• G1-1

The corporate culture and ethical principles essential to the PZU Group are shaped through the establishment of internal regulations, such as codes of conduct, policies, ethical principles, and procedures, which define the organization's objectives and key principles.

The development of corporate culture is achieved through the systematic updating of these regulations, taking into account changing legal provisions and business practices. An important aspect of this development is employee training programs, which help them better understand the organization's values and apply them in daily work. An example of such initiatives is anti-corruption training, which is mandatory for newly hired employees.

The promotion of corporate culture within the PZU Group is also achieved through communicating organizational values, team integration, employee engagement in social and health-related initiatives, and organizing events that promote these values, such as volunteer campaigns. Additionally, PZU Group entities use various communication channels, such as the intranet and training programs, to continuously reinforce ethical values and principles.

The evaluation of corporate culture is conducted through various feedback mechanisms, including employee satisfaction surveys, questionnaires, interviews, and business performance analysis. These activities enable the monitoring of the effectiveness of implemented initiatives and their adaptation to the evolving work environment and employee expectations. Based on the results of these studies and analyses, periodic reviews of internal regulations are conducted.

Immediate investigation of incidents with ensured independence and objectivity

Entities within the PZU Group are obligated to immediately investigate incidents related to business operations, ensuring independence and objectivity in this process.

PZU provides whistleblowing mechanisms enabling the identification and reporting of ethical incidents. To this end, PZU enforces rules and standards of conduct as set out in the „Best Practices of PZU Group” and the regulations of individual PZU Group entities regarding the reporting of irregularities and violations, conflict of interest management, and anti-corruption programs and policies.

In cases of uncertainty, incidents are reported to the whistleblowing system operating within PZU Group entities. Reports are submitted using a method appropriate to the specific PZU Group entity. According to the established principles, both the reporting person and the individual concerned by the report are guaranteed discretion and data protection. Reports may be anonymous, and when a report is submitted with a name, the identity of the whistleblower is treated confidentially.

Reports are directed to a dedicated team responsible for handling reports and conducting investigations, ensuring the protection of whistleblower rights. At PZU and PZU Życie, investigations are conducted by Compliance Office employees, who are formally authorized in writing. The Compliance Office operates as an independent and separate organizational unit within PZU. Authorized individuals submit a declaration confirming their familiarity with the „Violation Reporting Procedure in PZU SA and PZU Życie SA” (introduced in connection with the entry into force of the Law on Protection of Whistleblowers), compliance with its provisions, and commitment to confidentiality regarding information and personal data obtained in connection with reports. This obligation continues even after the termination of employment or any other legal relationship under which these duties were performed. Information on the number of reports and confirmed violations is included in the periodic compliance risk reports submitted to the Management Board and Supervisory Board.

A whistleblower can be not only an employee, but also a former employee, a temporary employee, a person providing work on a basis other than employment, including under a civil law contract, an apprentice, an intern, a job candidate, a business partner, a subcontractor or a volunteer.

The „Whistleblowing Procedure in PZU SA and PZU Życie” is a new regulation implemented to comply with the requirements of the Act on Whistleblower Protection of June 14, 2024. The document establishes whistleblower protection mechanisms, ensuring confidentiality, a ban on retaliatory actions, and personal data protection in accordance with GDPR. Whistleblowers are also granted exemption from liability, including disciplinary liability and liability for damages resulting from violations of others’ rights or legal obligations. They cannot waive their protection or accept liability for any damages arising from their report or disclosure. Additionally, any contractual provisions that restrict the right to report violations or impose retaliatory measures are deemed invalid.

The procedure also provides for anonymous reporting, and if a whistleblower’s identity is disclosed, they are legally protected.

The „Whistleblowing and Whistleblower Protection Policy at Alior Bank” (effective from September 5, 2024) defines the rules for reporting irregularities through dedicated channels, ensuring the confidentiality of the report and the protection of the whistleblower’s data. The document also specifies the procedure for handling such reports.

