Compliance im Überblick

Compliance Principles

Compliance has a lot of aspects

We believe: Speaking up, is always the right thing to do! Our Whistleblowing system

Through a comprehensive and effective compliance organization, UniCredit Bank GmbH continuously and emphatically endeavors to avert potential risks at an early stage and thus prevent damage to our company, our employees, our business partners and out environment. This includes being receptive to indications about breaches of rules, instances of fraud and financial crime. Hence, any concerns or cases of suspicion should always be reported.

Management, Human Resources or Compliance are the primary channels and points of contact available to report any misconduct. Besides this, there are corresponding hotlines and special mailboxes for specific suspicious activities reports for example for fraud and money laundering.

As an additional possibility, we are using the whistleblowing system SpeakUp! which enables our employees to call our attention around the clock either online or by phone, also anonymously for reports especially regarding fraudulent acts and acts of economic crime.

Reports by business partners and other third parties, especially regarding Human rights and environment related risks as well as violations of human rights and environment related obligations under the Act on Corporate Due Diligence in Supply Chains (LkSG), are also taken very seriously. In accordance with its obligations under the German Banking Act (KWG) and the LkSG, UniCredit Bank GmbH (HVB) has set up a whistleblowing system to process reports of rule violations, cases of fraud and financial crime. The reports may also contain personal data, especially in the case of a non-anonymous report. 

HVB provides you with the following reporting channels which, however, are not intended for customer complaints.

By Post:
Chief Compliance Officer
UniCredit Bank GmbH
Arabellastrasse 12
D - 81925 Munich

You have also the possibility to request a physical meeting by writing a message to the address above.

The whistleblowing system SpeakUp! of the Dutch operator SpeakUp (formerly People Intouch B.V. is available to you as well, via which you can submit your report – also anonymously – and which enables anonymous communication with you. HVB has concluded a corresponding data protection agreement with the operator SpeakUp. 

The access data and FAQs regarding the whistleblowing system SpeakUp! you will find here.

Please note: By using the links and telephone numbers to SpeakUp! you will be forwarded to the website or to the telephone connections of the dutch operator SpeakUp.

According to the Whistleblower Protection Act (HinSchG) Whistleblowers have the option of using either the "internal reporting channels" of the company or "external reporting channels" of the authorities. However, whistleblowers should prefer to report to an internal reporting office in those cases where effective internal action can be taken against the violation and they do not fear retaliation. When reporting to an external reporting office, please note that the scope of application is limited compared to internal reports pursuant to section 2 HinSchG. You will find the link to the reporting office of the Federal Financial Supervisory Authority (BaFin) here.  

Compliance and the specially established Whistleblowing Working Group guarantee that your information will be examined carefully and treated with absolute confidentiality.

The rules of procedure regarding reports according to the Act on Corporate Due Diligence in Supply Chains (LkSG) you will find here.

Compliance Culture: More than a duty

A company without a Compliance Culture is no longer conceivable today in the financial sector – and is not sustainable. In banking, requirements to ensure legal and sound conduct are increasing substantially, and likewise, the number of rules, regulations and obligations.

It is very important to UniCredit Bank GmbH to actively promote a Compliance Culture in which all employees are aware of their responsibilities and the scope of their actions.  Adherence to the law and internal guidelines is an essential component of our Compliance Culture and is at the core of our Business.

Our commitment to Compliance

Compliance means more than just adhering to rules and regulations. Our commitment to compliance in our operations and personal behaviour may not merely be based on the expectations of our customers, society at large and regulators; on the contrary, it is first and foremost our internal attitude – our individual aspiration – that necessitates proper conduct.

Our conduct has a code: core messages on the Code of Conduct and our values

The Code of Conduct sets out the principles to which all employees and external partners of the Bank must adhere to ensure high standards and absolute integrity for all activities conducted within or on behalf of UniCredit.

The Code of Conduct has been written in line with our Group's values - Integrity, Ownership and Caring - which guide all our actions and behaviours. These values are driven by our goal to excel and have a positive impact on our clients, shareholders, communities and employees.

It sets out how UniCredit Group employees can bring the corporate culture to life in their daily behaviour and how they should interact with all their stakeholders. In doing so, it guarantees the highest level of professional conduct by all UniCredit employees and other external professionals working on behalf of the bank.

The Code of Conduct is not a nice-to-have, but a crucial tool for UniCredit's success. By embedding it in our business activities, we can ensure that we stay on the path we have chosen: a path to achieving our goals and success.

Win. The Right Way. Together.

You can only follow the Rules and Regulations when you are familiar with them: Compliance trainings for our employees

The regular training of our employees obvious belongs to a healthy and intact Compliance Culture. The knowledge of Compliance topics is considered to be the core element of the competence spectrum of the employees and the competences in UniCredit Bank GmbH. Therefore, all employees regularly complete a large number of compulsory web-based training on topics such as prevention of money laundering, conflict of interest’s management, antitrust, data protection, fraud prevention and prevention against corruption. 

Compliance organisation – We focus on prevention

As a reliable Partner, we as the Compliance unit of the HypoVereinsbank proactively provides advice to the Top Management, Business and Headquarter units and the respective subsidiaries dedicated to compliance specific matters.  

