Disclosure Requirement S4-1 – Policies related to consumers and end-users
To manage the identified material impacts, risks and opportunities with regard to consumers and end-users, binding documents have been established in VIG and are regularly reviewed. These include the strategic and sustainability programmes, the Code of Business Ethics, and requirements relating to data protection and risk management, which are described in more detail in ESRS 2 MDR‑P “Policies adopted to manage material sustainability matters”. In addition, the EU Insurance Distribution Directive (IDD, Directive (EU) 2016/97) ensures European minimum harmonisation in insurance distribution for the protection of consumers. It sets out specifications for products, advice and remuneration and obliges (re-)insurance companies to train all employees involved in sales and in managerial positions in order to ensure that customers are given the best possible advice. All EU insurance companies within the Group meet the requirements of the Insurance Distribution Directive (IDD) in accordance with the EU specifications, while non-EU insurance companies implement various actions, in particular with regard to the professional training of sales staff and the product development process.
The Group-wide policies on information security, third-party risk management and IT risk management jointly aim to reduce or prevent potential data loss by establishing robust preventive actions. They ensure the secure handling of information assets, the systematic identification and management of IT-relevant risks and strict controls when working with third-party providers.
The “VIG Group Policy Life Insurance” and “VIG Group Guideline Underwriting Retail & Standardized SME” address product design, portfolio, sales and risk management and the avoidance of “greenwashing”.
VIG insurance companies have also implemented various local requirements to ensure that policyholders receive adequate and understandable information. They include:
Guidelines for the appropriate handling of complaints from policyholders.
Product information guidelines for the creation and distribution of product information that are designed to ensure brochures, websites and other materials contain appropriate, up-to-date and easy-to-understand information.
Marketing communication specifications that set out standards to ensure that the insurance companies correctly present the product content and that they comply with the legal requirements and are not misleading.
Digital communication that is intended to ensure product information can be exchanged across different channels in a consistent, secure and easily accessible manner.
Training that enables employees to gain a comprehensive understanding of the available products in order to ensure expert communication and a timely and fact-based response to enquiries.
Provisions for providing feedback that are designed to help continuously improve communication.
VIG respects human rights and is committed to the principles of the UN Global Compact. Further details can be found under ESRS 2 MDR‑P “Policies adopted to manage material sustainability matters”, in particular the VIG Code of Business Ethics. Personal data are processed with the utmost care and in accordance with data protection regulations.
For the reporting year, the local insurance companies were also asked about non-compliance with the UN Guiding Principles on Business and Human Rights, the International Labour Organization’s (ILO) Declaration on Fundamental Principles and Rights at Work and the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct. No related incidents were reported in response.
VIG insurance companies have introduced feedback mechanisms, for example in the form of stakeholder surveys. Further details can be found in ESRS S4-2 “Processes for engaging with consumers and end-users about impacts”.
To ensure that the rights of consumers and end-users are protected, most of the insurance companies have set up appropriate grievance mechanisms with clearly defined remediation processes and complaints offices. Brokers, agents and other intermediaries are also contact persons for expressing concerns and can provide information about the possible grievance mechanisms.
Disclosure Requirement S4-2 – Processes for engaging with consumers and end-users about impacts
VIG insurance companies endeavour to take the interests of customers into account in different phases.
Prior to the conclusion of an insurance contract, local insurance companies concentrate on raising awareness and educating by informing and supporting potential policyholders, for example, through marketing campaigns, webinars, information brochures, websites, chat support or face-to-face consultations.
During the conclusion of the contract, the local insurance companies regularly support their customers in the application process, for example by providing advice via digital, telephone or in-person channels, through customer services, and through online tools and face-to-face consultations, in each case in accordance with the customers’ chosen sales access.
In the event of a loss occurrence, there are various options for reporting a loss. These include direct reporting to insurance brokers, via online platforms or service centres, by email or by post. The aim is to provide policyholders with the best possible support in the event of a loss and to ensure the claims process runs smoothly.
Regular communication during the renewal and retention phase – for example through emails, other written correspondence or face-to-face consultations – supports the seamless continuation of insurance coverage.
VIG insurance companies continuously and systematically collect feedback from policyholders via various channels, including surveys, complaints and customer portals. The findings include statements about service quality, clarity of the information provided and general satisfaction with the services offered. The feedback provides a deeper understanding of needs, resulting in improved service quality, product design, sales activities, information provision, data security and data protection measures. VIG insurance companies are also in direct contact with policyholders, including through consultations, interviews and dialogue forums with brokers, agents and sales staff. Where applicable, there is also communication with legitimate consumer representatives. These channels make it possible to capture a broad and representative range of perspectives.
Surveys and interviews with customers after claims have been processed provide valuable insights into the claims handling process and policyholder satisfaction.
