BKMS System
Munich Re
Cookies are disabled in your browser.
Please enable cookies to use the BKMS® System.
For more information about cookies, please click here.
Complying with the law –
a central aspect of our business

Conduct orientated towards responsibility and sustainable value creation forms the basis of each transaction for Munich Re. We attach great importance to the trust of our customers, investors and employees as well as the public. Compliance with statutory requirements and internal regulations is of central importance for this.

In order to fulfil this requirement and avert potential damage to Munich Re, we are interested in acquiring knowledge of compliance violations. As an open and trusting company culture is very important to us, employees should turn to their superior, the personnel department or the local compliance officer if they become aware or are suspicious of circumstances relating to compliance.

The data protection officer in Munich, who is bound to maintain confidentiality, shall also be available insofar as the protection of personal data is concerned.

In the event that a direct information is not possible or useful, Munich Re shall offer its employees, customers, suppliers and other business partners a secure whistleblower portal to allude to potential compliance violations. This way, corresponding information can be delivered worldwide at any time, securely and confidentially. A delivered information shall be forwarded to Group Compliance in Munich, which shall be responsible for the further processing thereof. Confidentiality is also the top priority here.

The whistleblowing portal is intended to help identify and prevent significant risks for the company. For this reason, we will only accept and process information related to legal violations, particularly financial crimes (such as corruption, money laundering), violations of antitrust or insurance supervision laws, market abuse or data protection laws, or serious breaches of related internal rules.

Suspecting another person may have serious consequences for him. For that reason, the whistleblower portal is to be used responsibly. A whistleblower is encouraged to only provide information whose correctness the whistleblower is convinced about to the best of its knowledge and belief. Deliberately incorrectly delivered information may have consequences under criminal and labour law.

We value open communication with our customers and employees and would therefore like to encourage you to provide your name alongside your information. If you wish to remain anonymous, however, please take care that your data do not allow for the deduction of your person.

If you would like to send your first report, please click here:
If you have already set up a postbox, you may login here:
  • Why should I submit a report?

    Compliance with legal regulations and internal guidelines as well as social responsibility is part of a positive and trusting business culture.

    Maybe you are aware of harmful behaviour or risks that threaten the company. Your report helps to detect reputational and financial damage early and ensures the sustainable success of the company and the continued existence of the jobs it creates.

  • What types of reports help our organisation?

    Reports on violations of statutory and organisational regulations are recorded and forwarded to Group Compliance.

    You shall receive detailed information on potential report categories during the reporting process.

  • How does a report work, how do I set up a postbox?

    To submit an anonymous or personalized report, start by clicking the “Submit Report” button located on the top left side of our information page.

    The reporting process consists of four steps:

    1. First, you will be asked to read some information on the protection of your anonymity and to respond to a security query.
    2. On the following page, you will be asked about the category of your report.
    3. On the report page, you can elaborate on your report in your own words and answer questions about the incident by simply selecting responses. In the free text field, you can write 4,096 characters, which corresponds to a full DIN A4 page. You may also submit a smaller file of up to 2MB to support your report. Please remember that documents can contain information about their author. After you have submitted your report, you will receive a reference number as proof that you submitted this report.
    4. Finally, you will be asked to set up your own secured postbox. You will receive feedback from us via this postbox, we will answer your questions and keep you posted on the status of your report.

    If you already have a secured postbox, you can access it directly via the "Login" button. Here as well, you will first have to answer the security query.

    As long as you do not enter or attach any data that could reveal your identity, the BKMS® System protects your anonymity from a technical perspective.

    We assure you that we are only interested in the case you have reported to us. Both undesirable developments and financial damages should be revealed.

  • How can I receive an answer, yet at the same time remain anonymous?

    The principle of the BKMS® System that is used is to protect the whistleblower's identity. The system's anonymity protection function is certified and can be verified by you at any time.

    When setting up your secured postbox you should choose your pseudonym/user name and password yourself. Encryption and other special security methods ensure that your report remains anonymous at all times. At no time during the reporting process will you be asked for personal information. If you wish to remain anonymous, please do not submit any information that can be traced back to your personal identity. Also, please do not submit your report on a PC provided by your employer.

    The person in charge of your report will contact you via your secured postbox to provide information about the status of your report or to ask further questions if certain details need to be clarified - your anonymity will be always protected during this process. We are interested in these reports in order to prevent damages, not to get information about the person who submitted them.

  • Data Protection Notice

    The whistleblowing portal serves to recognise and avoid significant risks to the Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in Munich (hereinafter referred to as “Munich Re”). For this reason, the portal receives and processes information regarding legal infringements securely and confidentially, especially those related to financial crime (e.g. corruption, money laundering), antitrust and insurance supervisory law, market abuse, data protection, or serious breaches of related internal rules. Use of the whistleblowing portal is voluntary.

