodafone. If you find yourself in an actual conflict of interest you must work with your line manager and HR representative to resolve this immediately by eliminating the conflict.
Remember, managing conflicts of interest starts with you
Click here to register 7 | Code Overview of Conduct of this booklet
What should you do? Share an experience from your career when you had to make a difficult decision Ask your team to download the Pocket Code app from V-Store Show your team how to find Speak Up and the Conflicts of Interest register from the Hub Ask your team to join the Doing What’s Right Yammer page Share this booklet with your new joiners and ask them to complete the mandatory Doing What’s Right 2.0 e-learning modules on Vodafone University
Click here for Speak Up hub page
DWR Yammer
DWR 2.0 e-learning modules
Overview of this booklet | 8
Speak Up statistics for financial year 2017/2018 The number of people who voluntarily included their name when reporting an incident was 42% in 2017/18. Including your name when Speaking Up significantly improves our ability to investigate cases and allows us to provide feedback when the investigation has concluded.
748
42%
cases were reported globally via line managers, HRDs or the confidential hotline
of reports were from individuals who gave us their name allowing easier investigation of the case
30%
293
of cases were integrity related (for example conflicts of interest)
disciplinary actions were taken
Who to contact? 1. Line manager (s) 2. HR 3. Independent external hotline (online form) To view the Expolink online form click here
Barring a few members of the Speak Up team who access your information on a need-to-know basis, your identity will always remain confidential, including when you voluntarily include your name, both during and after making a report.
If you see behaviour that is not in line with our Code of Conduct, please
Speak up! For more details please click here
9 | Code Overview of Conduct of this booklet
You may report
anonymously We take confidentiality seriously. All cases are treated confidentially and details are never disclosed to anyone outside the investigation team. As per our Speak Up no tolerance policy towards retaliation against employees raising a concern, your identity will never be disclosed to the subject of the investigation. Even in case of any doubts regarding such behaviour, a separate investigation will be conducted.
Vodafone has a strict non-retaliation policy Our strict non-retaliation policy also means that no action will be taken against you if you report a genuine concern, even if there is no proven unlawful conduct or compliance breach.
You can also register your concerns quickly, discreetly, and directly on the Expolink Speaking Up app
Overview Code of this of Conduct booklet | 10
Anti-Bribery Section 2
Principle: We never offer or accept any form of bribe.
11 | Overview of this booklet
Key messages The subject of anti-bribery and corruption often conjures up thoughts of pay-offs or gifts. These are important, but they are not the only risks to Vodafone.
It could be through endorsing the resume of a customer’s daughter during a negotiation period, or lending a journalist a new device which would give Vodafone more favorable future news stories.
Corruption can come in many forms, so you may not even realize you’re responsible for compromising Vodafone’s reputation.
As a line manager you should be aware of bribery risks and educate your team on them. Some of the risks that you should consider are:
1
Third party risk
We use third parties in order to carry out tasks on our behalf. This means that we could be held responsible for their behaviour.. •
Only use suppliers that have been on-boarded and approved by Supply Chain
•
Remain aware of suspicious supplier behaviour, e.g. the ability to get licences or permits when other companies can’t
•
Ensure that the supplier has the business experience and qualifications to perform the work
•
Ask further questions if the third party’s plan for performing the work is vague or suggests a reliance on contacts or relationships
•
Be cautious when a supplier requests to perform services without a written contract where one is sought
•
Challenge supplier invoices that vaguely describe the services provided or are not properly supported
Overview ofAnty-Bribery this booklet | 12 12
2
Business relationship risks
When maintaining our relationships with customers or winning new business we need to be careful how the giving or receiving of gifts and hospitality, sponsorships or donations could be perceived.
•
Do not offer or accept gifts or hospitality, sponsorships or donations during a tender or RFP process
•
Ensure there is a legitimate business purpose when giving or receiving any gifts or hospitality
3
•
Familiarize yourself with the Anti-Bribery policy (on the Global Policy portal)
Travel risk
Be aware that when travelling in high risk locations you may be asked to make payments to get through customs or government checkpoints. In order to stop bribery from happening we all need to be aware of the risks and what to do when they arise. •
Ask for a fee schedule and/or a receipt to ensure that this is an official charge; if it isn’t, you should refuse to pay, unless there is a physical safety threat
•
You must always report any potential bribery scenarios you face to your local Compliance Officer
Saying no to bribery and corruption starts with you
13 | Anti-Bribery Overview of this booklet
Manager checklist Talk through bribery risks relating to your team’s activities in your team meeting
Ensure they have completed the Doing What’s Right 2.0 Anti-Bribery training module
Ask your team to register gifts and hospitality in our register when required
Show your team the Anti-Bribery hub page
Click here to register
Employees should be aware about the bribery risks at work. By saying no to bribery and corruption we are not only protecting the company but we can make a positive difference in the world.
