Compliance
Global Compliance is part of the Legal & Compliance (L&C) department reporting direct to the CEO; in
addition, Compliance reports to the Corporate Bodies (i.e. Board of Statutory Auditors, Internal Control and Risk
Committee and Board of Directors).
Internal organization of Global Compliance is mainly based on area of activities/expertise together with a
structure specifically dedicated to Global Anti-Money Laundering and a structure to cover the Corporate and
Investment Banking Global Business Line (in 2012, the material changes are the cancellation of Global
Family&SME and retail coverage).
As well as the specialist coverage groups at global level there is also Legal Entity and country coverage.
In each material Group legal entity there is a local Compliance function. In 2012 all Group legal entities were
ranked and given a Compliance Coverage category, which determines the Compliance arrangements, based by
their size and range of business. The Compliance function is organized in a similar way to the global team in
the major countries in which the Group operates (e.g. UniCredit Bank AG, UniCredit Bank Austria AG and Bank
Pekao SA being the more established and larger structures) while in other countries Compliance is more a
generic group given the size and range of businesses of the legal entities.
All Compliance functions have a direct (or indirect - through the General Counsel) reporting line to the CEO or
to a member of the Management Board who does not hold any other delegated powers or responsibility for
operating areas.
Moreover there was the increase in Compliance resources at Global and Local level to strengthen existing
structures for the management of Compliance risk. The Global Compliance Framework sets out the main
functions performed by Compliance to assist the Group management of compliance risk:
• providing guidance
• assessing and monitoring compliance risk
• serving as liaison with Authorities
In 2012, whilst significant effort and progress has been made on the Compliance initiatives, in the main
UniCredit direct subsidiaries, focus in 2013 will be on the material indirect subsidiaries as well as on
compliance culture, i.e. continued compliance with established policies/procedures; faster approval,
adoption and implementation of Group standards and timely completion of global mandatory training, with
consequence management appropriately implemented by HR and local management.
For 2013 other priorities are:
• enhance the Compliance Controls System by extending the depth and reach of Compliance second level
controls in the main subsidiaries and also spreading common methodologies in other material subsidiaries
• continue to harmonize the tools and practices across the Group for the main Compliance areas where a
Global approach can be applied (i.e. Anti Money Laundering, Market Abuse and Conflict of Interests)
Policies
Anti-Money Laundering
The Global Policy on Anti-Money Laundering and Countering of Terrorist Financing (hereinafter the AML Policy),
issued in June 2011, builds on the Global Compliance Guidelines and sets out more detailed policy statements
on issues such as the risk assessment and classification of clients and the minimum due diligence standards
for the Know Your Customer process. The Policy sets out the framework by which the Group manages its money
laundering and terrorist financing risk and establishes minimum standards for the Legal Entities’ Anti-Money
Laundering (AML) programmes.
Other official documents related to AML and Anti-Terrorism Financing topic, which build upon and provide
more detail than the AML Policy, are as follows:
• Global Compliance Policy on Financial Sanctions
• Global Compliance Policy on Group Restrictions on Iranian Business
• Global Compliance Technical Instructions on AML Global Controls Monitoring Standards
• Global Compliance Technical Instructions on AML Compliance Risk Assessment & Customer Risk Classification
Standards
UniCredit · 2012 Sustainability Report 7