Compliance im Überblick

Compliance Principles

Compliance Culture: More than a duty

A company without a Compliance Culture is no longer conceivable today in the financial sector – and is not sustainable. In banking, requirements to ensure legal and sound conduct are increasing substantially, and likewise, the number of rules, regulations and obligations.

It is very important to UniCredit Bank AG to actively promote a Compliance Culture in which all employees are aware of their responsibilities and the scope of their actions.  Adherence to the law and internal guidelines is an essential component of our Compliance Culture and is at the core of our Business.

Our commitment to Compliance

Compliance means more than just adhering to rules and regulations. Our commitment to compliance in our operations and personal behaviour may not merely be based on the expectations of our customers, society at large and regulators; on the contrary, it is first and foremost our internal attitude – our individual aspiration – that necessitates proper conduct.

Our conduct has a code: core messages on the Code of Conduct and our values

The Code of Conduct sets out the principles to which all employees and external partners of the Bank must adhere to ensure high standards and absolute integrity for all activities conducted within or on behalf of UniCredit.

The Code of Conduct has been written in line with our Group's values - Integrity, Ownership and Caring - which guide all our actions and behaviours. These values are driven by our goal to excel and have a positive impact on our clients, shareholders, communities and employees.

It sets out how UniCredit Group employees can bring the corporate culture to life in their daily behaviour and how they should interact with all their stakeholders. In doing so, it guarantees the highest level of professional conduct by all UniCredit employees and other external professionals working on behalf of the bank.

The Code of Conduct is not a nice-to-have, but a crucial tool for UniCredit's success. By embedding it in our business activities, we can ensure that we stay on the path we have chosen: a path to achieving our goals and success.

Win. The Right Way. Together.

You can only follow the Rules and Regulations when you are familiar with them: Compliance trainings for our employees

The regular training of our employees obvious belongs to a healthy and intact Compliance Culture. The knowledge of Compliance topics is considered to be the core element of the competence spectrum of the employees and the competences in UniCredit Bank AG. Therefore, all employees regularly complete a large number of compulsory web-based training on topics such as prevention of money laundering, conflict of interest’s management, antitrust, data protection, fraud prevention and prevention against corruption. 

Compliance organisation – We focus on prevention

As a reliable Partner, we as the Compliance unit of the HypoVereinsbank proactively provides advice to the Top Management, Business and Headquarter units and the respective subsidiaries dedicated to compliance specific matters.  

We identifies the applicable laws, rules and regulations as well as the risks associated with non-compliance with the requirements thereunder. We proactively invest in individual service, prevention, and fast, uncomplicated solutions in everyday banking operations.

A bank-wide process supports the timely implementation of the large number of new regulations as well as dialogues between Compliance experts and specialist departments who own the responsibility to carry out the implementation.

Risk analyses and controls are carried out on a regular basis and comprehensive measures are taken to prevent Compliance risks.

With our strategic and structural orientation combined with a close customer proximity we laid the foundation to identify and finally prevent possible behaviour at an early stage, which may be can result in a breach in the future.

Compliance breaches – Transparency and Information

In the event there is a compliance breach, it is important for us not only to investigate and identify the causal factors and improve processes and controls to prevent such infringements, but also to actively engage and cooperate with the authorities, so as to facilitate a transparent dialogue and, where necessary, to draw the necessary conclusions.

This applies not only to the procedures and investigations mentioned in the Annual Report, but also to other cases of misconduct or shortcomings.

Irrespective of any applicable internal audits and external processes, we maintain an open dialogue with all relevant authorities in Germany and abroad, notifying them of any material matters as they arise. The same philosophy applies to taxation matters.

We believe: Speaking up, is always the right thing to do! Our Whistleblowing system

Through a comprehensive and effective compliance organization, UniCredit Bank AG continuously and emphatically endeavors to avert potential risks at an early stage and thus prevent damage to our company, our employees and our business partners. This includes being receptive to indications about breaches of rules, instances of fraud and financial crime. Hence, any concerns or cases of suspicion should always be reported.

Management, Human Resources or Compliance are the primary channels and points of contact available to report any misconduct. Besides this, there are corresponding hotlines and special mailboxes for specific suspicious activities reports for example for fraud and money laundering.

As an additional possibility, we are using the whistleblowing system SpeakUp! which enables our employees to call our attention around the clock either online or by phone, also anonymously for reports especially regarding fraudulent acts and acts of economic crime.

