We are committed to ensuring a fair and transparent business model for the ORLEN Group which guarantees trust, safety, free competition and value for all stakeholders.
Anti-corruption activities are carried out by the Control and Security Office in cooperation with the Financial Control, Risk Management and Compliance Office as well as the Audit Office.
The responsibilities of the Control and Security Office include:
- Economic, physical, technical and IT security.
- Developing solutions and standards to improve performance of the internal control system.
- Implementing the ORLEN Group Anti-Corruption Policy by monitoring business processes, analysing information and reporting irregularities and instances of misconduct using state-of-the-art analytical tools.
- Coordinating criminal proceedings conducted by law enforcement authorities and the judiciary, in which PKN ORLEN is involved in any capacity.
- Performing advanced safety analyses and control processes.
- Coordinating the anonymous misconduct reporting system, cooperation with the reporting persons, and a register of gifts.
- Verifying trading partners in business processes.
Financial Control, Risk Management and Compliance Office:
Enterprise Risk Management Team
- Coordinates the enterprise risk management process and provides methodology support during risk self-assessment and testing of controls put in place for PKN ORLEN and ORLEN Group companies.
- Administers an IT tool providing information on any identified risks and the relevant risk management strategies. Has joint responsibility with the Control and Security Office for planning and execution of ad hoc and investigative inspections at PKN ORLEN and other ORLEN Group companies and for reporting the inspection findings to the Management Board of PKN ORLEN.
- Prepares proposed subject matter for audits, consultancy projects and financial audits based on an assessment of risks by the business areas.
- Provides training on the identification, definition and assessment of process, project and strategic risks, and on controls testing methodologies.
- Supports business areas, project managers and persons involved in project activities in defining and evaluating risks using the functionalities of the Magique system and the CA Clarity PPM system.
- Actively participates in meetings aimed at improving the functionalities of the Magique and PPM CA Clarity systems in enterprise and project risk management.
Financial Control Department
- As part of financial audits performed at PKN ORLEN and other ORLEN Group companies – reveals irregularities and cases of misconduct of an economic nature, examines employees’ compliance with the applicable legal order, and assesses internal regulations; Estimates the consequences of any identified irregularities or misconduct, and defines remedial measures, identifying the persons responsible for their implementation.
- Provides relevant information to support decision-making processes by formulating post-audit instructions which specify actions that must be taken to address the irregularities or improve performance of the area under review.
- Monitors the implementation of instructions issued following financial audits at PKN ORLEN and ORLEN Group companies.
- Initiates preventive measures to minimise risks to achieving the Group’s objectives, improve the efficiency of business processes and effectiveness of the Group’s internal control system by recommending specific solutions and standards.
- Ensures continuous development of the functional control system in order to improvethe efficiency of business processes.
- Identifies any inefficiencies in processes, procedures and structural solutions at the Group.
- Monitors the implementation of recommendations issued following audits at PKN ORLEN and ORLEN Group companies.
- Cooperates with the Head of the Control and Security Office with respect to measures taken by the Company in the case of proceedings conducted by law enforcement authorities OR competent third party institutions, in order to safeguard the Company’s interests in such proceedings.
Compliance Management Department
- Responsible for supervision over compliance by the ORLEN Capital Group companies with the requirements of the law, internal regulations, voluntarily adopted standards of conduct and ethical standards.
- The key assumption of the ORLEN Group's compliance system includes the process of proactive monitoring of the regulatory environment of all corporate business processes and a uniform approach to the implementation and reporting of compliance of requirements throughout the ORLEN Capital Group.
- Within the structure of PKN ORLEN, the compliance system operates in a dispersed formula, assuming compliance risk management, under the supervision of the Director of the Financial Control, Risk and Compliance Office, by Directors directly reporting to a member of the Management Board. The compliance management process is periodically reported to the Management Board and Supervisory Board of the Company.
Policiesand internal regulations
The anti-corruption and anti-bribery policies and internal regulations include:
Code of Ethics – defines the values, rules of conduct and standards that set ethical standards for all employees of the ORLEN Group, based on a revised approach to understanding ORLEN's values: Responsibility, Development, People, Energy, Reliability, as well as the current scale, operating strategy and scope the requirements of the Group's environment and best practices in the field of business ethics.
Enterprise Risk Management Policy and Procedure – laying down the principles of Enterprise Risk Management for PKN ORLEN and the roles and responsibilities of each individual involved in the process.