The policy covers, among others:

  • the possibility of reporting violations related to corruption;
  • specification of available reporting channels, including: dedicated phone number, internal teleinformatics system, traditional written communication, in-person meeting or sending correspondence to the CEO;
  • procedure for analyzing and verifying reports, conducted by employees of the Regulatory Polityka obowiązuje wszystkich pracowników Alior Banku Compliance Department and other designated organizational units;
  • establishment of a maximum timeframe for reviewing a report (up to three months from the date of confirmation of receipt, with the possibility of an extension in justified cases);
  • obligation of diligence and impartiality for those handling reports;
  • preparation of a final report, which includes event analysis, an assessment of the validity of the report, and recommendations for further actions – the report is submitted to selected members of the management team, with the recipient list determined based on the circumstances of the case.

The policy applies to all employees of Alior Bank.

The report review process includes an analysis conducted by the Regulatory Compliance Department, ensuring fairness and impartiality in the proceedings.

Alior Bank publishes the policy on the Bank’s website and educates employees on whistleblowing procedures and protection against retaliatory actions, providing employees with training on reporting channels, how to submit reports, and protective measures. Selected employees with appropriate experience are dedicated to handling reports, managing the whistleblowing process and whistleblower protection, as well as taking followup actions.

„Whistleblowing procedure of Bank Pekao S.A” defines the rules and procedures for reporting violations of law, applicable procedures, and ethical standards. The document allows for anonymous or open reporting, ensures whistleblower protection against retaliatory actions, and outlines the rules for conducting verification proceedings. Whistleblowers have the right to full confidentiality and personal data protection, and the Bank commits to timely and diligent handling of reports, as well as informing whistleblowers of the verification process outcome.

The procedure applies to Bank Pekao employees as well as other individuals associated with the bank in a workrelated context, including temporary employees, individuals employed under civil law contracts, entrepreneurs, proxies, shareholders, members of statutory bodies, individuals working under the supervision of contractors, subcontractors, and suppliers, interns, volunteers, apprentices, and members of trade union management operating within the bank.

The procedure ensures whistleblower protection against retaliatory actions, which include, among others, termination of employment, salary reduction, negative performance evaluation, workplace harassment (mobbing), discrimination, and other forms of repression. If a whistleblower fears retaliation, they may report it through one of the available reporting channels. The Bank guarantees a timely, fair, and objective verification process.

Bank Pekao conducts initial and regular employee training on reporting violations, with updates every two years.

Other PZU Group entities have implemented their own policies and procedures regarding whistleblowing and whistleblower protection in accordance with the law.

A key set of policies that make up the anti-corruption system in the PZU Group.

The „Compliance Policy at PZU” aims to ensure the company’s operations comply with applicable legal regulations, internal rules, and standards of conduct. It takes into account legal and supervisory challenges identified in compliance risk management processes. The policy focuses on the ongoing management and monitoring of compliance risk.

Entities covered by the policy: PZU

The „Code of ethics for Management Board Members of PZU Group Companies” defines standards of conduct aimed at:

  • ensuring that Management Board members perform their duties in accordance with the highest standards;
  • preventing conflicts of interest, particularly by counteracting the misuse of one’s position for private gain;
  • reducing reputational risk and corruption risk.

The Code applies to Management Board members of PZU Group companies.

Entities covered by the policy: PZU Group, excluding Bank Pekao and Alior Bank.

The Risk Management Strategy in the PZU Group defines compliance risk, which refers to the risk of non-compliance or violation of legal regulations, internal policies, and adopted standards of conduct, including ethical norms, by PZU Group or its affiliates. The materialization of this risk may result in legal sanctions, financial losses, reputational damage, or loss of credibility. The strategy establishes compliance risk management mechanisms, including monitoring, assessment, and measurement of risk, implementation of corrective actions, and reporting.

The strategy takes into account the interests of the PZU Group and its subsidiaries, focusing on minimizing legal, financial, and reputational risks. It also highlights the risk of legal disputes, particularly concerning insurance companies and banks within the PZU Group.

