8.1 Introduction

Risk management is aimed at:

  • increasing the value of PZU Group through active and conscious management of risk assumed;
  • preventing acceptance of risk at a level which could threaten the financial stability of PZU Group.

Risk management in PZU Group is based on risk analysis of all processes and units. Risk management is an integral part of the management system.

The main elements of risk management are consistent for all companies of PZU Group and implemented in a way which ensures the implementation of both strategic plans of individual companies and business objectives of the whole PZU Group. These include i.a.:

  • the systems of limits and restrictions of the acceptable risk level, including the level of risk appetite;
  • processes of identifying, measuring and assessing, monitoring and controlling, reporting and managing actions with respect to the individual risks;
  • organizational structure of risk management, in which Management Boards and Supervisory Boards of companies as well as dedicated Committees play the key role.

The risk management system of PZU Group is based on three components:

  • organizational structure – including division of responsibilities and tasks performed by statutory bodies, committees as well as individual organizational units in the risk management process;
  • the risk management process – including the methods of identification, measurement and assessment, monitoring and control, reporting risk and taking management action.

Risk management strategy at PZU Group and individual PZU Group's companies defines the framework of risk management by setting out limits of risk parameters (the definition of risk appetite and risk profile), indicating the roles and responsibilities of participants in the risk management, and its process. It is also used to improve business planning and maintaining the risk on an acceptable level.

The strategy and related policies of individual risk category management are aimed at:

  • introducing a uniform definition of risk management;
  • introducing the principles of identification, measurement and assessment, monitoring and control of risks, as well as making decisions about their magnitude.
  • determining the risk appetite and risk profile.

As part of preparations for the entry into force of the Solvency II, all insurance entities of PZU Group were covered by a coherent, integrated risk management system. The approach implemented in 2015 assures compatibility with the provisions of the Act on Insurance and Reinsurance of 11 September 2015 (Journal of Laws of 2015, item 1844) which came into force as at 1 January 2016. Entities from other sector of the financial market are required to apply standards that are appropriate to their sector. The adopted internal regulations specify:

  • processes, methods and procedures for measuring and managing risk;
  • division of responsibilities in the risk management process;
  • scope, conditions and frequency of risk management reports.

PZU supervises the risk management system of PZU Group on the basis of cooperation agreements and shared information, and manages the risk of PZU Group in aggregate terms.

Due to a short period of time which passed between the date of taking control over Alior Bank (18 December 2015) and the date of publication of the consolidated financial statement and due to the current banking regulations concerning e.g. banking secrecy, from the day of acquiring control by PZU Group to the date of publishing consolidated financial statements, risk management in Alior Bank was performed separately from risk management in other entities within PZU Group. Nevertheless, PZU Group may monitor risk management system at Alior Bank through the members of the supervisory board designated by PZU.

The main types of risk related to Alior Bank operations are the following: market risk (including risks concerning interest rate, liquidity, currency, and prices of goods), credit risk, and operational risk.