41. Risk management system
The focus of risk management with management structures and defined processes is the attainment of UNIQA’s and its Group companies’ strategic goals.
UNIQA’s Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the CFO/CRO and the Group Executive Board and describe the minimum requirements in terms of organisational structure and process structure.
In addition to the Group Risk Management Guidelines, similar guidelines have also been prepared and approved for the Group companies. The Risk Management Guidelines at company level were approved by the Management Board of the UNIQA Group companies and are consistent with UNIQA’s Risk Management Guidelines.
Organisational structure (governance)
The detailed setup of the process and organisational structure of risk management is set out in UNIQA’s Risk Management Guidelines. They reflect the principles embodied in the concept of “three lines” and the clear differences between the individual “lines”.
First line: risk management within the business activity
Those responsible for business activities must develop and put into practice an appropriate risk control environment to identify and monitor the risks that arise in connection with the business and processes.
Second line: supervisory functions including risk management functions
The risk management function and the supervisory functions, such as controlling, must monitor business activities without encroaching on operational activities.
Third line: internal audit
This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).
The relevant responsibilities are shown accordingly in the overview above. In addition, the Supervisory Board at UNIQA Insurance Group AG receives comprehensive risk reports at Supervisory Board meetings.
Risk management process
UNIQA’s risk management process delivers periodic information about the risk profile and enables the top management to make the decisions for the long-term achievement of objectives.
The process concentrates on risks relevant to the company and is defined for the following classes of risk:
- Market risk/Asset Liability Management risk (ALM risk)
- Credit risk/default risk
- Liquidity risk
- Concentration risk
- Underwriting risk (property and casualty insurance, health and life insurance)
- Operational risk
- Emerging risk
- Reputational risk
- Contagion risk
- Strategic risk
A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to UNIQA and its Group companies within these categories of risk.
Sustainability risks or ESG risks include risks related to the sustainability factors of environment, social/employee and governance (“ESG”). They are not considered as a separate risk category, but are taken into account as part of the existing ten risk categories.
Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification as possible, different approaches are used in parallel, and all categories of risk, subsidiaries, processes and systems are included.
The risk categories of market risk, underwriting risks and default risk are evaluated at UNIQA by means of quantitative methods either based on the Solvency II standard approach or the partial internal model (for non-life or market risks). Furthermore, risk drivers are identified for the results from the standard approach, and analysed to assess whether the risk situation is adequately represented (in accordance with the Company’s Own Risk and Solvency Assessment (ORSA)). All other categories of risk are evaluated quantitatively or qualitatively with their own risk scenarios.