6. Business conduct (ESRS G1)

6.1 BUSINESS CONDUCT policies and Corporate culture (G1-1) and PreventiON and detection of corruption and bribery (G1-3)

Based on the guiding principles of “customer first”, “simplicity”, “integrity”, “responsibility” and “community”, the corporate strategy needs to be reflected in the corporate culture by the values it proclaims being established as fixed elements of the daily work performed by employees.

A corporate culture that is neither practised nor clearly or sufficiently communicated to employees can hinder employee development and significantly impair their performance in their daily work.

6.1.1 Internal policies and the EU Whistleblowing Directive

UNIQA’s corporate culture and the associated guiding principles are set out in the Code of Conduct. The Code establishes internal standards for ethical conduct that go beyond the applicable legal requirements and are binding for employees, and are the basis for relationships with customers, investors and other public bodies. The Code of Conduct has been adopted by the Management Board and communicated to all employees to whom it applies. Policies regarding business integrity and ethical principles are outlined in the Code on the basis of the UNIQA guiding principles. In addition, the Code also focuses on social and environmental aspects, such as etiquette, human rights and labour standards, and environmental protection. The Code of Conduct, the contents of which form part of the annual mandatory compliance training for employees, is publicly available online. Employee surveys and information sessions for employees permit UNIQA to evaluate its corporate culture.

Both the Group Compliance Policy and the Group Compliance Standard describe how the compliance functions are organised and contain regulations on key compliance topics, such as preventing corruption and handing reports of non-compliance. While the Group Compliance Policy applies without limitation to all fully consolidated companies, the Group Compliance Standard applies entirely to all (re)insurance companies. Certain sections of the Standard apply to branches and non-(re)insurance companies of material importance to UNIQA. Austria ratified the UN Convention against Corruption (UNCAC) in 2006. The Group Compliance Policy governs compliance with the provisions applicable in Austria and requires employees as well as the members of the Management Board and Supervisory Board to comply with the laws and internal regulations on preventing corruption. The UIG Compliance function established at the UNIQA Insurance Group level is responsible for preparing all regulations and introducing training opportunities for employees such as compliance conferences, compliance lectures or compliance presentations.

In 2023, Austria transposed the EU Whistleblowing Directive 2019/1937/EU into national law. Accordingly, UNIQA Insurance Group AG, in its capacity as a holding company, local (re)insurance companies and non-insurance companies that fall within the legal scope of the directive are required to establish internal whistleblowing reporting channels.

A failure to establish adequate safeguards for whistleblowers can deter them from reporting important information and result in negative impacts. A failure to consistently pursue reports of bribery and corruption can negatively impact the corporate culture and employee views on UNIQA’s integrity. In light of this, UNIQA set up a whistleblower portal back in 2018 where violations can be reported. (Re)insurance companies and non-insurance companies that fall within the scope of the EU Whistleblowing Directive either handle cases independently through their local compliance functions or through a defined independent body. Group Compliance is the central point of contact for non-insurance companies and for companies that have signed the Whistleblowing Service Agreement. Along with UNIQA employees, third parties may also submit reports of suspected non-compliance. Reports can be sent to the UIG Compliance function or local compliance functions on the portal, by post, by email or in person to a specified independent body, as well as to non-insurance companies that fall within the scope of the EU Whistleblowing Directive. Whistleblowers can report their suspicions by providing their details or, where local law permits, by submitting an anonymous report on the portal.

Once they have received a report, the whistleblowing officers acknowledge receipt of the report and review the case while maintaining the whistleblower’s anonymity and ensuring confidentiality. The whistleblower will receive feedback on the status of the case or find out whether it has been concluded within three months.

If allegations are made against an individual who works for UNIQA, the employees in question must be informed of the ongoing investigation, provided that the anonymity of the whistleblower is respected, and the investigation is not jeopardised as a result. The tasks of employees who handle reports of non-compliance are clearly separated from the responsibilities of the persons involved in the matter. In the event that allegations are made against employees, the People department (UNIQA HR) and the Works Council are notified in accordance with the Whistleblowing Works Agreement. Reports are handled in compliance with the dual control principle, whereby individuals against whom the report has been submitted are not permitted to handle the report in question. Whistleblowers enjoy legal protection if they have legitimate reason to believe that the information they reported was true at the time it was reported and that it falls under the scope of the law. In other words, it suffices if they believe the information they reported is correct. Employees are protected against any retaliation and the threat of retaliation arising from a report. The Whistleblowing Directive outlines examples of retaliation, including in particular:

• Suspension, termination of employment contracts or similar measures
• Demotions or being denied a promotion
• Reassignment to other tasks, change of place of work, salary reduction, change in working hours
• Not permitted to participate in training
• Negative performance assessment or issuance of a bad reference
• Disciplinary measures, complaints or other penalties, including financial penalties

In its capacity as an employer, UNIQA acknowledges that any unlawful retaliation against employees can have consequences under the Whistleblower Protection Act. The members of the Management Board and the Supervisory Board as well as the members of the Audit Committee receive an annual compliance report on the number, status and, if applicable, the results of investigations into individual reports. The reports in question may also involve topics such as corruption or bribery.

In order to prevent corruption, UNIQA has defined reporting and approval requirements to regulate payments in kind. Payments in kind, namely donations, sponsorships, gifts and invitations received and issued by employees are documented in the perquisite database, and reviewed and approved by Compliance, as necessary. The perquisite database is based on the Group Compliance Policy, the Group Compliance Standard and the Code of Conduct.