Entities covered by the policy: PZU Group, excluding Bank Pekao and Alior Bank.

The „Operational Risk Management Policy at PZU” defines operational risk as the possibility of incurring a loss resulting from inadequate or faulty internal processes, human actions, system malfunctions, or external events. As part of operational risk identification, information on risk incidents and their causes is collected and analyzed, operational risk self-assessment is applied, and scenario analyses are utilized.

Entities covered by the policy: PZU

The „Anti-Corruption Policy of Bank Pekao SA” applies to all employees of the Bank and every area of the Bank’s operations. Its objective is to prevent corruption and eliminate situations that may foster it.

Bank Pekao commits to:

  • decisively combating all forms of corruption;
  • protecting employees who refuse to engage in corrupt activities or report cases of corruption – such employees cannot face disciplinary actions or other sanctions, even if their actions result in financial losses for the Bank;
  • maintaining zero tolerance for the offering, promising, requesting, giving, or accepting facilitation payments.

Additionally, the Bank publishes on its website the „Information on the Basic AntiCorruption Principles Adopted at Bank Pekao SA,” which serves as an appendix to the Policy.

Entities covered by the policy: Bank Pekao

The „Anti-Corruption Policy at Alior Bank” defines rules of conduct in internal relations as well as in interactions with clients, contractors, business partners, and entities within the Alior Bank Group.

Alior Bank adheres to a „zero tolerance for corruption” principle, does not tolerate any corrupt activities, and actively combats all forms of corruption across all areas of its operations. The policy explicitly prohibits the offering, promising, and acceptance of financial and personal benefits, both directly and indirectly. The giving and receiving of any financial, personal, or non-financial forms of gratification is strictly forbidden. The policy also prohibits retaliatory actions against individuals who refuse to accept or offer undue benefits. Additionally, the policy regulates cooperation with contractors and business partners and defines rules regarding the giving and receiving of business gifts by Bank employees, as well as matters related to sponsorship and donations. The policy applies to all areas of Alior Bank’s operations, including internal relations and interactions with clients, contractors, business partners, and entities within the Alior Bank Group.

Entities covered by the policy: Alior Bank

The „Policy on a workplace free from undesirable behavior at Alior Bank” defines the possibility of reporting irregularities through dedicated channels that ensure confidentiality of the report and protection of the whistleblower’s data. The document also outlines the procedure for handling such reports.

Entities covered by the policy: Alior Bank

The „Anti-Corruption Program at PZU Zdrowie SA” serves as the foundation for establishing and supporting preventive and educational measures in the field of corruption prevention. It includes:

  • framework principles for managing corruption risk within the company, linked to internal regulations for various operational areas;
  • division of responsibilities to effectively control corruption risk;
  • identification of operational areas particularly vulnerable to corruption;
  • examples of corruption factors.

The program’s objectives are:

  • maintaining the company’s reputation as an organization that operates with integrity and transparency;
  • creating an internal regulatory system for corruption prevention;
  • establishing standards of conduct aimed at minimizing corruption risk within the company.

The program applies to all individuals associated with the company, regardless of position or function.

Entities covered by the policy: PZU Zdrowie

The „Anti-Corruption Program at TFI PZU SA” serves as the foundation for establishing and supporting preventive and educational measures in the field of corruption prevention.

The program includes:

  • framework principles for managing corruption risk within the company, forming the basis for detailed internal regulations across various operational areas;
  • division of responsibilities to ensure effective control of corruption riskwskazanie obszarów działalności Spółki szczególnie narażonych na korupcję;
  • identification of operational areas particularly vulnerable to corruption;
  • examples of corruption risk factors.

The program’s objectives are:

  • maintaining the company’s reputation as an organization that operates with integrity and transparency in both management and business activities;
  • establishing an internal regulatory system for corruption prevention;
  • defining fundamental standards of conduct aimed at reducing corruption risk.

The Company, in its cooperation with business partners and clients, adheres to business ethics principles, striving for transparent business relationships and avoiding situations that may appear improper or unlawful. The selection process for business partners is based on objective criteria, such as price, quality, and technical parameters.

