Risk Management Procedures
Cattolica Assicurazioni and its subsidiaries use a Risk Management System which is formalised in the policies adopted by the boards of directors of the individual companies. The Risk Management System is designed to ensure that risks arising from the conduct of its business are effectively controlled, with a particular focus on the most significant risks: those that could threaten the solvency of Cattolica Assicurazioni and its subsidiaries or the achievement of corporate objectives, including those set out in the Risk Appetite System. The main objective of the Risk Management System is to guarantee that commitments to policyholders, beneficiaries, claimants and its various stakeholders in general are fulfilled, enabling Cattolica Assicurazioni and its subsidiaries to pursue the objective of maintaining financial soundness and a satisfactory level of profitability. To this end, the objectives set in the Business Plan and the annual budget are taken into account in the risk management process.
In order to keep the Risk Management System aligned with the regulatory situation and developments in its socio-economic environment, the companies, with a view to continuous refinement, have reinforced the overall structure of the system, putting in place a complete process that can constantly identify their real risk profile. The articulation of the risk management system commences with the Risk Management Framework Policy, in which the phases of the management process are described. The policy acts as a guidance document on issues concerning the risk management system, establishing parameters to be considered for operational implementation.
This process consists of the following macro-phases, which are performed recursively:
- identification of risks and definition of measurement/assessment methodologies
- current and prospective risk assessment (the so-called ‘Own Risk and Solvency Assessment’ or “ORSA”) and definition of the risk appetite system
- risk monitoring and management
- risk mitigation.
The phases of the process are completed by reporting and the associated escalation process.
The exposure of each company to the various types of risk is also summarised at least annually in the risk map, designed to serve as a point of convergence of the detailed information that has been collected, monitored and managed, and to provide a unified and effective representation of the risk position. The companies also use a Risk Register, which provides a complete, analytical and dynamic breakdown of the risks catalogued in the risk map on which the management process is focused.
The Risk Appetite, in conjunction with the other policy processes, plays a role in guiding the strategic decisions of Cattolica Assicurazioni and its subsidiaries. To this end, the companies have adopted a framework that is structured around three aspects, namely:
- Risk Appetite: measured and managed through the definition of fluctuation bands and Solvency II Ratio thresholds;
- Risk appetite by type of risk: defined in accordance with the level of Risk Appetite but also broken down into risk propensity and the respective “soft” and “hard” limits, expressed in terms of SCR or on a qualitative scale;
- Operating limits: a breakdown of the Risk Appetite into daily risk management through the assignment (and monitoring) of operational limits.
The Risk Appetite System aims to ensure an overall financial soundness that is above the regulatory minimums and capable of withstanding periods of stress that are commensurate with the levels and characteristics of the risks assumed. Each Company defines its own Risk Appetite System, consistent with and integrated into all risk assessment and monitoring processes, on the basis of a robust quantitative model that takes into account the taxonomy of risks and the characteristics of each company.
Financial risks for Cattolica Assicurazioni and its subsidiaries can be divided into two categories: credit risk and market risk. The specific characteristics of the risks in question are set out below.
The main types of exposure falling within this category relate to exposure in bank accounts, to reinsurers and for receivables from intermediaries and policyholders.
The credit risk management process focuses on adequate counterparty selection and is integrated into the system of limits, which is designed to appropriately manage the most significant exposures by assigning limits to the operating structures, expressed as a capital requirement determined using the standard formula, broken down by individual type.
Market risk is a category of exposure of primary importance within the types of risk to which Cattolica Assicurazioni and its subsidiaries are subject.
Risks of changes in credit, real estate and equity spreads are particularly relevant in this regard. These are followed by interest rate, currency and concentration risks.
Exposure to spread risk is linked to the significant proportion of bonds in the overall portfolio, which includes a portion of corporate bonds. Property risk is a direct consequence of the overall exposure to real estate, which is associated with a significant percentage of regulatory capital absorption to date.
Life, Non-life and Illness technical risks
Technical risks are the characteristic and qualifying risks of insurance companies, also as a result of the nature of the Companies and their business profile. In particular, non-life technical risks are a major type of risk, but there are no concentrations that would affect the risk profile. Technical risks are monitored using specific processes, particularly those associated with the system of operational limits that the Companies have adopted in application of the risk appetite system.
Operational, Outsourcing and Technological Risks
The operational risk management system is designed to prevent and reduce any losses arising from damaging events through a process of identification, measurement and mitigation of risks, together with the systematic promotion of a ‘risk-based’ culture in day-to-day operations. This approach enables a reinforcement of the internal control system, improvement of the efficiency and effectiveness of management processes, and fosters dialogue with the Board of Directors, Senior Management and the Management Control Committee (or the Board of Statutory Auditors).
There are three types of operational event to which Cattolica Assicurazioni and its subsidiaries pay particular attention:
- the execution, delivery and management of processes in response events that occur in the day-to-day operations of the business, also with regard to tasks that the companies have outsourced to other investee companies and to external suppliers. In this regard, a specific control safeguard has been put in place to manage the outsourcing risk;
- fraud connected with settlement and underwriting criteria;
- disruption of operations and malfunctions in the information systems used to conduct business (technological risks)
The predominant risk type is that of process execution. The risks of external fraud, which are inherent in the business and common to the insurance sector, are small in number, although the phenomenon as a whole represents a significant risk. However, there are no material concentrations of these risks.
With regard to technological risks, national and international developments in recent years have resulted in an increasing focus on issues of cyber risk and business interruption, leading to an assessment that the trend in exposure to risks from the use of technology has increased moderately and highlighting the need for constantly secure information technology systems. The main mitigation actions undertaken are focused precisely on this issue, with a view to preventing and reducing economic losses as a result of voluntary and involuntary events that affect the integrity, confidentiality and availability of data and company systems.
ESG and risk management
In the light of regulatory developments, the Companies have launched a specific sustainability project designed to define robust governance and ensure compliance in the process of integrating sustainability risks and factors into decision-making processes and the risk management framework, as well as to seize any strategic and business opportunities to contribute to the creation of value for stakeholders. To this end, an ESG Committee has been set up with a decision-making, informative and propositional role in strategic orientation and management in the field of sustainability. The Committee is responsible for the overall coordination of initiatives implemented and planned in the area of Environmental Social and Governance, in accordance with regulatory requirements and the priorities set by the company.