6.1.2 Identification and assessment of risks

Within UNIQA, certain functions are considered particularly vulnerable to corruption and bribery. At (re)insurance companies, these at-risk functions are identified by the local compliance function, whereas at non-(re)insurance companies and branches they are identified by the persons responsible for compliance-related topics. The following at-risk functions and employees have been identified for the (re)insurance companies:

• Members of the Management Board and members of the Supervisory Board and the related Supervisory Board committees
• Employees of the following departments:
• Procurement
• Sales
• Underwriting
• Claims Management
• Money Laundering Prevention and Sanctions
• Employees of the following governance functions pursuant to the Group Governance Policy:
• Compliance
• Actuarial Services
• Internal Audit
• Risk Management
• Employees with the following key functions pursuant to the Group Governance Policy:
• Financial and real estate management
• Reinsurance

In non-(re)insurance companies and branches, which primarily comprise real estate companies, service companies and pension and investment funds, the functions-at-risk vary depending on the business model and internal structures. In any case, the at-risk departments and functions at these companies include management and key management functions. Along with the functions identified for (re)insurance companies, real estate management and property development at the real estate companies and investment management at the pension funds were classified as functions-at-risk.

6.1.3 Training

Compliance risks, such as corruption and bribery, can result in significant economic and legal repercussions. These risks can be further exacerbated by the inadequate provision of sufficient information and training to employees.

Every year, all members of the Management Board and the Supervisory Board as well as employees receive mandatory training on preventing corruption and bribery. The training covers the following topics:

• Anti-corruption, including the definition of corruption and bribery
• Ethical conduct guidelines
• Donations and sponsorships
• Acceptance of benefits and how to properly report them
• Whistleblowing processes, including the reporting and investigation of violations
• Handling conflicts of interest

These training courses can be held in-person, as webinars or as e-learning courses. New employees are required to complete at least one hour of mandatory training on preventing corruption and bribery within the first three months of their employment relationship. The aim is to achieve comprehensive awareness of ethical conduct and legal requirements, and to ensure compliance with the relevant standards. Furthermore, compliance functions and employees of compliance departments must participate in external training at least once a year.

6.2 Management of relationships with suppliers (G1-2)

A responsible procurement strategy can positively contribute to achieving a sustainable value chain.

In addition to achieving an optimal price-performance ratio, procurement processes at UNIQA are designed to meet compliance and sustainability requirements. The Group Procurement Policy sets out guidelines to ensure that suppliers are not only economically sustainable but also act in a socially and ecologically sustainable manner. These guidelines are designed to optimise procurement processes on the basis of market comparisons and to ensure compliance requirements are met through adherence to standards. The policy applies to (re)insurance companies and large service providers. The Head of Group Procurement and the Management Board member for Operations, Data & IT are responsible for implementing the policy.

Detailed master data is collected on companies as part of the supplier registration process. Suppliers are expected to comply with and act according to the principles set forth in the UNIQA Code of Conduct. The UNIQA Code of Conduct contains the material, social and ecological criteria in accordance with the UN Global Compact. Annual surveys are conducted for UNIQA’s most important suppliers to verify compliance with international human rights standards – including standards stipulated by the International Labour Organisation (ILO) and the United Nations – as well as financial stability as part of the supplier evaluation to identify potential default risks among suppliers. Findings from the third-party risk management process launched in the fourth quarter of 2024 will be available in 2025. Based on this, targeted measures will be developed to reduce potential risks in the supply chain.

6.3 Confirmed incidents of corruption or bribery (G1-4)

There were no confirmed incidents of corruption, bribery or money laundering in the financial year. Furthermore, there were no confirmed violations of the law, and no fines imposed in relation to corruption, bribery or money laundering. As a result, no ad hoc measures were required.

For more information on the prevention and detection of corruption and bribery, see section 6.3.

6.4 Political influence and lobbying activities (G1-5)

Insufficient policies with regard to responsibilities, political engagement, lobbying activities and donations can result in UNIQA exerting public influence outside its sphere of interest. Political donations are governed by the Group Compliance Policy. Donations to political parties, their affiliated organisations or political candidates are prohibited under the policy. In line with strict requirements, only sponsorships of events organised by the aforementioned groups, as well as advertisements in the media of these groups, are permitted. In the financial year, no political donations were made.

One key task within the Legal & Compliance department, which is assigned to the Finance & Risk Management Board department, consists of coordinating lobbying activities, particularly in connection with participation in the “Insurance Europe” and “Association of Austrian Insurance Companies” interest groups. The focus here is on key regulatory issues that affect both UNIQA’s core business activities and its social responsibility.

UNIQA supports the efforts of the European Commission to mobilise private capital for investments in a climate-neutral Europe through the Action Plan for Sustainable Finance and the European Green Deal. The legislative projects being pursued to this end, including the Disclosure Regulation, the Taxonomy Regulation, the Corporate Sustainability Reporting Directive and the Corporate Sustainability Due Diligence Directive, do however present certain challenges for insurers due to their complexity and the short time frame for implementation.

UNIQA also supports the European Commission’s objective of making it easier for consumers to access financial products. However, the changes discussed in the context of the European Retail Investor Strategy, such as placing limits on commissions for insurance sales and introducing cost benchmarks, could make access to insurance-based investment products more difficult. After all, professional commission-based insurance advice helps all customers gain easier access to insurance products, avoids under- and over-coverage, and facilitates comparisons.

Digital innovations and artificial intelligence not only offer new economic opportunities, but also pose a number of challenges. A regulatory framework that does not hamper existing regulations while simultaneously opening up opportunities for digital innovation in Europe is required in this regard.

In order to provide transparency and comprehensive information with regard to its lobbying activities, UNIQA Insurance Group AG is registered in the EU Transparency Register under the number 908990192864-67. In addition, no members of UNIQA’s Management Board or Supervisory Board have held a position in public administration or with the regulatory authorities in the two years prior to their appointment.

Vienna, 17 March 2025