• IIRC

The major risks to which the PZU Group is exposed include the following: actuarial risk, market (including liquidity) risk, credit risk, concentration risk, operational risk, model risk and compliance risk.

The major risks associated with the operation of Alior Bank and Bank Pekao include the following risks: credit risk (including the risk of loan portfolio concentration), operational risk and market risk (involving interest rate risk, FX risk, commodity price risk and financial instrument price risk) and liquidity risk.

The overall risk of the banking sector entities, taking into account PZU’s shares in both banks, accounts for approximately 30% of the PZU Group’s total risk Q3 2024), while the largest contribution is in credit risk.

In 2024, there was no materialization of risks that could materially adversely affect PZU’s operations.

In September 2024, Central Europe, including Poland, experienced flooding caused by the Genoese low, which brought heavy rainfall. In Poland, the provinces of Lower Silesia, Opole and Silesia were most affected. Flood claims did not affect PZU’s safety parameters.

In 2024, inflation levels remained elevated, prompting the Monetary Policy Council to keep interest rates unchanged throughout the year. As a result, financing costs for PZU Group banks remained stable.

Higher interest rates have not resulted in a deterioration in the credit quality of the PZU Group Banks' portfolios, but have had a positive impact on their financial performance.

Legal risks remained important in the banking sector in 2024. The increase in litigation related to CHF-denominated loans at PZU Group banks remained stable and in line with expectations. Risks associated with other court settlements are identified, particularly those related to consumer credit (the so-called free credit sanction).

The elements that make up sustainability risk, particularly those related to climate change, are managed as part of the individual risk categories identified later in the Report. Furthermore, selected ESG risks are subject to separate assessment within the framework of the risk analysis process and the key risk identification process. The main risks in this area are transformation risks and physical risks. In accordance with the European Commission’s Sustainability Reporting Guidelines, transformation risks refer to the transition to a low carbon and climate resilient economy. Physical risk on the other hand entails financial losses stemming from the physical consequences of climate change and encompasses acute (e.g. storms, fires) and long-term risk (rising sea level).

ESG risk and opportunities

The process of managing individual risk categories takes into account the requirements of sustainable development, also at the level of the PZU Group’s subsidiaries, while respecting the provisions of generally applicable laws and those defined in separate internal regulations of the PZU Group, including the ESG ambitions, which are an integral part of the PZU Group Strategy.

Risk management and internal controls ESG

Underwriting risk

The likelihood of a loss or an adverse change in the value of liabilities under the existing insurance contracts and insurance guarantee agreements, due to inadequate assumptions regarding premium pricing and creating technical provisions.

Risk identification commences with a proposal to develop an insurance product and continues until the expiry of the related liabilities.

  • analyzing the general terms and conditions of insurance with respect to the risk being undertaken and compliance with the generally binding legal regulations;
  • analyzing the general / specific terms and conditions of insurance or other model agreements with respect to the actuarial risk being undertaken on their basis;
  • recognizing the potential risks related to a given product to measure and monitor them at a later time;
  • analyzing the impact exerted by the introduction of new insurance products on capital requirements and risk margin computed using the standard formula;
  • verifying and validating modifications to insurance products;
  • assessing actuarial risk through the prism of similar existing insurance products;
  • monitoring of existing products;
  • analyzing the policy of underwriting (assessment of the risk accepted for insurance), tariffs, technical provisions and reinsurance and the claims and benefits handling process.

The assessment of underwriting risk consists in the identification of the degree of the risk or a group of risks that may lead to a loss, and in an analysis of risk elements in order to make an underwriting decision.

The measurement of actuarial risk is performed using:

  • an analysis of selected ratios;
  • the scenario method – an analysis of impairment arising from an assumed change in risk factors;
  • the factor method – a simplified version of the scenario method, reduced to one scenario per risk factor;
  • statistical data;
  • exposure and sensitivity measures;
  • application of the expertise of the Company’s employees.

The monitoring and control of underwriting risk includes a risk level analysis by means of a set of reports on selected ratios.

