Major risks in the PZU Group

The major risks to which the PZU Group is exposed include the following: actuarial risk, market (including liquidity) risk, credit risk, concentration risk, operational risk, model risk and compliance risk.

The major risks associated with the operation of Alior Bank and Bank Pekao include the following risks: credit risk (including the risk of loan
portfolio concentration), operational risk and market risk (involving interest rate risk, FX risk, commodity price risk and financial instrument price risk) and liquidity risk

The overall risk of the banking sector entities, taking into account PZU’s shares in both banks, accounts for approximately 33% of the PZU Group’s total risk (Q3 2022), while the largest contribution is in credit risk.

In 2022, moderate increase in risk was recorded in some areas, in particular capital adequacy and regulatory risk, credit risk and interest rate risk. The 2022 interest rate increase reflected negatively on the level of solvency ratios as valuations of debt securities dropped; however, it is yet to translate into material deterioration of credit quality of PZU Group’s bank portfolio. In 2022, there was a moderate increase in credits costs, which stems from a significant rise of the NBP reference rate due to higher inflation and slower economic growth. Furthermore, the KNF (the Polish Financial Supervision Authority) issued its recommendations on higher requirements applied to examine the client’s creditworthiness, consequently limiting sales. Also, banks were burdened with additional regulatory fees (introduction of credit holiday, additional premium for the Borrower Support Fund, premium for the Commercial Bank Protection System) and increased reserves on account of a growing number of lawsuits and settlements pertaining to Swiss franc loans. These factors have a negative impact on financial results of banks, and in the long term may limit the capital base and business development in the future.

In 2022, initiatives were continued to improve the identification, measurement, assessment and monitoring of the risks associated with sustainable development, in particular with climate changes. The main risks in this area are transition risks and physical risks, which are managed as part of individual risk categories specified below in this Report.

According to the European Commission guidance for nonfinancial reporting, transition risks refer to the transition of the economy to a low-carbon and climate-resilient future. Physical risk on the other hand entails financial losses stemming from the physical consequences of climate change and encompasses acute (e.g. storms, fires) and long-term risk (rising sea level).

The management process for managing various risk categories comprises requirements of sustainable development, and the same applies at the level of each PZU Group subsidiary, in compliance with prevailing provisions of law and individually defined PZU Group internal policies, including the ESG Strategy which constitutes an integral part of the PZU Group Strategy.

Actuarial risk

This is the likelihood of a loss or an adverse change in the value of liabilities under the existing insurance contracts and insurance guarantee agreements, due to inadequate assumptions regarding premium pricing and creating technical provisions.

Risk identification commences with a proposal to develop an insurance product and continues until the expiry of the related liabilities. The identification of actuarial risk is performed, among others, as follows:

  • analyzing the general terms and conditions of insurance with respect to the risk being undertaken and compliance with the generally binding legal regulations;
  • analyzing the general / specific terms and conditions of insurance or other model agreements with respect to the actuarial risk being undertaken on their basis;
  • recognizing the potential risks related to a given product to measure and monitor them at a later time;
  • analyzing the impact exerted by the introduction of new insurance products on capital requirements and risk margin computed using the standard formula;
  • verifying and validating modifications to insurance products;
  • assessing actuarial risk through the prism of similar existing insurance products;
  • monitoring of existing products;
  • analyzing the policy of underwriting (assessment of the risk accepted for insurance), tariffs, technical provisions and reinsurance and the claims and benefits handling process.

The assessment of actuarial risk consists in the identification of the degree of the risk or a group of risks that may lead to a loss, and in an analysis of risk elements in order to make an underwriting decision.

The measurement of actuarial risk is performed using:
  • an analysis of selected ratios;
  • the scenario method – an analysis of impairment arising from an assumed change in risk factors;
  • the factor method – a simplified version of the scenario method, reduced to one scenario per risk factor;
  • statistical data;
  • exposure and sensitivity measures;
  • application of the expertise of the Company’s employees.

The monitoring and control of actuarial risk includes a risk level analysis by means of a set of reports on selected ratios.

Reporting aims to ensure effective communication regarding actuarial risk and supports management of actuarial risk at various decision-making levels – from an employee to the supervisory board. The frequency of each report and the scope of information provided therein are tailored to the needs at each decision-making level.

The management actions contemplated in the actuarial risk management process are performed by doing the following:
  • defining the level of tolerance for actuarial risk and monitoring it;
  • business decisions and sales plans;
  • calculation and monitoring of the adequacy of technical provisions;
  • tariff strategy, monitoring of current estimates and assessment of the premium adequacy;
  • the process of assessment, valuation and acceptance of actuarial risk;
  • application of tools designed to mitigate actuarial risk, including in particular reinsurance and prevention.

