Ethics and Integrity
At Drax Group, we are committed to conducting business ethically and in compliance with all relevant laws and regulations. We do not tolerate any form of bribery, corruption or other unethical business conduct.
Doing the Right Thing
Our compliance framework consists of principles, policies and guidance. The principles are set out in our ethics handbook, Doing the right thing, which identifies the behaviours expected from colleagues and contractors on topics including human rights, ethical business conduct and integrity. The Doing the right thing principles form part of our terms of employment and have been converted into a series of training videos used in our new starter induction programme. The scope of Doing the right thing will be expanded with the implementation of a new Group Code of Conduct in 2020.
Our policies and guidance documents provide further instruction. These include our Group Corporate Crime policy and Gifts and Hospitality, Conflicts of Interest and Due Diligence guides. In 2019, we published board-approved updates to our Group Corporate Crime policy, Fair Competition policy and associated guides.
In 2019, we established and deployed new eLearning across the Group, including Data Protection and Anti-Bribery and Corruption training for all colleagues. Targeted training on Supply Chain Human Rights, the Criminal Finances Act and Fair Competition was provided for managers and teams in higher risk areas. Refresher training was also provided on Market Abuse Regulation for the Board, Executive Committee and relevant management and employees.
Responsibility for Ethics
Governance of our framework is overseen by the Group Ethics and Business Conduct Committee (EBCC). The EBCC comprises of senior leaders, meets quarterly and is chaired by the Group CFO. EBCC activities are reported annually to the Audit Committee. Management across the Group is responsible for demonstrating leadership on ethical matters and supporting teams to apply our ethical principles, set out in our Doing the right thing booklet, and business ethics policies.
Our Group Business Ethics team manages our various business ethics programmes, taking steps to understand our risk profile, developing policy and procedures, awareness raising and training, as well as investigating any potential breaches of policy, and administrating our external Speak Up (Whistleblowing) service. Our Internal Audit team provides assurance on the robustness of our business ethics programmes and any recommendations for improvement are duly considered and as appropriate, implemented.
The Group Business Ethics team conducts annual risk assessments of each of its programmes, which relate to areas including anti-bribery and corruption, conflicts of interest, data protection, fair competition, and human rights in the supply chain. This is to ensure policy and procedures remain fit for purpose and to recommend any further mitigation measures. Our annual review timetable also includes a review of the Group gifts and hospitality record and a colleague business ethics declaration. Results of annual reviews, details of investigations conducted, whistleblowing reports, and audit outcomes are reported quarterly to both the EBCC and the Audit Committee.
Working with Others
We are a signatory to the UN Global Compact (UNGC) and maintained our representation on their Modern Slavery Working Group in 2019. This enables us to benchmark our compliance programmes and exchange experience with peers, with a particular focus on our response to modern slavery.
We seek to work with suppliers, partners, agents, intermediaries, contractors, consultants and counterparties whose standards are consistent with our own. Third parties are subject to our precontract due diligence checks and regular monitoring through the lifecycle of the contract, via our third-party due diligence system. In cases where a red flag is raised, we follow an EBCC-approved escalation protocol. Depending on the nature of the flagged issue, we may decide not to engage with a new third party, to engage on a conditional basis, to collaborate on remedial action or to end an existing business relationship.
In 2019, we enhanced our due diligence process, which assesses for risks associated with financial crime, conflicts of interest, anti-competitive behaviour, trade sanctions and other improprieties, such as modern slavery. We centralised these across the business.
Anti-bribery and Anti-corruption
Our internal processes ensure consistency with our zero-tolerance approach to bribery and corruption. Geographic risk is factored into our third-party due diligence system. Conducting business in higher risk countries must receive prior approval from the Group Ethics and Business Conduct Committee.
Following country approval, third parties are then put forward for our due diligence process. Suppliers in higher risk countries receive a higher level of initial due diligence and ongoing monitoring. We also screen the affiliates (directors, shareholders) of these suppliers and refresh their information on a more frequent basis, compared to our lower risk suppliers. Third parties with operations in, or linked to, higher risk countries are escalated to the EBCC for review prior to engagement. Ongoing monitoring is performed with new information provided to the Group Ethics and Business Conduct Committee, as appropriate.
