Compliance im Überblick

Compliance Principles

Compliance Culture: More than a duty

A company without a Compliance Culture is no longer conceivable today in the financial sector – and is not sustainable. In banking, requirements to ensure legal and sound conduct are increasing substantially, and likewise, the number of rules, regulations and obligations.

It is very important to UniCredit Bank AG to actively promote a Compliance Culture in which all employees are aware of their responsibilities and the scope of their actions.  Adherence to the law and internal guidelines is an essential component of our Compliance Culture and is at the core of our Business.

Our commitment to Compliance

Compliance means more than just adhering to rules and regulations. Our commitment to compliance in our operations and personal behaviour may not merely be based on the expectations of our customers, society at large and regulators; on the contrary, it is first and foremost our internal attitude – our individual aspiration – that necessitates proper conduct.

Our behaviour has been codified: Key Insights on Compliance Culture and the Code of Conduct

In order to strengthen the Compliance Culture, “Key insights on Compliance Culture” were set uniformly throughout the UniCredit Group in 2015. Based on that we developed a specific Communication Campaign to foster Compliance Culture. The focus on this long-term campaign will be on Compliance specific topics and above all on ethical and moral behaviours of our employees.

The Code of Conduct contains the principles that all employees and external partners of the bank must adhere to in order to ensure high standards and absolute integrity for all activities carried out within or on behalf of UniCredit.

The Principles set out the path to how we behave respectfully towards our colleagues, customers and third parties. It also defines the legal and ethical principles we follow to successfully conduct our business while protecting our customers' interests, mitigating risks, adhering to supervisory regulations, ensuring market transparency and protecting confidential data. We expect the same from our business partners.


You can only follow the Rules and Regulations when you are familiar with them: Compliance trainings for our employees

The regular training of our employees obvious belongs to a healthy and intact Compliance Culture. The knowledge of Compliance topics is considered to be the core element of the competence spectrum of the employees and the competences in UniCredit Bank AG. Therefore, all employees regularly complete a large number of compulsory web-based training on topics such as prevention of money laundering, conflict of interest’s management, antitrust, data protection, fraud prevention and prevention against corruption. 

Compliance organisation – We focus on prevention

As a reliable Partner, we as the Compliance unit of the HypoVereinsbank proactively provides advice to the Top Management, Business and Headquarter units and the respective subsidiaries dedicated to compliance specific matters.  

We identifies the applicable laws, rules and regulations as well as the risks associated with non-compliance with the requirements thereunder. We proactively invest in individual service, prevention, and fast, uncomplicated solutions in everyday banking operations.

A bank-wide process supports the timely implementation of the large number of new regulations as well as dialogues between Compliance experts and specialist departments who own the responsibility to carry out the implementation.

Risk analyses and controls are carried out on a regular basis and comprehensive measures are taken to prevent Compliance risks.

With our strategic and structural orientation combined with a close customer proximity we laid the foundation to identify and finally prevent possible behaviour at an early stage, which may be can result in a breach in the future.

Compliance breaches - Transparency and Information

In the event there is a compliance breach, it is important for us not only to investigate and identify the causal factors and improve processes and controls to prevent such infringements, but also to actively engage and cooperate with the authorities, so as to facilitate a transparent dialogue and, where necessary, to draw the necessary conclusions.

This applies not only to the procedures and investigations mentioned in the Annual Report, but also to other cases of misconduct or shortcomings.

Irrespective of any applicable internal audits and external processes, we maintain an open dialogue with all relevant authorities in Germany and abroad, notifying them of any material matters as they arise. The same philosophy applies to taxation matters.

We believe: Speaking up, is always the right thing to do! Our Whistleblowing system

Through a comprehensive and effective compliance organization, UniCredit Bank AG continuously and emphatically endeavors to avert potential risks at an early stage and thus prevent damage to our company, our employees and our business partners. This includes being receptive to indications about breaches of rules, instances of fraud and financial crime. Hence, any concerns or cases of suspicion should always be reported.

Management, Human Resources or Compliance are the primary channels and points of contact available to report any misconduct. Besides this, there are corresponding hotlines and special mailboxes for specific suspicious activities reports for example for fraud and money laundering.

As an additional possibility, we are using the whistleblowing system SpeakUp! which enables our employees to call our attention around the clock either online or by phone, also anonymously for reports especially regarding fraudulent acts and acts of economic crime.

