The Generali Group Process on Managing Reported Concerns

1. Introduction

This document explains the process utilized by the Generali Group to manage concerns reported in accordance with the Group Code of Conduct.

2. Informally Handled Concerns

In the majority of cases reported to managers, the reporter will have the expectation that the case will be handled informally by the manager and not escalated to other departments. Where the manager is unable to informally resolve the concern, because of its seriousness, nature or their lack of impartiality, the concern will be sent to the Compliance Officer(1) for its management.

(1) The Group Compliance Risk Management System Policy qualifies the Compliance Function as independent from any operational function. The Compliance Officer reports to the Board of Directors.

3. Reporting Channels

The Generali Group provides several alternative reporting channels in addition to local management:

  • Local Compliance
  • Group Compliance
  • The Generali Group Compliance Helpline

4. Initial Case Assignment

Once reported, the case will be assessed to identify the appropriate Compliance Officer for the management of the concern.

The case will be assigned based on the Generali Group Rules on handling concerns and this means that cases are normally assigned to the local company Compliance Officer, other than in the following cases:

Cases Involving Assignment of Concern
Company top management Business Unit or Group Compliance Officer
Local or Business unit Compliance Officer Group Compliance Officer
Group Compliance Officer Chairman of the Board of Directors of Assicurazioni Generali

Cases reported via the Generali Group Compliance Helpline are automatically assigned to the appropriate compliance officer, following the above mentioned rules.

The Business Unit/Group Compliance Officers may be based in a country, other than where the concern took place; however, any information will be handled in accordance with local legislation.

5. Details needed to assign the case

When submitting a concern, the reporter should provide the following information to assist the process for the assignment of the case:

  1. The country in which the reporter is located;
  2. The country in which the reported breach took place;
  3. The Generali Group company to which the report relates;
  4. Whether the case involves the Top Management of the Company or of the Group.

The above information will also assist the identification of cases where local law restricts the use of the reporting channels.

6. Evaluation

The evaluation and investigation of the case will be undertaken with the utmost confidentiality and the relevant information will be shared between the Compliance Function and other persons on a strictly need‐to‐know basis.

A preliminary evaluation will be undertaken to ensure that the appropriate Compliance Function handles the case and that the case is sufficiently detailed to enable an investigation.

Once the preliminary evaluation is completed, the Compliance Function will start investigating the case, with support from Internal Audit and other external professional advisors, as required.

7. Remedial Measures

Following the investigation, the Compliance Function will identify any remedial measures that are required.

Where disciplinary sanctions may be appropriate, the Compliance Function will involve Human Resources in the process.

All remedial measures will be submitted to the company CEO/administrative body for final decision.

8. EthicsPoint Database

All the reported cases within Generali Group will be recorded on EthicsPoint database, other than those that are handled informally.

The access to the individual cases is defined on a case by case basis, and is limited to the Compliance Function and, where relevant and only on a need‐to‐know basis, to the persons handling the investigations.

EthicsPoint Database is hosted by a third party provider on servers located within the European Union.

9. Reporting

EthicsPoint Database allows the production of regular reports at local, business unit and group level. The reports are limited to generic details of the cases, including for example the number of cases received grouped by type of allegations involved or country.

The reports do not contain any personal information (for example the names of the individuals involved) about the cases, such as the identity of any of the individuals involved.

10. Conclusion of the Case and Removal of Personal Data

Once the case has been concluded, personal information held within EthicsPoint Database will be removed in accordance with the applicable group rules and local provisions and only anonymized information is retained to allow reporting and trend analysis.

Where it is necessary to complete remedial measures or as required by local legislation, personal data may be maintained by the relevant functions outside the EthicsPoint Database

ATTENTION: This webpage is hosted on EthicsPoint's secure servers and is not part of the GENERALI website or intranet.