The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: Deutsche Bank’s policies and measures for strengthening its control framework and preventing financial crime

Case study: Deutsche Bank’s policies and measures for strengthening its control framework and preventing financial crime

As a global bank, with clients and a variety of stakeholders across all sectors of the economy, Deutsche Bank needs to be supported by sound governance structures and to operate according to high ethical standards, creating a robust control environment.

This case study is based on the 2015 Corporate Responsibility Report by Deutsche Bank published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate that CSR/ sustainability reporting done responsibly is achieved by identifying a company’s most important impacts on the environment and stakeholders and by measuring, managing and changing. 

Layout 1


Among a number of key material issues, strengthening its control framework and preventing financial crime is a matter of crucial significance for Deutsche Bank as Germany’s leading bank, in a global business environment characterized by volatility and uncertainty. In order to strengthen its control framework and prevent financial crime Deutsche Bank took action to:

  • reduce risks associated with Deutsche Bank’s people, systems and conduct-related failures through its Three Lines of Defense (3 LoD) program
  • show zero tolerance and raise employee awareness of bribery and corruption through training and
  • combat money laundering and terrorism financing through its AML (Anti-Money Laundering) program

What are the material issues the company has identified?

In its 2015 Corporate Responsibility Report Deutsche Bank identified a range of material issues, such as employee commitment and engagement, management compensation, climate change and green energy, innovation and digitalization, diversity and equal opportunities, human rights, client privacy and data security, recruitment and talent management. Among these, in the face of a major debt and investment crisis in Europe and a global business environment characterized by uncertainty and change, strengthening its control framework and preventing financial crime becomes a key priority for Deutsche Bank.

Stakeholder engagement in accordance with the GRI Standards

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The organization should identify its stakeholders, and explain how it has responded to their reasonable expectations.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Deutsche Bank engages with:

Stakeholder Group Method of engagement (in 2015)
Employees • People Survey
Clients • Client satisfaction survey
Regulators • Government and Regulatory Affairs Department
Investors • SRI road shows in Paris and London

• One-on-one investor meetings

NGOs • Ongoing exchange with non-governmental organizations such as discussions with the Banking Environment Initiative on deforestation
Shareholders • Annual General Meeting

How stakeholder engagement was made to identify material issues

  • Potential topics and indicators were, among a number of other sources, also identified from a documentation of remarks from stakeholders engagement processes.
  • In 2015 Deutsche Bank conducted both an internal validation of topics through a survey of approximately 270 employees and an external validation, distributing an online survey to 400 external stakeholders.

What actions were taken to strengthen Deutsche Bank’s control framework and prevent financial crime?

In its 2015 Corporate Responsibility Report Deutsche Bank reports that it took the following actions for strengthening its control framework and preventing financial crime:

  • Reducing risks associated with Deutsche Bank’s people, systems and conduct-related failures
  • Through the Three Lines of Defense (3 LoD) program Deutsche Bank reviews its internal control framework and strengthens accountabilities for non-financial risks across the business.
    • The first line of defense: the business division and Group Technology & Operations (GTO), which are ultimately responsible for all risks and controls in their area.
    • The second line of defense: Risk, Compliance, Anti-Financial Crime, Human Resources, Legal, Group Data Protection, Finance and Tax. Control Functions are responsible for the group-wide policy frameworks defining minimum control standards and conducting independent risk and control evaluations. Operational Risk Management teams hold the complete portfolio view, being responsible for the overarching framework.
    • The third line of defense: Group Audit, which offers independent and objective assurance regarding the efficiency of risk management, internal controls and governance procedures.
  • In 2015 Deutsche Bank refined and enhanced its 3 LoD program by:
    • reinforcing non-financial risk management and control in the first LoD through further build-out of Divisional Control Units, strengthening and accelerating control enhancements and improving risk and control management procedures covering 1,100 full-time employees
    • enhancing the second LoD by rearranging independent control responsibilities under four Board-level positions: Chief Risk Officer (Operational Risk Management), Chief Regulatory Officer (Compliance, Anti-Financial Crime and G&RA), Chief Administrative Officer (Legal, HR) and Chief Finance Officer (Finance, Tax). Group-wide control frameworks were also reinforced across Embargoes & Sanctions, Anti-Bribery and Corruption, Anti- Money Laundering and Anti-Fraud functions.
    • applying a new Risk and Control Assessment framework, including a new IT platform; this promotes a consistent Group-wide approach across first and second lines.
    • strengthening non-financial risk governance by means of a new Non-Financial Risk Committee chaired by the Chief Risk Officer and Operational Risk Management. In order to improve its oversight and control mandate, Deutsche Bank offered further guidance to Regional and Country Managers with approximately 50 decision procedures, gap analyses and initial remediation on critical areas such as Anti-Financial Crime and Compliance.
  • Raising employee awareness of bribery and corruption
  • In 2015:
    • [tweetthis]more than 47,000 trainings were delivered on combating financial crime[/tweetthis]
    • over 2,500 employees were offered training in Deutsche Bank’s whistleblowing policies
    • more than 12,000 employees completed the online ABC (Anti-Bribery and Corruption) course, which covers the extraterritorial application of laws
  • Deutsche Bank’s whistleblowing hotline is available to all employees to raise concerns or report violations of Deutsche Bank policies or codes, laws, rules and regulations applicable to Deutsche Bank – and do so in complete confidence. All reports are investigated independently and the bank’s policy prohibits retaliation.
  • Combating money laundering and terrorism financing
  • Deutsche Bank’s AML (Anti-Money Laundering) program is intended to comply with German AML rules as a minimum and local laws, regulations and guidance regarding the prevention of money laundering, terrorist financing and related crimes. The program comprises policies, procedures, a designated Money Laundering Officer, regular employee training (for those who are in scope) and independent controls.
  • Deutsche Bank is a member of the Wolfsberg Group of Banks, has adopted the Wolfsberg Anti-Money Laundering Principles and also signed the Wolfsberg Statement on the Suppression of the Financing of Terrorism.
  • The bank’s AML teams are responsible for implementing and monitoring measures to prevent, detect and advise on money laundering and the financing of terrorism.
  • Deutsche Bank’s group-wide AML Policy commits it to:
    • meet regulations governing identification (authentication), recording and archiving
    • notice suspicious transactions and process internal suspicious-activity alerts
    • develop, update and apply internal policies, processes and controls
    • create staff awareness, set a staff reliability process and offer training
  • Effective group-wide KYC (Know Your Customer) standards follow strict regulations and help to protect Deutsche Bank from criminal abuse.
  • In 2015:
    • Deutsche Bank continued to renew a policy framework in every country it operates in, focusing on high-risk clients and “politically exposed persons.” Clients are assessed as part of due diligence and are screened at least monthly against internal and external criteria covering terrorist financing, financial crime, corruption and tax evasion.
    • Deutsche Bank continued to roll out an extended screening program covering about 95% of relevant data sources and also developed a new technical screening platform. The new IT platform will form the basis for further improvement with regards to screening effectiveness and efficiency.
    • In March the bank’s Global Transaction Banking division joined the global SWIFT KYC Registry, a centralized repository for banks to streamline their due diligence processes. The registry lets the SWIFT community upload, update and manage their own KYC-related information and documentation and also share it upon request, in a secure environment, with their correspondent banks. Deutsche Bank branches and subsidiaries from over 35 countries have been registered, contributing the predefined information and documentation.
  • Showing zero tolerance of bribery and corruption
  • Deutsche Bank shows zero-tolerance to bribery and corruption, in line with its Code of Business Conduct and Ethics, values and beliefs and international law, including the UK Bribery Act 2010, the US Foreign Corrupt Practices Act 1977, the German Criminal Code and the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.
  • A dedicated ABC (Anti-Bribery and Corruption) Team has a mandate to:
    • decrease the risk that Deutsche Bank or persons associated with the business will take part in bribery or corruption
    • ensure that in case of bribery and corruption Deutsche Bank has limited its liability as far as possible
    • protect Deutsche Bank’s reputation, ensure shareholder confidence, decrease risk in Deutsche Bank’s business dealings and secure Deutsche Bank assets
  • Deutsche Bank’s ABC Policy sets out the minimum standards of behavior for all employees and third parties associated with it. To ensure the policy is implemented, regional teams are responsible for analyzing risk, developing and monitoring controls, training and awareness. In 2015 these teams almost doubled in size to 15 employees, compared to nine in 2014.

Which GRI indicators/Standards have been addressed?

The GRI indicators/Standards addressed in this case are:

1) G4-58: Report the internal and external mechanisms for reporting concerns about unethical or unlawful behavior, and matters related to organizational integrity, such as escalation through line management, whistleblowing mechanisms or hotlines – the updated GRI Standard is: Disclosure 102-17 Mechanisms for advice and concerns about ethics

2) G4-SO3: Total number and percentage of operations assessed for risks related to corruption and the significant risks identified – the updated GRI Standard is: Disclosure 205-1 Operations assessed for risks related to corruption

3) G4-SO4: Communication and training on anti-corruption policies and procedures – the updated GRI Standard is: Disclosure 205-2 Communication and training about anti-corruption policies and procedures



1) This case study was compiled using published information by Deutsche Bank which is located at the link below. For the sake of readability, we did not use brackets or ellipses but made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original please revert to the following link:
(2015 Corporate Responsibility Report by Deutsche Bank)




Note to Deutsche Bank: With each case study we send out an email to your listed address in request for a comment on this case study. If you have not received such an email please contact us.