At Drax, we are committed to conducting business ethically, with honesty and integrity, and in compliance with all relevant laws and regulations. We do not tolerate any form of bribery, corruption, human rights abuse, or other unethical business conduct.
Our Code of Conduct
Our business ethics compliance framework consists of principles, policies, and guidance. The principles are set out in our Code of Conduct (Drax Code), which identifies the behaviours expected from permanent and non-permanent workers on a broad range of topics. The Drax Code principles form part of our terms of employment and include a series of training videos which can be referenced by colleagues.
Our business ethics policies and guidance documents provide further instruction. These include our Anti-Bribery and Corruption (including conflicts of interest), Human Rights, Fair Competition, Financial Crime, Privacy and Speak Up (whistleblowing) policies and our Gifts and Hospitality, Conflicts of Interest, Due Diligence, Fair Competition, Privacy and Speak Up guides. In 2020, a Group policy project was progressed, to review, update and harmonise policies across Drax, as required, to support the Drax Code.
In 2020, we deployed new annual refresher eLearning across Drax, for data protection and anti-bribery and corruption, for all relevant colleagues. A dedicated business ethics eLearning module was also provided to and completed by all members of the Board and Executive Committee.
In September 2020, a new Code of Conduct (Drax Code) was approved by the Board. In October, the Drax Code was deployed as a mandatory read and completed by all permanent and relevant non-permanent workers. We have also built the Code into our new starter induction processes.
The Drax Code expands on those topics previously covered in our “Doing the right thing” handbook, to include other areas such as Health and Safety, Environment, Diversity and Inclusion, Dignity at Work, and Treating Customers Fairly.
Having a Code helps us to aim for and maintain consistently high standards in everything we do. The Code outlines what we expect from all those covered by it and supports the positive development of our culture. The Code also provides our external stakeholders with confidence that we are committed to doing business ethically and that we only wish to work with those who do the same.
Responsibility for Ethics and business conduct
Governance of our business ethics framework is overseen by the Drax Ethics and Business Conduct Committee (EBCC), a sub-committee of the Executive Committee. The EBCC comprises senior leaders, meets quarterly, and is chaired by the CFO. A formal report on the work of the EBCC is provided annually to the Audit Committee. Management across Drax is responsible for demonstrating leadership on ethical matters and supporting teams to apply our ethical principles, set out in our Drax Code, and business ethics policies.
Our Business Ethics team manages our business ethics programmes, taking steps to understand our risk profile, developing and maintaining policies and procedures, raising awareness and training, as well as investigating any potential breaches of policy, and supporting our internal and external Speak Up (whistleblowing) channels. Our Internal Audit function provides assurance on the robustness of our business ethics programmes and any recommendations for improvement are duly considered and, as appropriate, implemented.
The Business Ethics team conducts annual risk assessments of each of its programmes, covering anti-bribery and corruption (including conflicts of interest), fair competition, financial crime, privacy, Speak Up (whistleblowing), and supply chain human rights. This is to ensure policies and procedures remain fit for purpose and to recommend any further mitigation measures. Our annual review timetable includes a review of Drax gifts and hospitality records and a colleague business ethics declaration, which was completed by 100% of colleagues in 2021 (covering 2020).
Results of annual reviews, details of investigations conducted, Speak Up (whistleblowing) reports, and audit outcomes are reported regularly to both the EBCC and the Audit Committee. The Board now receives an update on Speak Up (whistleblowing) reports at each meeting.
Working with Others
We are a signatory to the UN Global Compact (UNGC) and maintained our representation on their Modern Slavery Working Group in 2020. This enables us to benchmark our compliance programmes and exchange experience with peers, with a particular focus on our response to the UK Modern Slavery Act.
We seek to work with third parties whose standards are consistent with our own. Relevant third parties are subject to our precontract due diligence checks and regular monitoring throughout the term of the contract, via our third-party due diligence system. In cases where a red flag is raised, we follow an EBCC approved escalation protocol. Depending on the nature of the flagged issue, we may decide not to engage with a new third party, to engage on a conditional basis, to collaborate on remedial action or to end an existing business relationship.
Our Supplier Code of Conduct (Supplier Code) was approved by the Board in October 2020. The Supplier Code sets out the commitments and standards we expect of our third parties and, going forward, will replace the Corporate Responsibility statement used in our contracts. A working group has been formed to agree the implementation plan to deploy the Supplier Code, as appropriate, to our suppliers in 2021.
Anti-bribery and Anti-corruption
Our internal processes ensure consistency with our zero-tolerance approach to bribery and corruption. Geographic risk is factored into our third-party due diligence process and system. Conducting business in certain higher risk countries must receive prior approval from the EBCC.
Third parties in higher risk countries receive a higher level of initial due diligence and ongoing monitoring. We also screen the affiliates (directors and shareholders) of third parties identified as potentially higher risk, and refresh their information on a more frequent basis compared to other suppliers. Ongoing monitoring is performed with new information provided to the EBCC, as appropriate.
In 2020, we combined our anti-bribery and corruption and conflicts of interest programmes and strengthened our approach to the reporting of supplier conflicts of interest. We also separated the content of our Corporate Crime policy to form separate Anti-Bribery and Corruption (including conflicts of interest), Human Rights and Financial Crime policies. We developed a Conflicts of Interest Quick Reference guide and provided training to US based managers.
We are committed to conducting our business in accordance with all applicable fair competition law and we do not tolerate any anti-competitive and anti-trust behaviour or activity.
