Peace of mind for employers and their people

How we conduct business

• Business Continuity

  Canada Life has comprehensive and well documented business continuity management and disaster recovery plans in place. Each business location has dedicated resources that are trained to ensure that in the event of an incident or disaster occurring, business critical staff are able to undertake key roles effectively and efficiently.

  What is Canada Life’s Business Continuity Plan?

  Canada Life’s Business Continuity Plan (BCP) is a risk control tool that helps ensure the continuation of service for our customers. The BCP is an organised strategy that mitigates the outcome of a disaster by anticipating its effects, planning for them and rehearsing the response. The BCP is intended for business disruptions that may affect Canada Life’s facilities, systems and staff.

  Canada Life has created its BCP with the following objectives:

  • To maintain critical operations at pre-established levels in the event of a disaster
  • To meet customers’ reasonable expectations for critical business services
  • To meet regulatory expectations for business risk management

  
  The BCP caters for computer system failure and incidents that will deny access to our main offices as well as incidents affecting staff. This includes the use of alternate Canada Life site locations to enable us to continue to process critical or time sensitive transactions. Depending upon the severity of the situation that occurs, varying elements of the BCP will be invoked.

  The scope of the BCP ensures that we can recover essential business functions including the critical processes and systems that support each line of business. Each business department within Canada Life is required to identify these critical business processes and systems.

  Detailed procedures and communication plans have been developed and roles and responsibilities clearly identified if the BCP must be invoked. Contact information is maintained for all staff in each business department so that employees across the company can be contacted in an expeditious manner.

  All business departments are required to perform and document a Business Impact Analysis at least every two years as part of the BCP maintenance schedule. The BCP is reviewed annually and tested regularly at each of Canada Life’s alternate sites.

  As part of the BCP, representatives from each business department form part of the BCP recovery process and are responsible for the coordination of their team during an incident.

• Code of Conduct

  Canada Life has established a Code of Conduct policy which must be followed by all directors, officers and employees of Canada Life.

  We are committed to integrity and ethical behaviour in all we do. High standards of conduct are important in maintaining the trust and confidence of our clients, shareholders, business associates and the communities in which we live and work.

  Directors, officers and employees are Canada Life representatives and are expected to conduct themselves with both personal and professional integrity.

  We are committed to fair dealing with all customers, employees, shareholders, suppliers, competitors and other stakeholders.

  Canada Life strives to be a world class financial services provider, delivering exceptional value to shareholders, policyholders and other customers through the excellence and integrity of its people.

  Our strong reputation and success worldwide are built on the foundation of trust and honesty, reflecting the conduct of all of us who manage the company’s affairs.

  All employees have access to the full Canada Life Code of Conduct policy. New entrants are provided with a copy of the policy and each employee has to confirm that they have read and understood the policy annually.

• Complaints handling

  At Canada Life we are passionate about providing excellent customer service, but we appreciate that sometimes things can go wrong. We take customers’ complaints seriously and will use this feedback to show us how we can improve our service for all of our customers. This document outlines what you should do if you wish to make a complaint and our commitment to you.

  You can make a complaint in writing, by letter or email; verbally, over the telephone or in person.

  On receipt

  We will send you a prompt written acknowledgment along with our contact details so you may keep in touch during the investigation.

  Investigation of your complaint

  Your complaint will be assigned to a complaint investigator who will look at all relevant facts, this may result in us contacting you again. They will also refer to documentation we hold and reports from consultants and any relevant third parties, where appropriate so that we may fully understand your circumstances and concerns.

  Depending on the nature of your complaint, it may take some time to fully investigate. If we conclude that you have been poorly advised or suffered (or may suffer) financial loss, distress or inconvenience, we will propose how to put things right.

  If this is not the case, we will write to you explaining the reasons for our decision.

  Keeping you informed

  We will write to you regularly to update you on our progress and will always try to reach a conclusion at eight weeks after we received your complaint but if we are unable to do this, we will write to you again with details of the progress of our investigation. At this point, where it is appropriate to do so, you will be advised that if you are not satisfied with our progress or of our conclusion, you may refer the matter to the Financial Ombudsman Service or The Pensions Ombudsman, please see further information below.

  Informing you of the outcome of our investigation

  Once all the information available has been reviewed, we will issue a decision letter which will provide a full account of our investigation and conclusion.

