In all Group companies, both Polish and foreign, separate whistleblowing procedures are in place.
In PZU and PZU Życie and in other PZU Group entities, employees are informed about prevailing standards of conduct, among others during on-boarding training on compliance and e-learning courses.
All advice pertaining to ethical and legal aspects of conduct are provided anonymously, in full compliance with confidentiality principles. The reported cases are carefully analyzed.
In 2019, circa 100 suspected irregularities were reported in PZU and PZU Życie, which is a confirmation of the actual operation of the Whistleblowing System. All reported cases were recorded in the register and examined in accordance with the regulations applicable in the Company, including the “Whistleblowing Procedure in PZU and PZU Życie”.
In all Group companies there are independent mechanisms for reporting information on existence, suspected existence or possible existence of irregularities or abuses as well as doubts or concerns regarding existence of irregularities.
In accordance with the Whistleblowing Procedure prevailing in the companies, the abovementioned information that is significant for the legal and financial interest and ethical irregularities can be reported through the following channels operated by the Compliance Department using:
They are available, among others, to employees, agents and other entities cooperating with the company on the basis of civil-law agreements.
In principle, in the remaining PZU Group companies, the system has been based on the solutions in place in PZU.
In accordance with the prevailing procedure, proceedings with regard to irregularity notifications are conducted by the Compliance System Team members in the Compliance Department and, if they are absent or excluded, such proceedings are conducted by the Compliance System Team Manager. In the case of absence or exclusion of the aforementioned persons, the Director of the Compliance Department is in charge of that.
The person conducting the proceedings analyzes the factual circumstances and the legal status specified in the notification, established in the proceedings.
In other PZU Group entities, the proceedings are normally conducted by compliance units.
Despite the independence of the breach notification systems, the structures operate efficiently and effectively. Reports summarizing the risks and breaches are presented to the management boards of individual Group companies. In 2019, in the entire PZU Group, there were 24 identified breaches of the rules of conduct pertaining to ethics and human rights in total (15 in 2018). 6 of them occurred in the Pekao Group, 17 in the Alior Bank Group, and 1 in the PZU Zdrowie Group. As a result of these cases, the following sanctions were applied: disciplinary talk, transfer of the employee to a different entity, termination of the employment contract. In Bank Pekao, the whistleblowing system is defined by the whistleblowing policy. It provides for the possibility of lodging anonymous (or non-anonymous) notifications of practices inconsistent with the applicable laws or internal regulations. All notifications are examined and processed properly. The Policy has not been implemented in the bank’s subsidiaries, but some of them have developed internal procedures regulating this issue. These included, among others, Centralny Dom Maklerski Pekao, Pekao Bank Hipoteczny and Pekao Investment Banking.
In the Alior Bank Group, the whistleblowing process and guarantee of anonymity for the whistleblowers are laid down by the compliance policy. The Bank ensures the possibility to use different communication channels. In this situation, an employee may choose the way for reporting their comments and concerns in the way they find fit. Notifications can be submitted orally, in writing to the Regulation Compliance Department, or by email to the address email@example.com, including anonymously, e.g. by sending a message by mail or email from publicly available websites, making it possible to send messages without specifying the sender’s address or in any other manner selected by the whistleblower. Notifications of breaches are forwarded to the bank’s Management Board member responsible for the current functioning of the whistleblowing procedures. This role is discharged by the President of the bank’s Management Board. If the notification pertains to the bank’s Management Board Member, the bank ensures the possibility of reporting the case directly to the Chairperson of the Bank’s Supervisory Board to their email address. The operation of the firstname.lastname@example.org mailbox, coordination of verification of the reported breaches and the follow-up action is the responsibility of the Regulation Compliance Department.
Alior Bank has in place also the “Policy of workplace free of undesirable behaviors in Alior Bank”, which additionally regulates the question of reporting irregularities in the case of undesirable behaviors such as mobbing, discrimination, harassment and sexual harassment.
In all health area companies a compliance regulation package has been implemented, comprising, among others, a whistleblowing procedure.
PZU’s foreign companies also have whistleblowing systems in place. Breaches are reported by email or in writing to the direct manager. In Lithuania each employee may anonymously report a breach or abuse via the Intranet. Upon receiving a notification, the abuse prevention manager carries out an inspection based on the received information and submits the results of the investigation to the company’s Management Board.