The focus of risk management with management structures and defined processes is the attainment of the strategic goals of the UNIQA Group and its subsidiaries.
The UNIQA Group's Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the Group CRO and the full Management Board and describe the minimum requirements in terms of organisational structure and process structure. They also provide a framework for all risk management processes for the most important risk categories.
In addition to the Group Risk Management Guidelines, similar guidelines have also been prepared and approved for the Company's subsidiaries. The Risk Management Guidelines at subsidiary level were approved by the Management Board of the UNIQA subsidiaries and are consistent with the UNIQA Group Risk Management Guidelines.
They aim to ensure that risks relevant to the UNIQA Group are identified in advance and evaluated. If necessary, proactive measures are introduced to transfer or minimise the risk.
Intensive training on the content and utilisation of these guidelines is required in order to ensure that risk management is incorporated in everyday business activities. Very extensive informative and training measures have therefore been taken since 2012; they will be continued in the future and extended to additional target groups.
2.1. Organisational structure (governance)
The detailed set-up of the process and organisational structure of risk management is set out in the UNIQA Group's Risk Management Guidelines. These reflect the principles embodied in the concept of “three lines of defence” and the clear differences between the individual lines of defence.
First line of defence: risk management within the business activity
Those responsible for business activities must develop and put into practice an appropriate risk control environment to identify and monitor the risks that arise in connection with the business and processes.
Second line of defence: supervisory functions including risk management functions
The risk management function and the supervisory functions, such as managerial accounting and financial control, must monitor business activities without encroaching on operational activities.
Third line of defence: internal and external auditing
This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).
1) Beginning 1 January 2015 in an interlocking directorate together with the CFO
Management Board and Group functions
The UNIQA Group Management Board is responsible for establishing the business policy objectives and determining the associated risk strategy. The core components of the risk management system and the associated governance are embedded in the UNIQA Group Risk Management Policy adopted by the Management Board.
The function of Chief Risk Officer (CRO) is a separate area of responsibility at the Group Management Board level. This ensures that risk management is represented on the Management Board. The CRO is supported in the implementation and fulfilment of risk management duties by the following units: Group Risk Management, Group Actuarial and Group Financial Risk Management. During the course of 2015, refinements in the organisational structure will lead to a merger of these units so that the Company can progress as efficiently as possible in the final implementation phase of Solvency II.
A central component of the risk management organisation is the risk management committee for the UNIQA Group. This committee carries out monitoring and initiates appropriate action in relation to the current development as well as the short- and long-term management of the risk profile. The risk management committee establishes the risk strategy, monitors and controls compliance with risk-bearing capacity and limits, and therefore plays a central role in the management process implemented under the UNIQA Group's risk management system.
Operative insurance companies
In the operative insurance companies, the CRO function has also been established at the Management Board level, with the functions of the risk manager at the next level down. A consistent, uniform risk management system has therefore been set up throughout the Group.
As at Group level, each of the operative insurance companies has its own risk management committee, which forms a central element of the risk management organisation. This committee is responsible for the management of the risk profile and the associated specification and monitoring of risk-bearing capacity and limits.
At its meetings, the Supervisory Board of the UNIQA Group receives comprehensive risk reports.
2.2. Risk management process
The UNIQA Group's risk management process delivers periodic information about the risk profile and enables the top management to make the decisions for the long-term achievement of objectives.
The process concentrates on risks relevant to the Company and is defined for the following risk categories:
- Actuarial risk (property and casualty insurance, health and life insurance)
- Market risk/Asset-Liability Management risk (ALM risk)
- Credit risk/default risk
- Liquidity risk
- Concentration risk
- Strategic risk
- Reputational risk
- Operational risk
- Contagion risk
A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to the UNIQA Group and its subsidiaries within these risk categories.
Risk management process in the UNIQA Group
Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification as possible, different approaches are used in parallel, and all risk categories, subsidiaries, processes and systems are included.
The risk categories of market risk, actuarial risk, counterparty default risk and concentration risk are evaluated in the UNIQA Group framework by means of a quantitative method based on the standard approach of Solvency II and the ECM approach (economic capital model) approach. Furthermore, risk drivers are identified for the results from the standard approach and analysed to assess whether the risk situation is adequately represented (in accordance with ORSA).
All other risk categories are evaluated quantitatively or qualitatively with their own risk scenarios.
Scenario analysis in UNIQA risk management:
One essential element of the risk management process is the derivation and development of risk scenarios based on the economic, internal and external risk situation of the UNIQA Group.