Reports by business partners and other third parties are also taken very seriously. We kindly ask them to send their reports to the following address:

Chief Compliance Officer
UniCredit Bank AG
Am Tucherpark 14
80538 München

Alternatively, reports can be sent to the following email-address:

Compliance and the specially established Investigation Committee (Whistleblowing) guarantee that your information will be examined carefully and treated with absolute confidentiality.

Business is the core of what we do. Compliance is about how we do it.

The adherence to Rules and Regulations is a prerequisite for sustainable Business. Sustainable Management helps us to protect our integrity and reputation and to strengthen the trust of our customer in our Bank.   

Read more about our focus on compliance and find out how we work:

Banking Secrecy

A special bond of trust characterizes the business relationship between client and bank. Therefore, the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge.

UniCredit Bank AG obliges each employee by an individual declaration to preserve the data-, bank- and business secrets. Comprehensive internal guidelines inform the employees on the binding regulations. Additionally our employees are trained on dealing with confidential information via a web-based training.

Fraud Prevention

On the basis of our Compliance Culture and our " Code of Conduct " we have built up a multilevel Anti-Fraud-Management to firmly prevent our clients and the bank from “other criminal offences” (§25h KWG).

In order to raise the awareness of our employees as well as of our clients for all kind of fraud risks and fraud pattern our employees will be trained on a regular basis. This is done by the internal publication and continuous updating of fraud patterns, employee trainings and information campaigns to strengthen the awareness, also in close cooperation with the police. We inform and increase our client's awareness via client events on current fraud topic (e.g. CEO fraud) and client handouts on specific fraud risks.

We define, identify and analyze internal and external risk areas regarding fraud prevention and review our processes and products regarding fraud vulnerability. Therefore, we closely advise as from the beginning in the development process of our products. This allies also for the development of new products.

Often fraud can only be prevented by increased attention of clients, employees and third parties. Therefore, we pursue all hints on suspected fraud addressed to us. Our employees are instructed to report every fraud suspicion. In this context, we maintain a close and successful cooperation with the authorities.

Dodd-Frank Act

UniCredit Group has adopted a Group- wide approach in order to implement a Dodd-Frank Act governance model at Group level.

UniCredit Bank AG is provisionally registered as a Swap Dealer with the U.S. Commodity Futures Trading Commission (CFTC) and with the National Futures Association (NFA).

For purposes of Title VI of the Dodd-Frank Act ("the Volcker Rule") a regular business analysis is performed by the relevant units in order to verify how far the respective activities are relevant for the Volcker Rule. In accordance with the results of the a.m. analysis, the relevant Compliance Program is then implemented as required by the Volcker Rule.

Our employees are obliged to participate on trainings on Dodd-Frank Act.

FATCA (Foreign Account Tax Compliance Act) und CRS (Common Reporting Standard)

As Germany has signed several international agreements with other countries worldwide and has therefore also implemented according national laws, UniCredit Bank AG as financial institution is participating in the international exchange of tax data.

Thus, our Compliance monitors on a global level, if the Bank is obeying all determined requirements. This includes the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS, also called AEOI).

We are obliged by the national laws for FATCA and CRS to identify customers who show US indicia and customers who have a tax residency outside of Germany, i.e. individuals as well as legal entities (here also beneficial owners who hold >25% of the company) and to send determined data of these customers to the German Tax Authority on a yearly basis. This is carried out according to the current standards of the German Data Protection laws. The German Tax Authority again forwards the said data to the US Tax Authority (the IRS) and to other Tax Authorities of those countries, who participate in CRS.

To ensure the compliance for both regimes, UniCredit Bank AG has ongoing monitoring to screen the customers for relevant indicia of the respective regime. Moreover, the bank has developed a Global Governance and Control Framework. This means that there are systematic second level controls to ensure the quality of available data, which is subsequently required for the reporting. Additionally, it is also permanently checked if the general required guidelines are obeyed.

Financial and Economic Sanctions

We ensure the adherence of all relevant requirements of financial and economic sanctions as well as of regulatory requirements. We advise our business divisions regarding the implementation and execution of these requirements. An extensive internal guideline (policy) exists for the adherence of financial and economic sanctions. This internal guideline is updated regularly (at least annually) or if required occasion related.

The bank's client portfolio, parties of transactions and international payments daily respectively in real time pass specified reviews in a monitoring tool against current sanctions lists (e.g. of the EU, UN and other). At this, special techniques are used to detect blurs (fuzzy logic) in spellings of names or critical terms in transactions. Names and payments that show similarities with the sanctions lists or reveal suspicious facts are systematically ejected and comprehensively analyzed regarding compliance with the relevant sanctions regulations. Payments are stopped until final clarification. Confirmed hits lead to rejection or freeze of the payments.

