Compliance in Practice Part 2

How would you have acted? Present with a hidden agenda.

Description:

Mr. Ichting, an employee of Steel, is sitting at his desk going through his new emails. An email from “Industrial Research GmbH” with the subject line “Win an iPad worth €450!” catches his attention. Mr. Ichting discovers that he will be entered in a prize draw if he answers a question on the subject of the “General economic outlook in the steel industry“. The question is fairly general: “How would you rate the overall economic situation in your industry?”. Possible answers are “good”, “moderate” and “bad”. Mr. Ichting sends his answer back by email.

Mr. Ichting, an employee of Steel, is sitting at his desk going through his new emails. An email from “Industrial Research GmbH” with the subject line “Win an iPad worth €450!” catches his attention. Mr. Ichting discovers that he will be entered in a prize draw if he answers a question on the subject of the “General economic outlook in the steel industry“. The question is fairly general: “How would you rate the overall economic situation in your industry?”. Possible answers are “good”, “moderate” and “bad”. Mr. Ichting sends his answer back by email.

Assessment:

At the end of the day Mr. Ichting acted right. We remained in line with our compliance standards. In principle, emails which hold out the prospect of winning prizes or receiving presents in return for publishing internal information are dangerous. In this case the iPad significantly exceeds the thyssenkrupp standard value for presents (EUR 50) and for this reason could not have been accepted off-hand.

However, the crucial point is that this situation is obviously an attempt by an external person to access confidential company information. The purpose of this kind of email is first to put employees in a relationship of dependency by asking apparently harmless questions with the aim of eventually obtaining confidential business information. Do not let yourself be misled by external persons who request confidential information under the guise of a survey and attract employees with alleged prizes or presents and do not leak confidential information to outside parties under any circumstances. To be on the safe side, report such emails to your supervisor and to the thyssenkrupp Compliance Officer immediately.

Additional note: Please keep in mind that such emails may pose an IT security risk. Emails from unknown senders with doubtful content should generally be deleted and, importantly, attachments or links should not be opened.