Reports by business partners and other third parties are also taken very seriously. We kindly ask them to send their reports to the following address:

Persönlich/Vertraulich
Chief Compliance Officer
UniCredit Bank AG
Am Tucherpark 14
80538 München

Alternatively, reports can be sent to the following email-address:

Compliance and the specially established Investigation Committee (Whistleblowing) guarantee that your information will be examined carefully and treated with absolute confidentiality.

Business is the core of what we do. Compliance is about how we do it.

The adherence to Rules and Regulations is a prerequisite for sustainable Business. Sustainable Management helps us to protect our integrity and reputation and to strengthen the trust of our customer in our Bank.   

Read more about our focus on compliance and find out how we work:

Banking Secrecy

A special bond of trust characterizes the business relationship between client and bank. Therefore, the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge.

UniCredit Bank AG obliges each employee by an individual declaration to preserve the data-, bank- and business secrets. Comprehensive internal guidelines inform the employees on the binding regulations. Additionally our employees are trained on dealing with confidential information via a web-based training.

Fraud Prevention

On the basis of our Compliance Culture and our " Code of Conduct " we have built up a multilevel Anti-Fraud-Management to firmly prevent our clients and the bank from “other criminal offences” (§25h KWG).

In order to raise the awareness of our employees as well as of our clients for all kind of fraud risks and fraud pattern our employees will be trained on a regular basis. This is done by the internal publication and continuous updating of fraud patterns, employee trainings and information campaigns to strengthen the awareness, also in close cooperation with the police. We inform and increase our client's awareness via client events on current fraud topic (e.g. CEO fraud) and client handouts on specific fraud risks.

We define, identify and analyze internal and external risk areas regarding fraud prevention and review our processes and products regarding fraud vulnerability. Therefore, we closely advise as from the beginning in the development process of our products. This allies also for the development of new products.

Often fraud can only be prevented by increased attention of clients, employees and third parties. Therefore, we pursue all hints on suspected fraud addressed to us. Our employees are instructed to report every fraud suspicion. In this context, we maintain a close and successful cooperation with the authorities.

Dodd-Frank Act

UniCredit Group has adopted a Group- wide approach in order to implement a Dodd-Frank Act governance model at Group level.

UniCredit Bank AG is provisionally registered as a Swap Dealer with the U.S. Commodity Futures Trading Commission (CFTC) and with the National Futures Association (NFA).

For purposes of Title VI of the Dodd-Frank Act ("the Volcker Rule") a regular business analysis is performed by the relevant units in order to verify how far the respective activities are relevant for the Volcker Rule. In accordance with the results of the a.m. analysis, the relevant Compliance Program is then implemented as required by the Volcker Rule.

Our employees are obliged to participate on trainings on Dodd-Frank Act.

FATCA (Foreign Account Tax Compliance Act) und CRS (Common Reporting Standard)

As Germany has signed several international agreements with other countries worldwide and has therefore also implemented according national laws, UniCredit Bank AG as financial institution is participating in the international exchange of tax data.

Thus, our Compliance monitors on a global level, if the Bank is obeying all determined requirements. This includes the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS, also called AEOI).

We are obliged by the national laws for FATCA and CRS to identify customers who show US indicia and customers who have a tax residency outside of Germany, i.e. individuals as well as legal entities (here also beneficial owners who hold >25% of the company) and to send determined data of these customers to the German Tax Authority on a yearly basis. This is carried out according to the current standards of the German Data Protection laws. The German Tax Authority again forwards the said data to the US Tax Authority (the IRS) and to other Tax Authorities of those countries, who participate in CRS.

To ensure the compliance for both regimes, UniCredit Bank AG has ongoing monitoring to screen the customers for relevant indicia of the respective regime. Moreover, the bank has developed a Global Governance and Control Framework. This means that there are systematic second level controls to ensure the quality of available data, which is subsequently required for the reporting. Additionally, it is also permanently checked if the general required guidelines are obeyed.

Financial and Economic Sanctions

We ensure the adherence of all relevant requirements of financial and economic sanctions as well as of regulatory requirements. We advise our business divisions regarding the implementation and execution of these requirements. An extensive internal guideline (policy) exists for the adherence of financial and economic sanctions. This internal guideline is updated regularly (at least annually) or if required occasion related.

The bank's client portfolio, parties of transactions and international payments daily respectively in real time pass specified reviews in a monitoring tool against current sanctions lists (e.g. of the EU, UN and other). At this, special techniques are used to detect blurs (fuzzy logic) in spellings of names or critical terms in transactions. Names and payments that show similarities with the sanctions lists or reveal suspicious facts are systematically ejected and comprehensively analyzed regarding compliance with the relevant sanctions regulations. Payments are stopped until final clarification. Confirmed hits lead to rejection or freeze of the payments.

