Binding rules of conduct for the Group

Compliance with applicable laws and internal standards is binding for all Munich Re (Group) employees. To ensure compliant conduct, we have created Group-wide minimum compliance requirements and suitable prevention and monitoring measures.

Each individual employee at Munich Re (Group) is responsible for compliance. On the basis of the Munich Re (Group) Code of Conduct and additional (self-)commitments for responsible behaviour, all employees are obliged to act in an ethical and reliable manner. In doing so, they are to avoid any activity that might harm Munich Re (Group), and are to take business decisions in compliance with legal provisions, supervisory regulations and internal rules. Our managers have a special responsibility to integrate compliance as a fundamental component into the business processes. They have a role model function for their staff and the obligation to ensure that all actions within their area of responsibility comply with the law, statutes and internal rules. All employees receive the Code of Conduct and additional (self-)commitments for responsible behaviour, and complete an e-learning program on the Code of Conduct.

ERGO attaches the greatest importance to high-quality customer advice. This is reflected in the fact that ERGO joined the Code of Conduct of the German Insurance Association (GDV) for the distribution of insurance products back in 2012. This code commits the participating insurers and their agents not only to high standards in terms of advice and mediation, but also to having their compliance regularly assessed by an independent auditor. KPMG has confirmed ERGO's effectiveness in implementing the contents of the Code for the third time.

Group-wide Compliance Management System (CMS)

Munich Re (Group) has developed a Compliance Management System (CMS) that is based on external standards and has been carefully tailored to Munich Re (Group) characteristics. The CMS is the methodological framework for the structured implementation of the early warning, risk control, advisory, and monitoring functions within Munich Re (Group).

The CMS is designed

to prevent the violation of external and internal requirements by implementing norms and regulations, communication, training and advising of management and employees (Prevent);
to manage and monitor material compliance risks, and to investigate and remediate any potential violations that may occur despite appropriate measures (Discover);
to regularly report about and to continuously improve the CMS (Respond).

This approach is illustrated by the following graph:

Compliance culture

Compliance culture frames our business activities and refers to the core values especially described in the Munich Re (Group) Code of Conduct – the central standard for behaviour of all Munich Re (Group) employees.

Compliance organisation

Compliance organisation refers to the design of the organisational setup of the Compliance function, including roles, responsibilities, and interfaces.

Compliance norms

Compliance norms reflect a set of minimum requirements mainly for adequate measures to prevent and mitigate material compliance risks.

Advisory function

The advisory function responds to inquiries about case specific compliance topics or provides standardized advice and illustrates how to assess and mitigate compliance risks.

Communication and training

Communication and training are aimed at raising awareness of compliance risks and dealing with them safely, both target group-oriented.

Management of Compliance risks

The management of Compliance risks is based on a group-wide standardized methodology. Material compliance risks for the group are analysed regularly and reported to senior management. Risk focus areas include data protection, financial sanctions, antitrust law, money laundering, sales compliance, and corruption. The management of legal changes is part of the risk management to evaluate any potential impact of changes to the legal environment.

Monitoring

Monitoring assesses if the controls implemented to mitigate material compliance risks are adequately designed and operate effectively.

Internal investigations

Internal investigations are conducted by the Compliance function when there is a suspicion or allegation of illegal activities and/or misconduct within the company.

Continuous improvement

Continuous improvement means to regularly review the CMS particularly with regard to the results of risk management and monitoring as well as internal investigations, and making adjustments where necessary.

Compliance reports

Compliance reports are submitted ad-hoc, regularly, and in the appropriate form to the relevant committees.

The scope and type of implementation of the compliance activities in an entity of Munich Re (Group) are based on its risk profile.

Direct channels of communication and whistleblower anonymity

Munich Re (Group) has a Group-wide system for reporting violations of rules and laws. This system enables quick reporting on this to the responsible management body. Employees can report plausible indications on possible violations to Group Compliance and Legal or their direct manager. In addition, an external, independent ombudsman may be contacted or the Compliance Whistleblowing Portal. This is available to all employees and third parties for reporting compliance violations (also anonymously).