We identifies the applicable laws, rules and regulations as well as the risks associated with non-compliance with the requirements thereunder. We proactively invest in individual service, prevention, and fast, uncomplicated solutions in everyday banking operations.

A bank-wide process supports the timely implementation of the large number of new regulations as well as dialogues between Compliance experts and specialist departments who own the responsibility to carry out the implementation.

Risk analyses and controls are carried out on a regular basis and comprehensive measures are taken to prevent Compliance risks.

With our strategic and structural orientation combined with a close customer proximity we laid the foundation to identify and finally prevent possible behaviour at an early stage, which may be can result in a breach in the future.

Compliance breaches – Transparency and Information

In the event there is a compliance breach, it is important for us not only to investigate and identify the causal factors and improve processes and controls to prevent such infringements, but also to actively engage and cooperate with the authorities, so as to facilitate a transparent dialogue and, where necessary, to draw the necessary conclusions.

This applies not only to the procedures and investigations mentioned in the Annual Report, but also to other cases of misconduct or shortcomings.

Irrespective of any applicable internal audits and external processes, we maintain an open dialogue with all relevant authorities in Germany and abroad, notifying them of any material matters as they arise. The same philosophy applies to taxation matters.

Business is the core of what we do. Compliance is about how we do it.

The adherence to Rules and Regulations is a prerequisite for sustainable Business. Sustainable Management helps us to protect our integrity and reputation and to strengthen the trust of our customer in our Bank.   

Read more about our focus on compliance and find out how we work:

Banking Secrecy

A special bond of trust characterizes the business relationship between client and bank. Therefore, the bank has the duty to maintain secrecy about any customer-related facts and evaluations of which it may have knowledge.

UniCredit Bank GmbH obliges each employee by an individual declaration to preserve the data-, bank- and business secrets. Comprehensive internal guidelines inform the employees on the binding regulations. Additionally our employees are trained on dealing with confidential information via a web-based training.

Fraud Prevention

According to our Compliance Culture and our "Code of Conduct principles" we have built up a multilevel Anti-Fraud-Management to effectively prevent our clients and the bank from "criminal offences" (sec.25h KWG).

In order to raise the awareness for all kind of fraud risks and fraud patterns, our employees are trained on a regular basis. Attentiveness is fostered by means of internal publication, continuous updating of fraud patterns and information campaigns, also in close cooperation with the police. We inform and increase our clients' awareness via client events on current fraud topics (e.g.cyber crime) and client handouts on specific fraud risks (e. g. grandparent scam).

We define, identify and analyze internal and external risk areas regarding fraud prevention and review both existing and new processes and products regarding their specific fraud vulnerability. 

Fraud activities are most successfully prevented by increased attention of clients, employees and third parties. Our employees being instructed to report every potential fraud case, we trace all hints on adressed fraud suspicions. In this context, we maintain a close and successful cooperation with the law enforcement authorities.

Dodd-Frank Act

UniCredit Group has adopted a Group- wide approach in order to implement a Dodd-Frank Act governance model at Group level.

UniCredit Bank GmbH is provisionally registered as a Swap Dealer with the U.S. Commodity Futures Trading Commission (CFTC) and with the National Futures Association (NFA).

For purposes of Title VI of the Dodd-Frank Act ("the Volcker Rule") a regular business analysis is performed by the relevant units in order to verify how far the respective activities are relevant for the Volcker Rule. In accordance with the results of the a.m. analysis, the relevant Compliance Program is then implemented as required by the Volcker Rule.

Our employees are obliged to participate on trainings on Dodd-Frank Act.

FATCA (Foreign Account Tax Compliance Act) und CRS (Common Reporting Standard)

As Germany has signed several international agreements with other countries worldwide and has therefore also implemented according national laws, UniCredit Bank GmbH as financial institution is participating in the international exchange of tax data.

Thus, our Compliance monitors on a global level, if the Bank is obeying all determined requirements. This includes the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS, also called AEOI).

We are obliged by the national laws for FATCA and CRS to identify customers who show US indicia and customers who have a tax residency outside of Germany, i.e. individuals as well as legal entities (here also beneficial owners who hold >25% of the company) and to send determined data of these customers to the German Tax Authority on a yearly basis. This is carried out according to the current standards of the German Data Protection laws. The German Tax Authority again forwards the said data to the US Tax Authority (the IRS) and to other Tax Authorities of those countries, who participate in CRS.

To ensure the compliance for both regimes, UniCredit Bank GmbH has ongoing monitoring to screen the customers for relevant indicia of the respective regime. Moreover, the bank has developed a Global Governance and Control Framework. This means that there are systematic second level controls to ensure the quality of available data, which is subsequently required for the reporting. Additionally, it is also permanently checked if the general required guidelines are obeyed.

Financial and Economic Sanctions

We ensure the adherence of all relevant requirements of financial and economic sanctions as well as of regulatory requirements. We advise our business divisions regarding the implementation and execution of these requirements. An extensive internal guideline (policy) exists for the adherence of financial and economic sanctions. This internal guideline is updated regularly (at least annually) or if required occasion related.

