01 Introduction and strategy 02 Measuring and managing sustainability 03 Climate change related disclosure 04 Strengthening our foundation 05 Our universal principles 05.1.2 Objective and action tables Strengthening our foundation Objectives and actions: cybersecurity Topic Objectives Progress and actions 2022 Reference Information security executive accountability • Define and include information security targets for all responsible board members, including local OEs to ensure appropriate focus on securing Allianz. • Further upgrade targets and risk indicator monitoring, linking them to quantified risk exposure and roll-out of global cyber-risk management strategy. • Target objectives for all OEs included key information security risk indicators in addition to targets for strategic programs related to information security. • Additionally, a mechanism was devised to ensure a direct link between information security standing and reward. For further insights into our information security executive accountability, please refer to section 04.1.1. Also refer to our Non-Financial Statement, section Cybersecurity, p. 67. Data privacy and data ethics • Deploying new data privacy controls for supplier management concerning the pre-selection, contracting, ongoing monitoring, and off-boarding of data processors. • Deploying a rigorous new training program for privacy professionals and privacy champions. • Rollout of the AI Practical Guidance to all EU Renewal Agenda Committee (RACo) operating entities. • Revised data privacy controls for supplier management to reflect the full supplier management lifecycle and piloted these controls for inclusion into the 2023 cycle of the Integrated Risk and Control System (IRCS). • Conducted 2 Privacy Expert Trainings and 7 Privacy Champion Trainings, attended by 49 and 404 participants respectively. • Instituted a quarterly program to train relevant employees on the Practical Guidance for AI. • Completed the Practical Guidance for AI rollout assessment, including an interview process and monitoring measures, for all EU RACo OEs by the end of 2022. For further insights into data privacy and data ethics, please refer to section 04.1.2 and section 04.1.3. Also refer to our Non-Financial Statement, section Cybersecurity, p. 70–71. Objectives and actions: compliance/anti-corruption and bribery matters Topic Objectives Progress and actions 2022 Reference Compliance • Complete the cycle of the integrated compliance risk scoping and assessment activities as part of the company’s IRCS process. • Continue to enhance the effectiveness of local compliance organizations by enriching our compliance reviews, to bolster further the governance and processes of underlying compliance organizations across our OEs. • Completed the 2022 integrated compliance risk scoping and assessment activities as part of the company’s IRCS. • 2022 Compliance Review Plan executed. For further insights into our compliance, please refer to section 04.3 and tables COM-1; COM-2. Allianz Group Sustainability Report 2022 139
Sustainability Report 2022 | Allianz Page 139 Page 141