Rules of control and verification procedures carried out at PKN ORLEN – a document prepared on the basis of the applicable Organisational Rules of PKN ORLEN in order to lay down the principles of control and verification procedures conducted by the Control and Security Office.
ORLEN Group anti-money laundering and terrorist financing rules and instructions – laying down detailed procedures to be followed in counteracting money laundering and terrorist financing at the ORLEN Group. The rules are addressed to all companies’ employees in customer-facing positions, have direct access to financial documents or participate in the execution of transactions.
ORLEN Group Regulatory Risk Management Policy constituting part of the Compliance Policy– governs regulatory risk management processes resulting from existing or proposed legal acts, excluding tax risks.
Anonymous Misconduct Reporting System – the system provides a framework for identifying potential irregularities and instances of misconduct, which can be reported via indicated information channels.
Policy on Corporate Governance and Allocation of the Companies in which PKN ORLEN Holds Equity Interests to PKN ORLEN Management Board Members in Charge of Business Oversight of the Companies – a document containing instructions on the selection of candidates for members of the ORLEN Group companies’ governing bodies and the rules for setting and reviewing Individual Bonus-Related Targets for members of the ORLEN Group companies’ management boards. It provides for full corporate supervision over the ORLEN Foundation.
Rules for Managing the Risk of Losing Information Security Attributes – information and guidelines on the process of managing the risk of losing security attributes.
ORLEN Group Anti-Corruption Policy – a declaration that our business objectives are to be pursued in a transparent, fair and ethical manner. The policy is designed to raise employee awareness, encourage positive attitudes and behaviours, and streamline procedures and business process oversight. The document underscores the importance of training and awareness-raising among employees and the responsibility of company managements for creating conditions that help to prevent and counteract corruption at the ORLEN Group.
Supplier Code of Conduct – defines ethical standards that must be met by the ORLEN Group suppliers, includes guidance on activities related to counteracting corruption, and promotes high ethical standards in business activities.
Integrated Management System Policy – a document describing the working standards for quality assurance, reduction of environmental impacts, health and safety at work, information security and food safety.
Rules for financial control procedures carried out by the Office of Financial Control, Risk and Compliance Management – set out the rules governing financial audits at PKN ORLEN and ORLEN Group companies.
PKN ORLEN Financial Auditing Standards – set out the framework for management, performance and quality assurance in audit activities. The purpose of the Standards is to ensure and maintain a professional level of financial audits carried out by the Financial Control Department of the PKN ORLEN Financial Control, Risk and Compliance Management Office and to standardise the approach to preparation, conduct and recording of financial audits and assessment of their findings.
Rules for the implementation of audits, consultancy and business analysis assignments at PKN ORLEN – defining the rules for conducting audits, consulting projects and business analyses at PKN ORLEN, other ORLEN Group companies and other entities, to the extent permitted by law.
PKN ORLEN Rules for Accepting and Offering Gifts – define how PKN ORLEN employees must behave when accepting or giving gifts.
Rules of Integrated Trade Partner Safety Reviews – define how employees should act to reduce the level of risk associated with establishing relations with business partners.
Business Process Safety Monitoring Rules – regulate the conduct of relevant PKN ORLEN units to minimise the risk of misconduct in business processes where a medium or high risk of misconduct is identified.
The ORLEN Group's goal is to completely eliminate corruption and bribery.
Percentage and total number of operations assessed for risks related to corruption and the risks identified
At PKN ORLEN and the ORLEN Group companies covered by the Enterprise Risk Management (ERM) System, the following risks in the anti-corruption and bribery area have been identified and assessed, depending on each company’s specific characteristics:
- Fraud and other misconduct – the risk of employees acting unethically and committing fraud or other misconduct. The risk of fraud and other misconduct has been identified in 35 processes in the areas of retail, wholesale, procurement, marketing, safety, and finance.
- Violations of ethics standards or their improper implementation - the risk that employees of the ORLEN Group take actions inconsistent with corporate ethics standards, or that the definition, implementation and enforcement of these standards will not be effective and consistent with the corporate objectives. The risk was identified in the System of values and rules of conduct process.
- Abuses by customers, employees or agents in the sales process - the risk that an improper sales process or system or inadequate securing of the sales system will allow the customer or employee material abuse. The risk of abuse of customers, employees or agents in the sales process has been identified in 3 processes in the areas of retail, wholesale and marketing.
The risks related to anti-corruption and bribery were assessed in a controls effectiveness review conducted by the relevant business areas in respect of 39 processes and in an independent review performed by the Internal Control Department based on the irregularities identified during inspections.