Our dedicated fair competition compliance programme includes a Fair Competition policy and guide and covers both UK competition law and US anti-trust law. We provide eLearning for those that need to know more and targeted learning for our ‘at higher risk’ teams. In 2020, a video on this topic was included in the new Drax Code, which sets out the baseline knowledge that we expect all our people to have with regard to fair competition. In addition, we reviewed our policy and guidance and completed our second annual risk assessment and risk register, which was reviewed by the EBCC.
At Drax, we take a strong stance on financial crime matters and seek to align ourselves to best practice.
Our Financial Crime programme and policy covers the topics of Anti-Money Laundering (“AML”), Anti-Facilitation of Tax Evasion, Fraud and Sanctions. During 2020, we started the process of separating out these topics into standalone programmes, which will be completed during 2021.
Our internal controls in this area are predominately built into our payment and third-party due diligence processes. These include additional checks for those third parties located in or requesting payment to jurisdictions that are considered non-cooperative tax jurisdictions or higher risk for AML deficiencies.
During 2020, our Anti-Facilitation of Tax Evasion (“Corporate Criminal Offences”) programme was internally audited, achieving a positive result.
Data privacy and security
We take seriously the privacy and security of the personal data we control. We are committed to maintaining effective privacy and security programmes to ensure that our people, customers and the third parties with which we engage have confidence in our data handling practices.
Our maturing privacy programme is managed by the Data Protection team and overseen by the EBCC. It is implemented through policies, guides, privacy notices, third party due diligence questionnaires and contractual terms. During 2020 we issued eLearning training to UK colleagues and invested in privacy designed compliance software to support our work in areas such as individual rights requests and personal data breaches. Internal Audit completed a positive audit of our privacy programme in 2020. Our privacy programme supported our Covid-19 response, with particular reference to handling additional health data, temperature checks and home working guidance. We benchmarked ourselves against the new accountability tracker published by the Information Commissioner’s Office and have incorporated relevant aspects into our work plans for 2021.
Our security framework matured through 2020, embedding security risk management controls into our business change activities, improving cyber technical capabilities and expanding security controls and architecture into our operational technology systems through our NIS Directive compliance programme. We mobilised quickly in response to Covid-19 to provide secure working from home solutions with minimal impact on our control environment or risk profile. An independent maturity review was undertaken against a security best practice framework in 2020, which noted that Drax has a “well-structured and capable security function that has matured significantly” since establishment.
We maintain a risk-based security controls framework aligned to industry standards, to protect our business, colleague and customer data and meet our regulatory requirements. In addition to traditional IT security measures, we use cyber technologies to detect, respond to and resolve cyber threats and attacks. We are conscious that such threats continue to change and our security programme seeks to evolve our controls and response to cyber threats.
Labour and human rights
Our commitment to the protection of human rights includes not tolerating the use of underage workers or forced labour. This is set out in our Human Rights policy, Drax Code and Supplier Code.
Our Supplier Code outlines the standard of ethical business conduct we expect from our suppliers. Businesses in our supply chain should offer a safe workplace for their employees that is free from harm, intimidation, harassment and fear. The Supplier Code emphasises our requirement for our suppliers to challenge unethical behaviour and promote a “speak up” culture and provides the details of our available Speak Up channels for their use in multiple languages.
Supply chain human rights (modern slavery)
Our Modern Slavery Working Group, chaired by a member of the Business Ethics team, oversees a three-year rolling programme, and reports quarterly to the EBCC.
In 2020, we published our fourth Board-approved Modern Slavery Statement in accordance with the UK Modern Slavery Act (www.drax.com/modern-slavery-act/). It describes the steps we are taking to reduce the risk of modern slavery in our supply chain. We responded to the UK Government’s consultation on Transparency in Supply Chains and are positioned to meet the new requirements.
We keep our programme and statement under review to ensure it reflects our activities, global presence and wider evolving practice.
Speak Up (whistleblowing)
As part of our commitment to transparency, openness and continuous improvement, we actively encourage those working for or on behalf of Drax to raise genuine concerns about practices which could breach laws, regulations or our own ethical standards.
Drax has a zero tolerance of retaliation and we have processes in place to apply appropriate consequences, should an individual victimise or retaliate in any way against someone who has raised a genuine concern. During 2020, we issued specific guidance, for all employees and for managers, on treating concerns respectfully (since they may receive a Speak Up report). In addition, the topic of Speak Up and a commitment to non-retaliation against reporters was included in the new management excellence training module for managers.
In 2020, we launched our new Speak Up (whistleblowing) programme, and a new Speak Up (whistleblowing) policy was approved by the Board and published across the Group. For the first time, a Speak Up risk assessment and risk register were presented to the EBCC for review.
The Group Company Secretary is the Whistleblowing Officer. The Business Ethics team supports oversight of the external, anonymous and confidential, Speak Up service available within Drax. This has been extended to third parties, such as suppliers and visitors to our sites, and is available in multiple languages and promoted in our Supplier Code of Conduct. The team also responds to any reports from within Drax, as well as those referred to the Company via the external service. Speak Up is prominently featured in both the new Drax Code of Conduct and Supplier Code of Conduct, the latter encouraging Drax suppliers to have their own Speak Up service. Regular updates on Speak Up reports and cases are provided to the Executive Committee and the Board.
The Board receives regular updates on whistleblowing, and a quarterly report on business ethics is presented to the Audit Committee on “entity controls” which includes Speak Up (whistleblowing) matters. An annual report of EBCC activities is made to the Audit Committee, including Speak Up reports and investigations.
In 2020, nine concerns were reported across both our internal and external channels. This is an increase from eight reports in the previous year and reflects our continued efforts to promote an open and approachable culture of “speaking up” across Drax.