Other initiatives
Protecting policyholders
Protecting policyholders’ personal data
Personal insurance is based on knowledge of sensitive personal data. At CNP Assurances, protecting the confidentiality of policyholder data is central to our administrative processes and the obligations laid down in our code of conduct. Customers’ medical and personal information is protected by procedures that comply with local regulations in each host country, and a dedicated system has been set up to keep abreast of regulatory changes. A privacy-by-design approach is being mainstreamed when designing new products.
Requests for access to the personal information of policyholders are facilitated by an application available on the cnp.fr website.
CNP Assurances has a Data Protection Officer tasked with ensuring the protection of the personal data of its prospects, customers and employees. Systematically consulted before any application involving personal data is launched, the Data Protection Officer takes part in industry discussions, leads an in-house network and circulates procedures, notably through a dedicated Intranet. Controls are performed to ensure that the procedures are applied and the Data Protection Officer prepares an annual report.
In addition, policyholders must give their consent to the use of their email address for communications managed in a dedicated information system. The Company has undertaken, through the signing of the French Union of Advertisers’ Charter on Responsible Communication, to “respect customers’ private data when used for marketing and commercial purposes”.
IT security
CNP Assurances established a structured approach to securing its computer system more than ten years ago. It relies on a security framework aligned with the best practices laid down in the ISO 27001 standard and the associated guidelines. Each new IT project is subject to an analysis of the information security risks, which is reviewed and validated by a dedicated committee before the new service goes into production.
In 2015, in view of the surge in cybercrime at a time when it is impossible to disregard the need for digitisation, CNP Assurances initiated a major change in its security policy by strengthening governance, adjoining detection and incident treatment systems to existing defence capacities and making users the key actors in the process.
Implementation in subsidiaries
The European subsidiaries comply with the European Data Protection directive (95/46/EC) as transposed into national law. Some, such as CNP Cyprus Insurance Holdings, have included its provisions in their code of conduct. Employees at CNP Europe Life received special training in data protection in 2015. At MFPrévoyance, where medical confidentiality is a particular concern, employees must sign a formal pledge to uphold their obligation to maintain professional secrecy. Medical confidentiality training courses are regularly given to MFPrévoyance employees by the medical officer.
The data security policy at Caixa Seguradora is also regularly updated, and all information is categorised by level of confidentiality to ensure appropriate treatment. Regular intrusion tests are conducted to assess the efficacy of the security measures.
CNP Assurances Compañia de Seguros has drawn up a good practice guide on data privacy, notably including its legal aspects, in the aim of entrenching a culture of personal data protection as a component of service quality.
CNP UniCredit Vita updates its security policy governing the protection of customer data on an annual basis. In 2015, the Compliance department commissioned internal and external checks.
Product and service compliance
All of the Group’s entities verify that contractual, marketing and advertising documents are compliant at every stage of the development of new products. Dedicated teams, working closely with legal experts, ensure that insurance products are compliant, and that changes within the legal framework are taken into account.
CNP Assurances and several subsidiaries have obtained ISO 9001 certification of their main business processes. The certification scope is expanded each year (at the end of 2014, operational monitoring moved up to level 2) while ensuring that previously acquired certifications are renewed. At Caixa Seguradora, the quality management system is subject to regular audits.
Measures in support of policyholder health
The CNP Assurances Group’s core business does not have a direct effect on customers’ health. Nevertheless, the Filassistance International subsidiary has developed a series of preventive measures to assist individuals in everyday health and safety issues, in the form of loss of independence and memory loss prevention assessments, as well as ergonomic assistance, information services and psychological support (see “Promoting good health“ on page 11).
Encouraging policyholder commitment to sustainable development
SRI offering
In personal insurance, the only “green” products are SRI funds in savings products. They are offered in each of the flagship unit‑linked products available in the individual insurance offerings from CNP Assurances, such as:
- LBPAM Responsable (http://www.labanquepostale-am.fr/isr/notre_offre_isr.html);
- Ecureuil Bénéfice (https://www.caisse-epargne.fr/ecureuil-benefices-resp.aspx);
- CNP développement durable (http://www.fongepar.fr/DOCS/na_400001.pdf).
SRI funds were once again promoted by CNP Assurances’ two major partners in 2015. At the end of the year, nearly 112,000 life insurance policies included an SRI fund. SRI assets totalled €543 million at that date, an increase of more than 6% compared with 2014.
Environmental, social and governance criteria are increasingly integrated into the management of the assets underlying all our traditional savings products and own-funds portfolios. A brochure on “CNP Assurances’ CSR Commitment” was sent to several thousand policyholders and included in the main materials used to present CNP Assurances’ offers to its partners.
In its wealth management offering developed in 2015, CNP Assurances offers unit-linked products comprising directly held securities. Eligible securities offered to policyholders are selected by taking into account exclusion rules on environmental (coal), social (Global Compact) and governance (sensitive countries) issues applicable to financial assets (see “Priority No. 1: be a responsible investor“ on page 15).
Solutions to raise policyholders’ awareness
- The Caixa Seguradora group describes the social and environmental challenges it is facing and presents its results on its website. For several years, it has provided its policyholders with information on responsible consumption. In 2015, it extended the process to social networks.
- Every year, CNP Assurances’ pledge to uphold the United Nations Global Compact and its responsible investing strategy are highlighted in more than 19 million letters sent to policyholders (postal mail, email or position papers available online). Since 2011, the message is communicated to all holders of endowment policies (other than unit-linked contracts), including on the annual policyholder statements.
- In 2014 for SRI Week, we organised an awareness campaign for investors with our partner La Banque Postale. We proposed a special offer for any investment in products from the SRI range. Our network of travelling advisors also got involved in explaining the Group’s investment approach and its SRI offer.