Compliance: In line with all rules

VIG has a well-established Compliance Management System, with a focus on early warning, advisory, prevention and monitoring.

VIG has to comply with extensive legal and regulatory requirements, as well as obligations that it has voluntarily assumed. All these rules have to be observed by our roughly 30,000 employees in all the Group companies, and our Compliance Organisation ensures that this indeed takes place. This is done in two ways:

• by creating rules itself, raising awareness and monitoring compliance with the rules, and
• by promoting a culture of integrity.

Compliance organisation

Like the Group itself, the Compliance Organisation has a decentralised structure. It is represented by the Group Compliance Committee, which consists of the local Compliance Officers, Compliance Responsible Persons and the head of the VIG Compliance (including anti-money laundering [AML]) department. The group-wide Compliance Management System directly encompasses all insurance and reinsurance companies, all asset management and all pension funds management companies of the Group. A group-wide Policy and a Guideline approved by the VIG Managing Board define group-wide roles, responsibilities, and minimum standards for the Compliance Organisation. Both documents must be implemented at the local level. The Compliance Officers and Compliance Responsible Persons report directly to and are responsible only to the local managing boards. They are responsible for:

• monitoring the legal environment and recommending necessary measures,
• identifying and assessing compliance risks,
• taking measures to prevent non-compliance,
• advising employees and the members of the Managing Board and/or Supervisory Board,
• monitoring compliance with laws and regulations, and
• handling compliance incidents.

Beyond above tasks, the local Compliance Officers and Compliance Responsible Persons also have comprehensive regular and ad-hoc reporting obligations to the local Managing?and/or the Supervisory Board and the VIG Compliance (incl. AML) department. The VIG Compliance (incl. AML) department assists, supports, manages, and monitors the local Compliance Officers and Compliance Responsible Persons in the performance of their duties.

Reporting breaches

Internal and external persons can report any perceptions of misconduct to the compliance officers both at the level of the individual Group companies and at Group level. In line with the Austrian Whistleblower Protection Act (DE: Hinweisgeber:innenschutzgesetz), which implemented the EU Whistleblower Directive in Austria, VIG Holding has set up a VIG Whistleblower Portal (whistleblowerportal.vig) as an internal channel to allow people to report –anonymously and at any time – perceived violations of the statutory provisions set out in the Whistleblower Protection Act. Perceived violations in other legal areas can be reported via a dedicated email address ([email protected]) or by post to the VIG Compliance (incl. AML) department. In VIG Holding, a dedicated guideline on protecting whistleblowers has been implemented and provided to all employees. Information on this topic can also be found on the website (LINK). Regardless of the chosen reporting channel, all reports reach the VIG Compliance (incl. AML) department. Their validity is then reviewed in line with the provisions of confidentiality and data protection. A report is evaluated by a committee consisting of members from the VIG Compliance (incl. AML), General Secretariat & Legal, Human Resources, and Internal Audit departments, and follow-up measures are recommended. The VIG Internal Audit department is responsible for implementing the follow-up measures.

Group companies with headquarters in the EU are, depending on the implementation of the EU Whistleblower Directive into the law of the respective country, obliged to comply with the relevant whistleblower protection provisions, especially those relating to the reporting channels to be established. In Group companies outside of the EU, reporting channels are established (if required) in compliance with the relevant local provisions.

Group-wide exchange of information

To achieve group-wide coordination and continuously improve the Compliance Management System, the VIG Compliance (incl. AML) department holds an annual meeting with the local Compliance Officers and Compliance Responsible Persons. The topics of the meeting are determined based on the legal environment, the compliance risk situation and the needs of the Group companies and are used for both informational and training purposes as well as the exchange of experience and good practices.

This article is based on the information given in our Sustainability Report 2023. You can find the Sustainability Report with specific information on activities in 2023 here ?? https://bit.ly/3W3Fhxf

---

Follow VIG Investor Relations on LinkedIn!