Moreover, mitigation of the actuarial risk inherent in current operations is supported by:

  • defining the scopes of liability in the general / specific terms and conditions of insurance or other model agreements;
  • co-insurance and reinsurance;
  • application of an adequate tariff policy;
  • application of the appropriate methodology for calculating technical provisions;
  • application of an appropriate procedure to assess underwriting risk;
  • application of a correct claims or benefits handling procedure;
  • sales decisions and plans;
  • prevention.

Market risk, including liquidity risk

Market risk is understood as the risk of a loss or an adverse change in the financial situation resulting, directly or indirectly, from fluctuations in the level and in the volatility of market prices of assets, credit spread, as well as value of liabilities and financial instruments.

The risk management process for the credit spread and concentration risk has a different set of traits from the process of managing the other sub-categories of market risk and has been described in a subsequent section (credit risk and concentration risk) along with the process for managing counterparty insolvency risk.

The market risk in the PZU Group originates from three major sources:

  • operations associated with asset and liability matching (ALM portfolio);
  • operations associated with active allocation, i.e. designating the optimum medium-term asset structure (AA portfolios);
  • banking operations – in conjunction with them the PZU Group has a material exposure to interest rate risk.

Numerous documents approved by supervisory boards, management boards and relevant committees govern investment activity in the PZU Group entities.

Market risk identification consists in the identification of actual and potential sources of this type of risk. For assets, the identification of risk begins with the decision to commence transactions in a given type of financial instrument. Units that make a decision to start entering into such transactions draw up a description of the instrument containing, in particular, a description of the risk factors. They convey this description to the unit responsible for risk that identifies and assesses market risk on that basis.

The identification of market risk associated with insurance liabilities commences with the process of developing an insurance product. It involves identification of the relationship between the cash flows generated by that product and the relevant market risk factors. The identified market risks are subject to assessment using the criterion of materiality, specifying whether the materialization of risk entail a loss capable of affecting the financial condition.

Market risk is measured using the following risk measures:

  • VaR, or value at risk, a measure quantifying the potential economic loss that will not be exceeded within a period of one year under normal conditions, with a probability of 99.5%;
  • standard formula;
  • exposure and sensitivity measures;
  • accumulated monthly loss.

In the case of banking entities suitable measures are employed in accordance with the regulations applicable to this sector and best market practices.

Market risk measurement is divided into stages, in particular:

  • collection of information on assets and liabilities that generate market risk;
  • calculating the value of risk.

The risk measurement is performed:

  • daily – for exposure and sensitivity measures of the instruments in systems used by particular PZU Group companies;
  • monthly – when using the value at risk model for market risk or a standard formula.

Monitoring and control of market risk involves an analysis of the level of risk and of the utilization of the designated limits.

Reporting involves communicating to the various decisionmaking levels information concerning the level of market risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

Management actions in respect of market risk involve in particular:

  • execution of transactions serving the purpose of mitigation of market risk, i.e. selling a financial instrument, closing a position on a derivative, purchasing a derivative to hedge a position;
  • diversification of the assets portfolio, in particular with respect to market risk categories, maturities of instruments, concentration of exposure in one entity, geographical concentration;
  • setting market risk restrictions and limits.

The application of limits is the primary management tool to maintain a risk position within the acceptable level of risk tolerance. The structure of limits for the various categories of market risk and also for the various organizational units is established by appointed committees in such a manner that the limits are consistent with risk tolerance as agreed by the management boards of the subsidiaries. Banking sector entities are in this respect subject to additional requirements in the form of sector regulations. The existing interest rate volatility may impact the level of solvency ratios through decreasing valuations of debt securities in portfolios of the PZU Group entities. An increase in interest rates and turmoil in financial markets brought about by the Russia-Ukraine war resulted in higher use of market risk limits in banks. However, this still remains at a safe level.

Changes in financial markets also pertain to PZU and PZU Życie portfolios. Nonetheless, most portfolios are HTM in accounting terms and therefore these changes do not affect their value and profitability.

Changes in macroeconomic conditions which took place in 2022 affected capital requirements levels. Throughout three quarters of 2022, the value of capital requirements related to market risk of the PZU Group increased by 5%, which was largely due to an increase in interest rate risk. No risk of exceeding the risk appetite was recorded, and solvency ratios in both companies prove their strong capital position.

