• G1-1

Policies adopted to manage the issue of ethical business conduct

The PZU Group shapes ethical standards in the financial sector, influencing both the behavior of its employees and business partners. It is also a signatory to the principles of the UN Global Compact, confirming its commitment to promoting responsible and sustainable development. The values and ethical principles applicable to PZU Group employees throughout the value chain are defined in the PZU Group’s Best Practices, adopted by the PZU Management Board.

  • stability;
  • integrity;
  • innovation;
  • responsibility.

The PZU Group’s Best Practices adopt norms and standards of conduct in relations with employees, customers, contractors and local communities, strengthening trust and transparency throughout the PZU Group ecosystem.

  • personal data protection;
  • equal opportunities;
  • information security;
  • intellectual property;
  • safe work environment;
  • asset protection;
  • clear rules for selecting suppliers;
  • transparent principles of cooperation;
  • fairness to competitors;
  • conflict of interest;
  • corruption and gift policy;
  • counteracting money laundering and terrorism financing;
  • reporting ethical problems and rules of conduct.

The obligation to comply with the adopted standards applies to all employees of the PZU Group, regardless of their position. The “Best Practices” have been made publicly available on the website of PZU Group, which means they are accessible to all stakeholders, including individuals responsible for their implementation. These practices serve as a unified framework of compliance standards and cover all PZU Group entities, with the exception of the Group’s banks, which have their own ethical codes.

The Pekao Group has a publicly available “Pekao Group Code of Conduct”, adopted by the Pekao Management Board, which contains the most important values and principles applicable to all areas of the Bank’s and its subsidiaries’ operations, including: acting in accordance with the law, internal regulations, recommendations of supervisory and control authorities and generally accepted market standards; striving to improve the quality of work and standards; building long-term relationships with clients based on mutual trust and transparent principles of cooperation; and knowing the risk culture, i.e. risk limits relating to the activities carried out, as defined by the Bank or other Pekao Group entities.

In Alior Group, on the other hand, values and standards of conduct are included in the Code of Conduct adopted by Alior Bank Management Board and publicly available. The code is based on the values of responsibility, openness, innovation and customer focus. In the Code of Conduct, the bank pointed out the responsibility of managers to promote, implement and adhere to ethics, took into account employee involvement, and stressed that equal treatment means treating all employees without prejudice, discrimination or favoritism based on any characteristic.

Other policies in the PZU Group are internal regulations such as operating procedures in the area of compliance, which are intended, among other things, to set standards for the performance of the compliance function in the PZU Group and to ensure effective management of compliance risk, including corruption risk. In the PZU Group, the compliance area is implemented systemically, in accordance with the adopted compliance rules. The Compliance Office operating in PZU is responsible for shaping systemic solutions in this area, acting as a competence center for standards of operation and issuing recommendations and guidelines to entities, especially as regards the implementation of internal regulations and laws.

PZU Group entities are subject to specific, different legal regimes such as insurance law and banking law.
Within the framework of creating internal processes in this regard, there are distinctions mandated by the obligation to apply specific provisions of generally applicable law. Separate internal regulations address issues of counteracting corruption, whistleblowing, personal data protection, anti-money laundering and countering the financing of terrorism, rules of conduct in relations with suppliers, sanctions policy or rules for accepting and giving gifts.

The PZU Group is constantly developing its corporate culture taking into account changing laws and business practices. An important element in the development of the PZU Group’s culture is the updating of internal rules and policies, and various entity-dependent activities to promote awareness of the compliance culture. These include the use of available information channels such as newsletters or compliance alerts, and compliance training. In PZU, the selection of training courses, methods of conducting them and their participants is carried out on the basis of the results of the systemic assessment of compliance risk, ongoing compliance monitoring and information obtained from PZU Group structures. Other examples of activities that develop organizational culture in the PZU Group include integrating teams, engaging employees in social and health-oriented initiatives, and organizing events that promote values, such as volunteer campaigns or anticorruption training described below. Evaluation of corporate culture is carried out, among other things, through employee satisfaction surveys, for example using the PZU Pulse. As part of the survey, employees confidentially share their opinions on important aspects of work, such as teamwork, feedback from the organization, and the implementation of PZU values in practice. The results of the survey are analyzed with the support of an external company and are used to plan further actions in the area of organizational culture.

