The objective of the PZU Group’s risk management system is to ensure early identification and adequate management of material risks associated with the activities of the PZU Group and its individual entities. Risk management is one of the key internal processes in the PZU Group. The risk management system in place in PZU is based on three lines of defense. Its framework reflects the standards prevailing in the insurance sector and the guidelines laid down in regulatory regulations.
The ESG risk management processes are part of a broader risk management process in the Group. ESG risks were also identified through a dual materiality assessment process. Selected ESG risks are taken into account in the investment decision-making process and in selected corporate client risk assessment processes, which enable the insurer to evaluate the premium.
The risk management system in the PZU Group
PZU exercises supervision over the PZU Group’s risk management system by the power of cooperation agreements entered into with other Group entities and the information provided thereunder. It manages risk at the PZU Group level on an aggregate basis, especially in terms of capital requirements. The cooperation agreements signed with the PZU Group subsidiaries enable the collection and processing of information necessary for appropriate and effective management of risk at the PZU Group level. They also guarantee that the various risks generated by the individual PZU Group entities are assessed and are based on the same standards, taking into account the requirements and restrictions arising from the applicable law. The main elements of the PZU Group’s ris management system have been implemented to ensure sectoral consistency and the execution of the various entities’ strategic plans and the overall PZU Group’s business objectives.
The Risk Management Strategy in the PZU Group is the basis of operation of the risk management system in the PZU Group. The Group has introduced risk management rules for the affiliates identified in the strategy. The rules constitute a recommendation issued by PZU regarding the organization of the risk management system in subsidiaries. Additionally, guidelines regulating the various risk management processes in the PZU Group entities are also issued from time to time. The management boards of PZU Group companies from the financial sector are responsible for fulfilling their own duties in accordance with the generally applicable provisions of national and international law. In particular, they are responsible for the implementation of an adequate and effective risk management system.
Subsidiaries from outside of the financial sector introduce the risk management rules including the allocation of roles and responsibilities and the catalog of risks associated with the relevant activity.
The determination of the appropriate level of risk in each company is the management board’s responsibility, whereas a review of the risk management system, especially the risk appetite level, is conducted once a year by the unit responsible for risk, with all actions being coordinated at the PZU Group level.
Internal Control System
Includes risk management by business process owners in the course of operations;
Includes risk management by specialized cells responsible for risk identification, measurement, monitoring and reporting and controlling the limits;
Includes internal audit which conducts independent audits of the individual elements of the risk management system, as well as of control procedures.
The risk management process consists of the following stages
The process commences with a proposal to develop an insurance product, buying a financial instrument, modifying an operating process, as well as whenever some other event occurs that may potentially lead to the emergence of risk. The identification process continues until the expiration of liabilities, receivables or activities associated with the risk. Risk identification involves identification of actual and potential sources of risk, which are later analyzed in terms of significance.
Risk measurement and assessment are carried out depending on the nature of the given type of risk and the level of its materiality. Risk measurement is carried out by specialized units. Risk units in each company are responsible for the development of tools and the measurement of risk in terms of risk appetite, risk profile and risk tolerance.
Consists in the ongoing analysis of deviations from benchmarks (limits, threshold values, plans, figures from prior periods, recommendations and guidelines).
Allows for effective communication on risk and supports risk management on various decision-making levels.
They include, among others, risk avoidance, risk transfer, risk mitigation, acceptance of risk level, as well as implementation of supporting tools, such as limits, reinsurance programs or regular review of internal regulations.
Chart of the organizational structure for the risk management system
Risk appetite
Risk appetite is defined in the PZU Group Risk Management Strategy as the minimum value of the PZU Group’s solvency ratio on a consolidated basis and PZU on a standalone basis.
In addition, PZU as the leading entity in the PZU Group Financial Conglomerate manages risk concentration at the level of the overall conglomerate. The leading entity has established the risk concentration management standards, in particular through introduction of rules for identification, measurement and assessment, monitoring and reporting of significant risk concentration and making managerial decisions.
Once a year, the internal audit unit prepares an annual activity report, which includes, in particular, an evaluation of the internal control system and the risk management system. The procedure for preparing the report and its scope are governed by separate internal regulations. For the purposes of report, the risk unit prepares information as to the adequacy and effectiveness of the risk management system.
Sustainability risks, particularly those related to climate change, are managed as part of the individual risk categories identified later in the Report. Furthermore, selected ESG risks are subject to separate assessment within the framework of the risk analysis process and the key risk identification process. The main risks in this area are transformation risks and physical risks.
Risk management – subsidiaries
Risk management responsibility, including the climate impact risk
The consistent split of powers and tasks in the PZU Group and in its various financial sector subsidiaries covers four decision-making levels: Supervisory Board, Management Board, Committees, and various operating units within the three lines of defense.
- Supervision over the risk management systems in the various financial sector entities is exercised by supervisory boards. PZU designates its representatives to the supervisory boards of its subsidiaries, including in particular the Alior Bank Group and the Pekao Bank Group.
- The management boards of PZU Group entities are responsible for executing their own duties in accordance with the generally applicable provisions of national and international law. In particular, they are responsible for implementing an adequate and effective risk management system. The Management Board organizes the risk management system and ensures that it is operational by adopting strategies and policies, setting the level of risk appetite, defining the risk profile as well as tolerance levels for the individual categories of risk.
- Committees decide about limiting the levels of individual risks to fit the risk appetite framework they have defined, adopt procedures and methodologies for mitigating the individual risks and accept the limits for individual risk types. Selected members of the Management Boards sit in the Committees.
- The fourth decision-making level pertains to operational measures in the various business units divided into three lines of defense.