Reporting aims to ensure effective communication regarding actuarial risk and supports management of actuarial risk at various decision-making levels – from an employee to the supervisory board. The frequency of each report and the scope of information provided therein are tailored to the needs at each decision-making level.

  • defining the level of tolerance for actuarial risk and monitoring it;
  • business decisions and sales plans;
  • calculation and monitoring of the adequacy of technical provisions;
  • tariff strategy, monitoring of current estimates and assessment of the premium adequacy;
  • the process of assessment, valuation and acceptance of actuarial risk;
  • application of tools designed to mitigate underwriting risk, including in particular reinsurance and prevention.
  • defining the scopes of liability in the general / specific terms and conditions of insurance or other model agreements;
  • co-insurance and reinsurance;
  • application of an adequate tariff policy;
  • application of the appropriate methodology for calculating technical provisions;
  • application of an appropriate procedure to assess underwriting risk;
  • application of a correct claims or benefits handling procedure;
  • sales decisions and plans;
  • prevention.

Reinsurance

Reinsurance protection in the PZU Group secures insurance activity, limiting the consequences of the occurrence of catastrophic phenomena that could adversely affect the financial standing of insurance undertakings. This task is performed through obligatory reinsurance contracts supplemented by facultative reinsurance.

Reinsurance treaties in PZU

PZU consciously and adequately protects the Company’s financial result against the results of materialization of natural risks, e.g. severe storms, floods, droughts or fires, associated with, among others, the climate change. For this purpose, the PZU Group runs, among others, periodic analyzes of the non-life insurance portfolio for its exposure to natural disasters. The portfolio is divided into zones with specific degrees of exposure to the risk of floods and cyclones has been introduced. The values of prospective losses are assigned to each one of the zones under analysis. They correspond to the severity of a given phenomenon and, consequently, its specific probability level. On this basis, as part of the annual reinsurance cover program design process, the distribution of the level of possible catastrophic loss is estimated.

PZU uses reinsurance treaties to limit its risk related to catastrophic losses among others through a catastrophic non-proportional excess of loss treaty and a non-proportional excess of loss treaty for crop insurance. The risk related to the consequences of large single losses, in turn, is mitigated under non-proportional reinsurance treaties to protect its portfolios of property, technical, marine, air, third party liability and third party liability motor insurance.

PZU’s risk is also mitigated by proportional and non-proportional reinsurance of the financial insurance portfolio (e.g. guarantees, commercial credit) and proportionate reinsurance of cybernetic risks.

PZU’s reinsurance partners have high S&P ratings. That evidences the reinsurer’s robust financial position and affords the Company security.

PZU’s inward reinsurance business involves the PZU Group’s other insurance companies. As a result of the exposure to protect Baltic companies, LINK4 and TUW PZUW, PZU continues to generate a high gross written premium by virtue thereof.

In addition, PZU generates gross written premium on inward reinsurance on domestic business through facultative and obligatory reinsurance.

Reinsurance treaties in PZU Życie

The outward reinsurance treaty entered into by PZU Życie protects the company’s entire portfolio against the accumulation of risk and individual policies with higher sums insured.

Reinsurance partners have high S&P ratings. That evidences the reinsurer’s robust financial position and affords the Company security.

Reinsurance treaties in the PZU Group’s international companies LINK4 and TUW PZU

The PZU Group’s other insurance companies, i.e., Lietuvos Draudimas, Lietuvos Draudimas Branch in Estonia, AAS BALTA, PZU Ukraine, LINK4 and TUW PZUW have reinsurance cover aligned to the profile of their operations and their financial standing. Every material insurance portfolio is secured with the appropriate obligatory treaty. Reinsurance cover is provided for the most part by PZU, which transfers a portion of the accepted risk outside the Group.

Main reinsurers in 2024: Munich Re, Hannover Re, Swiss Re, VIG Re, Scor.

Main reinsurers in 2024: QBE, VIG Re, Mapfre, DEVK.

