Risk management is an important part of the UNIQA Group’s core business and is therefore a significant component of its business process. The focus of risk management with management structures and defined processes is the attainment of the strategic goals of the UNIQA Group and its subsidiaries by minimising the likelihood of non-attainment.
The UNIQA Group’s Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the CRO and Management Board and describe the minimum requirements in terms of organisational structure and process structure. They also provide a framework for all risk management processes for the most important risk categories.
In addition to Group Risk Management Guidelines, a set of Risk Management Guidelines have also been prepared and approved for the company’s subsidiaries. The Risk Management Guidelines at subsidiary level were approved by the Management Board of the UNIQA subsidiaries and are consistent with the UNIQA Group Risk Management Guidelines.
These aim to ensure that risks relevant to the UNIQA Group are identified in advance and evaluated. If necessary, proactive measures are introduced to transfer or minimise the risk.
Intensive training on the content and utilisation of these guidelines is required in order to enshrine risk management in everyday business activities. Very extensive information and training measures were therefore implemented in 2012, which will be continued in 2013 and extended to stakeholders.
2.1. Organisational structure (governance)
The UNIQA governance model approved in September 2012 and the repositioning of the compliance organisation are outlined in section 8. Risk management aims for 2013.
The detailed set-up of the risk management process and organisational structure is set out in the UNIQA Group’s Risk Management Guidelines. These reflect the principles of “three lines of defence” and the clear differences between the individual “lines of defence”.
First line of defence: risk management within the business activity
Those responsible for business activities must build up and embody a reasonable monitoring environment to identify and monitor the risks that arise in connection with such business processes.
Second line of defence: supervisory functions, including risk management functions
The risk management function and the supervisory function, such as controlling, must monitor business activities without encroaching on operational activities.
Third line of defence: internal and external auditing
This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).
The following describes the organisational structure and the most essential process responsibilities within the UNIQA Group. Functional tasks and obligations are described precisely in the Risk Management Guidelines.
The UNIQA Group Management Board is responsible for establishing business policy targets.
The position of Chief Risk Officer (CRO) has been introduced at holding Group Management Board level. This ensures that the topic of risk management is represented on the Management Board. In his risk management activities, the CRO is supported in the implementation and fulfilment of his duties in particular by the departments of risk management & internal control system, market risk management, and value-based management & compliance.
Furthermore, CRO and risk manager functions were also established at Management Board level in the operating insurance companies. This ensures a continuous and uniform risk management system within the Group.
The risk management committees constitute a central element in the risk management organisation (see Holding committees in the committee structure), at both Group level and in every UNIQA company. The risk management committee is the management body for controlling and both short- and long-term steering of the risk profile for UNIQA companies. The risk management committee establishes the risk strategy and monitors and steers compliance with risk-bearing capacity and limits and therefore plays a central role in the UNIQA Group’s risk management system steering process.
The Supervisory Board of the UNIQA Group is informed in depth of the preparation of the risk report at Supervisory Board meetings.
2.2. Risk management process
The risk management process in the UNIQA Group (UNIQA ORSA process) delivers periodic information about the risk situation across the UNIQA Group and enables the top management to set governing measures to attain and/or retain long-term strategic aims.
The process concentrates on risks relevant to the company and is defined for the following risk categories:
- Actuarial risk (property and casualty insurance, health and life insurance)
- Market risk, asset/liability mismatch risk
- Credit risk, default risk
- Liquidity risk
- Concentration risk
- Strategic risk
- Reputation risk
- Operational risk
- Risk of contagion
A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to the UNIQA Group and its subsidiaries within these risk categories.
UNIQA Group – risk management process
Risk identification
Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification process as possible, parallel different approaches are used, and all risk categories, subsidiaries, processes and systems are included.
Evaluation/measurement
The risk categories of market risk, actuarial risks, counterparty default risk and concentration risk are evaluated in the UNIQA Group framework by means of a quantitative method based on the standard approach of Solvency II. Furthermore, risk drivers are identified for the results from the standard approach and analysed to assess whether the risk situation is adequately represented (in accordance with ORSA).
All other risk categories are evaluated with their own risk scenarios.
Scenario analysis in UNIQA risk management
One essential element of the risk management process is the derivation and development of risk scenarios based on the economic, internal and external risk situation of the UNIQA Group.
A scenario is a possible internal or external event that causes a short-term or medium-term effect on the Group profit, solvency position or sustainability. The scenario is formulated in accordance with its expression (e.g. the start of Greek insolvency) and evaluated in terms of its financial effect on the UNIQA Group. The likelihood that the scenario will actually occur is also considered.
These scenarios are developed, assessed and constantly monitored by the experts in the UNIQA risk management department. Risk mitigation procedures are developed on a proactive basis for potential threats.
Limits and early warning indicators
The limit and early warning system determines risk-bearing capacity (available equity according to IFRS, financial equity) and capital requirements on the basis of the risk situation at ongoing intervals, thereby deriving the level of coverage. If critical coverage thresholds are reached, then a precisely defined process is set in motion, the purpose of which is to reduce the level of solvency coverage to a non-critical level.
Reporting
A risk report is prepared twice a year for each operational company and for the UNIQA Group on the basis of detailed risk analysis and monitoring. The risk report for each individual UNIQA subsidiary and the UNIQA Group itself has the same structure, providing an overview of major risk indicators such as risk-bearing capacity, solvency requirements and risk profile.
A reporting form is also available for the UNIQA Group and all subsidiaries which provides the management with a monthly update regarding the most significant risks.