Business partners are subject to individual corruption risk assessment, in accordance with the rules defined by the head of the procurement unit. The company’s procurement process is conducted in compliance with the principles of fair competition.

At TFI PZU, the „Code of Ethics for Independent Members of the Supervisory Board of TFI PZU, who are not employees of a PZU Group company and are not associated with a PZU Group company through another similar agreement” and the „Code of Ethics for Members of the Supervisory Board of TFI PZU, who are employees of a PZU Group company or are associated with a PZU Group company through another similar agreement” are also in place, which define the standards of conduct for members of the Supervisory Board of TFI PZU.

Entities covered by the policy: TFI PZU

The „Compliance Policy at PZU Zdrowie SA” defines the rules for performing the compliance function within the organization. It covers objectives, management approach, tools, and the division of tasks in the compliance risk management process. The policy also defines key terms related to compliance and compliance risk.

The purpose of the policy is to ensure that the company’s activities comply with applicable standards, regulations, and codes of conduct. This aims to:

  • ensure the company’s compliance with the law;
  • improve competitiveness and market position;
  • implement principles of transparent cooperation and effective communication;
  • build a positive corporate image and increase business partner trust;
  • enhance employee and associate awareness of compliance matters.

The policy applies to PZU Zdrowie and PZU Zdrowie Group entities. The Risk and Compliance Office is responsible for the systematic implementation of the compliance function as outlined in the policy. The policy is available on the Zdrowoteka platform.

Entities covered by the policy: PZU Zdrowie, PZU Zdrowie Group entities

The „Rules for Accepting and Giving Gifts at PZU Zdrowie” aim to prevent corruption and bribery. The policy defines categories of gifts and the procedures for their acceptance or giving.

The Risk and Compliance Office is responsible for ensuring compliance with the policy and resolving any uncertainties regarding its interpretation.

Entities covered by the policy: PZU Zdrowie

The „Rules for Managing Conflicts of Interest at PZU Zdrowie SA” define the procedures to follow in cases of conflicts of interest between the Company, individuals associated with the Company, and Clients. The policy also includes a detailed description of actions aimed at minimizing the risk of conflicts of interest arising

Entities covered by the policy: PZU Zdrowie, PZU Zdrowie clients and business partners

The „Procedure for Ensuring PZU Zdrowie SA’s Compliance with Competition Law” defines organizational rules and internal mechanisms aimed at ensuring the company’s compliance with competition law regulations. It includes measures to reduce the risk of violations, enable effective monitoring of compliance, and identify and assess the risk of breaches.

The procedure takes into account the interests of key stakeholders, including shareholders, clients, employees, business partners, and other market participants, by:

  • supporting management in mitigating compliance risk;
  • reinforcing the company’s image as a trustworthy entity;
  • preventing reputational and credibility loss;
  • avoiding financial losses and legal sanctions resulting from violations.

Entities covered by the policy: PZU Zdrowie

BALTA has implemented the Compliance Risk Management Policy to define the principles for adhering to legal regulations, internal procedures, and ethical standards. The document establishes key principles related to operational transparency and conflict of interest management, aiming to eliminate the risk of noncompliance within the organization.

The policy covers all aspects of AAS BALTA’s operations, including relationships with clients and business partners. No exceptions have been specified, meaning that all organizational units and processes must comply with the defined compliance standards.

The document has been developed in accordance with national and EU regulations on risk management. Ensuring compliance with these regulations is intended to protect the interests of clients and investors while promoting fair market practices in BALTA’s operations.

The policy aims to enhance transparency and effectively manage potential conflicts of interest, reinforcing trust among customers and business partners in the organization.

BALTA has implemented the Corporate Responsibility Policy to define the principles of responsible business conduct, incorporating environmental, social, and governance (ESG) aspects. The document focuses on balancing business and social interests, promoting sustainable development, and fostering ethical practices within the organization.