The quality of the customer relationship is evaluated using various indicators. One of the most common metrics is the Net Promoter Score (NPS), which measures the likelihood that policyholders would recommend VIG services. In addition, some local insurance companies evaluate satisfaction using the Customer Satisfaction Score (CSAT). Another important metric is the time in which complaints are resolved or clarified. Chapter ESRS S4-5 “Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities” mentions the most common examples of local targets.
Operational responsibility for the implementation of customer feedback in business decisions is organised in accordance with the market standards of the respective local insurance company. This responsibility is usually shared by several departments, including marketing, customer service, claims management and call centres, to ensure the coordinated and effective implementation of customer-oriented improvements.
No disadvantaged consumer groups were identified in the consolidated double materiality assessment.
Disclosure Requirement S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns
VIG insurance companies offer their policyholders various options for expressing their needs and have set up decentralised complaint management systems. Customer interactions are managed by the respective VIG insurance companies. Consumer complaints and concerns are recorded in the local complaint management systems. These can be submitted in person via the insurance company’s contact points or via other channels such as service helplines, via email or via online complaint portals.
The key aspects of effective complaint management include the time taken to process complaints, the identification of causes for repeated complaints and collection of customer feedback after a complaint has been processed.
Furthermore, insurance brokers are obliged to inform customers about the available grievance mechanisms. In addition, insurance companies within the EU are obliged to send regular reports on customer complaints to their respective national supervisory authority.
When a concern is raised, VIG insurance companies engage in fair and transparent remedial measures, which may include compensation, service corrections or other appropriate actions. These actions are also reviewed on a regular basis – either by obtaining feedback from the policyholders concerned or by monitoring internal metrics in order to ensure effectiveness and customer satisfaction. Reported incidents and the actions to be derived from them are examined individually.
The local insurance companies assess whether consumers and/or end-users are informed about the channels available for raising concerns. This is done by analysing website data (e.g. use of complaint sections), data from contact centres (e.g. number and details of complaints) and informal feedback from employees, agents and intermediaries. The results are regularly reviewed to ensure the effectiveness and visibility of the grievance mechanisms.
Disclosure Requirement S4-4 – Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions
VIG’s local insurance companies have implemented a wide range of actions to promote clarity, transparency and understanding in all customer interactions and to avoid potentially negative impacts for policyholders as a result of insufficient or misleading information. Customer-facing documents are written in clear, understandable language and are systematically reviewed.
Sales staff, agents and brokers receive targeted training on clear and responsible communication. Consultations and information meetings before a contract is concluded are used to ensure that customers understand the characteristics, advantages and potential risks of the products. In addition, digital tools are used to promote transparent information sharing and to help customers make informed decisions.
VIG insurance companies also take active action for consumers, in particular by ensuring fair access, transparency and product suitability. The professional training and continuous further development of sales staff ensures that all persons involved in insurance broking have the necessary specialist knowledge and communication skills to provide clear and reliable advice and to strengthen customer trust. This is also supported by the development of affordable or entry-level products as well as through sales partnerships.
VIG’s ongoing digitalisation initiatives are modernising customer journey experiences and providing user-friendly online platforms for concluding contracts, providing information and managing claims. Simplified, multilingual communication and flexible payment options facilitate access for consumers, while digital consulting and self-service tools promote understanding and customer retention.
In addition, VIG actively drives the development of measures to improve the customer experience and promote innovative insurance solutions. Examples include telehealth services that facilitate remote access to health professionals and the introduction of telematics tariffs that reward safe driving. These initiatives are primarily aimed at closing insurance gaps – especially for existing customers. To ensure adequate insurance coverage, products are offered in accordance with the respective market conditions and customer requirements.
VIG insurance companies decide on the respective design of products, marketing content, customer documentation and digital tools based on local market requirements. These actions aim to adapt to the changing needs of policyholders, to ensure a high level of customer satisfaction and to strengthen their financial resilience.
In addition, a Customer Experience (CX) competence centre has been established in Poland, which enables local insurance companies to collaborate on customer experience matters. The participating VIG insurance companies evaluate which developments within the insurance processes should also be presented to other VIG insurance companies.
Various VIG exchange groups – such as those focusing on sustainability or marketing – also contribute to the strengthening of transparent and customer-oriented communication. VIG insurance companies also cooperate in local insurance associations and promote dialogue and cooperation with industry partners and supervisory authorities in order to strengthen the understanding and trust of consumers.
The effectiveness of the actions taken in terms of achievement of the desired result is assessed by means of satisfaction measurements. Further details on this are provided in ESRS S4-2 “Processes for engaging with consumers and end-users about impacts”.
In addition, the local VIG insurance companies evaluate whether the information provided to policyholders is sufficient and understandable. For this purpose, internal audits and quality checks are carried out, which are intended to ensure both continuous improvement and the uniform application of clear communication standards in all customer interactions. For further information on the effectiveness actions, see chapter ESRS S4-3 “Processes to remediate negative impacts and channels for consumers and end-users to raise concerns”.
