Governance

QBE is subject to extensive legal and regulatory requirements and obligations, industry codes and business and ethical standards across our business activities wherever we operate. Compliance with these is critical to assist QBE to deliver our strategy, create long-term value and maintain our social licence to operate.

For our Corporate Governance Statement, see our 2017 Annual Report. It includes information about the QBE Board and management, our Group governance framework and guidelines, and reporting and risk management.

Compliance Framework

At the Group level, leadership relating to compliance risk is provided by the Board Risk and Capital Committee. Our Group Compliance Framework outlines QBE’s global approach to managing compliance risk; defines how we expect our business to be conducted in accordance with applicable laws and regulations in the countries where we operate; and requires that breaches of these obligations are identified and escalated, as appropriate. It also sets out QBE’s governance arrangements and key roles and responsibilities relating to compliance management and describes the key components of our approach.

Compliance Framework

The Framework has been drafted to take into account the International Standard ISO 19600:2014 Compliance Management Systems – Guidelines, which provides a sound benchmark for a compliance management system.

It supports our Group Risk Management Strategy and is complemented by the Group Compliance Monitoring Program and annual Compliance Monitoring Plan, and a range of compliance policies, guidelines, programs and processes.

Compliance across QBE is overseen by a Group Regulatory and Compliance team with responsibility for providing independent assurance and oversight to our Group Board Risk and Capital Committee.

Code of Ethics and Conduct

QBE is committed to maintaining high ethical standards in how we conduct our business. The actions and conduct of our employees and others acting on QBE’s behalf are key to maintaining these standards. Our Group Code of Ethics and Conduct (the Code) helps guide QBE employees to act with honesty and integrity, promotes QBE’s reputation and supports a positive compliance culture.

The Code sets behavioural standards for everyone who works for, or on behalf of, QBE and applies to all employees, directors, and contractors. Acting in accordance with our Code is a condition of employment, and everyone is required to undertake regular Code training. Information about mechanisms for raising and managing concerns is outlined in the Whistleblowing section.

In February 2018, we released an updated Code. The Code was reviewed and updated to take into account QBE's changing business environment, approach and strategy and emerging regulatory and compliance issues.

Financial crime

QBE’s commitment to acting with integrity means we do not tolerate any person engaging in financial crime. We clearly define our expectations around these requirements for our people and third parties who work with us, so they can be aware of potential financial crime activities that may occur within their area of responsibility.

Our financial crime approach is both preventive (e.g. structured training and third party requirements, clear policies and processes) and reactive (e.g. monitoring financial crime risk in accordance with our annual Compliance Monitoring Plan and via whistleblowing reporting).

Anti-Money Laundering and sanctions

Our minimum standards for preventing Anti-Money Laundering (AML) are set out in our Code. The Code provides high-level guidance and reminds employees to be alert to irregularities. AML risk is closely linked to sanctions risk.

QBE is committed to ensuring we comply with the requirements of sanctions regimes in the jurisdictions where we operate or seek to operate. These include the Australian, European Union, UK, United Nations Security Council (UNSC) and US sanctions regimes.

Our approach to sanctions is supported by a Global Sanctions Policy and Guidelines and, where appropriate, local sanctions policies and guidelines.

Anti-bribery and anti-corruption

QBE is determined to play an active role in the global fight against corruption. We have no tolerance for any incidence of bribery or corruption committed by people within or outside our organisation.

Our commitment to anti-bribery and anti-corruption compliance is reflected in our Code and our Group Anti-Bribery and Anti-Corruption Policy, supported where appropriate by local anti-bribery and anti-corruption policies.

The proper giving and receiving of gifts and entertainment is an essential element of our approach to managing bribery and corruption risk. Across QBE, we have minimum standards for these activities. They must be reasonable, modest and proportionate; given or received in good faith; and appropriately approved and registered, depending on their value.

Anti-competitive and anti-trust practices

QBE’s success in the marketplace results from providing products and services at competitive prices. We do not seek to gain advantage through improper or anti-competitive practices. Employees must not engage in anti-competitive practices or behaviours, including any agreements, decisions and collaborative practices (whether documented or oral) with competitors that may prevent, restrict or distort competition. Examples include price-fixing, bid-rigging and boycotts.

Our employees must also take care when participating in industry associations. They should consider all aspects of an association’s activities, including its membership criteria, rules and standards. Any meeting agendas and participation should not extend to a QBE employee providing pricing or other commercially sensitive information that may be anti-competitive.

Whistleblowing

We set clear expectations for our leaders and employees about how they are expected to behave in our workplaces and business dealings. We also encourage them to speak up about and resolve issues when they occur.

Our Group Whistleblowing Policy, supported by local whistleblowing policies, sets out avenues for employees and contractors to raise concerns or report misconduct. They can raise reports through line managers or certain prescribed employees, and through our Human Resources and Compliance teams. Our people can also confidentially and anonymously report matters to an independent third party. Where a concern is raised, we will assess whether the issue should be investigated in accordance with the investigation requirements of our Whistleblowing policies.

We acknowledge, investigate (as appropriate) and document all reported concerns. Where reports are substantiated, we take appropriate remedial actions, advise the reporter promptly and document the outcomes. We do not tolerate any form of retaliation against anyone who raises a concern or participates in an investigation.

We continue to review the operation and effectiveness of our whistleblowing systems and controls, which are subject to Board Risk and Capital Committee and Audit Committee oversight.

Human rights

Wherever we operate, we respect human rights and are committed to avoiding human rights harm. This includes rejecting any form of modern slavery, such as slavery, servitude, human trafficking and forced or compulsory labour.

We aim to identify and manage any risks related to human rights across our own business and through our supply chain relationships.

Our commitment is reinforced through the inclusion of human rights in our Code and supplier requirements, and through a focus on implementing and enforcing effective systems and controls to prevent involvement in human rights harm.

During 2018, we will continue to work with our recruitment and supply chain partners to enhance the management of human rights and modern slavery risk.

Privacy

We are committed to protecting the privacy of all stakeholders. Our Group Privacy Policy, which outlines minimum standards for the protection and security of personal information, is supported by local privacy policies where appropriate.

Our approach to information security includes measures to secure personal information and to protect this information from misuse, interference and loss, as well as unauthorised access, modification and disclosure.

QBE’s global Privacy Working Group (PWG) is an advice, evaluation and approval group for matters with potential or actual privacy implications. It aims to promote and foster increased communication, engagement, knowledge sharing and collaboration across QBE employees with responsibilities for privacy.

Training

During 2017, we enhanced QBE’s mandatory compliance training program to support our Group policies.

QBE’s Compliance Framework

  • Promotes a positive compliance culture through a clear link to our values and Group Code of Ethics and Conduct. These values, ethics and minimum standards of conduct are designed to ensure QBE employees act with honesty and integrity; promote QBE’s reputation; and support a positive compliance culture, outcomes and risk management.
  • Embeds compliance management into our governance arrangements to establish authority, accountability and responsibilities for compliance management throughout the accepted three lines of defence against risk (frontline staff, oversight functions, and auditing/Board governance).
  • Applies to all our obligations, recognising that ownership and responsibility for ensuring or overseeing compliance with them is shared across a number of business units and teams.
  • Establishes a clear definition of compliance risk and an associated risk appetite.
  • Comprises key systems and controls that are specific to the effective operational management of compliance risk:
    1. identify and assess obligations and risks;
    2. design and implementation, communication and training;
    3. monitoring, reporting and review;
    4. incident and issues management;
    5. continuous improvement.