Compliance is about more than just following applicable laws and regulations; in fact, it includes all of the strategies for proper behaviour by a company. This includes adherence to laws and rules imposed by the regulator, but also compliance with internal company guidelines and directives.
Breaches of compliance guidelines, unlawful conduct and failure to comply with internal company standards can have far-reaching consequences for a company. These include claims for damages and monetary fines, which can inflict both financial and major reputational damage on a company. A company with a sustainable focus does everything in its power to prevent this sort of damage from occurring.
“A sustainable compliance management system creates a situation in which employees adhere to laws, standards and directives because they understand them and believe them to make sense”, explains Silvia Kalbermatten, Deputy Head of Group Compliance at Baloise. She uses a road traffic situation as an example of Baloise’s compliance structure: “Imagine a roundabout. Our compliance approach promotes a fundamental attitude and creates an overall framework – a roundabout – so that people can decide for themselves how they want to move around within the roundabout. This means that our role is more about providing advice and information. We want people to stick to the rules because they understand them”. This explains why all training sessions at Baloise are structured to ensure that participants understand the topics as opposed to just having to tick the right answer. “The opposite of our roundabout system would be a traffic light system. Traffic lights are either red or green. There is no leeway for anything in-between, and employees’ conduct is painstakingly controlled. This is exactly the sort of control culture we want to avoid”.
At Baloise, the Group Compliance department and the local Compliance Offices are responsible for drafting, advising on, providing training on and monitoring adherence to ethical and regulatory requirements. They act as a port of call for all internal departments, in particular in key compliance-related matters: data protection, anti-money laundering, bribery, corruption, competition law. Depending on their role, employees have to complete different training sessions on these key topics. “For example, it is important for employees to understand why customers should be put in bcc as opposed to in cc when mass emails are sent out, namely so that the addressees cannot see the email addresses of other customers. Cloud applications are another important topic. The cloud directive requires all employees to submit an application to the Cloud Board before personal data is passed on to be stored externally. Another question that is answered, for example, is which invitations and gifts can be accepted and which cannot. The content of meetings with other insurance companies is another very sensitive matter, and there are clear rules on how to deal with this issue. Last but not least, employees can always find information on who to contact if they suspect inadmissible behaviour”, explains Silvia Kalbermatten.
Our Baloise Code of Conduct applies to all employees, who undergo regular interactive refresher training sessions on the Code. The Code of Conduct serves as a guideline for our everyday behaviour, contains general legal principles and is our standard for ethical conduct. It is the basis for our collaboration with customers, colleagues, partners, shareholders and the public.