The term “compliance” can be defined as the totality of all content-related and organisational safeguards that ensure the lawful conduct of the Hannover Re companies, the members of their governing bodies and their employees with regard to all legal and ethical standards as well as the internal corporate policies in the major areas of the organisation and operating processes. We consider efficiently functioning compliance management to be essential, since legally correct, responsible and ethical actions constitute the fundamental precondition for trust in our company and for its competitiveness. In our view, conformity with applicable legal requirements is a self-evident prerequisite for enduring successful business operations. This includes laws and regulations relating to the environment just as it does those with a bearing on, among other things, anti-corruption, the prevention of money laundering, data privacy and tax compliance.
The Corporate Compliance Organisational Manual summarises the major activities and defines the responsibilities within our company, the interfaces and the elements of the compliance organisation. Our compliance structure was reviewed most recently in 2015 against the backdrop of the compliance requirements associated with Solvency II. A worldwide network of compliance officers reports to and supports the Chief Compliance Officer in his duties. The Chief Compliance Officer works to ensure compliance with internal corporate policies by cooperating with other departments, including Group Auditing, and updates the Executive Board on material compliance issues and developments in an annual compliance report. A Webbased whistleblower system is also in place for the companies within the Group. This enables employees, customers and third parties to report compliance violations in their local language or in English – anonymously if they so desire. Relevant tips and any countermeasures initiated are included in the annual compliance report.
Our Code of Conduct is accepted by our employees as an integral component of their employment contract and therefore has binding effect. It makes clear that active and passive bribery are not tolerated and further makes specific reference to the prohibition of money laundering and illicit financing. The Compliance Officer is to be notified of all suspicious cases. There are also specific rules of conduct, for example in the form of instructions for the avoidance and disclosure of conflicts of interest, for the granting and acceptance of benefits, gifts and invitations, for the arrangement of donations and sponsorships as well as with respect to sideline activities and involvement in other companies and business transactions. Our Code of Conduct also contains specific instructions for containing other corruption risks. These risks include the alleged offence of active and passive bribery as well as the acceptance and granting of benefits, especially in connection with invitations and gifts, procurement, tendering procedures, donations and sponsorship activities. The compliance risks facing the corporate group are regularly analysed in the context of the annual compliance plan and, as appropriate, new measures are suggested. In addition, Group Legal Services – which includes Compliance – follows up on all suspicious cases notified through the whistleblower system.
Generally speaking, the risk of human rights violations in connection with our business operations is minimal. We have focused in particular on respect for human rights within the supply chain. Since mid-2012 our Code of Conduct for Suppliers has been applied throughout large parts of the company at the Hannover location. The Code of Conduct for Suppliers was developed by the Facilities Management and Information Technology divisions with the support of Group Legal Services and updated in the year under review with an eye to the new legal requirements arising out of the UK Modern Slavery Act. It obliges all main suppliers and subcontractors to fulfil sustainability criteria, inter alia respect for human rights and observance of the core labour standards of the International Labour Organisation (ILO). Based on the criteria of the Code of Conduct for Suppliers, we have also developed an application- supported self-reporting process for suppliers and service providers. The process is used regularly by Facilities Management at the Hannover location, and we plan to roll it out progressively at the international offices.
As a listed company, we also emphasise to our employees the necessity of observing rules on insider trading and we specify blocking periods during which shares may not be traded.
When it comes to confidentiality, data privacy and data security, the most important rules are defined on a mandatory basis for all employees in our Code of Conduct as well as our Information Security and Data Privacy Policies. The existing structures of the established compliance organisation are used to implement the minimum standards required by data privacy law. The EU General Data Protection Regulation does not directly affect all Hannover Re companies if their registered office is located outside the European Union or European Economic Area. The respective national legal frameworks are determinative for these companies. Irrespective of the scope of application of the EU General Data Protection Regulation, the appointed Compliance Officers and contact persons are responsible for local data protection requirements. As necessary, they draw up additional local data privacy guidelines and serve as the interface to the Data Protection Officer at Hannover Re in Germany. The Data Protection Officer coordinates overarching aspects of the installed data privacy management system within the Hannover Re Group. He gives advice on how to resolve specific data privacy issues and monitors compliance with the EU General Data Protection Regulation and other data protection standards. In this context, the monitoring of data privacy requirements takes place in close coordination with Group Auditing. Transparency is ensured through defined reporting channels. The results of the separate data privacy reporting are included in the compliance report.
Observance of applicable sanctions regulations plays a central role for us on account of our international orientation. We have enshrined the requirement for compliance with relevant sanctions provisions in our Code of Conduct and Underwriting Guidelines. In addition, a Sanctions Screening Guideline is in place, stipulating when members of staff must perform sanctions screening with respect to the initiation of contracts and / or the payment of claims. A software-supported check continuously verifies whether the company’s data inventories include the names of persons who are subject to sanctions. If the software alerts the user to any such names, these are investigated in a two-step process. Contract formation or payment of funds is prevented if matches are determined. Each working day staff in Group Legal Services check the Official Journal of the European Union for changes in sanctions law on the EU level and publicise relevant changes Group-wide without delay.
With the aid of our Tax Guideline, which applies throughout the Group, a Tax Compliance System that is currently under development and the associated review of all relevant task areas, processes and responsibilities, we want to ensure – going forward, as in the past – that despite growing complexity we satisfy tax liabilities arising out of our international business operations in accordance with the respective national legal requirements.
All new members of staff go through compliance training when they join the Group. In 2017 altogether 70 employees received training in compliance requirements. In order to keep the workforce updated on compliance issues, we also use traditional communication channels such as the intranet and online newsletters.
Since June 2012 our DIN EN ISO 14001-certified environmental management system has been in place at our Hannover headquarters to protect the environment; in 2016 this was enhanced with the addition of a validated EMAS (Eco-Management and Audit Scheme) environmental statement. We have since published an environmental statement in accordance with the EMAS III Regulation on an annual basis. The environmental management system encompasses the Hannover sites of Hannover Rück SE, E+S Rückversicherung AG and International Insurance Company of Hannover SE (Inter Hannover SE) as well as the associated children’s daycare centre and hence covers roughly 43% of the global workforce.
|Goal to be achieved by 2017:|
Expansion of compliance concepts and guidelines in relation to specific topics
|Extension of compliance requirements in IT||A Cloud competence team was set up to ensure IT compliance with an eye to the growing number of Cloud-based projects. In 2017 altogether 15 Cloud projects were supported. An existing guideline was specially modified for the international offices to reflect new standards and IT requirements. In 2017 a system-supported process to assist with IT compliance control processes was implemented.|
|Expansion of the international compliance network||We organise an annual gathering of European Compliance Officers and also hold conference calls within this group in the other three quarters. In addition, a review of the compliance requirements under Solvency II was carried out.|