7. Business conduct (ESRS G1)

7.1 Business conduct policies and corporate culture (G1-1) and prevention and detection of corruption and bribery (G1-3)

Based on the guiding principles of “customer first”, “simplicity”, “integrity”, “responsibility” and “community”, the corporate strategy needs to be reflected in the corporate culture by the values it proclaims being established as fixed elements of the daily work performed by employees.

A corporate culture that is neither practised nor clearly or sufficiently communicated to employees can hinder employee development and significantly impair their performance in their daily work.

7.1.1 Internal policies and the EU Whistleblowing Directive

Code of Conduct

UNIQA’s corporate culture and the associated guiding principles are set out in the Code of Conduct. The Code establishes internal standards for ethical conduct that go beyond the applicable legal requirements and are binding for employees, and form the basis for relationships with customers, investors and other public bodies. The Code of Conduct has been adopted by the Management Board and communicated to all employees within its scope of application. The scope essentially corresponds to that of the Group Compliance Standard. Based on UNIQA’s guiding principles, the Code of Conduct summarizes regulations on business integrity and ethical principles. In addition, the Code focuses on social and environmental aspects, such as etiquette, human rights and labour standards, and environmental protection. The Code of Conduct, the contents of which form part of the annual mandatory compliance training for employees, is publicly available online. Regular employee surveys and information sessions for employees permit UNIQA to evaluate its corporate culture.

Group Compliance Policy and Group Compliance Standard

Both the Group Compliance Policy and the Group Compliance Standard describe how the compliance functions are organised and contain regulations on key compliance topics, such as prevention of corruption and handling of reports of non-compliance. The Group Compliance Policy and the Group Compliance Standard apply to all (re)insurance companies and all fully consolidated non-(re)insurance companies and branches of material importance to UNIQA.

Austria ratified the UN Convention against Corruption (UNCAC) in 2006. The Group Compliance Policy governs compliance with the provisions applicable in Austria and requires employees as well as the members of the Management Board and Supervisory Board to comply with the laws and internal regulations on preventing corruption. The Group Compliance function is part of the Legal & Compliance department in the Finance & Risk function of the Management Board and reports directly to the Management Board, the Risk Committee and the Supervisory Board on a quarterly basis. In addition, Group Compliance has ad hoc reporting obligations to the Management Board and the Supervisory Board. Once a year, the function submits a report to the Audit Committee, and the activity report (annual report) is submitted to the Management Board and Supervisory Board.

Whistleblowing

In 2023, Austria transposed the EU Whistleblowing Directive 2019/1937/EU into national law. Accordingly, UNIQA Insurance Group AG, in its capacity as a holding company, local (re)insurance companies and non-insurance companies that fall within the legal scope of the directive are required to establish internal whistleblowing reporting channels and to post the link to the dedicated whistleblowing platform on its intranet and website.

A failure to establish adequate safeguards for whistleblowers can deter them from reporting important information and result in negative impacts. A failure to consistently pursue reports of bribery and corruption can negatively impact the corporate culture and employee views on UNIQA’s integrity. (Re)insurance companies and non-insurance companies that fall within the scope of the EU Whistleblowing Directive either handle cases independently through their local compliance functions or through a defined independent body. Along with UNIQA employees, third parties may also submit reports of suspected non-compliance. Reports can be sent to the Group Compliance function or local compliance functions on the portal, by post, by e-mail or in person to a specified independent body, as well as to non-insurance companies that fall within the scope of the EU Whistleblowing Directive. Whistleblowers can report their suspicions by providing their details or, where local law permits, by submitting an anonymous report on the portal.

Once they have received a report, the whistleblowing officers acknowledge receipt of the report and review the case while maintaining the whistleblower’s anonymity and ensuring confidentiality. The whistleblower will receive feedback on the status of the case or find out whether it has been concluded by no later than three months.

If allegations are made against an individual who works for UNIQA, the employees in question must be informed of the ongoing investigation, provided that the anonymity of the whistleblower is respected and the investigation is not jeopardised as a result. The tasks of employees who handle reports of non-compliance are clearly separated from the responsibilities of the persons involved in the matter. If allegations are made against employees, the Works Council is notified promptly in accordance with the Whistleblowing Works Agreement, and, if there are any indications of potential implications under labour law, the People department (UNIQA HR) and the relevant manager are likewise notified promptly. Reports are handled in compliance with the dual control principle, whereby individuals against whom the report has been submitted are not permitted to handle the report in question. Whistleblowers enjoy legal protection if they have legitimate reason to believe that the information they reported was true at the time it was reported and that it falls under the scope of the law. In other words, it suffices if they believe the information they reported is correct. Employees are protected against any retaliation and the threat of retaliation arising from a report. The Whistleblowing Directive outlines examples of retaliation, including in particular:

• Suspension, termination of employment contracts or similar measures

• Demotions or being denied a promotion

• Reassignment to other tasks, change of place of work, salary reduction, change in working hours

• Not permitted to participate in training

• Negative performance assessment or issuance of a bad reference

• Disciplinary measures, complaints or other penalties, including financial penalties

In its capacity as an employer, UNIQA acknowledges that any unlawful retaliation against employees can have consequences under the local Whistleblower Protection Act. The members of the Management Board and the Supervisory Board as well as the members of the Audit Committee receive an annual compliance report on the number, status and, if applicable, the results of investigations into individual reports. The reports in question may also involve topics such as corruption or bribery.