Market risk, including liquidity risk

Market risk is understood as the risk of a loss or an adverse change in the financial situation resulting, directly or indirectly, from fluctuations in the level and in the volatility of market prices of assets, credit spread, as well as value of liabilities and financial instruments.

The risk management process for the credit spread and concentration risk has a different set of traits from the process of managing the other sub-categories of market risk and has been described in a subsequent section (Credit risk and concentration risk) along with the process for managing counterparty insolvency risk.

The market risk in the PZU Group originates from three major sources:

  • operations associated with asset and liability matching (ALM portfolio);
  • operations associated with active allocation, i.e., designating the optimum medium-term asset structure (non-ALM portfolios);
  • banking operations – in conjunction with them the PZU Group has a material exposure to interest rate risk.

Numerous documents approved by supervisory boards, management boards and relevant committees govern investment activity in the PZU Group entities.

Market risk identification consists in the identification of actual and potential sources of this type of risk. For assets, the identification of risk begins with the decision to commence transactions in a given type of financial instrument. Units that make a decision to start entering into such transactions draw up a description of the instrument containing, in particular, a description of the risk factors. They convey this description to the unit responsible for risk that identifies and assesses market risk on that basis.

The identification of market risk associated with insurance liabilities commences with the process of developing an insurance product. It involves identification of the relationship between the cash flows generated by that product and the relevant market risk factors. The identified market risks are subject to assessment using the criterion of materiality, specifying whether the materialization of risk entail a loss capable of affecting the financial condition of a particular PZU Group entity.

  • standard formula in accordance with the rules defined by Solvency II Directive;
  • exposure and sensitivity measures;
  • VaR measure – a measure quantifying the potential economic loss that will not be exceeded within a period of one year under normal conditions, with a probability of 99.5%;
  • accumulated monthly loss.
  • collection of information on assets and liabilities that generate market risk;
  • calculating the value of risk.
  • daily – for exposure and sensitivity measures of the instruments in systems used by particular PZU Group companies;
  • monthly – when using the value at risk model for market risk or a standard formula of value at risk);
  • quarterly – based on the standard formula.

Monitoring and control of market risk involves an analysis of the level of risk and of the utilization of the designated limits. Reporting involves communicating to the various decision-making levels information concerning the level of market risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

Management actions in respect of market risk involve in particular:

  • execution of transactions serving the purpose of mitigation of market risk, i.e. selling a financial instrument, closing a position on a derivative, purchasing a derivative to hedge a position;
  • diversification of the assets portfolio, in particular with respect to market risk categories, maturities of instruments, concentration of exposure in one entity, geographical concentration;
  • setting market risk restrictions and limits.

The application of limits is the primary management tool to maintain a risk position within the acceptable level of risk tolerance. The structure of limits for the various categories of market risk and also for the various organizational units is established by appointed committees in such a manner that the limits are consistent with risk tolerance as agreed by the management boards of the PZU Group subsidiaries. Banking sector entities are in this respect subject to additional requirements in the form of sector regulations.

Financial liquidity risk means the possibility of losing the capacity to settle, on an ongoing basis, the PZU Group’s liabilities to its clients or business partners. The liquidity risk management system aims to maintain the capacity of fulfilling the entity’s liabilities on an ongoing basis. Liquidity risk is managed separately for the insurance part and the bancassurance part.

  • shortage of liquid cash to satisfy current needs;
  • lack of liquidity of financial instruments held;
  • the structural mismatch between the maturity of assets and liabilities.
  • liquidity gaps (static, long-term financial liquidity risk) – by monitoring a mismatch of net cash flows resulting from insurance contracts executed until the balance sheet date and inflows from assets to cover insurance liabilities in each period, based on a projection of cash flows prepared for a given date;
  • potential shortage of financial funds (medium-term financial liquidity risk) – through analysis of historical and expected cash flows from the operating activity;
  • stress tests (medium-term financial liquidity risk) – by estimating the possibility of selling the portfolio of financial investments in a short period to satisfy liabilities arising from the occurrence of insurable events, including extraordinary ones;
  • current statements of estimates (short-term financial liquidity risk) – by monitoring demand for cash reported by the date defined in regulations which are in force in that entity.

