Reliable and compliant

“Rules are not an end in themselves”

Rita Wittmann, Director of the Legal & Compliance Division of UNIQA Insurance Group AG and UNIQA Österreich Versicherungen AG, talks about the exploding density of regulations, sensitive data and uncontrolled development in the regulatory jungle.

The Legal and Compliance departments were merged in 2016. What are the main priorities of your job?

We see ourselves as a service department for the Group. Insurance companies face major challenges because the density of regulations has practically exploded, and legal requirements are becoming increasingly strict. The implementation of these rules means an enormous effort for the Group, but I also view this as an opportunity: it is forcing us to develop efficient processes, to harmonise process flows, and to practise self-discipline. This leads to more transparency and efficiency, which in the final analysis benefits customers and the Company.

Customers aren’t always happy about all the questions that they have to answer now.

That’s true. They have to fill out a ton of forms and answer questions that are sometimes quite personal. But we aren’t doing this to spy on our customers; it’s because the regulatory net is getting tighter and we have to meet certain legal requirements. Let’s take the example of FATCA (Foreign Account Tax Compliance Act) & CRS (Common Reporting Standard): the implementation of these reporting laws, which are meant to facilitate international data exchange to prevent tax evasion and money laundering, means a lot of effort that basically does nothing for us (laughs). Aside from incurring costs. But seriously, this is sensitive data that no one likes to give up, and the value for the customer is not immediately apparent. This is why it is all the more important to do a good job of explaining the background so that customers can also go through a process of learning and rethinking – as with banking secrecy, which was the holy grail in Austria but can’t be upheld any longer.

Rita Wittmann (photo)

Rita Wittmann, 39,

has been responsible for Legal & Compliance since September 2016. Previously she was a lawyer at Schönherr Rechtsanwälte GmbH. A registered attorney since 2010, she studied law and international business. Before joining Schönherr in 2012, she worked as an associate at international and Austrian law firms for five years.

Stock exchange compliance, which was also strengthened in 2016, is also about secrets, right?

Various organisational measures, including the establishment of constant and project-related confidentiality areas inside the Company, have been introduced to prevent market abuse and guarantee compliance with legal requirements. People who work with confidential information, which of course includes the Management Board and the Supervisory Board, but also employees in departments such as Finance or Investor Relations, are receiving training in the basic rules of confidentiality.

What other tasks did you focus on in 2016?

An important topic in Group management was and is international compliance. The Group is represented in 18 countries, sometimes even with multiple companies, that we review with annual company visits. We ask questions, collect random samples, take a look at local documents and write reports about each country’s status. Since 2016 we also have an assessment tool that enables the countries to assess themselves by means of questions and answers in a traffic light system. Of course we check whether the countries’ self-reporting agrees with our background information. In the final analysis, the tool is meant to make those responsible at the local level more aware of their duties and to deepen their familiarity with the topic.

The implementation of the General Data Protection Regulation by 2018 – is this also a major topic?

Yes, because new functionalities had to be planned for our existing systems for administering contracts, so that we can meet the requirements of the General Data Protection Regulation. These include for example pseudonymisation, limitation of processing or ensuring data portability. The information obligations in data collection are being expanded comprehensively, and that makes the revision of several forms necessary. Achieving all of this in a timely manner requires enormous administrative and technical effort.

“Guidelines have a tendency to spiral out of control, but rules are not an end in themselves. They must be streamlined and manageable.”

When people hear data protection mentioned, they automatically think of whistleblowers. Do you have a hotline for informants?

We are currently setting up our own platform, which should start to be operational in the first half of 2017.

What could be reported there? Insurance fraud? Corruption?

Insurance fraud is dealt with primarily by the specialists in underwriting, but we want to dedicate more effort to this area because there is a lot of money lying around there. Corruption falls into the category of reputation compliance: our Code of Conduct, which is summarised in a handy brochure, defines – along with ethical and legal business management – reasonable modes of behaviour – with customers as well as with agencies, business partners and colleagues – as well as how to deal with gifts and invitations. Certainly there are no objections to small gifts or a modest invitation to dinner, but if the value of the gift exceeds €100, then permission has to be granted. Even stricter rules apply to dealing with officeholders.

How do you coordinate all of these internal rules?

We are currently working on streamlining and restructuring our policy management – both as an instrument of Group management and in terms of implementing new regulations. Our Governance Policy stands above all of this, defining how the Group functions. It includes, at various levels and in differing degrees of detail, policies, standards, guidelines and manuals – something like a set of internal laws that govern how processes are supposed to run. These provisions have to be aligned so that whenever we make an adjustment here or there, the equivalent part of the mechanism in Bosnia or in Slovakia also moves in parallel. Guidelines tend toward uncontrolled growth, but rules are not an end in themselves. They have to be streamlined and manageable. And above all they have to be practicable.