To prevent corruption, UNIQA has defined reporting and approval requirements to regulate payments in kind. Payments in kind, namely donations, sponsorships, gifts and invitations received and issued by employees are documented in the perquisite database, and reviewed and approved by Compliance, as necessary. The perquisite database is based on the Group Compliance Policy, the Group Compliance Standard and the Code of Conduct.

Money laundering prevention, financing of terrorism and sanctions

The Group Sanctions Compliance Policy defines responsibilities and internal guidelines for preventing violations of financial and economic sanctions as well as embargoes. It also stipulates that a penalty clause must be included in all insurance contracts. To prevent money laundering and the financing of terrorism, the Group Anti Money Laundering Policy establishes responsibilities and internal reporting processes for the life insurance business line. The Head of Anti-Money Laundering and Sanctions oversees their implementation.

To ensure compliance with these requirements, UNIQA uses a Group screening solution that automatically checks the entire insurance customer base against sanctions and PEP (politically exposed persons) lists on a regular and ad hoc basis – prior to payments, for instance. A separate sanctions check is required for each transaction from high-risk countries.

National and international sanctions measures are monitored as part of the ongoing monitoring process. The Management Board and relevant stakeholders are informed on an ad hoc basis about changes and the resulting measures that need to be implemented.

An annual training course was held for members of the Management Board and Supervisory Board in the financial year. It was also conducted for various specialist departments and sales units. Issues such as sanctions, money laundering prevention and suspicious transaction reports likewise form part of the onboarding training provided to new employees. These training courses impart practical knowledge on current legal requirements and internal processes. All employees must complete the e-learning course on money laundering prevention and terrorism financing once a year.

UNIQA has Group-wide policies in place, compliance with which is regularly reviewed by the Group functions responsible for money laundering prevention and compliance with sanctions. Company visits and reviews of selected key areas are also conducted in this regard.

In addition, the aforementioned topics are an integral part of the quarterly or, if necessary, ad hoc reports submitted to the Management Board, Supervisory Board and relevant committees.

7.1.2 Identification and assessment of risks

Within UNIQA, certain functions are considered particularly vulnerable to corruption and bribery. At (re)insurance companies, these at-risk functions are identified by the local compliance function, whereas at non-(re)insurance companies and branches they are identified by the persons responsible for compliance-related topics. The following at-risk functions and employees have been identified for the (re)insurance companies:

• Members of the Management Board and members of the Supervisory Board and the related Supervisory Board committees

• Employees of the following departments:

  • Procurement

  • Sales

  • Underwriting

  • Claims Management

  • Money Laundering Prevention and Sanctions

• Employees of the following governance functions pursuant to the Group Governance Policy:

  • Compliance

  • Actuarial Services

  • Internal Audit

  • Risk Management

• Employees with the following key functions pursuant to the Group Governance Policy:

  • Financial and real estate management

  • Reinsurance

In non-(re)insurance companies and branches, which primarily comprise real estate companies, service companies and pension and investment funds, the functions-at-risk vary depending on the business model and internal structures. In any case, the at-risk departments and functions at these companies include management and key management functions. Along with the functions identified for (re)insurance companies, real estate management and property development at the real estate companies and investment management at the pension funds were classified as functions-at-risk.

7.1.3 Training

Compliance risks, such as corruption and bribery, can result in significant economic and legal repercussions. These risks can be further exacerbated by the inadequate provision of sufficient information and training to employees.

Every year, all members of the Management Board and the Supervisory Board as well as employees receive mandatory training on preventing corruption and bribery. The training covers the following topics:

• Anti-corruption, including the definition of corruption and bribery

• Ethical conduct guidelines

• Donations and sponsorships

• Acceptance of benefits and how to properly report them

• Whistleblowing processes, including the reporting and investigation of violations

• Handling conflicts of interest

These training courses can be held in-person, as webinars or as e-learning courses. New employees are required to complete at least one hour of mandatory training on preventing corruption and bribery immediately (within the first six months) upon commencement of their employment relationship. The aim is to achieve comprehensive awareness of ethical conduct and legal requirements, and to ensure compliance with the relevant standards. Furthermore, compliance functions and employees of compliance departments must participate in external training at least once a year.