The banks in the PZU Group employ the liquidity risk management metrics stemming from sector regulations, including Recommendation P issued by the Polish Financial Supervision Authority.

To manage the liquidity of the banks in the PZU Group, liquidity ratios are used for different periods ranging from 7 days, to a month, to 12 months, and to above 12 months.

Within management of liquidity risk, banks in the PZU Group also analyze the maturity profile over a longer term, depending to a large extent on the adopted assumptions about development of future cash flows connected with items of assets and equity and liabilities. The assumptions take into consideration:

  • stability of equity and liabilities with indefinite maturities (e.g. current accounts, cancellations and renewals of deposits, level of their concentration);
  • possibility of shortening the maturity period for specific items of assets (e.g. mortgage loans with an early repayment option);
  • possibility of selling items of assets (liquidity portfolio).

Monitoring and controlling financial liquidity risk involves analyzing the utilization of the defined limits. In 2024, the PZU Group banks recorded an increase in liquidity ratios. This was mainly due to an increased deposit base, the issuance of bonds under MREL, and improved financing structure.

Liquidity ratios of both PZU Group banks remained at high levels throughout the year, significantly above regulatory requirements.

The current conditions did not have a material impact on liquidity risk of PZU Group’s insurance business in 2024. This liquidity was maintained at a safe level, and there were no grounds to take extraordinary management actions in terms of liquidity risk. As part of routine management actions regarding liquidity risk, the PZU Group constantly monitored the level of available liquid funds and the current utilization of liquidity limits.

Liquidity risk reporting involves communicating the level of financial liquidity to various decision-making levels. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

  • maintaining cash in a separate liquidity portfolio at a level consistent with the limits for the portfolio value;
  • maintaining sufficient cash in a foreign currency in portfolios of investments earmarked for satisfying insurance liabilities denominated in the given foreign currency;
  • provisions of the Agreement on managing portfolios of financial instruments entered into between TFI PZU and PZU regarding limitation of the time for withdrawing cash from the portfolios managed by TFI PZU to at most 3 days after a request for cash is filed;
  • the possibility of performing sell-buy-back transactions on treasury securities, including those held until maturity;
  • centralization of management of portfolios/funds by TFI PZU;
  • limits of liquidity ratios in the banks belonging to the PZU Group.

Credit risk and concentration risk

Credit risk is understood as the risk of a loss or an adverse change in the financial situation resulting from fluctuations in the reliability and creditworthiness of issuers of securities, counterparties and all debtors. It materializes in the form of a counterparty’s default on a liability or an increase in credit spread.

The following risk categories are distinguished in terms of credit risk:

  • credit spread risk – the possibility of incurring a loss due to changes in the value of assets, liabilities and financial instruments caused by fluctuations in the level of credit spreads relative to the term structure of interest rates on securities issued by the Treasury or changes in their volatility. Credit spread risk is treated as an integral part of market risk when measuring risk for the purposes of risk profile, risk tolerance and monitoring and reporting of market risk indicators;
  • counterparty default risk;
  • credit risk in financial insurance

Asset concentration risk is understood as the possibility of incurring loss stemming either from lack of diversification in the asset portfolio or from large exposure to default risk by a single issuer of securities or a group of related issuers. Asset concentration risk is treated as an integral part of market risk when measuring risk for the purpose of risk profile, risk tolerance, and monitoring and reporting of market risk indicators.

Credit risk and concentration risk are identified at the stage of making a decision on an investment in a new type of financial instrument or on accepting credit exposure. It involves an analysis of whether the contemplated investment entails credit risk or concentration risk, what its level depends on and what its volatility over time is. Actual and potential sources of credit risk and concentration risk are identified.

Risk assessment consists of estimating the probability of risk materialization and the potential impact exerted by ris materialization on a given entity’s financial standing.

