We consider an efficiently functioning compliance structure to be an essential tool for ensuring adherence to external rules and regulations as well as requirements imposed in-house. Our compliance structure was therefore most recently reviewed in 2015 against the backdrop of compliance requirements associated with Solvency II. In the 2016 reporting year we updated our Corporate Compliance Organisational Manual (known as the Compliance Manual). This manual summarises the main activities in the area of corporate compliance. It also describes the responsibilities within our company, the interfaces between GLS-Compliance and other areas as well as the various components of the compliance organisation.
The Chief Compliance Officer and the Compliance Department inform employees about changes in laws insofar as they affect their work. A worldwide compliance network of responsible compliance officers at the international locations supports the Chief Compliance Officer in his duties and reports to him. This means that local compliance violations can also be reported directly outside the local hierarchy. The Executive Board is updated on major compliance issues and developments in a report compiled annually by the Chief Compliance Officer.
In the year under review we updated the guideline with respect to obtaining legal advice. This guideline is intended to set out for those of our employees who have contacts in general legal matters – such as the purchasing of services of all kinds, in connection with official proceedings or in case of legal disputes – a concrete and binding scope of action with respect to seeking legal advice and, in particular, to stipulate those instances in which such legal advice must be sought.
With a view to improving cooperation within the compliance network on the European level, we organise an annual gathering of European Compliance Officers. Supplementary to this, conference calls are held in the other quarters when the meeting does not take place. This brings about closer coordination and facilitates verification of the implementation of compliance measures.
The Compliance Department is complemented by several Compliance Committees, the members of which come from the business groups as well as from the areas of Legal, Finance, Accounting and Investments. The Compliance Committees examine certain reinsurance contracts with a special eye to compliance with supervisory law, accounting requirements and other standards.
Adherence to internal company policies is safeguarded by the cooperation between the Chief Compliance Officer and other departments including for example Group Auditing. A Web-based whistleblower system has also been set up for the Group companies so as to enable employees, customers and third parties to report – anonymously if they so wish – serious compliance violations in the respective local language or in English. Any tips and the resulting measures taken are included in the annual Compliance Report. In the year under review one tip was received through the Group-wide whistleblower system regarding alleged wrongdoing. Based on the investigations conducted to date, however, no indications have been found of wrongdoing on the part of the employees and companies involved in the incident. Employees throughout the Group are able to seek advice on compliance matters through an e-mail address linked to the Compliance Department.
Our new members of staff in Germany participate in our compliance training when they join the company; this covers, among other aspects, the topic of corruption and appropriate practices that are in conformity with the law. In the year under review three training activities were held for altogether 69 employees. In order to stay updated on compliance issues such as combating corruption, we use traditional communication channels such as intranet portals and online newsletters. Important information of company-wide relevance is made available to the workforce in the intranet.
The Compliance Report for the 2016 calendar year was submitted to the Finance and Audit Committee in March 2017. The report describes the structure and wide-ranging activities of our company in this connection. The findings of the separate data privacy reporting for the 2016 calendar year are also included in the Compliance Report. After in-depth explorations of topics such as directors' dealings, ad hoc and other notification obligations, the insider list, consultancy agreements, data privacy and international sanctions, the report concludes that only a few facts and circumstances were known that would suggest violations of compliance-related provisions. Altogether, ten compliance-related incidents were reported. After extensive examination of these incidents the necessary precautions were taken in order to ensure for the future that we are in conformity with the internal and external requirements governing our business operations. As a consequence of the incidents, we took a number of internal compliance and audit steps so as to improve the internal control system on the local level and at the interface between Home Office and branch.
Our annual compliance risk analysis was carried out in the year under review in cooperation with the areas of Human Resources Management, Accounting and Taxation. As a result of this risk analysis, the identified risks of non-compliance and the steps taken to prevent non-compliance were documented and examined with an eye to their adequacy.