Our employees are obliged to participate annually in a web-based training on financial sanctions and embargos. In addition, occasion related and business specific classroom trainings are conducted.

Prevention of Money Laundering and Terrorist Financing

We ensure the implementation of legal and regulatory requirements to prevent money laundering and terrorist financing.

The Know Your Customer process is an integral part of every business relationship, both at onboarding as well as on an ongoing basis. The determination of shareholding structures, beneficial owners and of the background of business relationships is the central focus point of the so-called "Customer Due Diligence".

We monitor payments of our clients and correspondent banks regarding potentially suspicious activities and work within a tight time frame to either clarify a case or report it to the authorities.

To this end, we operate with monitoring tools of well-known external providers. These tools are optimized regularly (also due to internal requirements). We review our internal guidelines and train our employees annually, at least via so-called web based trainings.

We base our risk rating on our own experiences, our risk analysis, international standards (i.e. recommendations of the Financial Action Task Force (FATF)). This defines which client groups, industries and countries will be rated with a higher risk and thus will have to run through further examination processes for onboarding or for the execution of transactions. Certain business relationships are even completely excluded.

Conflict of interest

To avoid that any Conflict of Interest could have a negative impact to the customers of UniCredit Bank AG, every employee is required to be compliant with the ethical standards (Corporate Behavior) of the Bank. Integrity and diligence as well as legal and professional behavior considering the interests of the customers are always expected from all employees at any time.

UniCredit Bank AG has implemented guidelines, processes and organizational measures to ensure precocious detection and avoidance of Conflicts of Interest. Furthermore, every employee is required to be compliant with the Conflict of Interest policy of UniCredit Bank AG1. To ensure the observance of all requirements, Compliance performs periodical controls and reviews.


Compliance with antitrust laws is of fundamental importance to UniCredit Bank AG. Therefore, strict rules in relation to antitrust are applicable to all employees of UniCredit Bank AG, its foreign branches and subsidiaries.

UniCredit Bank AG expects that its employees act sensitively and in a competent manner in relation to the topic antitrust law and keep themselves informed about any binding rules. Employees are trained on a regular basis with a web-based training on antitrust law topics, supplemented by event related and target-group-specific face-to-face trainings.

The core of the Compliance Antitrust Program of UniCredit Bank AG is the continuous identification and analysis of antitrust related risks, as well as the implementation of topic and target-group-specific trainings and risk based controls, and in addition thereto extensive rules and regulations on antitrust law, in particular on one of the most relevant topics for UniCredit Bank AG, which is the cooperation with competitors and the contribution to trade associations.

Prevention and Fight against Corruption

UniCredit Bank AG pursues a zero tolerance policy against corruption. Therefore, strict anti-corruption guidelines are valid for all employees of UniCredit Bank AG including branches and relevant subordinated group companies.

UniCredit Bank AG expects from its employees to deal sensitively and competently with the prevention of corruption and to inform themselves about the binding regulations. Our employees are obliged to participate at least every two years in a web-based training on anti-corruption. In addition, occasion related and target group specific classroom trainings are conducted.

Core of UniCredit Bank AG's anti-corruption program are comprehensive provisions for the prevention of corruption, e.g. on the topics:

  • gifts and entertainment
  • intermediaries
  • procurement procedures
  • recruitment procedures
  • donations and sponsoring

As transparency is an essential instrument to prevent corruption, the bank developed its own IT tool for the recording and internal approval of gifts and entertainment. Dependent on certain thresholds all gifts and entertainment invitations have to be recorded and approved by the internal manager.

Market abuse

Market Abuse Regulation (MAR) came in force on July 2016. The regulation defines the first consistent legal framework for the prevention of market abuse for the whole European Union. Market abuse is the general term for all illegal activities within financial markets and includes insider dealing, unlawful disclosure of inside information and market manipulation.

UniCredit Bank AG has implemented processes, systems and internal guidelines to prevent and detect market abuse activities. Furthermore, the bank corporates closely with relevant authorities (e.g. BaFin). Every employee within UniCredit Bank is well informed about the topic and the consequences of breaches. Compliance monitors the transactions with financial instruments of employees and customers to detect and sanctify market abuse behavior.

Further compliance topics