The measurement of credit risk is performed using:

  • measures of exposure (gross and net credit exposure and maturity-weighted net credit exposure);
  • capital requirement calculated using the standard formula.

Concentration risk for a single entity is calculated using the standard formula.

A measure of total concentration risk is the sum of concentration risks for all entities treated separately. In the case of related parties, concentration risk is calculated for all related parties jointly.

In the case of banking entities suitable measures are employed in accordance with the regulations applicable to this sector and best market practices. Credit risk is measured using a set of loan portfolio quality metrics.

Monitoring and control of credit risk and concentration risk involves an analysis of the current risk level, assessment of creditworthiness and calculation of the degree of utilization of existing limits. Such monitoring is performed, without limitation, on a daily, monthly and quarterly basis.

The monitoring pertains to:

  • credit exposure in investment portfolios;
  • credit risk exposures in financial insurance;
  • exposures to reinsurance;
  • exposure limits and risk tolerance limits;
  • credit exposures in the processes in effect in banking entities.

Reporting involves providing information on the levels of credit risk and concentration risk and the effects of monitoring and control. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

Management actions in respect of credit risk and concentration risk involve in particular:

  • setting limits to curtail exposure to a single entity, group of entities, sectors or countries;
  • diversification of the portfolio of assets and financial insurance, especially with regard to country and sector;
  • acceptance of collateral;
  • execution of transactions to mitigate credit risk, i.e. selling a financial instrument, closing a derivative, purchasing a hedging derivative, restructuring a debt;
  • reinsurance of the financial insurance portfolio.

The structure of credit risk limits and concentration risk limits for various issuers is established by appointed committees in such a manner that the limits are consistent with the adopted risk tolerance determined by the management boards of the respective subsidiaries and in such a manner that they make it possible to minimize the risk of ‘infection’ between concentrated exposures.

In banking activity the provision of credit products is accomplished in accordance with loan granting methodologies appropriate for a given client segment and type of product. The assessment of a client’s creditworthiness preceding a credit decision is performed using tools devised to support the credit process, including a scoring or rating system, external information and the internal databases of a given PZU Group bank. Credit products are granted in accordance with the binding operational procedures stating the relevant actions performed in the lending process, the units responsible for that and the tools used.

To minimize credit risk, adequate collateral is established in line with the credit risk incurred. The establishment of a security interest does not waive the requirement to examine the client’s creditworthiness.

In 2024, the quality of the loan portfolio of PZU Group banks remained stable, despite persistent increased interest rates in the country, resulting in high loan installments. Potential problems of borrowers were mitigated by the public-assistance tools extended for 2024, primarily moratorium periods, or so-called credit vacations.

In Q3 2024, the loan portfolio PZU underwent a reclassification of exposure to a selected entity from Basket 2 to Basket 3 under IFRS9 (it accounted for 0.6% of the value of assets covered by the placement strategy). The remaining portion of the portfolio was stable.

Operational risk

Operational risk is the risk of suffering a loss resulting from improper or erroneous internal processes, human activities, system failures or external events.

Operational risk is identified in particular by:

  • accumulation and analysis of information on operational risk incidents and the reasons for their occurrence;
  • self-assessment of operational risk;
  • scenario analysis.

Operational risk is assessed and measured by:

  • calculating the effects of the occurrence of operational risk incidents;
  • estimating the effects of potential operational risk incidents that may occur in the business.

Monitoring and control of operational risk is supported mainly by an established system of operational risk indicators and limits enabling assessment of changes in the level of operational risk over time and assessment of factors that affect the level of this risk in the business.

Reporting involves communicating to the various decision-making levels information concerning the level of operational risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level. Management actions involving reactions to any identified and assessed operational risks involve primarily:

  • taking actions aimed at minimizing risks, for instance by strengthening the internal control system;
  • risk transfer – in particular, by entering into insurance agreements;
  • risk avoidance by refraining from undertaking or withdrawing from a particular type of business in cases where too high a level of operational risk is ascertained and where the costs involved in risk mitigation are unreasonable;
  • risk acceptance – approval of consequences of a possible realization of operational risk unless they threaten to exceed the operational risk tolerance level.

