Compliance

By adhering to the highest standards, we ensure behaviour across the Group that is compliant and demonstrates integrity.

Our Code of Conduct (“Code”) is one of the key documents governing the management of risks and driving the culture within our company. It sets the framework and defines the basic compliance and integrity principles we adhere to globally. The Code is built on the five Swiss Re values, which guide us in making responsible decisions and achieving results using the highest ethical standards: integrity, team spirit, passion to perform, agility and client centricity.

The Code also offers practical guidance and examples for deciding the appropriate course of action and solving ethical dilemmas. It further sets out how all employees should react when they observe a possible breach of the principles in the Code. All employees are obligated to uphold both the letter and spirit of the Code, its policies and standards, and the Group’s corporate governance principles in their daily business activities, and to respect and obey applicable laws and regulations in all jurisdictions where we do business. In 2020, 90% of Swiss Re employees agreed their colleagues act ethically and with integrity (2019: 86%).

We regularly review and update the Code to reflect changes in regulations and principles. In 2020, updates were made to clarify Swiss Re’s commitment to mitigate conduct risks by taking decisions that account for our end-customers’ best interests. The Code is supported by detailed policies and standards that document Swiss Re’s requirements in line with applicable laws and regulations. It is available to our employees in eight languages: English, French, German, Italian, Japanese, Portuguese, Slovak and Spanish.

Assurance

Assurance activities to monitor adherence to the Code are a core part of our Compliance Programme. Compliance performs independent risk-based monitoring to ensure the adherence to and the efficiency of processes and controls mitigating our key compliance risks across Swiss Re. In 2019, we implemented a new data-driven strategy to set the foundation for continuous monitoring. In 2020, efforts to develop and implement our data-driven strategy to support us in identifying and generating meaningful insights continued.

Policies

Our Code addresses the following key compliance topics under two headings, “Our responsibility towards one another and Swiss Re” and “Our responsibility towards our business partners and society”:

Below we present additional information on some key topics in the Code:

Bribery and corruption

The Code addresses our position on bribery and corruption and, operationally, we have a Global Compliance Risk Framework for Anti-Bribery and Corruption (“Framework”), including policies, standards, training, assurance activities, enabling advice and tools to help manage this risk. The Framework is reviewed at least annually and updated as required. In 2020 it was updated to clarify the prohibition of giving cash and cash equivalent gifts. This year, we also performed industry benchmarking on the framework that confirmed our gift and hospitality register threshold requirements remain appropriately set in the context of our industry, regulatory requirements and risk exposure.

We recently implemented a new data analytics dashboard to support assurance activities by improving the monitoring capabilities of the framework. It provides an overview of gift and hospitality register entries and supplements other existing reports.

Bribery and corruption

Data protection

The Code highlights that we need to handle personal data with the greatest care and use it only for legitimate business purposes.

Our Global Framework on Data Protection, with a Global Policy and a Global Standard on Data Protection (supplemented by local Targeted Standards), addresses our commitment to protecting personal data and respecting privacy rights across our operations. Over the past few years our digital strategy has grown, resulting in increased data circulation. In 2020, a digital governance framework process was introduced to help mitigate privacy and other related risks (eg cyber and cloud amongst others) in a new fast-paced digital environment. This process helps all new digital projects follow our standards.

Within the broader Framework, we use internationally recognised data protection and privacy principles that ensure compliance with a complex and constantly changing set of laws and regulations, and we provide proper training and awareness sessions to our employees. Procedures for reporting security incidents and notifying on data breaches are also established.

We contribute thought leadership on data protection by conducting expert sessions during insurance industry events and by hosting events through Swiss Re Institute. In 2020, we hosted a Data Protection Symposium in front of a 200-person virtual audience. This year’s symposium looked toward the future of regulations including a new data ethics frontier, the need for technologies to build citizen trust into their design, digitalisation in insurance (including related new laws and trends), insights into data visualization and machine learning for actionable insights, and how behavioural economics plays a role in effective privacy policies.

Data protection

Money laundering, international trade controls and economic sanctions (ITC)

The Code draws attention to the risk of becoming involved in money laundering and emphasises the importance of due diligence. It additionally commits us to adherence to all applicable international trade and economic sanctions to protect us against entering into prohibited business arrangements.

Our Global Frameworks on Anti-money Laundering and Sanctions are supported by a Global Policy on Financial Crime and Sanctions and set out in detail key requirements and guidance in relation to our sanctions, anti-money laundering and counterterrorism financing efforts, including the reporting of any suspicious activities.

Money laundering and sanctions (ITC)

Sustainability and human rights

The Code includes our formal commitment to sustainability and human rights, providing a guiding principle for our efforts to act as a responsible company.

Reporting misconduct, whistleblowing and investigations

Swiss Re is strongly committed to maintaining a culture in which employees feel free to voice their concerns and report suspected misconduct. Accordingly, Swiss Re explicitly prohibits any retaliatory action against employees who report suspected misconduct in good faith and has implemented processes to support reporting. In 2020, training and awareness campaigns were launched to help nurture a “speak up” culture. Training was provided to line managers to support them in handling misconduct allegations received from employees. An internal awareness campaign featuring real Swiss Re misconduct cases titled “#SpeakUp”, was published to further employee understanding of the investigation process, encourage them to speak up if they suspect misconduct has occurred and remind them of all available reporting channels. A total of 87% of employees felt that if they thought misconduct had been or was being committed, they knew how to report it (ie whistleblowing).