Considering the market changes, the insurance market is subject to additional stress tests imposed by the regulatory authority.

Financial liquidity risk means the possibility of losing the capacity to settle, on an ongoing basis, the PZU Group’s liabilities to its clients or business partners.

The liquidity risk management system aims to maintain the capacity of fulfilling the entity’s liabilities on an ongoing basis. Liquidity risk is managed separately for the insurance part and the bancassurance part.

The risk identification involves analysis of the possibility of occurrence of unfavorable events, in particular:
  • shortage of liquid cash to satisfy the current needs of the PZU Group entity;
  • lack of liquidity of financial instruments held;
  • the structural mismatch between the maturity of assets and liabilities.

Risk assessment and measurement involve estimation of the shortage of cash to pay for liabilities. The risk estimate and measurement is carried out from the following perspectives:

(static, long-term financial liquidity risk) – by monitoring a mismatch of net cash flows resulting from insurance contracts executed until the balance sheet date and inflows from assets to cover insurance liabilities in each period, based on a projection of cash flows prepared for a given date;

(medium-term financial liquidity risk) – through analysis of historical and expected cash flows from the operating activity;

(medium-term financial liquidity risk) – by estimating the possibility of selling the portfolio of financial investments in a short period to satisfy liabilities arising from the occurrence of insurable events, including extraordinary ones;

(short-term financial liquidity risk) – by monitoring demand for cash reported by business units of an insurance undertaking in the PZU Group by the date defined in regulations which are in force in that entity.

The banks in the PZU Group employ the liquidity risk management metrics stemming from sector regulations, including Recommendation P issued by the Polish Financial Supervision Authority.

To manage the liquidity of the banks in the PZU Group, liquidity ratios are used for different periods ranging from 7 days, to a month, to 12 months and to above 12 months.

Within management of liquidity risk, banks in the PZU Group also analyze the maturity profile over a longer term, depending to a large extent on the adopted assumptions about development of future cash flows connected with items of assets and equity and liabilities.

The assumptions take into consideration:

  • stability of equity and liabilities with indefinite maturities (e.g. current accounts, cancellations and renewals of deposits, level of their concentration);
  • possibility of shortening the maturity period for specific items of assets (e.g. mortgage loans with an early repayment option);
  • possibility of selling items of assets (liquidity portfolio).

Monitoring and controlling financial liquidity risk involves analyzing the utilization of the defined limits.

In the first half of 2022, the banking sector, including banks of the PZU Group, faced decreasing liquidity. It mostly resulted from continued increase in profitability of fixed coupon securities leading to decreased value of banks’ portfolios of debt securities which constitute liquidity reserve. Additionally, the decreased liquidity was also caused by the decision of the Monetary Policy Council (MPC) on increasing the reserve requirement since the end of March 2022.

The outbreak of the Russia-Ukraine war first increased cash withdrawals in ATMs and bank branches, thereby it was necessary to introduce daily limits, especially regarding foreign currencies. However, this situation quickly calmed down and stabilized.

In the second half of 2022, PZU Group banks recorded improved liquidity ratios. Increase in liquidity measures largely resulted from higher volume of term deposits while simultaneously decreasing dynamics of loans granted, and improving assessment of derivative and debt instruments.

In the second half f 2022, liquidity ratios of both banks stabilized, and remain at high and safe levels.

The current conditions did not have a material impact on liquidity risk of PZU Group’s insurance business in 2022. This liquidity was maintained at a safe level, and there were no grounds to take extraordinary management actions in terms of liquidity risk. As part of routine management actions regarding liquidity risk, the PZU Group constantly monitored the level of available liquid funds and the current utilization of liquidity limits.

Liquidity risk reporting involves communicating the level of financial liquidity to various decision-making levels. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

The following measures aim to reduce financial liquidity risk:

  • maintaining cash in a separate liquidity portfolio at a level consistent with the limits for the portfolio value;
  • umaintaining sufficient cash in a foreign currency in portfolios of investments earmarked for satisfying insurance liabilities denominated in the given foreign currency;
  • provisions of the Agreement on managing portfolios of financial instruments entered into between TFI PZU and PZU regarding limitation of the time for withdrawing cash from the portfolios managed by TFI PZU to at most 3 days after a request for cash is filed;
  • keeping open credit facilities in banks and/or the possibility of performing sell-buy-back transactions on treasury securities, including those held until maturity;
  • centralization of management of portfolios/funds by TFI PZU;
  • limits of liquidity ratios in the banks belonging to the PZU Group.

