The risk management system in the PZU Group is based on the following:
- organizational structure – comprising a split of duties and tasks performed by statutory bodies, committees and individual organizational units and cells in the risk management process;
- risk management process, including risk identification, measurement and assessment, monitoring and control methods, risk reporting and undertaking management actions.
The organizational structure of the risk management system that is identical across the PZU Group and the PZU Group’s various insurance entities has four decision-making levels.
The first three entail the following:
- the Supervisory Board that supervises the risk management process and assesses its adequacy and effectiveness as part of its decision-making powers defined in a given company’s articles of association and the Supervisory Board bylaws and through the appointed Audit Committee;
- the Management Board that organizes the risk management system and ensures that it operates by adopting strategies and policies and defining the appetite for risk, the risk profile and tolerance for individual categories of risk;
- Committees that make decisions pertaining to mitigation of individual risks within the frameworks outlined by the appetite for risk. The committees adopt the procedures and methodologies for mitigating various risks and they accept limits to mitigate the various types of risk.
The fourth decision-making level pertains to operational measures and is divided into three lines of defense:
- the first line of defense – entails ongoing risk management at the business unit and organizational unit level and decision-making as part of the risk management process;
- the second line of defense – entails risk management by specialized cells responsible for risk identification, monitoring and reporting and controlling the limits;
- the third line of defense – entails internal audit that conducts independent audits of the elements of the risk management system as well as control activities embedded in operations.
The role of the PZU Group Risk Committee is to provide support to subsidiaries’ supervisory boards and management boards in implementing an effective risk management system coherent for the entire PZU Group. The operational objective of the PZU Group Risk Committee is to coordinate and supervise activities related to the PZU Group’s risk management system and processes.
Chart of the organizational structure for the risk management system
* At the end of June 2017 the Credit Risk Committee’s powers were divided between the Investment Risk Committee and the Investment Committee. The powers to set the market risk limits were shifted to the Investment Risk Committee.