In 2022, PZU and PZU Życie established the Crisis Management Team in the light of the attack by the armed forces of the Russian Federation on Ukraine. The announced Crisis Situation means that there is ongoing monitoring of the current political and market situation, and adequate measures are introduced to ensure, in particular:

  • safety of employees;
  • business continuity of the companies and security of financial assets of the PZU Group;
  • additional safety measures in terms of cybersecurity and physical safety.

Additional cybersafety measures were introduced to mitigate risk with increasing probability of materialization. Anomalies in terms of cyber threats, extending to subsidiaries, are under continuous 24/7 monitoring.

Due to the nationwide implementation of CRP Alert Level 3 (CHARLIE-CRP) and Alert Level 2 (BRAVO), a heightened state of readiness of the physical and cyber security areas has been maintained continuously since February 2022.

Model risk

Model risk, classified by the PZU Group as significant, is defined as the risk of incurring financial losses, incorrectly estimating data reported to the regulatory authority, taking incorrect decision or losing reputation as a result of errors in the development, implementation or application of models.

The formal identification and assessment process for this risk was implemented in PZU and PZU Życie to ensure high-quality practices for model risk assessment

The model risk management process involves:

  • risk identification, which takes place through regular identification of the models used in the areas covered by the process; (identified models are assessed for materiality);
  • risk measurement, which is based on the results of independent model validations and monitoring;
  • risk monitoring, which involves ongoing analysis of deviations from the adopted points of reference regarding the model risk (including verification of how recommendations are implemented, verification that the level of model risk is acceptable from the point of view of internal regulations);
  • risk reporting, which involves communicating the process results on the appropriate management level, in particular results of risk monitoring, validation and measurement;
  • management actions, which aim to mitigate the model risk level; they can be active (e.g. recommendations resulting from completed validations) and passive (developing model and model risk management standards).

In the entities from the banking sector, given the high significance of model risk, the management of this risk has already been implemented in the course of adaptation to the requirements of Recommendation W issued by the KNF.

Both PZU Group banks have defined standards for the model risk management process, including the rules for developing models and evaluating the quality of their operation, ensuring at the same time appropriate corporate governance solutions. Model risk is factored into the risk appetite of both banking sector entities.

Compliance risk

The compliance risk, understood as the risk that PZU, PZU Życie, other PZU Group, entities or related parties may infringe on the law, internal regulations and adopted standards of conduct, including ethical standards. It results or may result in:

  • incurring legal sanctions by the Company / PZU Group entities or persons acting on its behalf;
  • incurring financial loss;
  • or loss of reputation or credibility.

The compliance risk also includes the risk that the operations performed by the PZU Group will be out of line with the changing legal environment (both in the area of the so-called “hard law” and “soft law”).

This risk may materialize as a result of delayed implementation or absence of clear and unambiguous laws. This may cause irregularities in business and, as a result, lead to higher costs (for instance, administrative penalties, other financial penalties) and a heightened level of loss of reputation risk. Due to the broad spectrum of the PZU Group’s business, reputation risk is also affected by the risk of litigation that is predominantly inherent in the Group’s insurance entities and banks.

PZU and PZU Życie have consistent and uniform solutions for ongoing compliance risk management and monitoring.

Identification, assessment, reporting and analysis of compliance risk are carried out at relevant levels of risk management at the Company, in accordance with the competencies under the regulations adopted at PZU and PZU Życie.

The compliance risk at PZU and PZU Życie level is analyzed taking into account the cyclical risk self-assessment prepared by the unitary organizational structures as part of the ongoing risk management in the supervised areas. The results of the self-assessment are subject to systematization on the basis of compliance risk awareness arising from all activities undertaken by the compliance function of PZU and PZU Życie.

