40. Risk management system

The focus of risk management with management structures and defined processes is the attainment of UNIQA’s and its Group companies’ strategic goals.

UNIQA’s Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the CFO/CRO and the full Management Board and describe the minimum requirements in terms of organisational structure and process structure.

In addition to the Group Risk Management Guidelines, similar guidelines have also been prepared and approved for the Group companies. The Risk Management Guidelines at company level were approved by the Management Board of the UNIQA Group companies and are consistent with UNIQA’s Risk Management Guidelines.

Organisational structure (governance)

The detailed setup of the process and organisational structure of risk management is set out in UNIQA’s Risk Management Guidelines. They reflect the principles embodied in the concept of “three lines of defence” and the clear differences between the individual lines of defence.

First line of defence: risk management within the business activity

Those responsible for business activities must develop and put into practice an appropriate risk control environment to identify and monitor the risks that arise in connection with the business and processes.

Second line of defence: supervisory functions including risk management functions

The risk management function and the supervisory functions, such as controlling, must monitor business activities without encroaching on operational activities.

Third line of defence: internal and external auditing

This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).

The relevant responsibilities are shown accordingly in the overview above. In addition, the Supervisory Board at UNIQA Insurance Group AG receives comprehensive risk reports at Supervisory Board meetings.

Risk management process

UNIQA’s risk management process delivers periodic information about the risk profile and enables the top management to make the decisions for the long-term achievement of objectives.

The process concentrates on risks relevant to the company and is defined for the following classes of risk:

• Market risk/Asset-Liability Management risk (ALM risk)
• Credit risk/default risk
• Liquidity risk
• Concentration risk
• Underwriting risk (property and casualty insurance, health and life insurance)
• Operational risk
• Emerging risk
• Reputational risk
• Contagion risk
• Strategic risk

A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to UNIQA and its Group companies within these classes of risk.

Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification as possible, different approaches are used in parallel, and all classes of risk, subsidiaries, processes and systems are included.

The risk categories of market risk, underwriting risk and default risk are evaluated at UNIQA by means of quantitative methods either based on the Solvency II standard approach or the partial internal model (for non-life or market risks). Furthermore, risk drivers are identified for the results from the standard approach, and analysed to assess whether the risk situation is adequately represented (in accordance with the Company’s Own Risk and Solvency Assessment (ORSA)). All other classes of risk are evaluated quantitatively or qualitatively with their own risk scenarios.