In 2020, the ERM System covered: PKN ORLEN, ANWIL, ORLEN Lietuva Group, Unipetrol Group, ORLEN Deutschland GmbH, ORLEN Paliwa and ORLEN Centrum Usług Korporacyjnych, which represent close to 10% of all the ORLEN Group companies.
In 2020, as part of an annual risk self-assessment process and risk controls tests at PKN ORLEN, 493 risks were assessed based on tests of 982 controls in 145 business processes. The ORLEN Group companies assessed 678 risks and 1,818 controls in 171 processes.1
1The data does not include: ORLEN Lietuva and ORLEN CUK Groups .where a self-assessment process is being carried out in 2021.
Communication and training about anti-corruption policies and procedures
The ORLEN Group's Anti-Corruption Policy was made available at www.orlen.pl and on the intranet in 2019. Our trading partners and representatives are notified about the policy and rules for counteracting corruption at the time of establishment of the business relationship. In addition, when registering on the Connect procurement platform, suppliers also receive information on the anti-corruption policies and rules. In 2019, all members of the Management Board (100%) were made familiar with the ORLEN Group's Anti-Corruption Policy. In accordance with the procedure for educating the Group’s workforce on the internal regulations, the Anti-Corruption Policy was made known to all (100%) employees.
In 2019, the Control and Security Office launched systemic training delivered on an annual basis across business functions with the highest risk of misconduct, in the form of classroom or e-learning training provided to ORLEN Group employees and new hires. The topics covered included criminal liability and disciplinary sanctions for corruption offences, identification of such offences, procedures to be followed in the case of suspected corruption by employees, whistleblowing options and channels, accepting and giving of gifts and building safe relationships with business partners.
In 2019, training in this area was provided to all members of the Management Board (100%) and 279 employees, while nearly 200 employees completed an e-learning course.
In 2020, classroom training was suspended in accordance with the guidelines issued by the Coordination Team for addressing the potential risk of SARS-CoV-2 coronavirus infection, but employees were provided with self-training opportunities on the training platform. The e-learning courses were attended by 52 employees.
In accordance with the Code of Best Practice for WSE Listed Companies, PKN ORLEN has in place effective functional control, risk management and compliance supervision systems, as well as an internal audit and control function. The simultaneous operation of all those systems and functions allows the Group to exercise ongoing and effective anti-corruption supervision.
PKN ORLEN has implemented a structured management control system, comprising a set of comprehensive procedures. The procedures are managed through a dedicated IT system which ensures their consistency through multifaceted agreements as well as approvals at each level in the organisation.
Key roles in the Enterprise Risk Management System
Three Lines of Defence Model
In order to minimise the risk of misconduct and corruption, PKN ORLEN has adopted the popular Three Lines of Defence Model. The first line of defence involves risk management by employees and business units, and controls related to the operational processes. The second line is compliance functions, and the third – internal audit and control, supporting the correct functioning of the specified prevention measures.
First line of defence/prevention – the Integrated Enterprise Risk Management System
Risk management is a continuous process, however it is revised in response to the ever-changing economic environment. As part of enterprise risk management, risk self-assessment processes and tests of controls are carried out at PKN ORLEN and other ORLEN Group companies on a regular basis.
Second line of defence/prevention – The Compliance Function
PKN ORLEN’s compliance function is based on the following four elements:
- The ERM system, which supports the process of assessment of financial and operational risk compliance with regard to the effectiveness of controls and the ERM Policy and Procedure;
- The internal audit and control function – with respect to compliance of the processes with internal regulations;
- Assessment of compliance with integrated management systems (ISO);
- Managing the risk of non-compliance with legal regulations, standards and ethical norms based on the requirements of the PKN ORLEN Compliance System documentation, with a particular focus on risks related to the Company’s business sector.
The Company’s Integrated Management System takes into account the findings of audits and reviews as well as complaints and grievances. Additionally, preventive/corrective measures are taken to address any irregularities identified in the above processes. All these activities are designed to ensure compliance with the adopted reference standards: ISO 9001 (quality management system), ISO 14001 (environmental management system), PN-N-18001 (occupational health and safety management system), and ISO 27001 (information security management system ), ISCC system (a certification system for biomass and biofuels), Factory Production Control System, and Food Safety Management System.
Once a year, based on the reviews, a comprehensive report about the organisation’s Integrated Management System is prepared, submitted to the Company’s Management Board and posted on the intranet.