  Complaints we cannot settle

  Most complaints we cannot settle can be referred to the Financial Ombudsman Service. The Financial Ombudsman Service is an independent service for consumers with unresolved complaints about financial firms

  You should be aware that complaints to the Financial Services Ombudsman are free of charge but must usually be made by you within 6 months of the date of our final response letter. We will provide you with a copy of their leaflet, which gives guidance and details of how to contact them or you can view their website at www.financial-ombudsman.org.uk. Depending on the nature of your complaint we may offer you alternative referral rights, to The Pensions Ombudsman. We will provide you with their details should this be the case.

• Data Protection

  Under Article 4 of the General Data Protection Regulation 2018 (GDPR) it is provided that a data controller is a person who (either alone or jointly with other persons) determines the purposes and means of the processing of personal data.

  In relation to all personal data (within the definition of GDPR) which is held or may be held by us and whether supplied directly by an individual or passed to us through our relationship with the policyholder, Canada Life is a data controller.

  Canada Life carries out a continuing and comprehensive evaluation of its responsibilities as a data controller under GDPR, and takes every measure necessary to ensure compliance with the various provisions of GDPR.

  Each employee is required to comply with GDPR and must ensure they are aware of their responsibilities in complying with GDPR. Data protection has been incorporated into our documented procedures and training is provided to all staff.

  Canada Life’s privacy guidelines included in our Code of Conduct policy describe our commitment to privacy and explain the principles that guide employees in protecting the privacy and confidentiality of personal information. Employees only have access to information relevant to their business area.

  All documents and data, whether paper or electronic, that are produced or received in the course of doing business are retained and disposed of securely in accordance with applicable business practices and procedures.

• Enterprise Risk Management

  Canada Life has a framework of policies approved by the Board of Directors which set the requirements for the management of risk (the “Enterprise Risk Management Framework”). The Enterprise Risk Management Framework sets out the requirements for managing risks consistent with Canada Life’s risk appetite, business strategy, and the conduct of its business operations.

  Canada Life defines risk as an uncertainty, which can result in either a positive or negative outcome for Canada Life or its customers as it implements its business strategy.

  As a life insurance company, our business strategy and processes are to take on and effectively manage life insurance business and investment business and the associated risks, within the constraints of available capital resources, shareholder’s required return on capital and policyholders’ expectations.

  The Enterprise Risk Management Framework details roles and responsibilities with respect to the management of risks that are accepted and retained by Canada Life.

  Our main objective is to preserve its commitments while growing shareholder value.

  We have sought to achieve this by:

  • Establishing a risk awareness culture that is ingrained in all business activities with a risk governance model setting the responsibilities for business and oversight functions as well as boards and committees
  • Employing a conservative approach to taking and managing risk
  • Conducting business to high standards of integrity based on the employee Code of Conduct and sound sales and marketing practices to safeguard Canada Life’s reputation
  • Generating returns to grow shareholder value through profitable and growing operations while maintaining a strong balance sheet

  
  This risk strategy and Canada Life’s business strategy are fully aligned.

• Employment Policy

  We comply with all relevant employment legislation and regulation and will regularly review all standards, procedures and guidelines to ensure that we are compliant with them.

  Recruitment and promotion

  All employees and applicants for employment are entitled to equal employment opportunity and advancement without discrimination in accordance with employment legislation provided they are suitably qualified and meet the requirements established by us for the role.

  Diversity and inclusion

  Our commitment to diversity and inclusion means we provide a safe, encouraging space where all our people can be themselves. We want our people to be happy and confident at work, so they can do the best job possible and reach their full potential.

  We maintain our reputation as a leading employer through our people. They’re the face of our organisation and it’s only by employing people from different backgrounds that we can truly represent the diversity of our customers.

  We work closely with experts to create an inclusive workplace for our people. We work with the Business Disability Forum and we’re committed to the Business in the Community Race at Work Charter. 

  One of the ways we promote an inclusive working environment is through our employee networks and community groups. These include our ethnicity and gender networks, our environmental sustainability group and our proactive approach to employee wellbeing.

  Canada Life is also signed up to the HM Treasury’s Women in Finance Charter in 2018, with a self-imposed target of 35% of senior management positions filled by women by the end of 2023.

  Rewards and benefits

  We believe in recognising and rewarding our people, so we offer a competitive salary and benefits package that’s regularly reviewed. Find out more here: https://www.canadalife.co.uk/our-company/careers/rewards-benefits/

  Canada Life have also signed up as a Living Wage employer. The Living Wage is based on the cost of living and is voluntarily paid by over 5,000 UK employers.