Our Global Framework on Whistleblowing, which is supported by the Global Standard on Whistleblowing – updated in 2020 and available in seven languages – provides guidance on the kinds of misconduct that employees are encouraged to report, the available methods for reporting and how these reports are investigated. There are several channels (both internal and external) available for reporting alleged violations of the Code. For our employees, the options are described in the Code, the Global Standard on Whistleblowing, on our company intranet and on our externally hosted and independently operated whistleblowing hotline, which can be used anonymously (where legally permitted). Our whistleblowing hotline is also available to external reporters via our public website. The hotline includes translation services into numerous languages and is available worldwide.

All investigations of alleged Code violations involving an employee or an external contractor are handled by the Investigation Coordination Process (ICP). ICP, which is managed by the Compliance function, serves as a central coordination point across all Swiss Re offices globally that allows all investigations to be handled in a consistent and fair manner. If, following an investigation, the allegations are substantiated, ICP will issue recommendations regarding any appropriate disciplinary or non-disciplinary actions that should be taken. ICP also ensures that any such actions are applied consistently across the Group.

Misconduct cases are systemically presented and discussed with the Group Executive Committee, the Group Board, the Group Audit Committee as well as with legal entity boards as part of reports. In 2020, ICP cases reflected the following indicators:

• 76 cases were investigated by ICP in 2020 and 68 were closed.
• Of the 68 cases closed in 2020, 69% were substantiated and 31% were not substantiated.
• The reporting intake methods for the ICP cases that were investigated in 2020 were: through internal channels, including reporting directly to Compliance, via line managers and via Human Resources (74%), from external sources (11%), the whistleblowing hotline (8%) and process detection (8%).
• The categories of ICP cases investigated in 2020 included external fraud (33%), discrimination and harassment (including bullying) (18%), internal fraud (9%), insider trading (including accidental trading within a close period) (16%) and various other Code violations (24%) – none of these other violations individually exceeded 5%.
• Of the 76 cases that were investigated, 33% were due to the actions of external actors and 67% were due to the actions of internal personnel.
• Disciplinary actions, including termination, written warnings, verbal warnings and performance rating adjustments, were taken in 22% of substantiated cases. The relatively low percentage of such actions should not be taken as an indication of a weak Compliance culture. It is important to note that each investigation is fact- and circumstance-specific. There are certain circumstances where disciplinary actions are nearly always imposed, such as where active employees are found to have engaged in intentional misconduct. However, there are also circumstances where allegations are substantiated but may not lead to disciplinary action, such as cases involving unintentional breaches, cases where the perpetrator(s) cannot be identified, and cases involving external fraud. In cases involving unintentional conduct, in lieu of disciplinary action, non-disciplinary recommendations will be made, such as additional training activities or increased supervision.
• In each case, regardless of the outcome, ICP ensures that any lessons learned from the investigation are communicated within the Compliance function as well as to any relevant stakeholders. In addition, training and communications are updated, and controls and processes are adapted as necessary.

Training

All new permanent and temporary employees joining Swiss Re must undergo mandatory eLearning training called Compliance and our Culture. The eLearning focuses on the Code and additional ethical behaviour in accordance with Swiss Re’s values. It also includes individual modules on the following compliance topics:

• Anti-bribery and corruption
• Anti-money laundering and terrorist financing
• Conflicts of interest
• Data protection
• Fraud
• Fair competition
• Insider trading
• International trade controls and economic sanctions
• Licensing

Completion of the training is tracked, and instances of non-completion are escalated until resolution.

In March 2020, the annual attestation process was launched for all permanent and temporary employees to acknowledge personal accountability for complying with specific requirements related to the Code and Global Compliance Policies and Standards. These include, for the avoidance of doubt, responsibility for personal conflict of interest and gift and hospitality register disclosures.

In addition, we deliver mandatory global eLearning sessions to employees to remind them as well as increase their understanding of our key compliance risks and policy requirements. Last year, global eLearning sessions were delivered on insider trading, fair competition, and anti-bribery and corruption. Over the period from 2017 to 2020, we also conducted global eLearning sessions on the following compliance risks:

• Fraud
• Anti-money laundering
• Data protection
• International trade controls and economic sanctions
• Conflicts of interest
• Licensing and permanent establishment
• Bribery and corruption
• Fair competition
• Insider trading

In addition, local compliance officers regularly provide needs-based training on compliance risks tailored to their respective locations and/or areas of business.

Training on Code topics falling outside the Compliance mandate is managed similarly by the responsible functional areas.

In 2017, we enhanced the mandatory training escalation process for all Group-wide Compliance eLearning sessions to enable timely completion of assignments. Employees not complying with their mandatory eLearning assignments on time without valid reasons are subject to potential disciplinary action. This process continues working effectively today. For 2020, we achieved 100% completion of all mandatory eLearning assignments including new hire and refresher training.

Validity for third parties

Third parties representing Swiss Re – such as consultants, intermediaries, distributors and independent contractors – should be carefully selected and need to comply with the Code and relevant policies. When we work with such third parties, we provide them with information about the relevant requirements and, in the event of any infringements, take appropriate action, up to and including terminating a contract.

Policy governance

A policy management tool serves as a central place for finding Swiss Re policies and standards. Eight global policies contain more detailed principles all employees have to be aware of, supporting the principles set out in the Code. Where necessary, underlying global standards are in place to provide additional detail on the specific requirements.