Employees should seek advice when they are unsure. Contact groupantibribery@vodafone.com if you require further support.
It starts with you
Vodafone has a zero tolerance approach to bribery and corruption. If a breach or potential breach of the Anti-Bribery Policy arises or is suspected, employees should use the Speak Up process. Overview ofAnty-Bribery this booklet | 14
Competition Law Section 3
Principle: We act in a competitive, fair and lawful way.
15 | Overview of this booklet
Key messages As Vodafone is transforming into a Digital Telco and moves into new markets, our people need to understand how competition law affects them. In particular, we need to understand who our competitors are, new and old, and how we should interact with them. As a line manager you should have knowledge of the continuously changing competitive landscape. You should also be able to identify the types of conduct that may raise Competition law concerns and know when to reach out to your Legal/Compliance contacts for help.
Price fixing
Dividing markets
Do not reach any form of understanding with competitors about any element of pricing including discounts, rebates, commissions etc.
Do not split up markets between competitors, by geography or product categories
Re-sale price maintenance
Collective boycotting
Do not establish, directly or indirectly, minimum re-sale prices for distributors or re-sellers
Agreeing with competitors not to use a particular distributor, re-seller or supplier
Exchange of competitively sensitive information All staff need to understand what types of information cannot be provided to – or received from – competitors, and what to do with unwanted disclosures by competitors
Overview Competition of this booklet Law | 16
To help reducing competition law risks you can do the following: Give some thought to how you may interact with our competitors – they may be other mobile and fixed operators, or other content and service providers. Sometimes suppliers, distributors and overthe-top players can also be competitors. Make sure you understand the rules on information exchange with competitors before you engage with them, and consult your Legal/Compliance contacts if you are unsure. Complete the new Competition law e-learning on Vodafone University and familiarize yourself with the basic guidance for business, so that you can help your team understand the key areas of risk for Vodafone and how Competition law infringements can affect you and Vodafone as an organization.
Manager checklist
Think about who our competitors may be and how you interact with them Make sure that you and your team have completed the new Competition law e-learning and are familiar with the basic guidance for business available on the Competition law page on SharePoint Online Let your team know who your Legal/ Compliance contact is and encourage them to reach out in case of any questions
17 | Competition Overview of this Lawbooklet
Competition law breaches can result in serious consequences both for you and Vodafone Exchanging information with competitors about pricing plans in order to fix prices can generate significant fines for Vodafone and also serious consequences for individuals. In 2008, Keith Packer, a British citizen, served 8 months in a US jail for the role he played in a global conspiracy to fix air cargo prices, while he was commercial director for British Airways’s air cargo business.
It is so easy to be non-compliant Keith Packer had been receiving reports from one of his direct reports about the pricing plans of his competitors, and he knew that this team member was getting the information directly from another airline. He paid a hefty price for not challenging this.
Keith Packer is one of a number of examples of senior executives based in the UK who have served time in jail for breaches of competition law. His plight underlines how important it is that all employees (including senior managers) understand the competition rules and know when to raise a concern. Check out the new Competition law page on SharePoint Online for guidance on what you and your team can and cannot do.
Remember, respecting Competition law starts with you and your team
Overview Competition of this booklet Law | 18
Health and Safety Section 4
Principle: We always abide by ‘The Absolute Rules’ and intervene if we see someone behaving unsafely.
19 | Overview of this booklet
Key messages Work safe | Home safe To be at our best, we need to make sure that everyone is safe in their work and work environments. We developed our Absolute Rules with that in mind and regularly manage the top health, safety and wellbeing risks to the business. Zero tolerance to Absolute Rules breaches isn’t a threat, it shows you care. In the past financial year, we have still seen unacceptable level of fatalities from road accidents and other on-the-job activities. We need every line manager to help us make sure that the Absolute Rules are observed.
Manager checklist
Check your team know the ‘Absolute Rules’ Ensure that they take the ‘Absolute Rules’ seriously Challenge behaviour if you see anyone breaking the ‘Absolute Rules’
The health and safety of your team starts with you
Overview Health of this andbooklet Safety | 20
The Absolute Rules
WE ALWAYS drive safely and legally: we always wear a seat belt
WE ALWAYS drive safely and legally: we never use a handheld mobile device when driving
WE NEVER work under the influence of alcoholor drugs
21 | Overview of this booklet
WE ALWAYS drive safely and legally: we always obey the speed limit
NEVER carry out work on any electrical equipment unless you’re qualified
NEVER undertake any street or underground work activities unless competent to do so
When working at height, ALWAYS wear protective gear, attach a safety harness and use fall protection equipment
Overview of this booklet | 22
Privacy Section 5
Principle: we know what personal data is, where it is stored and how we use it.