• Financial Crime

  Canada Life has a Financial Crime Operating Policy in place to ensure compliance with the legal and regulatory obligations for all entities that are part of Canada Life UK. This includes:

  • Canada Life Limited
  • Canada Life Platform Limited
  • Canada Life International Limited
  • Canada Life Institutional Limited
  • Canada Life International Assurance (Ireland) DAC
  • Canada Life Asset Management

  
  Statement

  Canada Life is committed to combatting money laundering, tax evasion, bribery and corruption, fraud and all other financial crimes, as well as complying with the sanctions, laws and regulations of the United Kingdom and the other jurisdictions in which Canada Life operates.

  Our financial crime policies and procedures are reviewed and approved at least annually by the appointed MLRO.

  Our customer due diligence processes (CDD) for all business relationships and transactions are in line with the respective laws and regulations of the relevant jurisdiction.

  Each Canada Life entity has a framework of financial crime controls in place which cover amongst other things, record keeping, transaction monitoring and reporting of suspicious transactions.

  Our expectations

  Canada Life has a zero tolerance towards all financial crime and we expect all of our employees and third parties to comply with all legal and regulatory requirements in the performance of their duties.

• Information Security

  Canada Life has implemented an Information Security Policy which is supported by standards designed to establish a system of internal controls and accountability for the safeguarding of information assets.

  Supporting standards outline the requirements determined necessary to comply with legal, regulatory or contractual obligations and will be approved using an auditable process.

  Data retention policies

  We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular we will keep data for as long as there is any possibility that either you or we may wish to bring a legal claim, or where we are required to keep your personal data due to legal or regulatory reasons.

  Each Canada Life department has a departmental ‘Records Retention and Disposal Guide’ (RRDG), which defines the length of time that records processed by that department are retained before deletion.

  Data storage and transfer

  Data is not normally transferred during routine administration and is stored on secure servers in the UK and Ireland. Personal data may be accessed by our parent company in Canada, which is a whitelisted country and currently has the equivalent level of protection to the EU / EEA.

  Information security

  Canada life has an Information Security Policy setting out how we protect our assets (e.g. computers) as well as the information given to us by our customers, advisers, employees and business partners. This includes how we:

  • Classify information
  • Manage risk
  • Control access to information
  • Building security
  • Define who is involved in information security and what they are responsible for

  
  Access control

  Canada Life limits the access employees have to data according to their job profiles which set out the level of security they require to do their job. A central security administration team controls requests from security coordinators and access is reviewed using daily and monthly reports. We have minimum password requirements and strict controls around sharing passwords.

  Data protection

  As well as only giving employees access to the information they need to do their job, we have well-managed firewalls which prevent any unauthorised or unintended exposure of data. Where anyone is given a laptop, we use two-factor authentication and an encrypted Virtual Private Network (VPN).

  Secure data storage

  All data is stored on secure servers in building owned and used exclusively by Canada Life. The European production datacentre is located at a Canada Life Group owned facility in the UK (Potters Bar). The European DR datacentre is located at a Canada Life Group owned facility in Ireland (Dublin). The data centres are located internally within the respective buildings with no external doors. Both are built to Uptime Institute Tier II standards.

  Physical security

  • Security staff who work 24 hours a day
  • CCTV
  • Identification cards that control access to Canada Life offices
  • All information received electronically is retained
  • Printed information is shredded on site when it is no longer needed
  • Use of USB / memory sticks is strictly controlled
  • Regular tests take place of environmental controls including power supply and generators, fire suppression systems, smoke detectors and manual extinguishers

  
  Asset management

  The security of any information sent to Canada Life relies on secure management of assets (such as PCs) which our employees use. We have a register of all equipment and assets and all changes are recorded. Our technology assets are secured and monitored so only authorised, licensed and supported hardware is used.

  Software security

  All software we use is licensed and the ability to install unauthorised software has been removed. Installing new or updated software must be authorised by our Information Security teams. Updates to security are done monthly or more frequently, if necessary, following a risk-based assessment.

  Privacy controls

  Our privacy controls reflect current laws and regulations governing the privacy of data. This includes:

  • Enforcing a clear desk policy
  • Limiting the use of personal portable media e.g. mobile phones
  • Restricting access depending on an individual’s role
  • Use of appropriate encryption
  • Use of secure data communications (e.g. secure mail, Transport Layer Security and Secure File Transfer Protocol)