Legal environment
Sustainable finance
Towards the end of the European legislative period 2019-2024, numerous legislative EU initiatives under the title “European Green Deal” were completed. After the legislative process for the Corporate Sustainability Reporting Directive (CSRD) was completed at the end of 2022, details followed in 2023 in the form of new, obligatory European standards for sustainability reporting (European Sustainability Reporting Standards, ESRS) that, after several postponements were published on 22nd December 2023 in the Official Journal of the European Union and are already applicable for the 2024 reporting year. Extensive organisational and technical preparation was performed for its implementation. The preliminary political agreement on, the Corporate Sustainability Due Diligence Directive (CSDDD), at the end of 2023 introduced an initial limited application to the financial sector, but in particular the obligation to adopt corporate transition plans that essentially must determine decarbonisation of investment, insurance and own operations with interim targets by 2050.
In advance of the new sustainability reporting starting in 2024, the 2022 sustainability report, that was published in 2023, contained, for the second time, information regarding sustainable investment or insurance in the form of the taxonomy eligible investment and also underwriting KPIs in accordance with Article 8 of the Taxonomy Regulation. As a next step, preparations were made in 2023 for the technically narrower taxonomy aligned investment and underwriting KPIs which will be published for the first time in 2024.
Digital resilience
The regulation of the digital security in the financial sector also came into focus at the European level in the reporting period. On 27 December 2022 the Digital Operational Resilience Act (DORA) was published in the Official Journal of the European Union. Starting from 17 January 2025 DORA will be applicable to European financial entities and they will be obligated, among other things, to take all required security precautions to mitigate cyber attacks and other risks in the area of information and communication technology (ICT risks). Essential details for the provisions in DORA are set at level 2. These level 2 measures are developed by the ESAs (EIOPA, EBA and ESMA) in a joint committee and had to be published by 17 January 2024 or will have to be published by 17 July 2024 respectively.
International sanctions
After significant changes to the dynamics, complexity and extent of the international sanctions environment as a result of the Russian aggresion against Ukraine in 2022, multiple countries and organisations, above all the European Union, the United States of America and the United Kingdom of Great Britain and Northern Ireland, imposed further comprehensive sanctions against Russia or expanded already exiting sanctions in the reporting year 2023. The restrictions ranged from (investment) restrictions for specific economic sectors to embargoes on goods, complete trade embargoes for specific regions to significant expansion of the number of persons and companies that were placed on the sanctions list and with whom business relationships are therefore prohibited. In 2023, however, persons and companies that are not located in Russia were also sanctioned because they were accused of circumventing the existing sanctions provisions. These relate to persons with nationalities from EU countries or companies with registered office in the EU. Also in 2023, following human rights violations by the Iranian regime in the country, in particular the European Union imposed new and the United States of America expanded existing sanctions against Iran. Further restrictive measures are also expected in 2024 due to the ongoing conflicts, particularly in connection with Russia and Iran.
Whistleblower protection
The EU Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law (“Whistleblower Directive”) provides for minimum standards for protecting whistleblowers from retaliation and the establishment of confidential reporting channels by companies and authorities. Austria has transposed the EU Whistleblower Directive into Austrian law with more than one year delay in form of the Austrian Whistleblower Act (Hinweisgeber:innenschutzgesetzes, HSchG). This law entered into force on 25 February 2023. Companies with more than 250 employees or companies in the financial services sector, irrespective of the number of employees, were obliged, within a transition period of six months, thus until 25 August 2023, to establish internal reporting channels to enable whistleblowers to report perceived violations against the areas of law listed in the HSchG while maintaining confidentiality and data protection. For companies with 50 to 249 employees, the transition period for the establishment of internal reporting channels ended on 17 December 2023. In VIG Holding, the respective processes (including a Whistleblowing Portal) were established in accordance with the provisions of the HSchG; incoming reports are treated in compliance with the applicable provisions.