This document explains the process utilized by the Generali Group to manage concerns reported in accordance with the Group Code of Conduct.
In the majority of cases reported to managers, the reporter will have the expectation that the case will be handled informally by the manager and not escalated to other departments. Where the manager is unable to informally resolve the concern, because of its seriousness, nature or their lack of impartiality, the concern will be sent to the Compliance Officer(1) for its management.
(1) The Group Compliance Risk Management System Policy qualifies the Compliance Function as independent from any operational function. The Compliance Officer reports to the Board of Directors.
The Generali Group provides several alternative reporting channels in addition to local management:
Once reported, the case will be assessed to identify the appropriate Compliance Officer for the management of the concern.
The case will be assigned based on the Generali Group Rules on handling concerns and this means that cases are normally assigned to the local company Compliance Officer, other than in the following cases:
| Cases Involving | Assignment of Concern |
|---|---|
| Company top management | Business Unit or Group Compliance Officer |
| Local or Business unit Compliance Officer | Group Compliance Officer |
| Group Compliance Officer | Chairman of the Board of Directors of Assicurazioni Generali |
Cases reported via the Generali Group Compliance Helpline are automatically assigned to the appropriate compliance officer, following the above mentioned rules.
The Business Unit/Group Compliance Officers may be based in a country, other than where the concern took place; however, any information will be handled in accordance with local legislation.
When submitting a concern, the reporter should provide the following information to assist the process for the assignment of the case:
The above information will also assist the identification of cases where local law restricts the use of the reporting channels.
The evaluation and investigation of the case will be undertaken with the utmost confidentiality and the relevant information will be shared between the Compliance Function and other persons on a strictly need‐to‐know basis.
A preliminary evaluation will be undertaken to ensure that the appropriate Compliance Function handles the case and that the case is sufficiently detailed to enable an investigation.
Once the preliminary evaluation is completed, the Compliance Function will start investigating the case, with support from Internal Audit and other external professional advisors, as required.
Following the investigation, the Compliance Function will identify any remedial measures that are required.
Where disciplinary sanctions may be appropriate, the Compliance Function will involve Human Resources in the process.
All remedial measures will be submitted to the company CEO/administrative body for final decision.
All the reported cases within Generali Group will be recorded on EthicsPoint database, other than those that are handled informally.
The access to the individual cases is defined on a case by case basis, and is limited to the Compliance Function and, where relevant and only on a need‐to‐know basis, to the persons handling the investigations.
EthicsPoint Database is hosted by a third party provider on servers located within the European Union.
EthicsPoint Database allows the production of regular reports at local, business unit and group level. The reports are limited to generic details of the cases, including for example the number of cases received grouped by type of allegations involved or country.
The reports do not contain any personal information (for example the names of the individuals involved) about the cases, such as the identity of any of the individuals involved.
Once the case has been concluded, personal information held within EthicsPoint Database will be removed in accordance with the applicable group rules and local provisions and only anonymized information is retained to allow reporting and trend analysis.
Where it is necessary to complete remedial measures or as required by local legislation, personal data may be maintained by the relevant functions outside the EthicsPoint Database