These include analyses of the legal situation and legislative changes, supervisory recommendations, results of compliance analyses, findings from investigations of notifications, and participation in implementation projects for new regulations. Conclusions from systemic risk analyses are one of the factors considered in planning of activities and compliance analyses by PZU and PZU Życie, and they are also the subject of reporting.

Periodically, sets of reports on the compliance risk management system of PZU and PZU Życie are provided to Members of the Management Board and Supervisory Board.

PZU makes efforts aimed at ensuring adequate and uniform standards of compliance solutions in all subsidiaries of the PZU Group and monitors compliance risk throughout the entire Group. In 2024 the compliance systems of PZU Group entities were aligned with the standards set by PZU and appropriate to their business profile and scale.

Compliance units of each PZU Group entity are responsible for providing the PZU Compliance Department with full information on compliance risks. They are required to assess and measure compliance risk, undertake and implement appropriate remedial actions, which reduce the likelihood of realization of this risk.

The most significant powers of PZU’s Compliance Department in the area of compliance risk in the PZU Group are as follows:

  • monitoring observance of the standards of conduct, including ethical standards, in consideration of the best practices adopted in the PZU Group;
  • ensuring coordination and uniform solutions in deploying the compliance function and managing compliance risk in the PZU Group;
  • initiating and recommending changes in systemic solutions and analyzed processes in place at PZU Group companies ensuing from compliance analyses;
  • assessing compliance risk at the level of the PZU Group and execute the compliance function in the PZU Group;
  • consulting and exchanging information with subsidiaries of the PZU Group in order to ensure consistency in the process of compliance risk identification and assessment;
  • preparing reports and management information regarding the efficiency and adequacy of the compliance function in the PZU Group, and submitting them to the Management Board and the Supervisory Board of PZU;
  • providing substantive support and advisory for the PZU Group entities in performing the compliance function tasks;
  • consulting and cooperating with PZU Group entities in order to ensure uniform solutions in deploying the compliance function in the PZU Group, fulfilling reporting obligations arising from the Supplementary Supervision Act and adopting a consistent approach of the PZU Group’s regulated entities to the preparation of responses to inquiries sent by the Polish Financial Supervision Authority systemically to regulated entities;
  • preparing, developing and promoting common training and information standards in the PZU Group;
  • providing analysis and ongoing monitoring of the application of “Chinese wall” rules – in connection with the additional investor commitments made by PZU on 21 April 2017 (as part of the proceedings following the notification on the intent to purchase Ban Pe ao’s shares).

In 2024, the Compliance Department of PZU took a number of steps to further align the compliance function with the changing regulatory environment, taking into account the PZU Group’s current needs, including those related to the PZU Group’s status as a financial conglomerate and maintaining processes that ensure adequate and efficient operation of the PZU Group.

In addition, the compliance area engaged in working to ensure that the Company meets the requirements imposed by a number of legal acts, among which can be mentioned:

