Risk management is a core competency for the UNIQA Group and is therefore an important component of its business process. The focus of risk management with management structures and defined processes is the attainment of the strategic goals of the UNIQA Group and its subsidiaries by minimising the likelihood of non-attainment.
The Risk Management Guidelines for the UNIQA Group were created in 2011 and approved by CRO and the Management Board as a basis for the introduction of risk management.
The guidelines describe the minimum requirements in terms of organisational structure and process structure; they also provide a framework for all risk management processes for the most important risk categories.
The Risk Management Guidelines were created and approved at both Group and company level.
The Risk Management Guidelines at company level were approved by the Management Board of the UNIQA subsidiaries and are consistent with the UNIQA Group Risk Management Guidelines.
The UNIQA Group Risk Management Guidelines ensure that risks relevant to the UNIQA Group are identified in advance and evaluated; if necessary, proactive measures are introduced to transfer or minimise the risk.
Intensive training on the content and utilisation of the risk management system is required to guarantee that employees embody the risk culture in their working environment. This training is conducted in information and educational measures in a successive, stakeholder-related manner. An essential goal in this programme is to address complex topics for different recipients in a customised manner.
2.1. Organisational structure (governance)
As described above, the passage of the UNIQA Risk Management Guidelines provides structure for processes and organisation related to risk management.
The risk management structure is established to reflect the principles of “three lines of defence” and the clear differences between them.
First line of defence: risk management within the business activity
Those responsible for business activities must build up and embody a reasonable monitoring environment to identify and monitor the risks that arise in connection with such business processes.
Second line of defence: supervisory functions including risk management functions
The risk management function and the supervisory function, such as controlling, must monitor business activities without having expertise in operational implementation.
Third line of defence: internal and external auditing
This enables an independent review of the formation and effectiveness of the entire internal control system, which includes risk management and compliance (e.g. internal auditing).
The following describes the organisational structure and the most essential process responsibilities within the UNIQA Group. Functional tasks and obligations are described precisely in the Risk Management Guidelines.
The UNIQA Group Management Board establishes business policy targets and the Group risk strategy, and is responsible for Group-wide risk management.
The position of Chief Risk Officer (CRO) was introduced at holding Group Management Board level in 2011. This ensures that the topic of risk management is represented on the Management Board. Furthermore, CRO functions were established at Management Board level in the operative insurance companies.
In his risk management activities, the CRO is supported in the implementation and fulfilment of his duties in particular by the departments of risk management & internal control system, market risk management, and value-based management & compliance.
Each UNIQA Group subsidiary has CRO and risk manager functions. This ensures a continuous and uniform risk management system within the Group.
The risk management committees constitute a central element in the risk management organisation, as well as in every UNIQA company. The risk management committee is the management body for controlling and both short- and long-term steering of the risk profile for UNIQA companies. The committee monitors and steers compliance with risk targets (risk-bearing capacity and limits) and therefore plays a central role in the UNIQA Group’s risk management system steering process.
The Supervisory Board of the UNIQA Group is informed comprehensively regarding risk report preparation, which represents an independent thematic block in Supervisory Board meetings.
2.2. Risk management process
The risk management process in the UNIQA Group (UNIQA ORSA process) delivers periodic information about the risk situation across the UNIQA Group and enables the top management to set governing measures to attain/retain long-term strategic aims.
The process concentrates on risks relevant to the company and is defined for the following risk categories:
Actuarial risk (property and casualty insurance, health and life insurance)
Market risk / asset-liability mismatch risk
Credit risk / default risk
Risk of contagion
A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to the UNIQA Group and its subsidiaries within these risk categories.
Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification process as possible, parallel different approaches are used, and all risk categories, subsidiaries, processes and systems are included.
Evaluation / measurement:
The risk categories of market risk, actuarial risks, counterparty default risk and concentration risk are evaluated in the UNIQA Group framework by means of a quantitative method based on the standard approach of Solvency II. Furthermore, risk drivers are identified for the results from the standard approach and analysed to assess whether the risk situation is adequately represented (in accordance with ORSA).
All other risk categories are evaluated with their own risk scenarios.
Scenario analysis in UNIQA risk management
One essential element of the risk management process is the derivation and development of risk scenarios specific to UNIQA and the risk situation of the UNIQA Group.
A scenario is a possible internal or external event that causes a short-term or medium-term effect on the Group profit, solvency position or sustainability. The scenario is formulated in accordance with its expression (e.g. the start of Greek insolvency) and evaluated in terms of its financial effect on the UNIQA Group. The likelihood that the scenario will actually occur is also considered.
These scenarios are developed, assessed and constantly monitored by the experts in the UNIQA risk management department.
Risk mitigation and risk management procedures are developed on a proactive basis for potentially threatening situations.
Limits / early warning indicators:
The limit and early warning system determines risk-bearing capacity (available equity according to IFRS, financial equity) and capital requirements on the basis of the risk situation at ongoing intervals, thereby deriving the level of coverage. If critical coverage thresholds are reached, then a precisely defined process is set in motion, the purpose of which is to reduce the level of solvency coverage to a non-critical level.
A risk report is prepared twice a year for each operational company and for the UNIQA Group on the basis of detailed risk analysis and monitoring. The risk report for each individual UNIQA subsidiary and the UNIQA Group itself has the same structure, providing an overview of major risk indicators such as risk-bearing capacity, solvency requirements and risk profile.
A new reporting form was introduced in the UNIQA Group and for all subsidiaries in 2011. This new form provides management with a monthly update regarding the greatest risks.
Standard and Poor’s Model
Both regulatory capital requirements and the capital requirements associated with ratings are of central importance to the UNIQA Group.
In addition to the regulatory capital models for Solvency I and Solvency II, the Standard & Poor’s capital model is calculated at periodic intervals, resulting in capital requirements that are oriented towards a target rating.
This information is incorporated in the capital planning process.