Sound governance cannot be achieved through organisational structures, procedures and control mechanisms alone, but to a great extent rely on the commitment and dedication of all members of staff of the insurance company.

In this regard, the Law of 5 December 2017 amending the Solvency II Law reinforces the role of the board of directors as regards compliance risk management. In addition to establishing and supervising the integrity policy, the board of directors must annually provide the Bank with a report on the assessment of the proper functioning of the compliance function. In this way, the board of directors shall report on its responsibilities regarding compliance: in particular, it ensures that compliance risks are sufficiently detected and managed. Additionally, the Solvency II Law provides for the obligation for insurance companies to develop a whistleblowing system. 

It is important that the board of directors establish the strategic goals and business values of the insurance company, as well as the internal codes of conduct or formal rules, which determine how business is done in a spirit of integrity and engagement with the stakeholders of the company. These goals, values and codes are communicated and promoted throughout the company. For the application of these values, it is important that the management impose strict rules of conduct on itself and set the good example (tone at the top).

The internal rules of conduct cover subjects such as corruption, commercial gestures (voluntary bearing of costs for claims), accepting or giving gifts, undue self interest in transactions between staff and the company, and all sorts of other unethical or illegal conduct within the activities inside or outside the insurance company.

The insurance company must set up an appropriate organisation and procedures to find out whether or not the company’s members of staff are irreproachable. Apart from the usual checks at the time of recruitment, the insurance company must permanently take the necessary measures to supervise compliance by its staff with the legal and regulatory provisions relating to integrity and conduct.

Compliance with the company values and internal codes of conduct, and the effectiveness of the insurance company’s internal control, are promoted when there are channels available to staff to internally communicate, in good faith, legitimate concerns regarding significant breaches of these company values and codes or on the subject of unethical or illegal behaviour relating to aspects that are under the powers and supervision of the insurance company.

To that end, the insurance company shall provide for a procedure and information channel to directly or indirectly (ombudsman, compliance, internal audit) report complaints to the management outside the normal hierarchical channels. Bona fide whistleblowers shall be protected against direct or indirect disciplinary measures or decisions with equivalent effects. 

The proper functioning of the whistleblower policy relies on clear rules which clearly explain the subjects on which complaints may be lodged and what steps and escalation rules the procedure entails. The management shall ensure that the information provided by the whistleblowers is effectively investigated and that the necessary measures are taken to tackle irregularities.

The policy must be in line with the legislation on privacy and data protection (cf. the GDPR). Recommendations from the competent authorities on the subject can help the companies test their policies against these provisions.