Binding rules of conduct for the Group

Compliance with applicable laws and internal rules and principles is binding for all Munich Re (Group) staff. To ensure compliant conduct, we have created Group-wide rules, minimum compliance requirements and suitable information and documentation systems as prevention and monitoring measures.

Each individual employee at Munich Re (Group) is responsible for compliance. On the basis of our Code of Conduct and additional self-commitments for responsible behaviour, all staff are obliged to act in an ethical and reliable manner. In doing so, they are to avoid any activity that might harm Munich Re (Group), and are to take business decisions in compliance with legal provisions, supervisory regulations and internal rules. Our managers have a special responsibility to integrate compliance as a fundamental component into the business processes. They have a role model function for their staff and the obligation to ensure that all actions within their area of responsibility comply with the law, statutes and internal rules. All staff receive the Code of Conduct and additional self-commitments for responsible behaviour. Also, an e-learning programme has been developed and made available to for all staff.

For us, the full meaning of compliance is not simply adhering to the letter of the law, regulatory requirements and internal rules (in particular, those of the Code of Conduct), but also extends to making decisions and acting in the spirit of compliance. Compliance is therefore a basis for initiating and conducting business transactions, a platform for realising integrity, and a key element in our business processes.

In the primary insurance sector, ERGO is taking a progressive approach: On 1 July 2013, with the aim of establishing a clear business foundation for cooperation with insurance brokers, the ERGO was one of the first companies to commit to the Code of Conduct for selling insurance products which was initiated by the German Insurance Association (GDV). This voluntary commitment applies to all operational German ERGO subsidiaries that sell insurance products with the aim of ensuring the high quality of client consulting. The appropriate implementation of principles and measures to satisfy regulations was confirmed by an external auditor.

Group-wide Compliance Management System (CMS)

The compliance function is responsible for specifying the necessary organisational measures for compliance by Munich Re (Group), top and senior management, as well as employees, including monitoring such compliance. For this purpose, the compliance function has set up an appropriate compliance organisation across the Group, which is tailored to the structure, business activities, risks and particularities of Munich Re (Group)’s business model. The Munich Re (Group) Compliance Management System (CMS) is the methodical framework for the structured implementation of early warning, risk control, advisory and monitoring functions Group-wide:

The early-warning system evaluates the potential impact of any material emerging legal changes on the operations on Munich Re (Group). Therefore, Munich Re (Group) companies regularly report on changes in their legal environment (legal change risk).
Risk control duties include the identification, assessment, continuous observing, managing, and reporting of compliance risks within Munich Re (Group).
Monitoring refers to regularly reviewing the adherence to applicable external and internal requirements in Munich Re (Group).
Advisory means that the Munich Re (Group) compliance function and the Group-wide compliance organisation support and train top and senior management, managers, and employees on how to adequately prevent and respond to violations of external and internal requirements or reputation damaging behaviour.

Our CMS is designed to identify key compliance risks and thus prevent the violation of external and internal requirements and behaviour that puts Munich Re (Group)'s reputation at risk (prevention), to investigate any potential violations that may occur despite appropriate measures (detection), and to sanction and terminate breaches (response). The CMS is based on external standards and has been carefully adjusted to Munich Re (Group) characteristics. It consists of the following seven instruments:

Compliance Management System (CMS) — Seven instruments of the CMS

Compliance culture

As described above, our compliance culture serves as the foundation of our business activities. In accordance with the “tone from the top” principle, our top and senior executives are a living example of compliant conduct. The central standard for our behaviour is our Code of Conduct and additional self-commitments for responsible behaviour, which describe our understanding of values and have also been implemented by our subsidiaries. They contain binding rules for all Munich Re (Group) employees and, together with other policies, guidelines and work instructions, set the limits of our activities. All staff receive copies of the Code of Conduct and additional self-commitments for responsible behaviour. All breaches or incidents are thoroughly investigated and sanctioned within legally admissible limits. The Code of Conduct and additional self-commitments for responsible behaviour are regularly reviewed and amended as needed.

Compliance risk management

Our compliance risk management is the process to systematically identify compliance risks, analyse, mitigate and observe them Group-wide. Key compliance topics considered are, for example, fraud prevention, financial sanctions, sales compliance, data privacy, and antitrust law. In addition, each Group unit must identify any further compliance risks that are relevant for it, duly assess them, and document this in writing. The results of the compliance risk analysis are used to design the compliance measures. In addition, each unit prepares a compliance plan, which is submitted to senior management. An effective management of material legal changes happens timely to enable the necessary impact analysis and the implementation of adequate measures if necessary.

Organisation and procedures

Organisation and procedures: For us, this CMS-element means the organisational set-up of the compliance function, the Group-wide compliance organisation, and their interfaces. Our compliance department monitors Munich Re (Group)’s compliance activities through Group-wide standards and a network of regional and local compliance officers. This also includes monitoring the handling of compliance topics which are not assigned to the compliance department, but are nevertheless compliance-relevant. We comply with fit and proper criteria when filling key positions.

We consult, communicate with, and train

We consult, communicate with, and train our target groups. Our compliance organisation answers staff questions on compliance matters. In addition, we run regular training sessions on compliance topics, in order to raise awareness of compliance, strengthen the compliance culture at Munich Re (Group), and increase confidence in dealing with compliance risks. For example, for our staff reaching out to customers and business partners we run regular training sessions on compliant handling of gifts and invitations. Our governance training for managers enhances their understanding of compliance and strengthens their cooperation within the governance functions.

Compliance Reporting

Our Compliance Reporting is issued to the Board of Management and the Supervisory Board’s Audit Committee ad hoc and quarterly. This includes information on compliance risks and key topics, legal changes, compliance violations and other incidents, the results of special investigations, and any measures implemented, including any sanctions for breaches. For this purpose, we have implemented a reporting process from Group companies to the compliance function. Corresponding reporting to the local management and supervisory bodies is also performed at the Group companies themselves.

Monitoring

Our monitoring includes the regular review of controls implemented to mitigate compliance risks and to the assessment of their design and operational effectiveness. Therefore, we have implemented risk-based monitoring instruments. All units report regularly on both the implementation of CMS standards as well as on significant compliance violations and other incidents, and emerging legal changes. The Supervisory Board’s Audit Committee monitors CMS effectiveness including the whistleblowing system.

Documenting

Documenting the CMS: We document all Munich Re (Group) compliance activities clearly, comprehensibly and transparently. The documentation is reviewed regularly and retained for ten years as a matter of principle.

The scope and extent to which compliance activities for these seven CMS elements are implemented are based on the risk profile of the respective Group company, though minimum compliance requirements are mandatory for every entity.

Direct channels of communication and whistleblower anonymity

Munich Re (Group) has a Group-wide system for reporting violations of rules and laws. This system enables the Group Chief Compliance Officer (GCCO) to quickly report potential violations to the Board of Management. The GCCO is the first contact for all compliance questions and assists the Board of Management in developing and implementing organisational measures. Staff members can report infringements and violations to Compliance, their line manager, or to Internal Audit. In addition, an external, independent ombudsman may be contacted. A further whistleblowing channel is available to make the CMS even more robust: A Compliance Whistleblowing Portal is available to all staff and third parties for reporting compliance violations. Information can be provided anonymously or by using your name. If legally possible, anonymity is guaranteed.