PZU’s Management Board and Supervisory Board (including the Audit Committee) perform key supervisory and decision-making functions in the area of compliance and policy establishment within the PZU Group. The Management Board is responsible for the strategic management of non-compliance, which includes approving compliance policies and other internal regulations, promoting and strengthening standards of conduct within the organization, overseeing the operation of the compliance area, and reporting to the Supervisory Board in this regard. The Supervisory Board, through the Audit Committee, performs a supervisory function by giving its opinion on the selection of the head of the Compliance Office at PZU and receives periodic reports on the implementation of the compliance function.

In addition, the PZU Group entities have codes of ethics for members of Management and Supervisory Boards, and persons performing these functions make statements confirming their knowledge of them, which reinforces the bodies’ responsibility for overseeing compliance and ethical culture.

The PZU Group entities have separate rules for receiving and verifying whistleblower reports, as well as the procedures for handling reports and protecting whistleblowers adequate to the specific nature of the entities in question and the applicable requirements. The procedures adopted by the PZU Group entities comply with applicable laws, including the Act on the Protection of Whistleblowers. Entities that are not subject to legal requirements for whistleblower protection due to the number of employees, have implemented solutions for receiving and verifying reports of non-compliance that are adequate to their specific nature, such as allowing irregularities to be reported to a compliance email address or introducing confidentiality rules and conducting investigations with the protection of the whistleblower in mind. Regardless of the whistleblowing solutions implemented in entities, the PZU Group has channels for reporting violations to compliance units. All PZU Group suppliers can report human rights violations related to cooperation with the PZU Group entities to the e-mail address rzecznikklienta@pzu.pl.

In PZU and PZU Życie, acts or omissions that are unlawful or intended to circumvent the law should be reported in accordance with the whistleblowing procedure, which corresponds to the requirements of the Act of 14 June 2024 on the Protection of Whistleblowers. A whistleblower can be any individual who reports a violation or publicly discloses information about a violation obtained in a work-related context, including:

  • employee;
  • temporary employee;
  • person providing work on a basis other than an employment relationship, including under a civil law contract;
  • entrepreneur;
  • proxy;
  • shareholder or partner;
  • member of a body of a legal entity or an organizational unit without legal personality;
  • person performing work under the supervision and management of a contractor, subcontractor or supplier;
  • intern;
  • volunteer;
  • trainee.

Reports can be submitted through four channels: by phone (at +48 225822775), electronically (at sygnalista@pzu.pl), by traditional mail (to the Company’s address: Biuro Compliance (Compliance Department), Powszechny Zakład Ubezpieczeń Spółka Akcyjna or Powszechny Zakład Ubezpieczeń na Życie Spółka Akcyjna, Rondo Ignacego Daszyńskiego 4, 00-843 Warsaw, with a note: “report of violation – confidential”) or in person, e.g. during a face-to-face meeting with the person processing the report by prior appointment.

Reports of violations can be submitted anonymously (when the Whistleblower does not disclose information as to their identity) or by name (with disclosure of the Whistleblower’s data). The whistleblower, the person to whom the report relates, and the person assisting in making the report shall be ensured protection of personal data and full confidentiality of the information provided. It is prohibited to take retaliatory measures, make threats or attempt to do so on account of having made a report of a violation, against the whistleblower, persons associated with the whistleblower, and persons assisting the whistleblower in reporting a violation.

In PZU and PZU Życie, reports of suspicions and incidents that may indicate violations are handled by a separate unit, independent of operations, authorized to receive and verify reports and experienced in in conducting investigations. Its independence is ensured by appropriate placement in the organizational structure, unrestricted access to documents and information, as well as the right to formulate independent conclusions. The process involves a limited number of people who make a statement confirming that they have read and understood the procedure, will comply with it, and undertake to maintain the confidentiality of information and personal data obtained in connection with the report, even after the termination of the employment relationship or other legal relationship under which they performed these duties. In other PZU Group entities, the receipt and verification of reports is carried out in accordance with the applicable regulations. Reports are recorded and analyzed by designated compliance units, and investigative and corrective actions are taken if necessary.

In PZU and PZU Życie, information on the number of reports and the number of violations found, including those involving corruption and bribery, is reported periodically to the Management Board and the Supervisory Board of PZU. In other PZU Group entities, reporting to the governing and supervisory body is carried out in accordance with the practice established in these entities.

Previous topic
Application of corporate governance rules
Next topic
Management of relationships with suppliers and payment practices