  • Directive (EU) 2025/2 of the European Parliament and of the Council of 27 November 2024 amending Directive 2009/138/EC as regards proportionality, quality of supervision, reporting, measures on long-term guarantees, macro-prudential tools, sustainability risks and group and cross-border supervision, and amending Directives 2002/87/EC and 2013/34/EU (Revision of the Solvency II Directive);
  • Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024, establishing harmonized rules for artificial intelligence and amending Regulations (EC) No. 300/2008, (EU) No. 167/2013, (EU) No. 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (AI Act);
  • Draft artificial intelligence systems act;
  • Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU with regard to corporate sustainability reporting (CSRD);
  • Act of 6 December 2024 Amending the Act on Accounting, the Act on Statutory Auditors, Audit Firms and Public Supervision and Certain Other Acts;
  • Regulation of the European Parliament and of the Council on the operational digital resilience of the financial sector and amending Regulations (EC) No. 1060/2009, (EU) No. 648/2012, (EU) No. 600/2014 and (EU) No. 909/2014 (DORA);
  • Draft act amending certain laws in connection with ensuring the operational digital resilience of the financial sector;
  • Act of 13 September 2024 Amending the Mandatory Insurance, Insurance Guarantee Fund and Polish Motor Insurers’ Bureau and the Act on Insurance and Reinsurance Activity;
  • Proposal Directive of the European Parliament and of the Council amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2014/65/EU and (EU) 2016/97 as regards Union rules on retail investor protection (RIS Package);
  • Proposal Regulation of the European Parliament and of the Council amending Regulation (EU) No. 1286/2014 with regard to the modernization of key information documents;
  • Act of 26 May 2023 on the mObywatel application;
  • Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonized rules on fair access to and use of data, and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act);
  • Directive (EU) 2025/1 of the European Parliament and of the Council of 27 November 2024 on establishing a framework for the recovery and resolution of insurance and reinsurance undertakings and amending Directives 2002/47/EC, 2004/25/EC, 2007/36/EC, 2014/59/EU and (EU) 2017/1132 and Regulations (EU) No. 1094/2010, (EU) No. 648/2012, (EU) No. 806/2014 and (EU) 2017/1129 (IRRD);
  • Regulation of the European Parliament and of the Council on the proposed framework for access to financial data, and amending Regulations (EC) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2014 and (EU) No 2022/2014 (DORA);
  • Position of the Polish Financial Supervision Authority on certain aspects of the use of outsourcing by insurance and reinsurance companies;
  • Act of 26 May 2023 on the mObywatel application;
  • Draft regulation of the Minister of Finance on specific rules related to the investment by the insurance company of assets from life insurance contracts in which the investment risk is incurred by the policyholder;
  • Draft act reducing red tape and legal barriers;
  • Regulation (EU) 2024/162 of the European Parliament and of the Council of 31 May 2024 establishing an Office for the Prevention of Money Laundering and Terrorist Financing and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010;
  • Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing;
  • Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms that Member States should put in place to prevent using the financial system for money laundering or terrorist financing, amending Directive (EU) 2019/1937 and amending and repealing Directive (EU) 2015/849.

PZU Życie SA’s operation remains compliant with the requirements of the product intervention (decision of the FSC of 15 July 2021 with regard to prohibitions of marketing, distribution and sale of investment products – life insurance contracts, if they are related to UFK), including in particular: the product offering comprises only investment products for which the compliance tests performed showed compliance with both criteria indicated in the above-mentioned decision (Multi Kapitał II and Świat Inwestyc i Premium II).

Risk concentration

When managing the various categories of risk, the PZU Group identifies, measures and monitors risk concentration. Compliance with the regulatory obligations imposed on groups identified as financial conglomerates is supported by the model introduced in 2020 to manage significant risk concentration in the PZU Financial Conglomerate in keeping with the requirements of the Supplementary Supervision Act.

Supplementary supervision protects the financial stability of lending institutions, insurance undertakings, reinsurance undertakings and investment firms being members of financial conglomerates. The supervision is exercised, among others, through measuring the risk concentration level in the financial conglomerate as a whole, also from the perspective of regulated entities being its members.

The implementation of this model served the purpose of defining the risk concentration management principles and supporting the units involved in the process, in particular through:

  • defining the roles and responsibilities of individual participants of the significant risk concentration management process;
  • introducing consistent risk definitions;
  • introducing the principles of identifying, measuring and assessing risk;
  • determining the risk profile of exposures identified as material concentration;
  • defining the risk limits and threshold values;
  • defining the principles of monitoring significant risk concentrations;
  • introducing the principles of reporting and management decision-making.

Regulated subsidiaries monitor and submit regular reports to the leading entity in the PZU Financial Conglomerate on the measures and data required to identify risk concentrations. In the case of identification of an excessive risk concentration, management actions are implemented on the level of the given entity or the whole financial conglomerate,

Risk concentration is measured and monitored, in particular, in the following dimensions:

  • concentration per counterparty or group of counterparties;
  • concentration per currency;
  • concentration per sector of economy;
  • concentration per country;
  • concentration per asset type.
Previous topic
A strategic perspective
Next topic
Risk management system