Munich Re logo
Not if, but how

Explore Munich Re Group

Get to know our Group companies, branches and subsidiaries worldwide.

Binding rules of conduct for the Group

Compliance with applicable laws and internal standards is binding for all Munich Re (Group) employees. To ensure compliant conduct, we have created Group-wide minimum compliance requirements and suitable prevention and monitoring measures.

    alt txt



    Each individual employee at Munich Re (Group) is responsible for compliance. On the basis of the Munich Re (Group) Code of Conduct and additional (self-)commitments for responsible behaviour, all employees are obliged to act in an ethical and reliable manner. In doing so, they are to avoid any activity that might harm Munich Re (Group), and are to take business decisions in compliance with legal provisions, supervisory regulations and internal rules. Our managers have a special responsibility to integrate compliance as a fundamental component into the business processes. They have a role model function for their staff and the obligation to ensure that all actions within their area of responsibility comply with the law, statutes and internal rules. All employees receive the Code of Conduct and additional (self-)commitments for responsible behaviour, and complete an e-learning program on the Code of Conduct.

    ERGO attaches the greatest importance to high-quality customer advice. This is reflected in the fact that ERGO joined the Code of Conduct of the German Insurance Association (GDV) for the distribution of insurance products back in 2012. This code commits the participating insurers and their agents not only to high standards in terms of advice and mediation, but also to having their compliance regularly assessed by an independent auditor. KPMG has confirmed ERGO's effectiveness in implementing the contents of the Code for the third time.

    Group-wide Compliance Management System (CMS)

    Munich Re (Group) has developed a Compliance Management System (CMS) that is based on external standards and has been carefully tailored to Munich Re (Group) characteristics. The CMS is the methodological framework for the structured implementation of the early warning, risk control, advisory, and monitoring functions within Munich Re (Group).

    The CMS is designed

    • to prevent the violation of external and internal requirements by implementing norms and regulations, communication, training and advising of management and employees (Prevent);
    • to manage and monitor material compliance risks,  and to investigate and remediate any potential violations that may occur despite appropriate measures (Discover);
    • to regularly report about and to continuously improve the CMS (Respond).

    This approach is illustrated by the following graph:

    Compliance Culture
    Compliance culture frames our business activities and refers to the core values especially described in the Munich Re (Group) Code of Conduct – the central standard for behaviour of all Munich Re (Group) employees. 
    Compliance organisation refers to the design of the organisational setup of the Compliance function, including roles, responsibilities, and interfaces.
    Compliance norms reflect a set of minimum requirements mainly for adequate measures to prevent and mitigate material compliance risks.
    The advisory function responds to inquiries about case specific compliance topics or provides standardized advice and illustrates how to assess and mitigate compliance risks.
    Communication and training are aimed at raising awareness of compliance risks and dealing with them safely, both target group-oriented.
    The management of Compliance risks is based on a group-wide standardized methodology. Material compliance risks for the group are analysed regularly and reported to senior management. Risk focus areas include data protection, financial sanctions, antitrust law, money laundering, sales compliance, and corruption. The management of legal changes is part of the risk management to evaluate any potential impact of changes to the legal environment. 
    Monitoring assesses if the controls implemented to mitigate material compliance risks are adequately designed and operate effectively. 
    Internal investigations are conducted by the Compliance function when there is a suspicion or allegation of illegal activities and/or misconduct within the company. 
    Continuous improvement means to regularly review the CMS particularly with regard to the results of risk management and monitoring as well as internal investigations, and making adjustments where necessary.
    Compliance reports are submitted ad-hoc, regularly, and in the appropriate form to the relevant committees. 
    The scope and type of implementation of the compliance activities in an entity of Munich Re (Group) are based on its risk profile.


    Violations of internal or external rules and regulations may have severe consequences for Munich Re, our Group, our employees as well as our business partners – so preventing and/or identifying misconduct early on protects us all.

    In order to fulfil this requirement and live up to our high ethical standards, all of us at Munich Re are responsible for preventing, discovering and responding to potential compliance violations and as such are obliged to report suspected misconduct or violations. Munich Re takes any such indication for potential misconduct or compliance violations very seriously and diligently follows up on any suspicions.

    Whistleblowing portal

    As one of multiple channels to report potential misconduct and violations, Munich Re offers a secure and confidential whistleblowing portal.

    The whistleblowing portal can be found here:

    Via our whistleblowing portal anyone (see FAQ 1) can report potential compliance violations from anywhere in the world, at any time and if so desired, anonymously.

    When using the whistleblowing portal, Whistleblowers will be guided through the reporting process and can choose to file their reports with Group Compliance and Legal (GCL), the group wide Munich Re Ombudsperson and/or – where required by law – the respective compliance function(s) at specific local entities, which will then be responsible for following up on the report(s). 


    Anyone can report. This includes but is not limited to our own employees, our customers/clients, suppliers and other business partners as well as the general public. Anyone who decides to report is generally referred to as “Whistleblower”.

    Reports may cover potential compliance violations (which occurred or are very likely to occur) relating to, among others:

    • Corruption/ Bribery
    • Other white collar crime (fraud, embezzlement, etc.)
    • Data Protection
    • Antitrust/ Competition
    • Insider Trading/ Market Manipulation
    • Regulatory
    • Anti-money laundering (AML)
    • Sanctions
    • Information Security
    • Human Rights or other ESG aspects

      as well as other topics that do not necessarily fit into any of the abovementioned categories or that defeat the object or the purpose of any underlying rules or regulations (statutory or internal).

    For information on the complaint procedure under the Supply Chain Due Diligence Act (LkSG), please refer to the Rules of Procedure.