Our employees are obliged to participate annually in a web-based training on financial sanctions and embargos. In addition, occasion related and business specific classroom trainings are conducted.

Prevention of Money Laundering and Terrorist Financing

Compliance with the relevant legal and regulatory requirements for combating and preventing money laundering and terrorist financing is of great importance to the bank. We support the business lines in the implementation of these requirements and regularly check whether they are being adhered to.

The Know Your Customer process is an integral part of every business relationship, both at onboarding as well as on an ongoing basis. The determination of shareholding structures, beneficial owners and the background of business relationships is a key aspect of the so-called "Customer Due Diligence".

We monitor payments of our clients and correspondent banks to identify potential suspicious activities and work within a tight time frame to either clarify a case or report it to the authorities. We do this by utilizing and operating monitoring tools of well-known external providers that are optimized regularly.

We review our internal guidelines and train our employees annually, at least via so-called web based trainings. Through our own experiences, the internal risk analysis and international standards (i.e. recommendations of the Financial Action Task Force (FATF)), we define what kind of customer types, industries and countries will be rated with a higher risk. Those will be subject to enhanced due diligence processes at onboarding or for the execution of transactions. Certain business relationships are even completely excluded or prohibited. 

Conflict of interest

To avoid that any Conflict of Interest could have a negative impact to the customers of UniCredit Bank AG, every employee is required to be compliant with the ethical standards (Corporate Behavior) of the Bank. Integrity and diligence as well as legal and professional behavior considering the interests of the customers are always expected from all employees at any time.

UniCredit Bank AG has implemented guidelines, processes and organizational measures to ensure precocious detection and avoidance of Conflicts of Interest. Furthermore, every employee is required to be compliant with the Conflict of Interest policy of UniCredit Bank AG. To ensure the observance of all requirements, Compliance performs periodical controls and reviews.

Antitrust

Compliance with antitrust laws is of fundamental importance to UniCredit Bank AG. Therefore, strict rules in relation to antitrust are applicable to all employees of UniCredit Bank AG, its foreign branches and subsidiaries.

UniCredit Bank AG expects that its employees act sensitively and in a competent manner in relation to the topic antitrust law and keep themselves informed about any binding rules. Employees are trained on a regular basis with a web-based training on antitrust law topics, supplemented by event related and target-group-specific face-to-face trainings.

The core of the Compliance Antitrust Program (CAP) of UniCredit Bank AG is the continuous identification and analysis of antitrust related risks, as well as the implementation of topic and target-group-specific trainings and risk based controls. In addition thereto the CAP comprises extensive rules and regulations on antitrust law, in particular on one of the most relevant topics for UniCredit Bank AG, such as the cooperation with competitors and the contribution to trade associations.

Prevention and Fight against Corruption

UniCredit Bank AG pursues a zero tolerance policy against corruption. Therefore, strict anti-corruption guidelines are valid for all employees of UniCredit Bank AG including branches and relevant subordinated group companies.

UniCredit Bank AG expects from its employees to deal sensitively and competently with the prevention of corruption and to inform themselves about the binding regulations. Our employees are obliged to participate at least every two years in a web-based training on anti-corruption. In addition, occasion related and target group specific classroom trainings are conducted.

Core of UniCredit Bank AG's anti-corruption program are comprehensive provisions for the prevention of corruption, e.g. on the topics:

  • gifts and entertainment
  • engagement of Third Parties including intermediaries service providers and suppliers
  • human resources activities including recruitment processes, promotions and similar
  • donations, sponsoring and memberships

As transparency is an essential instrument to prevent corruption, the bank developed its own IT tool for the recording and internal approval of gifts and entertainment. Dependent on certain thresholds all gifts and entertainment invitations have to be recorded and approved by the internal manager. Depending on the value additionally Compliance has to be involved.

Market abuse

Market Abuse Regulation (MAR) came in force on July 2016. The regulation defines the first consistent legal framework for the prevention of market abuse for the whole European Union. Market abuse is the general term for all illegal activities within financial markets and includes insider dealing, unlawful disclosure of inside information and market manipulation.

UniCredit Bank AG has implemented processes, systems and internal guidelines to prevent and detect market abuse activities. Furthermore, the bank corporates closely with relevant authorities (e.g. BaFin). Every employee within UniCredit Bank is well informed about the topic and the consequences of breaches. Compliance monitors the transactions with financial instruments of employees and customers to detect and sanctify market abuse behavior.

Further compliance topics