The implementation of Group-wide IT standards ensures data security. Details are provided in ESRS 2 MDR‑P “Policies adopted to manage material sustainability matters”. VIG companies are subject to data protection regulations that determine how personal information is collected, used and protected. Personal data are processed securely in accordance with data protection regulations, and IT systems are updated regularly. VIG has established reliable processes for dealing with data breaches, including a procedure for informing the affected policyholders and the supervisory authorities in accordance with the statutory provisions.
VIG uses encryption technologies to ensure that data, even if intercepted, remain unreadable without the appropriate authorisation. Regular internal and external audits and risk assessments are intended to identify any vulnerabilities and continuously improve security actions. In addition, regular security checks are carried out by external specialists. VIG regularly assesses and monitors the data security procedures of its providers and partners throughout the Group to ensure that they comply with the applicable security standards and take appropriate security actions. This is implemented by the local VIG insurance companies.
In view of the increasing complexity of the methods used by cyber criminals, local VIG insurance companies regularly inform their employees about current cyber risks. Well-trained employees play a key role in the defence against IT security attacks. In addition, VIG has established a comprehensive programme to protect against the increasing cyber threats. VIG companies are served by three competence centres (Cyber Defense Centers) in Austria, Poland and the Czech Republic. This covers all VIG insurance companies within the scope of the Digital Operational Resilience Act (DORA). VIG IT systems are continuously monitored for signs of a cyber security incident. The Cyber Defense Center programme is complemented by information events and employee awareness campaigns.
VIG is committed to fully comply with the statutory data protection regulations and transparency towards policyholders regarding the use and disclosure of their data. Against this background, a Group-wide data protection management system has been set up to ensure the protection of personal data in VIG. The VIG Group Guideline Data Protection, which defines Group-wide minimum standards in line with the General Data Protection Regulation (GDPR), forms the basis of this system (see ESRS 2 MDR‑P “Policies adopted to manage material sustainability matters”). This guideline requires VIG insurance companies (in addition to asset management companies and pension funds) to establish a data protection management system at the local level and to appoint a data protection officer locally who is only responsible to and reports to the local managing board. The local data protection officer is responsible for implementing the minimum standards from the VIG Group Guideline Data Protection as well as the local legal regulations. In the event of data breaches, the competent authorities and the data subjects are informed in line with the statutory provisions. Data breaches are continuously analysed by the local data protection officers; the findings are used to prevent similar incidents and to continuously improve processes. The local data protection officers are supported, guided and monitored in their activities by a Group Data Protection Coordinator. The local data protection officers report to the Group Data Protection Coordinator on data protection matters on both an annual basis and an ad hoc basis. In addition to the regular activity report, these reports include data breaches and official audits as well as their results. This reporting process ensures the continuous improvement and effectiveness of the data protection management system. The Group Data Protection Coordinator also reports regularly and on an ad hoc basis to the Managing Board and Supervisory Board of VIG Holding. In the event of a data breach, the affected data subjects and the competent authorities will be informed immediately in accordance with the statutory provisions. In the reporting year, 95 (2024: 80) data breaches were reported to the relevant data protection authorities in accordance with the local statutory provisions.
IT security incidents are reported to the Chief Information Security Officer of VIG Holding on a monthly basis. Critical incidents are reported immediately to the Chief Information Security Officer and the VIG Holding Managing Board member responsible for IT.
To prevent greenwashing in life insurance, the VIG Group Policy Life Insurance has been adjusted. Transparent and verifiable sustainability criteria are used to avoid greenwashing in life insurance. These include independent certification, the comprehensive disclosure of investment strategies and clearly defined requirements for sustainable products. Information for policyholders is presented in accordance with the regulatory requirements. In non-life insurance, there is no clear legal definition of how products should be classified as “green”. The VIG Group Guideline Underwriting Retail & Standardized SME therefore refers to different sources that must be observed if a product is defined as “green or sustainable”.
In response to the identified risks, such as greenwashing, which arise from the provision of potentially insufficient or misleading information to our customers, VIG insurance companies implement various actions. These include implementing Group-wide policies and guidelines for retail underwriting and raising awareness via Group-wide communication channels. In addition, VIG companies implement actions in accordance with their respective local requirements.
Requirements that are intended to ensure that own business practices do not have any material negative impacts on consumers and end-users are described in ESRS 2 MDR‑P “Policies adopted to manage material sustainability matters”.
In the course of ongoing monitoring, no systematic or severe violations of human rights standards were identified in the downstream value chain in the reporting year.
It is not possible to present the resources for managing the material topics in ESRS S4 “Consumers and end-users” separately, as this forms part of VIG’s core business and is supported by comprehensive actions throughout the Group.