A scenario is a possible internal or external event that has a short-term or medium-term effect on consolidated profit or loss, the solvency position or sustainability. The scenario is formulated with respect to its inherent characteristic (e.g. the start of Greece's insolvency) and evaluated in terms of its financial effect on the UNIQA Group. The likelihood that the scenario will actually occur is also considered.
Limits/early warning indicators:
The limit and early warning system determines risk-bearing capacity (available equity according to IFRS, financial equity) and capital requirements on the basis of the risk situation at ongoing intervals, thereby deriving the level of coverage. If critical coverage thresholds are reached, then a precisely defined process is set in motion, the aim of which is to bring the level of solvency coverage back to a non-critical level.
A risk report is prepared twice a year for each operational company and for the UNIQA Group on the basis of detailed risk analysis and monitoring. The risk report for each individual UNIQA subsidiary and the UNIQA Group itself has the same structure, providing an overview of major risk indicators such as risk-bearing capacity, solvency requirements and risk profile. A reporting form is also available for the UNIQA Group and all subsidiaries, which provides the management with a monthly update regarding the most significant risks.
2.3. Activities and objectives in 2014
Based on external and internal developments, activities in 2014 focused on the following:
- Preparation work for the implementation of Solvency II
- Further development and implementation of the liability-driven ALM approach
Preparation work for the implementation of Solvency II
Solvency II is an EU-wide project, the objective of which is to achieve a fundamental reform of solvency regulations (capital requirements) for insurance companies. The existing static system for determining capital requirements is to be superseded by a risk-based system. One of the main changes in the new system is that it is to take greater account of qualitative elements such as internal risk management.
Following publication of the preparation guidelines by the European Insurance and Occupational Pensions Authority (EIOPA) in October 2013 and the implementation of these guidelines in the Austrian Insurance Supervision Act (VAG) of June 2014, there is now clarity regarding the necessary preparation work required before Solvency II comes into force on 1 January 2016. The following topics are addressed in the preparation guidelines:
- Requirements for the risk management system1)
- Assessment of the entity-specific risk2)
- Requirements for the reporting system3)
- Pre-application for internal models4)
In 2014, further specific preparatory steps were taken both in the UNIQA Group and in the operating units based on this information. The steps primarily consisted of modifications to the governance structure to satisfy the requirements for key functions under Solvency II, the preparation of an initial ORSA report (Own Risk and Solvency Assessment), which was submitted for information to the Supervisory Board in November 2014, and the preparation of the infrastructure to meet future reporting requirements. A significant portion of the preparatory work was also accounted for by the activities related to the partial internal model in connection with the actuarial risk arising from property/casualty insurance.
In addition, a comprehensive training programme for senior managers, other managers, and employees in key functions is a core component of a fully functioning Group-wide risk management framework. Understanding of the objectives and the impact of the risk management approach in the context of value-based management should be achieved. A great deal of importance is also attached to training the Supervisory Board of the UNIQA Group so that the members of the Supervisory Board are well informed about the ongoing developments in the management approach (economic management) and can take these developments into account with respect to their supervisory activities.
In both cases, the discussion about the use of the information from the risk capital models, in particular from the partial internal model relating to property/casualty insurance, is a relevant point, allowing users to make the connection between this information and the ongoing business.
Further development and implementation of the liability-driven ALM approach
In 2014, further development work was carried out on the ALM processes and associated governance developed over the last few years. The priority was on stabilising the processes that have been introduced and on implementing a project to gradually reduce the AL mismatch, especially in life insurance.
The option of running a regular/year-round procedure to draw up the risk profile and associated limits represents a key element of the ALM process in the UNIQA Group. Management is carried out on the basis of risk capital consumption and associated limits, which enables the Group to make strategic decisions on the basis of a value-based risk/return analysis.
In 2014, the Group focused not only on the necessary standard processes but also on scenario analyses, especially the possible changes in the liabilities profile depending on different interest rate situations. In this case, the analysis of the life insurance business plays a central role because it is difficult to predict a change in the lapse or surrender pattern for customer policies in response to a specific trend in interest rates. Associated risks were analysed and action implemented to cushion these risks.
1 “System of governance” (EIOPA-CP-13/008),
2) “Forward-looking assessment of the undertaking’s own risks (based on the own risk and solvency assessment (ORSA) principles” (EIOPA-CP-13/009),
3) “Submission of information to national competent authorities” (EIOPA-CP-13/010),
4) “Pre-application for internal models” (EIOPA-CP-13/011)