23 | Overview of this booklet
Key messages As Vodafone becomes a Digital Telco, we collect and process more personal data than ever before. The way we handle personal data is a vital part of our responsibility to customers and employees and how we earn their trust. We aim to create a culture where everyone at Vodafone has a clear understanding of how important privacy is to our customers and employees and how to ensure it is respected. Vodafone’s Privacy principles are: 1. 2. 3. 4. 5.
Accountability Fairness and lawfulness Openness and honesty Choice and access Responsible data management and limited disclosure
6. Security safeguards 7. Privacy by design 8. Balance
As a line manager, you play a crucial role in ensuring that personal data processed by Vodafone is always consistent with applicable laws and our values. You can help to protect Vodafone against fines and reputational damage by proactively building privacy controls into the foundations of every one of our products and services, and processing operations.
Risk New privacy legislation has dramatically increased the risk for Vodafone if we cannot demonstrate that we comply with the applicable law: • • • • •
Fines up to €10m or 2% of annual global turnover, whichever is higher Fines up to €20m or 4% of annual global turnover, whichever is higher Loss of customer and employee trust Reputational damage Liability for damages caused by a breach or non-compliance
Manager checklist
Ensure that your team understands and applies the 10 Privacy Commandments in their daily operations and understands the risks involved Make sure that your team consults with the Privacy team when they are creating or updating a product, service or operation that processes personal data Ensure your team has completed the Privacy Doing What’s Right training and have received adequate GDPR training on the Vodafone University to understand their obligations when handling personal data Overview of this booklet Privacy | 24
10 Privacy Commandments
25 | Privacy Overview of this booklet
Treating personal data with respect starts with you
Overview of this booklet Privacy | 26
Security Section 6
Principle: We are individually responsible and accountable for protecting and securing Vodafone and its customers.
27 | Overview of this booklet
Key message As a line manager, you play a crucial role in helping Vodafone to protect its people, assets and customers. You lead the way for your team to understand how to make security central to the way we work. Please talk to your team and empower them to respect and focus on the following key areas.
Use Vodafone assets in the right way: Our people are provided with devices and system accesses to fulfill their job responsibilities. These must be used in the right way, in the best interest of Vodafone and its customers.
Classify information correctly: All documents, presentations and emails represent essential business information which must be classified correctly.
C1 Vodafone External
C3 Vodafone Confidential
Can be circulated freely outside of Vodafone. Approval for initial publication is required from company departments responsible for public statements.
Circulated internally only on a need to know basis or with a non-disclosure agreement for third parties. A security breach would result in reputational damage and significant financial penalty.
C2 Vodafone Internal Only to be accessed by Vodafone employees, authorised contractors or trusted third parties. A security breach would be embarrassing.
Public
C4 Vodafone Secret Circulated internally only on a need to know basis or with a non-disclosure agreement for third parties. A security breach would result in reputational damage and significant financial penalty.
Need to know access Overview of thisSecurity booklet | 28
Protect sensitive information Help your team understand the right techniques to store and share each class of information using encryption and Vodafone recommended channels of information transmission.
Cyber education Work with your team members to help them identify cyber threats such as phishing, smishing, vishing, identity theft, etc. and how to respond to them.
Use strong passwords We must access our systems using strong passwords. These passwords must be unique to each user and never shared with others.
Preventing fraudulent activities We all must use our company resources responsibly and ensure we protect the company from any fraudulent activities. One way you can do this by reviewing your team’s travel expenses on a regular basis to ensure they are in line with the Travel and Expenses policy.
Physical security of our premises Wearing and displaying identity cards allows us to identify who should have access to our premises. We always accompany our guests and ask them to wear and display their identity badges.
Safety of our people when they are travelling We want international travel to be as safe and secure as possible for our people. Please encourage your team members to download the International SOS app if they need to travel as a part of their job.
Plan for disruptions Being line manager, it is your responsibility to help your team identify critical services delivered by our teams and think about how we will keep them running in case of any disruptions.
Report when something is wrong Encourage your team to speak up if they spot a violation of Doing What’s Right principles or mandatory local legal requirements. It is a regulatory requirement to report all personal information breaches within 72 hours.
