Governance

Ethics and integrity

We're transforming from a traditional insurance company into a technologically enabled and consumer-focused organization that not only keeps pace with today's rapid digital innovation but leads it. And we're doing it with our values at the forefront.

Ethics and integrity are the foundation of everything we do at Allstate. Our Global Code of Business Conduct, updated in 2022 to be more targeted and more accessible for our employees, sets the expectations for ethical conduct that guide every business decision and employee action around the globe. Built atop the code, our robust Ethics program provides resources, training and education, as well as governance and accountability, to ensure that ethics and integrity are maintained throughout our business processes, our business partnerships and our supply chain.

For the ninth consecutive year, Allstate has been named one of the World's Most Ethical Companies by Ethisphere, a global leader in defining and advancing the standards of ethical business practices. This designation recognizes organizations that foster a culture of ethics and transparency at every level, and it validates that Allstate's values of integrity, Inclusive Diversity & Equity and collective success are embedded in everything we do.

Allstate's ethics and compliance programs are chartered, independent functions overseen by the chief ethics and compliance officer (CECO) and supported by hundreds of employees. The CECO's deep involvement across the enterprise ensures day-to-day senior executive engagement and drives the foundational connection of our programs to our business practices across the Allstate family of companies.

The CECO reports quarterly to executive leadership at the cross-functional Internal Compliance and Controls (ICC) meeting and semiannually to the Audit Committee and Board of Directors, including in executive session, to cover ethics, regulatory compliance and privacy topics such as trends, audits, performance, education, risk and culture. The CECO has broad, independent authority to enforce the company's Global Code of Business Conduct; ensure appropriate resources for ethics and compliance; report on the company's performance regarding ethics, regulatory compliance and privacy; and oversee integrity investigations.

As a condition of employment, all employees worldwide must complete annual ethics and compliance training and certification as allowed by law. Robust processes ensure misconduct allegations are promptly investigated without retaliation against those who report.

Allstate's policies help communicate our expectations for ethical behavior and provide guidance and resources to employees who are facing ethical dilemmas. Allstate's policies, including those described below, form only a piece of our holistic approach to ethics and integrity. Allstate's policy approach is to support and empower employees, and we expect our employees to do the right thing in all situations and to speak up when they need help.

Global Code of Business Conduct

Allstate's Global Code of Business Conduct outlines our values and sets expectations for how we conduct our work. It addresses the following general topics:

  • Anti-bribery and corruption
  • Anti-money laundering
  • Antitrust/competition
  • Conflicts of interest
  • Cybersecurity, data and privacy
  • Diversity/discrimination/equal employment opportunity
  • Ethical decision-making, including digital ethics framework
  • Fair dealing (fair business practices)
  • Gifts and entertainment
  • Information security
  • Insider trading
  • Intellectual property
  • Misconduct investigations
  • Non-retaliation
  • Political contributions, activities and lobbying
  • Procurement integrity/dealing with suppliers/supply chain oversight
  • Protecting company assets
  • Records management and retention
  • Social media
  • Workplace harassment
  • Workplace health and safety

Effective Nov. 17, 2022, the Allstate Corporation's Audit Committee approved a revised Global Code of Business Conduct (Code). The Code was updated to reflect Allstate's new Our Shared Purpose and to improve accessibility, inclusivity, and usability. These changes to the Code elevate Allstate's most important governing principles and emphasize the company's priorities, including Inclusive Diversity & Equity, climate action and expectations around integrity. To support inclusivity and usability, the Code was also made more accessible outside the office (e.g., on mobile devices).

Digital ethics framework

Allstate's approach to ethics and integrity adapts with changes in data, technology and digitalization. In 2022, Allstate evolved its digital ethics framework to provide actionable guidance and a simple path for identifying and addressing ethical concerns. The framework informs the use of data and artificial intelligence, as well as other innovative technologies, across the enterprise.

Supplier Code of Business Conduct

Allstate's suppliers must adhere to our Supplier Code of Business Conduct, which outlines our expectations for human rights, environmental stewardship, diversity and inclusion, child labor and more. We comply with the UK Modern Slavery Act and post our Slavery and Human Trafficking Statement on the Allstate Northern Ireland and Allstate external websites.

We have a robust process to confirm Allstate data is properly handled by suppliers, regardless of their size or scope of work. Suppliers handling Allstate data are expected to safeguard everyone's personally identifiable and personal health information (PII and PHI) and protect it from unauthorized or accidental access, use, disclosure or misuse. Our Supplier Code of Business Conduct was updated in July 2021 with additional information on human rights, compensation, child labor, and diversity and inclusion. Updates made to the Supplier Code of Business Conduct in 2022 were specific to its Environmental Stewardship section.

Reporting concerns

A healthy reporting environment is foundational to organizational ethical health. Allstate's Speak Up Process educates and encourages employees to report any activities that cause concern and to seek guidance when situations arise that fall outside of policy guardrails. Anyone at Allstate may report questions or concerns related to regulatory compliance or illegal, unethical conduct by:

  • Contacting any manager or a Human Resources representative
  • Calling the Allstate i-Report Line, a 24/7 toll-free number
  • Using the Allstate i-Report website

If an employee is concerned about a security incident or that personal information may have been misused, accessed or disclosed without proper authorization, they can email Allstate Information Security at Cyber@allstate.com. In 2022, Allstate launched a privacy center on Allstate.com with simplified consumer-friendly messaging on Allstate's privacy practices and easy-to-navigate privacy choices. Any suspected privacy incident can be raised to the Enterprise Business Conduct team by emailing PrivacyIncidentManagement@allstate.com or the local cybersecurity team.

