The organizational structure of the risk management system is consistent across the PZU Group. In the PZU Group’s various insurance entities it has four decision-making levels.
The first three are:
- the Supervisory Board, which supervises the risk management process and assesses its adequacy and effectiveness as part of its decision-making powers defined in each company’s articles of association and in supervisory board bylaws;
- the Management Board, which organizes the risk management system and ensures that it is operational, by adopting strategies and policies and setting the risk appetite, defining the risk profile and tolerance for individual categories of risk;
- committees, which make decisions to mitigate individual risks to a level determined by the risk appetite. The committees adopt the procedures and methodologies for mitigating the individual risks and accept individual risk limits. The PZU Group Risk Committee, established in 2016, provides support (for supervisory boards and management boards of subsidiaries) in the implementation of an effective risk management system consistent across the whole PZU Group. The operational objective of the PZU Group Risk Committee is to coordinate and supervise activities related to the Group’s risk management system and processes.
The fourth decision-making level pertains to operational measures and is divided into three lines of defense:
- the first line of defense – entails ongoing risk management at the business unit and organizational unit level and decision-making as part of the risk management process;
- the second line of defense – entails risk management by specialized cells responsible for risk identification, measurement, assessment, monitoring and reporting and controlling the limits;
- the third line of defense – entails internal audit that conducts independent audits of the elements of the risk management system as well as control activities embedded in the Group’s operations.
At the banks (Pekao and Alior Bank), the Management Boards and Supervisory Boards, as well as Asset-Liability Management Committees play an active role in the risk management process.
The Supervisory Boards oversee the risk management process and set out a relevant strategy each year. The Management Boards are responsible, among others, for accepting policies and guidelines related to risk management and setting detailed limits for mitigating the banks’ risks, as well as providing a proper mechanism to control them.
Asset-Liability Management Committees exercise daily control over market risk management, including liquidity risk, accept limits of operations on money and capital markets. They make all decisions provided that are not within exclusive powers of management boards or supervisory boards.