29 | Security Overview of this booklet
Manager checklist Think Security by Design Think about the products and services your team is responsible for and how you can make them secure by design. Bake in security considerations at an early stage of the development process. Protect sensitive information Understand the right ways to process and store information handled by your team and seek advice from security teams to protect it correctly. Report a breach within 72 hours Any breach of personal information must be reported within 72 hours of coming to know about it to protect Vodafone from financial penalties and reputational damage.
Safeguarding Vodafone and its customers starts with you
Overview of thisSecurity booklet | 30
Business Resilience Section 7
Principle: We are collectively responsible for ensuring continuation of critical business activities and delivery of essential services to our customers in the event of a significant business disruption.
31 | Overview of this booklet
Key messages As a line manager, you play a key role in helping Vodafone to safeguard its people, business and customers from any unforeseen events. We proactively think about things that could go wrong and are prepared to overcome them through carefully designed and properly tested business continuity plans.
Managing Business Continuity • To ensure that Vodafone can deliver its services even in the face of the most difficult circumstances, it is safest to start with finding out what is the most critical to our business and our customers. Identify services, activities, recovery priorities, dependencies and resources that Vodafone needs the most for continuity of its operations • Think about the risks to these critical services and activities and prepare an action plan to mitigate them • Develop a Business Continuity Plan (BCP) for your team to cover all critical services and activities of your area. It should include alternative arrangements for four key scenarios:
People unavailability
Premises unavailability
Technology unavailability
Supplies/suppliers unavailability
• Take time out to review and test your BCP arrangements frequently, at least once a year
Crisis Management • Be aware of the Crisis Management Plan of your entity and know your role & responsibilities in case of a crisis • Participate in a crisis simulation exercise each year
Physical Security • All of us play a key role in securing our premises and safety of our people. Ensure that our employees, customers, visitors or contractors are appropriately authorized to access our property and protected whilst working in or visiting any Vodafone location. This helps us to protect Vodafone assets, infrastructure and property
Overview Business of this Resilience booklet | 32
Manager checklist Know your team, key people and their back-up Know who your employees are. Create a contact list of all team members along with their back-up numbers and keep it up-to-date. Identify key team members and ensure they have a back-up. Test your contingency plan and related arrangements Remember that just having a good BCP isn’t enough. Ensure that your plan is regularly tested and your team knows what they need to do should any incident occur. In times of crisis When a major incident or crisis occurs, you need to have the contacts of the Public Relations team at hand. If approached by media, direct all queries to this team. Seek help from Business Resilience team Contact your Business Resilience team to seek their support for creating a plan that works for your team.
On hearing a fire alarm,
evacuate
your premises in an orderly manner
list of your team
Always have a with their contact details at hand Account for your people and visitors to confirm that everyone is
safe
Prepare to activate your
BCP
Make sure everyone in your team is
trained and knows what to do next Vodafone’s resilience starts with you
33 | Business OverviewResilience of this booklet
Anti-Money Laundering Section 8
Principle: By taking a proportionate and effective approach to the prevention, detection, and reporting of money laundering and terrorist financing we keep our financial services safe and accessible
Overview of this booklet | 34
Key messages Harnessing our technology to create new and innovative digital services to improve the lives of our customers is at the heart of Vodafone. Our financial services products, like M-Pesa, also have many social benefits and are improving financial inclusion in our markets. It is vital that these ambitions and benefits are not compromised by the same services being abused for criminal purposes. We aim to protect our brand, partners, customers and employees from being associated in any way with proceeds of crime with a robust AML Policy and Programme, which applies not only to M-Pesa but to all financial services offered by Vodafone, and those offered by 3rd parties where the business or service is branded.
Our AML programme is designed in line with international standards and applicable regulations, with the following controls: Money Laundering Reporting Officer
Know your customer
In-country for our regulated financial services.
Verifying our customer’s identity through reliable sources.
Third party due diligence
Transaction limit
Understanding the businesses that we work with.
Taking a proportionate, risk based approach to our services.
Transaction monitoring
Record retention
Regular checks to identify potentially suspicious behaviour.
Storing important documentation and data.
Employee and agent training
Watchlist screening
Raising awareness about our AML programme.
Frequent checking against international sanctions requirements.
35 | Anti-Money Overview of Laundering this booklet
Manager checklist
Speak to the AML team whenever you are involved in developing or expanding a financial service – for example money transfer, payments or insurance. If involved with financial services, make sure all team members have received AML training. If you see a transaction that you think is suspicious, report this to your local Money Laundering Reporting Officer.
Keeping our services safe, sustainable, and accessible starts with you
Overview Anti-Money of this Laundering booklet | 36
Design | VelocitaBrand.com