Identification, measurement, assessment, monitoring and reporting of risk and implemented management actions ensure ongoing adequacy and effectiveness of the risk management system. The risk management process in PZU Group consists of:
- identification – begins with a proposal to start developing an insurance product, buying a financial instrument, modifying an operating process and also with the moment when some other event occurs that may potentially lead to the emergence of risk. The identification process continues until the expiration of liabilities, receivables or
- activities associated with the risk. Risk identification involves identification of actual and potential sources of risk, which are later analyzed in terms of significance;
- measurement and assessment of risk – conducted depending on the nature of the risk type and its significance level. Risk measurement is carried out by specialized units. The risk unit in each company is responsible for the development of tools and measurement of risk in terms of risk appetite, risk profile and tolerance limits;
- monitoring and control of risk – consists of ongoing analysis of deviations from benchmarks (limits, threshold values, plans, figures from prior periods, issued recommendations and guidelines);
- reporting – allows for effective communication on risk and supports risk management on various decision-making levels;
- management actions, which include among others: risk avoidance, risk transfer, risk mitigation, determination of risk appetite, acceptance of risk level, as well as supporting tools, such as limits, reinsurance programs as well as underwriting policy reviews.
Two levels are distinguished in the risk management process:
- PZU Group level – ensuring that the PZU Group attains its business objectives in a safe manner appropriate to the scale of the risk involved. Monitored at this level are the limits and risks specific to the PZU Group such as: catastrophic risk, financial risk, counterparty risk and risk concentration. The PZU Group provides support for the implementation of an integrated risk management system, including the introduction of compatible mechanisms, standards and organization of an efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in the reinsurance area) and the security management system in the PZU Group, and monitors their ongoing application. While carrying out their tasks within the integrated risk management system, the authorized persons of PZU Group cooperate with the management boards of subsidiaries and the management of areas such as finance, risk, actuary, reinsurance, investments and compliance, on the basis of appropriate cooperation agreements;
- company level – ensuring that the company attains its business objectives in a safe manner appropriate to the scale of the risk involved. Monitored at this level are the limits and risk categories specific to the company and, as part of the integrated risk management system, implemented are the mechanisms, standards and organization of an efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in the reinsurance area) and the security management system.