The risk management system is internally coherent across the PZU Group and it consists of four competence levels.
The risk management system of PZU Group is based on:
- organizational structure – including division of responsibilities and tasks performed by management bodies, committees as well as organizational units in the risk management process;
- risk management process, including the methods of identification, measurement and assessment, monitoring and control, reporting risk and taking management action.
The organizational structure of the risk management system is consistent within PZU Group and in individual insurance companies within PZU Group and includes four competence levels.
The first three are as follows:
- Supervisory Board, which oversees the risk management process and assesses its adequacy and effectiveness as part of its decision-making powers defined in the company’s By-laws and the Supervisory Board rules and regulations, as well as through the appointed Audit Committee;
- Management Board, which organizes the risk management system and ensures its functionality through approving the strategy and policies and defining the risk appetite, the risk profile and tolerance for individual kinds of risk;
- Committees which make decisions to reduce individual risks to a levels determined by the risk appetite. Committees implement the procedures and methodologies for mitigating individual risks and accept their limits. Fourth level of competence relates to operational actions and is divided between the three lines of defense:
- first line of defense – ongoing risk management at the business unit and organizational unit level and decision- making as part of the risk management process;
- second line of defense – risk management by specialized units responsible for risk identification, monitoring and reporting, as well as controlling limits;
- third line of defense – comprises internal audit, which conducts independent audits of the elements of the risk management system, as well as control activities embedded in the activity.
Established in 2016, the PZU Group Risk Committee supports (both Supervisory Boards and Management Boards of subsidiaries) in implementing effective risk management system which is consistent within the entire PZU Group. The objective of the PZU Group Risk Committee is to coordinate the actions and exercise supervision over risk management systems and processes present in PZU Group.
The risk management process consists of the following stages:
Identification
Begins with the proposal to commence the creation of an insurance product, acquire a financial instrument, change the operating process, as well upon the occurrence of any other event which potentially results in a risk. The identification process takes place until the expiry of the liabilities, receivables or activities related to the given risk. The identification of market risk involves recognising the actual and potential sources of such risk which are then identified as to their relevance.
Risk measurement and assessment
Risk measurement and assessment are performed depending on the characteristics of the given risk type and the level o its relevance. The risk assessment is performed by specialised units. In every company, the risk unit is responsible for development of risk assessment tools and risk assessment process to the extent which specifies risk appetite, risk profile and risk tolerance levels.
Risk monitoring and control
This involves ongoing reviews of any variances from the assumed parameters, namely limits, thresholds, plans, values from the previous period, recommendations and guidelines issued.
Reporting
Allows efficient risk communication and supports risk management at various decision-making levels.
Management actions
These activities encompass among others risk mitigation, risk transfer, risk avoidance, specifying risk appetite, acceptance of risk tolerance levels, as well as tools which facilitate such activities, i.e. thresholds, reinsurance plans and reviews of underwriting policy.
The risk management system is internally coherent across the PZU Group and it consists of four competence levels.