Credit risk and concentration risk

Credit risk is understood as the risk of a loss or an adverse change in the financial situation resulting from fluctuations in the reliability and creditworthiness of issuers of securities, counterparties and all debtors. It materializes in the form of a counterparty’s default on a liability or an increase in credit spread. The following risk categories are distinguished in terms of credit risk:

  • spread;
  • counterparty default risk;
  • credit risk in financial insurance.

Concentration risk is understood as the possibility of incurring loss stemming either from lack of diversification in the asset portfolio or from large exposure to default risk by a single issuer of securities or a group of related issuers.

Credit risk and concentration risk are identified at the stage of making a decision on an investment in a new type of financial instrument or on accepting credit exposure. It involves an analysis of whether the contemplated investment entails credit risk or concentration risk, what its level depends on and what its volatility over time is. Actual and potential sources of credit risk and concentration risk are identified.

Risk assessment consists of estimating the probability of risk materialization and the potential impact exerted by risk materialization on a given entity’s financial standing.

The measurement of credit risk is performed using:
  • measures of exposure (gross and net credit exposure and maturity-weighted net credit exposure);
  • capital requirement calculated using the standard formula.

Concentration risk for a single entity is calculated using the standard formula.

A measure of total concentration risk is the sum of concentration risks for all entities treated separately.

In the case of related parties, concentration risk is calculated for all related parties jointly. In the case of banking entities suitable measures are employed in accordance with the regulations applicable to this sector and best market practices. Credit risk is measured using a set of loan portfolio quality metrics.

Monitoring and control of credit risk and concentration risk involves an analysis of the current risk level, assessment of creditworthiness and calculation of the degree of utilization of existing limits. Such monitoring is performed, without limitation, on a daily, monthly and quarterly basis.

The monitoring pertains to:

  • credit exposure in investment portfolios;
  • credit risk exposures in financial insurance;
  • exposures to reinsurance;
  • exposure limits and risk tolerance limits;
  • credit exposures in the processes in effect in banking entities.

Reporting involves providing information on the levels of credit risk and concentration risk and the effects of monitoring and control. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

Management actions in respect of credit risk and concentration risk involve in particular:
  • setting limits to curtail exposure to a single entity, group of entities, sectors or countries;
  • diversification of the portfolio of assets and financial insurance, especially with regard to country and sector;
  • acceptance of collateral;
  • execution of transactions to mitigate credit risk, i.e. selling a financial instrument, closing a derivative, purchasing a hedging derivative, restructuring a debt;
  • reinsurance of the financial insurance portfolio.

The structure of credit risk limits and concentration risk limits for various issuers is established by appointed committees in such a manner that the limits are consistent with the adopted risk tolerance determined by the management boards of the respective subsidiaries and in such a manner that they make it possible to minimize the risk of ‘infection’ between concentrated exposures.

In banking activity the provision of credit products is accomplished in accordance with loan granting methodologies appropriate for a given client segment and type of product. The assessment of a client’s creditworthiness preceding a credit decision is performed using tools devised to support the credit process, including a scoring or rating system, external information and the internal databases of a given PZU Group bank. Credit products are granted in accordance with the binding operational procedures stating the relevant actions performed in the lending process, the units responsible for that and the tools used.

To minimize credit risk, adequate collateral is established in line with the credit risk incurred. The establishment of a security interest does not waive the requirement to examine the client’s creditworthiness.

PZU Group banks did not record material deterioration of portfolio credit quality in 2022.

Nonetheless, a moderate increase in credit risk costs was observed, caused by economic downturn.

A significant increase in inflation and interest rates of 2022 translated into a material increase in credit instalments for variable interest rate credits. Thus far, this has not materially deteriorated quality of credit portfolios of PZU Group banks. The problems that a borrower may have faced in 2022 were effectively mitigated by implementing measures of public aid in terms of changes in the Borrower Support Fund and payment moratoria – the so-called credit holiday.

The outbreak of the Russian–Ukrainian war did not directly cause the worsening value of credit portfolios. Banks identified exposures to clients at high risk that are either direct (stemming from operations conducted in Ukraine, Russia or Belarus, holding assets there and business ties in terms of deliveries or sales) or indirect (i.e. high share of imports or exports, high number of Ukrainian employees). The exposures were covered by closed monitoring, however, the risk has not yet materialized to a significant degree. Banks introduced special guidelines to limit financing for entities exposed to the risk of armed conflict by, among others, disallowing stronger involvement, necessity to replenish the loan collateral to 100% of the debt collection value, deciding not to process applications in line with simplified terms excluding risk.