We support and train employees and managers on a variety of reporting pathways to allow employees to choose one that feels comfortable. For example, when reporting concerns, employees can choose to remain anonymous, where and when the law permits. In 2022, approximately 40% of employees who filed reports through the hotline did so anonymously, which is consistent with benchmarks indicating a healthy reporting environment. Our Speak Up Process also provides manager-specific guidance on what to do if they get a report directly from an employee: encourage employees to speak up, listen and communicate expectations, respond to all concerns, and thank employees.

Allstate policy and the Global Code of Business Conduct prohibit any form of retaliation for reporting a workplace or ethical concern.

Investigations

Allstate investigates all reports of misconduct and applies our global Allstate Internal Investigations Standard and the Allstate Agency Standards. These standards dictate that when acting on behalf of Allstate, agents and agency staff must act in compliance with the company's ethical standards with respect to ethical business practices, as well as with all applicable international, federal, state, and local laws and regulations.

Allstate has a designated Investigative Services team responsible for investigating matters alleging unethical behavior or integrity-related misconduct. We follow a zero tolerance approach to integrity-related violations of the Global Code of Business Conduct and the Agency Agreement. Once the investigation is concluded, a Human Resources representative follows up with the reporting individual to confirm that the case has been investigated, handled and closed.

Allstate rigorously records, logs and reports employee-submitted complaints, related investigations, referrals and closures. Allstate's case management platform generates metrics that we use to inform leadership and the Board of Directors regarding investigative services trends and the state of Allstate's ethical environment.

Allstate's Ethics, Regulatory Compliance and Privacy programs are supported by the Enterprise Business Conduct (EBC) team and the Compliance & Governance team, both led by the CECO. These teams provide deep subject matter expertise in areas including ethics, integrity, compliance and conduct, and provide governance and oversight of the Ethics, Regulatory Compliance and Privacy programs.

These teams regularly assess ethics, regulatory compliance and privacy risk at the enterprise, business and area of responsibility levels. They map over 60 potential risks – including fair labor and payroll laws, sexual harassment, bribery and corruption, environmental and workplace safety, privacy, whistleblower protection, and many others – across 30 business units and levels of operation. They evaluate inherent and residual risk, document requirements and controls, create plans, and complete monitoring and testing to ensure ongoing compliance. They also identify and assess all new laws and regulations to determine applicability, impact and remediation.

If an assessment identifies an area for opportunity, the CECO and their staff work closely with business units to ensure they have resources and support to fulfill their ethics, regulatory compliance and privacy requirements.

EBC also leads robust responses to any ethics, regulatory compliance or privacy issues or incidents that may arise, including regulator inquiries. Through cross-functional leadership with legal, data and information security partners, they conduct root cause analysis and mitigate future risk.

To further ensure the enterprise has robust support during Allstate's digital transformation and to best protect our customers, the CECO also created and leads Innovation Law – designed to provide cutting-edge legal support to evolving areas such as technology, intellectual property, data, ethics, privacy, regulatory compliance, cybersecurity, risk management, and international and commercial matters.

Training and education

Allstate employees worldwide are required to complete annual ethics and compliance training and certification to the extent allowed by applicable law. In 2022, training was shortened and updated to align with the updated Global Code of Business Conduct. Allstate took a data-driven approach to determine how best to target training to each audience. We investigated and tailored training content to address gaps in understanding as indicated by prior year knowledge checks and incident counts. We further targeted training by role and adapted modules for hybrid and home-based workers, matching situational training to employees' work-life experiences.

Board of Directors

Ethical behavior is expected at all levels, starting at the top. The Allstate Board of Directors receives training in ethics, decision-making, insider trading, cybersecurity, conflicts of interest and regulatory developments. As part of our Board of Directors annual compliance process, the Board reviews our six policies: anti-bribery, antitrust, insider trading, inclusive diversity, sexual harassment, violent crime and the Global Code of Business Conduct.

Managers

Allstate managers participate in ethics and compliance training that includes a manager-specific annual compliance module. They are also provided an Ethical Leadership Toolkit that includes additional resources and content to share with their teams related to ethical decision-making and our Speak Up Process.

Manager training at Allstate is focused on establishing, maintaining and encouraging an open and psychologically safe environment. It's important for our managers to feel comfortable handling reports, preventing retaliation and encouraging employees to speak up about unethical behavior.

  • To measure the impact of our training, we:
  • Analyze training course metrics captured via our Ethics and Compliance Learning site
  • Document employee feedback
  • Track misconduct
  • Survey employees regularly to measure Allstate's ethics culture

Employees

We electronically distribute the Global Code of Business Conduct to all employees with accompanying training. Ethics and compliance training is conducted during onboarding and every year after, and we monitor its effectiveness through internal measures.

All employees are also required to complete training related to sexual harassment and other risk areas as indicated by function. Risk-specific training addresses, for example, fraud, anti-corruption and bribery, conflicts of interest, data privacy, equal opportunity, insider trading, procurement, social media, antitrust and money laundering.

Recognition

For the ninth consecutive year, Allstate has been named one of the World's Most Ethical Companies by Ethisphere, a global leader in defining and advancing the standards of ethical business practices. This designation recognizes organizations that significantly influence the way business is conducted by fostering a culture of ethics and transparency at every level. The assessment is performed by the third-party benchmarking organization scoring companies in five categories: ethics and compliance, environmental and societal impact, a culture of ethics, governance, and leadership and reputation.