    Our experience, financial strength, efficiency and first-class service are what make Munich Re the first choice for all matters relating to risk. In addition to competence and performance, we place great emphasis on dealing fairly with our employees and business partners. This includes compliance with statutory regulations, with the company's internal Code of Conduct and the regulations resulting from it.

    You may have knowledge of behaviour or circumstances that could damage Munich Re, or in extreme cases, even threaten the company's continued existence. By providing the information, you can make an important contribution to identifying financial or reputational risks at an early stage, thereby preventing losses.

    The whistleblowing portal can be found here:

    You can choose to report to Group Compliance and Legal (GCL), the group wide Munich Re Ombudsperson and/or – where required by law – the respective compliance function(s) at specific local entities. Your report will only be visible for those compliance functions with whom you want to share the information.

    In addition to the whistleblowing portal, individuals may of course also reach out by post, by internal mail or by email to Munich Re’s Central Compliance Department (Group Compliance and Legal (GCL)) at:

    Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft
    München Group Compliance and Legal
    Königinstraße 107
    80802 München


    In case of personal notification, please make an appointment in advance via email.

    • Munich Re’s group wide Ombudsperson Markus Brinkmann. He can be contacted by telephone, post or e-mail (via your office or private PC):

      Markus Brinkmann
      Partner, Leiter Forensic, Risk & Compliance, CFE
      BDO AG Wirtschaftsprüfungsgesellschaft
      Fuhlentwiete 12
      20355 Hamburg, Germany

      In addition, he can be reached from the countries below toll-free on the numbers indicated, which are reserved for his activity as ombudsman:
      • Germany: 0800-66 45 89 5
      • USA: 866-77 85 03 0
      • Canada: 866-65 65 14 5 (direct dial)
      • UK: 0808-23 89 57 7
      • China (Beijing and Shanghai): Beijing: 10-800-712-2617
      • Shanghai: 10-800-120-2617 
      • Singapore: 800-12 05 333 
      • Poland: 00-800-12 13 62 9
      • Mexico: 001866-38 38 05 2

    From all other countries the ombudsman can be reached on the following number (calls charged at normal rates): 0049-40 33 47 53 74 35

    The ombudsman can be contacted from 9.00 a.m. to 7.00 p.m. CET. Should he be temporarily unavailable between the above times, you may leave a message on his voicemail.


    Finally, Munich Re employees who become aware or are suspicious of circumstances relating to compliance may first refer these within their immediate work environment, in particular to their line managers, their HR department, or the local/regional compliance officers. The data protection officer in Munich, who is bound to maintain confidentiality, is also available insofar as the protection of personal data is concerned.  

    Any report is appreciated and retaliation is not to be feared (also refer to FAQ 9). We encourage you to use the above contacts. In addition, anyone may report potential compliance violations to the respective competent authorities in their local jurisdiction.

    The detailed process steps are described on the whistleblowing portal:

    The input mask is available in German and English. The text input can of course be done in another language. It is free of charge and can be accessed from anywhere in the world and at any time.

    You will be guided through the reporting process in five steps, including a categorisation of the reported topic and selection of the compliance function you would like to report to. The incident can be reported in a free text field (up to 5,000 characters) or via upload of a file (up to 5MB). The whistleblowing portal also allows a set-up of a protected mailbox function (“postbox”, see FAQ 6) which allows the responsible compliance function to contact you in case there are any questions. 

    The responsible compliance function will follow up on your report, i.e. review the information and where required commence an investigation.

    Provided you have chosen to include a communication channel via which the responsible compliance function can contact you (e.g. via a protected mailbox function within the whistleblowing portal), you will also receive an acknowledgment of receipt of your report within seven days and further feedback no later than three months following your report.

    We therefore encourage you to set up the protected mailbox function within the whistleblowing portal as this will also allow the responsible compliance function to contact you in case there are any questions. 

    Yes, your report is confidential!

    You can choose to report anonymously or by name.

    Should you decide to give your name, we guarantee that your identity will only be disclosed to those persons directly concerned with processing the case. Once processing of the case has been concluded, your personal data will be deleted again.

    Either way, confidentiality and the protection of you as a Whistleblower is the top priority and guiding principle of our whistleblowing portal and all reports will be handled on a strict “need to know” basis. Your report will only be visible for those compliance functions with whom you want to share the information.

    Irrespective of the channel(s) used, confidentiality and the protection of those reporting potential compliance violations is the top priority and guiding principle of our whistleblowing portal, and all reports will be handled on a strict “need-to-know” basis.

    The principle of BKMS® is to protect the whistleblower's identity. The system's anonymity protection function is certified and can be verified by you at any time.

    Encryption and other special security methods ensure that your report remains anonymous at all times. At no time during the process will you be asked for personal information.

    The person in charge of your report will contact you via a secured postbox (also refer to FAQ 6) to provide information about the status of your report or to ask further questions if certain details need to be clarified - your anonymity will be always protected during this process.


    As long as you had reasonable grounds to believe that the information reported was true at the time of your report, you may not suffer any retaliation as a consequence for your report and any attempted retaliation would in itself be considered a severe compliance violation. If you feel that you are being intimidated or retaliated against as a result of your report, please contact the whistleblowing portal. Such intimidation or retaliation will also be reviewed and, if appropriate, further investigated in accordance with the procedures described above.

    Vice versa, suspecting another person of a compliance violation may have serious consequences for those implicated. For that reason, the whistleblowing portal is to be used responsibly. Whistleblowers are encouraged to only provide information whose correctness they are convinced about to the best of their knowledge and belief. If you deliberately make a false report, this would also qualify as a severe compliance violation and may have serious consequences under criminal and labour law.

    Further information