Compliance describes the goal that organizations aim to achieve with their efforts to ensure that the personnel is aware of and takes steps to comply with the relevant laws and regulations as well as with standards, guidelines and contracts. Due the increasing number of regulations and the need for operational transparency, organizations have to establish a compliance management system and compliance controls.
In the Austrian insurance industry a special compliance management used to mainly concentrate on the regulations against improper use of insider information. Solvency II, the new framework for the European insurance industry, becoming effective with delay on January 1 2016, includes not only effective quantitative solvency requirements, but also an effective system of governance. The system of governance includes the risk management function, the compliance function as a part of the internal control system, the internal audit function and the actuarial function. These tasks are key functions of insurance companies and the persons in charge of these functions have to fulfil the proper requirements. In autumn 2013 the European Insurance and Occupational Pensions Authority (EIOPA) presented „Guidelines on System of Governance.” Following EIOPA, early preparation is essential in order to ensure that, if Solvency II is fully applicable, organizations will be well prepared and able to apply the new system. Therefore, the national insurance supervisory authorities and regulators are expected to put the guidelines on System of Governance in place, starting January 1 2014. In Austria the implementation in the insurance supervisory law is scheduled for July 1 2014.
Three special parts of regulations by law are discussed in this paper: unauthorized use of insider information, money laundering and corruption. Insider information is intimate knowledge or non–public (privileged) information about the affairs, operations or financial position of a corporation that will affect the market price of its publicly traded stock. Insurance Companies are requested by the Austrian stock exchange law to inform the employees and install procedures to avoid improper use of insider information. The Austrian insurance supervisory law requests all life insurance companies certain regulations and procedures to avoid money laundering and terrorism financing. They must have a special officer responsible for regulations and controls, reporting directly to the top management. Corruption is the abuse of power, office or resources for personal gain by politicians, public officers, judges and also responsible managers in private companies. Bribery is the improper use of gifts and favours in exchange for personal gain or a gain for an organization. The Austrian criminal law knows a lot of offences concerning corruption and white collar crime.
The Austrian insurance companies have to introduce effective Compliance Management Systems (CMS) immediately. Based on COSO Internal Control – Integrated Framework, the German Institute of statutory auditors developed an audit standard for auditing CMS. In this standard the integrating parts of an effective CMS are Compliance Culture and Environment, Compliance Objectives, Assessment of Compliance Risks, Compliance Program and Processes, Compliance Organization, Compliance Communication and Information and Compliance Monitoring and Improvement.
Prerequisite for an effective and helpful Compliance Management System is the readiness of all members of the organization on all levels in the chain of command to act according to the common rules in the organization.