Risk Management Procedures
The Group is equipped with a Risk Management System, formalised in the policies issued by the Board of Directors of the parent company as an act of direction and coordination, as well as by the Board of Directors of the individual subsidiaries. The Risk Management System aims to ensure the effective management of risks arising in the course of the Group's activities, paying special attention to the most significant risks; this refers to those risks that may undermine the solvency of the Group and the companies belonging to it or compliance with corporate goals, including those contained within the Risk Appetite framework. The main objective of the Risk Management System is to ensure the ability to meet commitments to policyholders, beneficiaries and victims and, more generally, to the various stakeholders.
The Group therefore pursues the objective of preserving its financial strength and a satisfactory level of profitability. To this end, the risk management process takes into account the objectives of the Business Plan and the annual budget. This process consists of the following macro-phases, carried out recursively:
- identification and assessment of risks;
- definition of the level of Risk Appetite;
- definition of underwriting and risk management policies;
- definition and assignment of operating limits;
- risk monitoring and mitigation;
Each company’s exposure to different types of risk is also summarised every six months through the use of the risk map, which aims to be a point of convergence of the detailed information collected, monitored and managed, to give a unified and effective representation of the risk position.
Risk Appetite contributes, in combination with other orientation processes, to guide the strategic decisions of the Group and its companies. To this end, the Group has adopted a three-dimensional structured framework, specifically:
- Risk Appetite: measured and managed through the definition of Solvency II Ratio fluctuation bands and thresholds;
- Risk Appetite by type of risk: defined in accordance with the level of Risk Appetite, also articulated via “soft” and “hard” risk appetite limits, expressed in terms of SCR or on a qualitative scale;
- Operating limits: declination of Risk Appetite in the daily management of risk by assignment (and monitoring) of operational limits.
Market risks are the first category of exposure within the types of risk that the Group is subject to.
Particularly relevant are the risks of variation in credit spreads, property markets and stock prices. These are followed by interest rate risk, currency risk and concentration risks.
The exposure to spread risk is linked to the sizeable bond issue that the total portfolio is invested in, which includes a portion of corporate issuers. Property risk is a direct consequence of overall exposure to property, with which a significant percentage of absorption of regulatory capital is associated to date.
The Group’s operational Risk Management System aims to prevent and reduce any losses that may occur as a result of harmful events, through a process that includes their identification, measurement and mitigation, as well as the systemic spread of risk-based culture in everyday operations. This approach allows us to bolster the internal control system, improve the efficiency and effectiveness of management processes, and foster dialogue with the Board of Directors, Senior Management and the Board of Statutory Auditors of the companies in the Group.
There are three types of event to which the Group is most exposed, in terms of both number and level of exposure:
- the execution, delivery and management of processes due to events occurring in the daily operations of the business, also taking into consideration the activities that the companies of the Group have outsourced to both other companies belonging to the Group and external suppliers,
- the interruption of operations and malfunctions in the information systems and
- fraud associated with claim settlements and assumption of risk. The predominant type is related to the execution of processes, whilst the risk of fraud, however, which is inherent to the business and common in the insurance system, is numerically reduced even though the phenomenon as a whole still poses a significant risk. With regard to these risks, however, there are no material concentrations.
The national landscape highlights, however, a growing level of national attention to cyber risk and business interruption risk, coming into line with the international picture, leading us to review the trend of exposure to this risk as moderately growing, also showing the need for information technology systems to be properly secured. As such, the main mitigating actions undertaken by the Group are focused in that direction.