The policy applies to all BALTA activities, with no exceptions, meaning its principles are relevant across all areas of the company’s operations. The document takes into account the needs of customers, investors, and social partners, aiming to implement initiatives that support responsible management and socio-economic development. By integrating ESG principles, the organization commits to conducting its activities transparently and ethically, strengthening stakeholder trust and ensuring long-term operational stability.

Compliance of policies with the United Nations Convention against corruption

Poland ratified the United Nations Convention Against Corruption in September 2006, and its provisions serve as a standard for national legal regulations on anticorruption measures. The consolidated companies within the PZU Group operate under Polish and European law and implement obligations derived from this convention.

It is important to emphasize that international conventions are binding for states, not for individual business entities such as the PZU Group. Therefore, a direct assessment of PZU’s procedures against the content of the international convention is not feasible. However, compliance with national legal provisions, which have been shaped based on the convention, ensures the application of anti-corruption standards aligned with international regulations.

The PZU Group undertakes anti-corruption measures in accordance with applicable legal regulations and ethical standards enforced in Poland and the European Union.

Training in Business Conduct

In the PZU Group, training on compliance standards, including principles derived from the PZU Group Good Practices, is an integral part of the training policy. These trainings are conducted in the following formats:

  • onboarding training – designed for newly hired employees to familiarize them with the key standards and principles applicable within the organization;
  • e-learning training – complementing the onboarding process by covering compliance topics, including accepted standards of conduct;
  • dedicated training – organized for specific units, tailored to the particular area’s needs and specific requests.

The training covers, among other topics, issues related to integrity towards clients, professionalism, responsibility, data protection, fair competition, anticorruption measures, anti-money laundering and counter-terrorism financing, supplier selection principles, corporate social responsibility, and legal compliance. These trainings support employees in acting in accordance with the values and standards of the PZU Group while ensuring compliance with legal regulations and the organization’s internal policies.

Examples of additional initiatives:

In TUW PZUW, the “Manager Academy development program operates, aimed at middle and senior management. This program includes participation in development center sessions and workshops developing specific competencies.

Additionally, employees have access to a wide range of free e-learning courses within the HRM management system, and within the training budget, they can participate in market-available training programs. For language skills development, the eTutor platform is available, enabling employees to learn English.

Bank Pekao provides employees with access to a broad spectrum of training programs supporting their professional growth and skills development. The primary document regulating the training area is the “Training and Professional Qualifications Development Policy of Bank Polska Kasa Opieki Spółka Akcyjna, adopted by the Bank’s Management Board.

The Bank offers training in various formats, including group training, remote learning, e-learning, individual training, certification courses (e.g., CFA, ACCA, CIA), language training, postgraduate studies, and MBA programs. Additionally, as part of employee development, the Bank provides mentoring, internal and external coaching, as well as international training and programs.

Training at Bank Pekao covers a wide range of topics, including:

  • soft skills training – development of interpersonal skills, teamwork, and customer service;
  • mandatory training – covering labor law regulations, occupational health and safety, and the Bank’s code of conduct;
  • product training – focused on new products in the Bank’s offering;
  • specialist training – expanding technical and substantive knowledge across all areas of banking operations;
  • system training – related to the use of systems and tools utilized within the Bank;
  • sales training – enhancing skills in selling banking products and services.

A key role is also played by anti-corruption training, which is mandatory for all employees. It is conducted in an e-learning format and provides information on fundamental concepts related to corruption risk, principles of its prevention, and procedures for handling identified corruption-related incidents. As needed, individual business units can also receive customized training sessions on this topic, organized by the Bank’s Compliance Department.

At Alior Bank, the „Training and Development Principles” govern the collaboration between business units commissioning training and the unit responsible for developing training materials. According to these principles, the commissioning unit is responsible for the execution, content, and financial settlement of the training.

Training and development activities are supported by initiatives within “Alior University”, aimed at promoting and reinforcing the Bank’s core values. One of the key events in this area is the “Values Festival”, which serves as a platform for knowledge exchange and the promotion of fundamental organizational principles.

Previous topic
Payment practices
Next topic
Cybersecurity