7.2 Management of relationships with suppliers (G1-2)

A responsible procurement strategy can positively contribute to achieving a sustainable value chain.

In addition to achieving an optimal price-performance ratio, procurement processes at UNIQA are designed to meet compliance and sustainability requirements. The Group Procurement Policy sets out guidelines to ensure that suppliers are not only economically sustainable but also act in a socially and ecologically sustainable manner. These guidelines are designed to optimise procurement processes based on market comparisons and to ensure compliance requirements are met through adherence to standards. The policy applies to (re)insurance companies and large service providers. The Head of Group Procurement and the Management Board member for Operations, Data & IT are responsible for implementing the policy.

Detailed master data is collected on companies as part of the supplier registration process. Suppliers are expected to comply with and act according to the principles set forth in the UNIQA Code of Conduct. The UNIQA Code of Conduct contains the material social and environmental criteria in accordance with the UN Global Compact. Annual surveys are conducted for UNIQA’s most important suppliers to verify compliance with international human rights standards – including standards stipulated by the International Labour Organisation (ILO) and the United Nations – as well as financial stability as part of the supplier evaluation to identify potential default risks among suppliers.

A risk assessment process for suppliers is geared towards preventing violations of labour law. Group Procurement carries out structured risk assessment based on digitalised surveys that consist of financial, procurement and ESG criteria. Based on this assessment, the suppliers are assigned to one of four risk classes (A to D). In close coordination with the Third Party Risk Management department and following confirmation by the Management Board, the current focus of the risk assessment has been placed on IT suppliers and service providers. Depending on the risk classification, suppliers are reassessed every three or five years. Likewise, in the event of a negative evaluation (risk category D), appropriate measures are taken, which may include the termination of contracts or blacklisting.

7.3 Confirmed incidents of corruption or bribery (G1-4)

There were no confirmed incidents of corruption, bribery or money laundering in the financial year (2024: 0). Furthermore, there were no (2024: 0) confirmed violations of the law, and no (2024: 0) fines imposed in relation to corruption, bribery or money laundering.

In the financial year, there was one (2024:0) case in which a contract with a business partner was not renewed due to identified risks of corruption or bribery. No further ad hoc measures were required.

For more information on the prevention and detection of corruption and bribery, see the sections above.

7.4 Political influence and lobbying activities (G1-5)

Insufficient policies regarding responsibilities, political engagement, lobbying activities and donations can result in UNIQA exerting public influence outside its sphere of interest. Political donations are governed by the Group Compliance Policy. Donations to political parties, their affiliated organisations or political candidates are prohibited under the policy. In line with strict requirements, only sponsorships of events organised by the aforementioned groups, as well as advertisements in the media of these groups, are permitted. Detailed regulations are set out in the Group Compliance Policy. In the financial year, 0 (2024: 0) political donations were made.

One key task within the Legal & Compliance department, which is assigned to the Finance & Risk Management Board department, consists of coordinating lobbying activities, particularly in connection with participation in the “Insurance Europe” and “Association of Austrian Insurance Companies” interest groups. This is handled by the employees responsible for public relations and regulatory affairs, after consulting with the specialist departments and Group companies on the content. The focus here is on key regulatory issues that affect both UNIQA’s core business activities and its social responsibility.

UNIQA supports the efforts of the European Commission to mobilise private capital for investments in a climate-neutral and digital Europe through the Action Plan for Sustainable Finance and the European Green Deal. However, the legislative projects being pursued to this end, including the Disclosure Regulation, the Taxonomy Regulation, the Corporate Sustainability Reporting Directive and the Corporate Sustainability Due Diligence Directive, present certain challenges for insurers due to their complexity and the short time frame for implementation.

UNIQA also supports the European Commission’s objective of making it easier for customers to access financial products. However, the changes discussed in the context of the European Retail Investor Strategy, such as placing limits on commissions for insurance sales and introducing cost benchmarks, could make access to insurance-based investment products more difficult. After all, professional commission-based insurance advice helps all customers gain easier access to insurance products, avoids under- and over-coverage, and facilitates comparisons.

Digital innovations and artificial intelligence not only offer new economic opportunities but also pose several challenges. A regulatory framework that does not hamper existing regulations while simultaneously opening up opportunities for digital innovation in Europe is required in this regard.

To provide transparency and comprehensive information with regard to its lobbying activities, UNIQA Insurance Group AG is registered in the EU Transparency Register under the number 908990192864-67. In addition, no members of UNIQA’s Management Board or Supervisory Board had held a position in public administration or with the regulatory authorities in the two years prior to their appointment.

Vienna, 16 March 2026