SIGNAL IDUNA Gruppe Empowers Regulatory Compliance with SAI360

A Leading Insurance and Finance Group

SIGNAL IDUNA Gruppe, one of Germany’s leading insurance and finance groups, has transformed its governance processes with the adoption of SAI360’s comprehensive ethics, governance, risk, and compliance (GRC) platform.

With approximately 10,000 employees and annual revenue exceeding €6.6 billion, SIGNAL IDUNA provides nearly all kinds of insurance products to its customers via:

SIGNAL IDUNA Lebensversicherung a. G.
SIGNAL IDUNA Lebensversicherung AG,
SIGNAL IDUNA Krankenversicherung a. G.,
SIGNAL IDUNA Unfallversicherung a. G.,
SIGNAL IDUNA Allgemeine Versicherung AG

Additionally, the group provides diverse services through entities such as:

DONNER & REUSCHEL Bank for private banking
SIGNAL IDUNA Bauspar AG for building society functions
HANSAINVEST for investment management
SIGNAL IDUNA Asset Management

Internationally, the group operates insurance companies in Hungary, Poland, and Romania, as well as a reinsurance company in Switzerland.

While the group’s structure supports its strategic focus on customer-centricity, agility, and digitization, it poses challenges for managing compliance within Europe’s complex regulatory landscape.

Positioned in a Regulatory Hotspot

Operating across Germany and other European markets, SIGNAL IDUNA is situated at the epicenter of an intensive regulatory hotspot. New and expanding rules, both at the national and continental level, address operational risk, cybersecurity, third party risk and sustainability, demanding a strategic and thorough approach to GRC.

To think holistically about GRC, organizations like SIGNAL IDUNA must adopt a unified framework that consolidates compliance, governance, and risk management activities across all subsidiaries.

For SIGNAL IDUNA, fragmented governance processes threatened to hinder its ability to effectively respond to regulatory demands.

Fragmented Governance Creates Challenges

SIGNAL IDUNA’s legacy governance system was characterized by a number of areas for improvement with regard to the maintenance and further development of a coherent and high-quality compliance strategy.

Building a Consistent Governance System with SAI360

SIGNAL IDUNA sought to link various governance entities—such as operational risks, internal controls, regulatory changes, and outsourcing actions—into an interconnected and cohesive system.

At the heart of this system is a centralized database, which serves as the backbone for the SAI360 platform, containing all governance entities and instances. By centralizing these essential reference points, such as regulatory requirements, derived risk scenarios, assessed risk inventories, group-wide and local policies, the system ensures consistency and compliance across all governance activities. This foundational layer informs and interacts with the platform’s modules, creating a dynamic and responsive GRC framework.

Building on this, SAI360 and SIGNAL IDUNA conceptualized and implemented a range of modules in an SAI360 invented spiral methodology, to operationalize its strategy:

Legal Inventory: Documentation of all regulatory requirements (laws, acts, standards etc.) assessed in regards to relevance and significance for all legal entities of the group.
Regulatory Change Management: Monitored regulatory updates, its publication towards the units and assessed their impact on policies, processes, and controls.
Enterprise and Operational Risk Management: Predefined risk scenarios for operational units: Assessed risks to units, processes, and controls, creating a unified operational risk inventory.
Internal Control System: Documentation of risk mitigating measures differentiated by control processes, policies, communication measures, training, and other technical measures.
Second-Line Surveillance and Monitoring: Second-line audit activities are defined, scheduled and monitored based on the established risk management and internal control system.
Policies and Controls: Standardized the creation and assessment of policies linked to risks and regulatory requirements.
Data Breach Management: Ensured compliance with GDPR by streamlining the handling and reporting of data breaches.
Risk Aggregation and Dashboards: Leveraged tools like Cognos to aggregate data and provide actionable insights for decision-makers.
Register of Processing Activities: Tracked personal data processing activities to maintain GDPR compliance and ensure transparency.
Third Party and Outsourcing: Documentation and risk assessment of vendors and outsourcings, documentation of various quality- and service levels.

A total of 12 modules have been implemented in the platform to date, integrated with external systems such as ADONIS NP for business processes, SAP for training programs, and LeanIX for IT risk management.

Results of Transformation

The collaboration between the SAI360 configuration team and SIGNAL IDUNA marked a significant journey of technical evolution, resulting in a highly rewarding and enriching experience for both parties. As a highly regulated insurance group, SIGNAL IDUNA recognized that navigating its expanding regulatory requirements demanded a flexible and robust platform. SAI360 provided the ideal solution, enabling the organization to conceptualize and deploy tailored software modules that precisely aligned with its specific processes and regulatory obligations.

The SAI360 platform centralizes the management of governance entities, including risk scenarios, regulatory requirements, and policies. It features automated notifications to ensure timely updates for regulatory changes and policy revisions, while comprehensive dashboards and reporting tools—powered by Cognos (and PowerBI)—enhance transparency and support informed decision-making. The platform’s capabilities are delivering tangible benefits:

Transparency and Accountability: first- and second-line functions gain clear visibility into governance processes, reducing knowledge silos and fostering organizational accountability.
Streamlined Processes: Coordinated workflows and a standardized web interface eliminate redundancies, simplify compliance tasks, and ensure consistent recording, publishing, and evaluation of governance objects.
Automation and Resilience: Automated updates, real-time notifications, and dynamic resubmission cycles ensure ongoing compliance with regulatory frameworks like GDPR and DORA.

Looking Ahead

With SAI360, SIGNAL IDUNA is well-positioned to meet future regulatory demands. Upcoming platform developments, including AI inventory governance, DORA information management, and contract management modules, will further enhance its governance capabilities.

Download a pdf of this case study