PKN ORLEN’s compliance with or preparedness (alignment level) for applicable laws or draft legislation is monitored on an ongoing basis and reported to the PKN ORLEN Management Board. Where necessary, appropriate steps are taken to ensure that the Company meets the requirements of Polish and EU laws and regulations.
The Financial Control Department carries out financial audits aimed at identifying any economic irregularities and fraud, verifying if PKN ORLEN and ORLEN Group employees respect the applicable laws, internal policies and professional standards, estimating the impact of any potential irregularities or misconduct, defining corrective measures and designating responsible persons, as well as assessing internal policies. The audited area is scrutinised mainly against legal compliance, relevance, cost efficiency, reliability, efficiency and legitimacy criteria, with the interests of PKN ORLEN and ORLEN Group companies taken into consideration.
Independence of the Financial Control Department is assured through appropriate functional reporting lines within the Company’s organisational structure.
Financial audit activities are performed on the basis of annual plans approved by the President of the PKN ORLEN Management Board. Regardless of the audit plan in place, the Financial Control Department can also perform ad hoc and investigative audits upon requests submitted to the Head of the Financial Control, Risk and Compliance Management Office by Members of the PKN ORLEN Management Board and individual business functions.
On the basis of findings presented in the Financial Audit Reports, post-audit instructions are issued which specify and prioritise measures to be taken to eliminate any irregularities or improve the performance of the audited area. The implementation of follow-up instructions is monitored continuously until it is confirmed that the corrective measures have been implemented.
Reports summarising the financial audits and the monitoring of implementation of post-audit instructions are drawn up for the PKN ORLEN Management Board and Supervisory Board twice a year.
Third line of defence / prevention – internal audit and control function
The audit function is performed by the Audit Office. Its purposes include independent, impartial and objective evaluation of functional control systems and analysis of business processes in accordance with the generally applicable laws and internal policies.
The activities of the Audit Office conform to the International Standards for the Professional Practice of Internal Auditing (IIA).
Independence of the Audit Office is assured through appropriate functional and administrative reporting lines within the Company’s organisational structure.
The Audit Office performs its functions (audits, consultancy projects and business analyses) on the basis of an annual audit plan approved by the Company’s Management Board. The annual plan is presented to the Audit Committee of the Company’s Supervisory Board in order to obtain its opinion, and then is submitted directly to the Supervisory Board for approval.
As part of their activities, the Audit Office and the Control and Security Office verify on an ongoing basis if processes are executed in line with the applicable internal regulations. Ad hoc audits may also be conducted by the Audit Office when and as requested by the Company’s Supervisory or Management Board.
The Audit Office continuously monitors its recommendations, based on which it prepares a report, stating to what extent they have been implemented. All monitoring reports are submitted to the Company’s Management Board and the Audit Committee of the Company’s Supervisory Board, which is in charge of ongoing assessment of the entire organisation’s functioning.
The Control and Security Office, on the basis of the ongoing monitoring ofrecommendations and follow-up orders, prepares a report on the status and scope ofimplementation of the recommendations. Its activities have either a preventive or detective nature. They are complemented by activities performed by ORLEN Ochrona, which has due authorisations and appropriate tools, including the ability to use the services of business intelligence agencies and detectives. If any instance of corruption is suspected, relevant steps are taken in close cooperation with law enforcement agencies, including the police and Central Anti-Corruption Bureau (CBA). The simultaneous operation of all the systems and functions described above allows the Group to exercise ongoing and effective anti-corruption supervision.
In 2018, the ORLEN Group appointed an Anti-Corruption Compliance Officer. The Officer cooperates directly with the Management Boards of the ORLEN Group companies which have no separate security departments. In 2020, the Rules of Anonymous Misconduct Reporting were updated with solutions introduced, inter alia, by Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law COM/2018/218. This ensures compliance with the EU legal requirements, the duty of care and the Warsaw Stock Exchange anti-corruption standards.
The amendments to the Rules included:
- Introduction of additional categories of notifications:
- Breach of Regulation (EU) No. 596/2014 of the European Parliament and of the Council of April 16th 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (the “MAR”);
- Breach or a reasonable suspicion of breach of law or disclosure requirements by PKN ORLEN;
- Breach of occupational health and safety or environmental protection regulations;
- Breach of ethical standards applicable at PKN ORLEN or an ORLEN Group company.
- Improvement of the protection afforded to reporting persons by, inter alia, introducing solutions under the Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of law;
- Introduction of the Corporate Standard for the Anonymous Misconduct Reporting System (in the process of implementation).