Identification, measurement, evaluation, monitoring and reporting of risk and implemented management actions ensure ongoing adequacy and effectiveness of the risk management system. The risk management process in PZU Group consists of:
- identification – beginning with the proposal to commence the creation of an insurance product, acquire a financial instrument, change the operating process and upon the occurrence of any other event which potentially results in a risk. The identification process takes place until the expiry of the liabilities, receivables or activities related to the given risk. Identification of risk consists in the identification of actual and potential sources of risk, which are later analyzed in terms of significance;
- measurement and evaluation of risk – depending on the characteristics of the given risk type and the level of its significance. Risk is measured by specialized units. The risk unit in each company is responsible for the development of tools and measurement of risk in terms of risk appetite, risk profile and tolerance limits;
- monitoring and control of risk – consist of ongoing analysis of deviations from benchmarks, i.e. limits, thresholds, plans, prior period values as well as recommendations and guidance issued, conducted by dedicated units;
- reporting – it allows for effective communication on risk and supports risk management on various decision-making levels;
- management actions, including i.a.: risk avoidance, risk transfer, risk mitigation, determination of risk appetite, risk level acceptance as well as supporting tools, such as limits, reinsurance programs as well as underwriting policy reviews.
Two levels are distinguished in the risk management process:
- the PZU Group level – it ensures that PZU Group implements its business objectives in a safe way which is adjusted to the scale of risk involved. This level involves the monitoring of limits and types of risk specific to PZU Group, such as: catastrophe risk, financial risk, counterparty risk and risk concentration. PZU Group ensures support in the implementation of an integrated risk management system, including the introduction of coherent mechanisms, standards, and an efficient functioning of the internal control system (with emphasis on the compliance function), risk management system (in particular in the field of reinsurance), and safety management system within PZU Group, as well as monitors their current use. While carrying out their tasks within the integrated risk management system, the authorized persons of PZU Group cooperate with the Boards of subsidiaries and the management of areas such as finance, risk, actuary, reinsurance, investments and compliance, on the basis of appropriate cooperation agreements;
- the company level – it ensures that the company implements its business objectives in a safe way which is adjusted to the scale of risk involved. This level involves the monitoring of limits and specific types of risk occurring in a given company, and the implementation of mechanisms, standards, and an efficient functioning of the internal control system (with emphasis on the compliance function), risk management system (in particular in the field of reinsurance), and safety management system within the framework of the integrated risk management system.