Labour and Human Rights
Our commitment to the protection of human rights includes not tolerating the use of underage workers or forced labour. This is set out in our Corporate Crime policy and our Corporate Responsibility (CR) statement.
Our CR statement outlines the standard of ethical business conduct we expect from suppliers. Businesses in our supply chain should offer a safe workplace for their employees that is free from harm, intimidation, harassment and fear. We have incorporated further provisions in our statement template to manage these risks within our procurement contracts and further advanced this effort in 2019 with the drafting of a Code of Conduct and a Supplier Code of Conduct.
With the implementation of a Supplier Code of Conduct in 2020, we will emphasise our requirement for our suppliers and contractors working on our behalf to challenge unethical behaviour and promote a “speak up” culture. We will provide the details of our Speak Up service for their use.
Our cross-functional Modern Slavery Working Group, chaired by a member of the Business Ethics team, oversees a three-year rolling programme and reports quarterly to the EBCC.
In 2019, we published our third board-approved modern slavery statement in accordance with the UK Modern Slavery Act. It describes the steps we are taking to reduce the risk of modern slavery in our supply chain.
Data Privacy and Security
We take seriously the privacy and security of the personal data we control. We are committed to maintaining effective privacy and security programmes to ensure our people, customers and the third parties we engage with have confidence in our data handling practices.
The EBCC supports and oversees the Group privacy programme and reviewed the first formal programme risk assessment and risk register in 2019. In addition, policies, guides, privacy notices, third party due diligence questionnaires and contractual terms were updated and our first eLearning refresher training (“Overview of Data Protection”) was developed and deployed across the Group. Internal Audit completed an audit of our privacy programme and no red-rated findings were identified. We continue to monitor and adapt our compliance with the requirements of the General Data Protection Regulation, the UK Data Protection Act 2018, regulatory guidance and other associated legislation such as the e-Privacy & Electronic Communications Regulation.
Security risk management has continued to mature through 2019, with a comprehensive improvement plan implemented and intended to enable key IT Security control effectiveness to achieve best practice. The plan was initiated in 2019 and work will continue through 2020. In addition, a security governance structure was put in place to assess and communicate the evolving threat landscape and identify appropriate responses. An ongoing security assurance programme is in place.
We maintain risk-based security controls to protect our employee and customer data, by detecting and preventing threats and security breaches. In addition to traditional security measures, we undertake advanced threat monitoring and analytics measurement intended to detect, identify, respond to and resolve cyber threats and attacks. We are conscious that such threats continue to change. Accordingly, our security programme seeks to evolve our controls and response to cyber threats.
Speak Up (Whistleblowing)
As part of our commitment to transparency and openness, we encourage those working for or on behalf of Drax to raise genuine concerns about practices which could breach laws, regulations or standards. This is supported by our Doing the right thing handbook and Speak Up (Whistleblowing) policy. Colleagues can either raise concerns internally, through line management, a member of the Group Business Ethics team, the Group Company Secretary (Whistleblowing Officer), directly with a member of the EBCC or externally through our anonymous third-party Speak Up service.
The Group Business Ethics team manages the Speak Up (Whistleblowing) programme. The team maintains relevant records and investigates ethical-related matters under the supervision of the Whistleblowing Officer and governance of the EBCC and Board. Where required, relevant senior leadership are consulted, and a course of action agreed. Drax has a zero tolerance of retaliation and considers it a disciplinary matter to victimise or retaliate in any way against someone who has raised a genuine concern.
During 2019, communications on speaking up were rolled out to all colleagues, temporary colleagues and certain contractors as part of the 2019 Business Ethics policy deployment and eLearning programme. In 2019, six concerns were reported via internal channels and two via our anonymous third-party Speak Up service. This is an increase from zero reports in the previous year and demonstrates the effectiveness of our efforts to increase awareness of our reporting channels and promote an open, “speak up” culture.