40.2 Risk management system
The focus of risk management with management structures and defined processes is the attainment of UNIQA’s and its group companies’ strategic goals.
UNIQA’s Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the CFRO and the full Management Board and describe the minimum requirements in terms of organisational structure and process structure. They also provide a framework for all risk management processes for the most important classes of risk.
In addition to the Group Risk Management Guidelines, similar guidelines have also been prepared and approved for the group companies. The Risk Management Guidelines at company level were approved by the Management Board of the UNIQA group companies and are consistent with UNIQA’s Risk Management Guidelines.
They aim to ensure that risks relevant to UNIQA are identified and evaluated in advance.
Organisational structure (governance)
The detailed setup of the process and organisational structure of risk management is set out in UNIQA’s Risk Management Guidelines. They reflect the principles embodied in the concept of “three lines of defence” and the clear differences between the individual lines of defence.
First line of defence: risk management within the business activity
Those responsible for business activities must develop and put into practice an appropriate risk control environment to identify and monitor the risks that arise in connection with the business and processes.
Second line of defence: supervisory functions including risk management functions
The risk management function and the supervisory functions, such as controlling, must monitor business activities without encroaching on operational activities.
Third line of defence: internal and external auditing
This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).
Group Management Board and Group functions
The UNIQA Insurance Group AG Management Board is responsible for establishing the business policy objectives and determining the associated risk strategy.
The function of Chief Financial and Risk Officer (CFRO) is a separate area of responsibility at the Group Management Board level. The CFRO is supported in the implementation and fulfilment of risk management duties by the Group Actuarial and Risk Management unit.
A central component of the risk management organisation is UNIQA’s risk management committee, which carries out monitoring and initiates appropriate action in relation to the current development and the short and long-term management of the risk profile. The risk management committee establishes the risk strategy, monitors and controls compliance with risk-bearing capacity and limits, and therefore plays a central role in the management process implemented under UNIQA’s risk management system.
UNIQA insurance companies
In the UNIQA insurance companies, the CRO function has also been established at the Management Board level, with the functions of the risk manager at the next level down. A consistent, uniform risk management system has therefore been set up throughout the Group.
As at Group level, each of the UNIQA insurance companies has its own risk management committee, which forms a central element of the risk management organisation. This committee is responsible for the management of the risk profile and the associated specification and monitoring of risk-bearing capacity and limits.
The Supervisory Board at UNIQA Insurance Group AG receives comprehensive risk reports at Supervisory Board meetings.
Risk management process
UNIQA’s risk management process delivers periodic information about the risk profile and enables the top management to make the decisions for the long-term achievement of objectives.
The process concentrates on risks relevant to the Company and is defined for the following classes of risk:
- Actuarial risk (property and casualty insurance, health and life insurance)
- Market risk/Asset-Liability Management risk (ALM risk)
- Credit risk/default risk
- Liquidity risk
- Concentration risk
- Strategic risk
- Reputational risk
- Operational risk
- Contagion risk
- Emerging risk
A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to UNIQA and its group companies within these classes of risk.
Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification as possible, different approaches are used in parallel, and all classes of risk, subsidiaries, processes and systems are included.
The risk categories of market risk, technical risk and default risk are evaluated at UNIQA by means of quantitative methods based on the Solvency II standard approach and the ECM approach. Furthermore, risk drivers are identified for the results from the standard approach, and analysed to assess whether the risk situation is adequately represented (in accordance with the Company’s Own Risk and Solvency Assessment (ORSA)). All other classes of risk are evaluated quantitatively or qualitatively with their own risk scenarios.
The scenario analysis (of UNIQA’s internal and external economic risk situation) is generally a crucial element in the risk management process.
A scenario is a possible internal or external event that has a short-term or medium-term effect on consolidated profit/(loss), the solvency position or sustainability of future results. The scenario is formulated with respect to its inherent characteristic (e.g. the start of Greece’s insolvency) and evaluated in terms of its financial effect on UNIQA. The likelihood that the scenario will actually occur is also assessed.
Limits/early warning indicators
The limit and early warning system determines risk-bearing capacity (economic capital) and capital requirements based on the risk situation at ongoing intervals, thereby deriving the level of coverage. If critical coverage thresholds are reached, then a precisely defined process is set in motion, the aim of which is to bring the level of solvency coverage back to a non-critical level.
A report on the largest identified risks is prepared for each UNIQA insurance company and for the UNIQA Group on the basis of detailed risk analysis and monitoring. The reports for each individual UNIQA group company and the UNIQA Group itself have the same structure, providing an overview of major risk indicators such as risk-bearing capacity, solvency requirements and risk profile. In addition, quantitative and qualitative reporting (in the form of the quantitative reporting templates and the narrative report respectively) is implemented for the UNIQA Group and for all group companies for which Solvency II reporting is mandatory.
Activities and objectives in 2017
Based on external and internal developments, activities in 2017 focused on the following:
- first steps towards the UNIQA Insurance Platform (UIP),
- approval of the partial internal model for the property and casualty insurance business, and
- sale of the Italy Group.
In signing the contract with general contractor IBM on 22 December 2016, UNIQA launched its largest ever project for the renewal of the core systems for all lines of business – UNIQA Insurance Platform (UIP) – and the organisational transformation associated therewith. This step was the response to the need to renew the existing IT systems which are at the end of their life-cycle, and to the increasing need to adapt to changes in customer requirements for modern insurance products. The kick-off date for the UIP project was January 2017, with the first important milestone being the planned go-live for a new product in life insurance from mid-2018. The preparatory work for implementation and migration of the legacy products in life insurance, and the preparatory work on implementation in property insurance are taking place in parallel. Intangible assets in the amount of €43.9 million were reported under “Property, plant and equipment” as at 31 December 2017.
In addition to the standard regulatory approach defined, Solvency II also gives insurance undertakings the option of using their own model, known as an internal model for calculation of the risk capital requirements. Any use of this type of model is subject to approval from the supervisory authority. The UNIQA Group has developed such a model for the technical risk in property/casualty insurance and submitted this to the College of Supervisors for the UNIQA Group under the direction of the Austrian Financial Market Authority (FMA) in 2017 for approval. Approval for use of the model was awarded effective 11 December 2017. Correspondingly, the UNIQA Group and some of the larger group companies are allowed to state the regulatory risk capital requirements at 31 December 2017 using the partial internal model for the first time.