However, as the economic situation continues to worsen in 2023 and it is possible that the conflict in Ukraine may escalate further, it is expected that the credit portfolio will deteriorate.

Operational risk

Operational risk is the risk of suffering a loss resulting from improper or erroneous internal processes, human activities, system failures or external events.

Operational risk is identified in particular by:

  • accumulation and analysis of information on operational risk incidents and the reasons for their occurrence;
  • self-assessment of operational risk;
  • scenario analysis.

Operational risk is assessed and measured by:

  • calculating the effects of the occurrence of operational risk incidents;
  • estimating the effects of potential operational risk incidents that may occur in the business.

Monitoring and control of operational risk is supported mainly by an established system of operational risk indicators and limits enabling assessment of changes in the level of operational risk over time and assessment of factors that affect the level of this risk in the business.

Reporting involves communicating to the various decisionmaking levels information concerning the level of operational risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.

Management actions involving reactions to any identified and assessed operational risks involve primarily:

  • taking actions aimed at minimizing risks, for instance by strengthening the internal control system;
  • risk transfer – in particular, by entering into insurance agreements;
  • risk avoidance by refraining from undertaking or withdrawing from a particular type of business in cases where too high a level of operational risk is ascertained and where the costs involved in risk mitigation are unreasonable;
  • risk acceptance – approval of consequences of a possible realization of operational risk unless they threaten to exceed the operational risk tolerance level.

Both banks in the PZU Group, upon KNF’s consent, apply advanced individual models to measure operational risk and to estimate capital requirements on account of this risk.

On 28 January 2022, PZU and PZU Życie established the Crisis Management Team in the light of the attack by the armed forces of the Russian Federation on Ukraine. The announced Crisis Situation means that there is ongoing monitoring of the current political and market situation, and adequate measures are introduced to ensure, in particular:

  • safety of employees;
  • business continuity of the companies and security of financial assets of the PZU Group;
  • additional safety measures in terms of cybersecurity and physical safety

PZU introduced a comprehensive care program addressed to employees of PZU Ukraine and their families evacuated to Poland. It provides, among others, accommodation, food, financial support, medical and legal aid, and professional activation plans.

The task unit of the Crisis Management Team continuously monitors the situation of Ukrainian companies, also in terms of reaching the assumptions of the “Crisis Situation Management Plan”, as prepared by Ukrainian companies.

Many charity initiatives addressed to Ukraine and its nationals are underway, taken individually or in cooperation with state administrative bodies and PZU Group entities, in particular with PZU Zdrowie and the PZU Foundation.

 

  • support for Ukrainian nationals at border crossings (purchase of powerbanks, thermal blankets, mattresses, bedding and hygiene products);
  • aid for the hospital in Tomaszów Lubelski and medical posts at the border by delegating doctors and medical personnel of PZU Zdrowie, purchasing materials and medical equipment;
  • organization of 24/7 points of sale of TPL policies at border crossings;
  • purchasing materials and delivering them to Ukraine, i.e. medicines, food, hygiene products, specialized (infrastructure) measures, personal protective equipment, etc.;
  • support and coordination of volunteer actions organized by the PZU employees;
  • organization of travel for Ukrainian children to PZU Good Summer Camps (PZU Dobre Kolonie);
  • adjusting and equipping the preparatory school in Zamość;
  • providing medical equipment and supplies to the National Rehabilitation Centre “Niezłomni” organized in Lviv;
  • purchasing and delivering support packages for children in care facilities in Chortkiv;
  • subsidising charity concerts to raise funds for those affected by the war in Ukraine;
  • delivering essential foodstuffs and industrial goods to the point in Festov;
  • funding Children’s Day gifts for Ukrainian children appropriate to their age;
  • purchasing sports equipment for Ukrainian children training in sports clubs in Poland (e.g. UKS Feniks Dębica, Olimpia Elbląg);
  • purchasing materials for the refugee accommodation center at the Primary School no. 14 in Przemyśl.

Additional cybersafety measures were introduced to mitigate risk with increasing probability of materialization. Anomalies in terms of cyber threats, extending to subsidiaries, are under continuous 24/7 monitoring. Due to the nationwide implementation of CRP Alert Level 3 (CHARLIE-CRP) and Alert Level 2 (BRAVO), a heightened state of readiness of the physical and cyber security areas has been maintained continuously since February 2022.