    The whistleblowing portal is operated by Business Keeper AG, Bayreuther Str. 35, 10789 Berlin, Germany on behalf of Munich Re. Communication between your computer and the whistleblower portal is encrypted (TLS). Data entered into the whistleblower system are encrypted, password-protected, and stored in a database operated by Business Keeper, which is located in a high-security data centre in Germany. Business Keeper AG cannot access the data.

    Who is responsible for processing the data?

    • Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München
    • Königinstr. 107
    • 80802 Munich

    • Phone: +49 (89) 38 91- 22 55
    • Fax: +49 (89) 39 91 7 22 55
    • E-mail: compliance@munichre.com

    Please contact Munich Re’s Data Protection Officer if you have any questions about this notice. The Officer can be contacted via post addressed to the “Data Protection Officer” at the address above, or via e-mail at datenschutz@munichre.com.

    What categories of data do we use, and where does the data come from?

    Use of the whistleblowing portal is voluntary. We collect the following personal data and information, when you submit a report:

    • Your name, if you choose to provide it
    • Whether you are employed at Munich Re
    • The names and other personal data of persons you name in your report.

    Your computer’s IP address is not recorded during or after use of the whistleblowing portal. In order to maintain the connection between your computer and the BKMS® system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser. Nonetheless, traces of your visit to the whistleblowing portal may be left on your computer. Therefore, if you visit the whistleblowing portal from a company computer, you should consider deleting in particular the temporary data (cache) in your browser.

    You have the option to set up a secure mailbox in the whistleblowing portal using a pseudonym/user name and password, which you can select yourself. This way you can exchange messages and files anonymously and securely with the person responsible in the Munich Re compliance department. This system of communication is not like normal e-mail exchange; the data is only saved in the whistleblowing portal and is therefore specially protected.

    For what purposes and on what legal basis do we process your data?

    We process your personal data in compliance with the EU General Data Protection Regulation (GDPR) and all other applicable laws (e.g. the German Federal Data Protection Act).

    Munich Re will process personal data confidentially, such as names and other data related to the communication and its content, and for the sole purpose of receiving and processing the abovementioned information securely and confidentially. In so far as your consent to process your personal data is required, it provides the legal basis in accordance with Article 6(1)(a) of the GDPR. In all other cases, processing within the meaning of Article 6(1)(f) of the GDPR serves to protect the overriding legitimate interests of Munich Re, the investigation of legal infringements and serious breaches of internal regulations, as well as the protection of Munich Re (Group) and its employees from potential related damages.

    Will data be passed on?

    When you share your name in the whistleblowing portal, we ensure your identity as the whistleblower is treated confidentially.

    Only a very limited number of expressly authorised persons from within Munich Re’s compliance department have access to the data you provide. Depending on the report’s content, certain expressly authorised persons from within the internal audit department, with the Data Protection Officer and individually authorised persons in subsidiary companies may receive access to the data on a case-by-case basis, if it is necessary to process a particular information. If these subsidiaries are headquartered in countries outside of the European Union or the European Economic Area, an adequate level of data protection will be ensured through binding company internal regulations on data protection. Each person with access to the data is obliged to treat it confidentially.

    Investigations of information reported are highly confidential. Principally, your name or any circumstances which could expose your identity as whistleblower are not revealed. However, in certain exceptional cases, we may be required to provide your name, e.g. as required by law.

    If an initial suspicion is confirmed, the information may be passed on to another internal department to initiate sanctions, or to a governmental law enforcement authority.

    Information of the subject(s) affected by the whistleblowing

    In certain cases we are legally obliged to inform those affected that we have received information about them. This can only be done once the act of informing them no longer jeopardises the investigation of the information received. No direct or indirect information about the identity of the whistleblower, in so far as permitted by law, is revealed in the process.

    How long will your data be stored?

    We store personal data related to the information for as long as it is required for the investigation or for as long as we are required by law. Following this period, information received is either deleted or anonymized, i.e. any reference to your identity as the whistleblower is finally and irreversibly erased.

    What rights do users of the whistleblowing portal have?

    In addition to your right to object, you have a right to information, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing. Upon request, we will make the data that you provided available in a structured, accessible and machine-readable format. Please contact the aforementioned address to exercise these rights.

    Right to object

    If we process your data for the purposes of protecting our legitimate interests, you may object to this processing if your particular situation precludes the processing of your data. In such case we would stop the processing, unless we have overriding legitimate interests. In case you have given consent, you have the right to withdraw your consent without disadvantages at a later stage.

    You may contact the aforementioned Data Protection Officer or the data protection authorities. The authority responsible for us is:

    • Bayerisches Landesamt für Datenschutzaufsicht
    • Promenade 27
    • 91522 Ansbach

    • Phone: +49 (0) 981 53 1300
    • E-mail: poststelle@lda.bayern.de
    • Internet: https://www.lda.bayern.de/de/kontakt.html

    Information up to date as of November 2018