The bank's client portfolio, parties of transactions and international payments daily respectively in real time pass specified reviews in a monitoring tool against current sanctions lists (e.g. of the EU, UN and other). At this, special techniques are used to detect blurs (fuzzy logic) in spellings of names or critical terms in transactions. Names and payments that show similarities with the sanctions lists or reveal suspicious facts are systematically ejected and comprehensively analyzed regarding compliance with the relevant sanctions regulations. Payments are stopped until final clarification. Confirmed hits lead to rejection or freeze of the payments.

Our employees are obliged to participate annually in a web-based training on financial sanctions and embargos. In addition, occasion related and business specific classroom trainings are conducted.

Prevention of Money Laundering and Terrorist Financing

Compliance with the relevant legal and regulatory requirements for combating and preventing money laundering and terrorist financing is of great importance to the bank. We support the business lines in the implementation of these requirements and regularly check whether they are being adhered to.

The Know Your Customer process is an integral part of every business relationship, both at onboarding as well as on an ongoing basis. The determination of shareholding structures, beneficial owners and the background of business relationships is a key aspect of the so-called "Customer Due Diligence".

We monitor payments of our clients and correspondent banks to identify potential suspicious activities and work within a tight time frame to either clarify a case or report it to the authorities. We do this by utilizing and operating monitoring tools of well-known external providers that are optimized regularly.

We review our internal guidelines and train our employees annually, at least via so-called web based trainings. Through our own experiences, the internal risk analysis and international standards (i.e. recommendations of the Financial Action Task Force (FATF)), we define what kind of customer types, industries and countries will be rated with a higher risk. Those will be subject to enhanced due diligence processes at onboarding or for the execution of transactions. Certain business relationships are even completely excluded or prohibited. 

Conflict of interest

To avoid that any Conflict of Interest could have a negative impact to the customers of UniCredit Bank GmbH, every employee is required to be compliant with the ethical standards (Corporate Behavior) of the Bank. Integrity and diligence as well as legal and professional behavior considering the interests of the customers are always expected from all employees at any time.

UniCredit Bank GmbH has implemented guidelines, processes and organizational measures to ensure precocious detection and avoidance of Conflicts of Interest. Furthermore, every employee is required to be compliant with the Conflict of Interest policy of UniCredit Bank GmbH. To ensure the observance of all requirements, Compliance performs periodical controls and reviews.


Compliance with antitrust laws is of fundamental importance to UniCredit Bank GmbH. Therefore, strict rules in relation to antitrust are applicable to all employees of UniCredit Bank GmbH, its foreign branches and subsidiaries.

UniCredit Bank GmbH expects that its employees act sensitively and in a competent manner in relation to the topic antitrust law and keep themselves informed about any binding rules. Employees are trained on a regular basis with a web-based training on antitrust law topics, supplemented by event related and target-group-specific face-to-face trainings.

The core of the Compliance Antitrust Program (CAP) of UniCredit Bank GmbH is the continuous identification and analysis of antitrust related risks, as well as the implementation of topic and target-group-specific trainings and risk based controls. In addition thereto the CAP comprises extensive rules and regulations on antitrust law, in particular on one of the most relevant topics for UniCredit Bank GmbH, such as the cooperation with competitors and the contribution to trade associations.

Prevention and Fight against Corruption

UniCredit Bank GmbH pursues a zero tolerance policy against corruption. Therefore, strict anti-corruption guidelines are valid for all employees of UniCredit Bank GmbH including branches and relevant subordinated group companies.

UniCredit Bank GmbH expects from its employees to deal sensitively and competently with the prevention of corruption and to inform themselves about the binding regulations. Our employees are obliged to participate at least every two years in a web-based training on anti-corruption. In addition, occasion related and target group specific classroom trainings are conducted.

Core of UniCredit Bank GmbH's anti-corruption program are comprehensive provisions for the prevention of corruption, e.g. on the topics:

  • gifts and entertainment
  • engagement of Third Parties including intermediaries service providers and suppliers
  • human resources activities including recruitment processes, promotions and similar
  • donations, sponsoring and memberships

As transparency is an essential instrument to prevent corruption, the bank developed its own IT tool for the recording and internal approval of gifts and entertainment. Dependent on certain thresholds all gifts and entertainment invitations have to be recorded and approved by the internal manager. Depending on the value additionally Compliance has to be involved.

Market abuse

Market Abuse Regulation (MAR) came in force on July 2016. The regulation defines the first consistent legal framework for the prevention of market abuse for the whole European Union. Market abuse is the general term for all illegal activities within financial markets and includes insider dealing, unlawful disclosure of inside information and market manipulation.

UniCredit Bank GmbH has implemented processes, systems and internal guidelines to prevent and detect market abuse activities. Furthermore, the bank corporates closely with relevant authorities (e.g. BaFin). Every employee within UniCredit Bank is well informed about the topic and the consequences of breaches. Compliance monitors the transactions with financial instruments of employees and customers to detect and sanctify market abuse behavior.