The Crisis Management Team also remains on standby to address the epidemic emergency.

Model risk

Model risk, classified by the PZU Group as significant, is defined as the risk of incurring financial losses, incorrectly estimating data reported to the regulatory authority, taking incorrect decision or losing reputation as a result of errors in the development, implementation or application of models.

The formal identification and assessment process for this risk was implemented in PZU and PZU Życie to ensure high-quality practices for model risk assessment.

The model risk management process involves:

  • risk identification, which takes place through regular identification of the models used in the areas covered by the process; identified models are assessed for materiality;
  • risk measurement, which is based on the results of independent model validations and monitoring;
  • risk monitoring, which involves ongoing analysis of deviations from the adopted points of reference regarding the model risk (e.g. verification of the recommendation execution method and comparison of the risk level to the adopted tolerance level);
  • risk reporting, which involves communicating the process results on the appropriate management level, in particular results of risk monitoring, validation and measurement;
  • management actions, which aim to mitigate the model risk level; they can be active (e.g. recommendations resulting from completed validations) and passive (developing model and model risk management standards).

In the entities from the banking sector, given the high significance of model risk, the management of this risk has already been implemented in the course of adaptation to the requirements of Recommendation W issued by the KNF.

Both PZU Group banks have defined standards for the model risk management process, including the rules for developing models and evaluating the quality of their operation, ensuring at the same time appropriate corporate governance solutions.

Compliance risk

The compliance risk understood as the risk that the PZU Group may infringe on the law, internal regulations and adopted standards of conduct, including ethical standards, which results or may result in:

  • being subject to legal sanctions;
  • incurring financial loss;
  • or loss of reputation or credibility

PZU makes efforts aimed at ensuring adequate and uniform standards of compliance solutions in all subsidiaries and monitors compliance risk throughout the entire Group.

In 2022 the compliance systems of PZU Group entities were aligned with the standards set by PZU. The provision of full information on compliance risk in Group companies is the responsibility of their compliance units. They are required to assess and measure compliance risk, undertake and implement appropriate remedial actions, which reduce the likelihood of realization of this risk.

PZU Group entities are obligated to provide ongoing information on compliance risk to the PZU Compliance Department. The Compliance Department analyses and processes information received from PZU Group entities, in particular to:

  • assess compliance risk at the level of the PZU Group and execute the compliance function in the PZU Group;
  • prepare reports and management information regarding the efficiency and adequacy of the compliance function in the PZU Group, and submit them to the Management Board and the Supervisory Board of PZU;
  • prepare and develop uniform standards pertaining to the functioning of the effective internal control system in the PZU Group entities;
  • prepare, develop and promote common training and information standards.

The tasks of the PZU Compliance Department also include:

  • issuing guidelines and recommendations in the area of compliance, taking into account principles of proportionality and adequacy, and monitoring their implementation;i;
  • providing substantive support and advisory for the PZU Group entities in performing the compliance function tasks.

Compliance risk includes, in particular, the risk that the operations performed by PZU Group entities will be out of line with the changing legal environment. This risk may materialize as a result of delayed implementation or absence of clear and unambiguous laws, or what is known as a legal gap. This may cause irregularities in the PZU Group’s business and, as a result, lead to higher costs (for instance, administrative penalties, other financial penalties) and a heightened level of loss of reputation risk.

Due to the broad spectrum of the PZU Group’s business, reputation risk is also affected by the risk of litigation is predominantly inherent in the Group’s insurance companies and banks.

The identification and assessment of compliance risk for each internal process in PZU Group entities is the responsibility of the heads of organizational units, in accordance with the allocation of responsibility for reporting. Moreover, compliance units in PZU Group entities identify compliance risk on the basis of notifications to the register of conflicts of interest, gifts and irregularities, and from inquiries sent to them.

Compliance risk is assessed and measured by calculating the effects of risk materialization of the following types:

  • financial risks, resulting among others from the possibility of imposing administrative penalties, court judgments, decisions issued by UOKiK, contractual penalties and damages,
  • intangible risks pertaining to a loss of reputation, including damage to the PZU Group’s image and brand.
  • systemic analysis of the regular reports received from the heads of organizational units and cells;
  • monitoring of regulatory requirements and adaptation of the business to the changing legal environment of PZU Group entities;
  • participation in the legislative work on amendments to generally prevailing provisions of law;
  • performing diverse activities in industry organizations;
  • coordination of external control processes;
  • monitoring of implementation of recommendations issued following internal audits;
  • coordination of the fulfilment of disclosure obligations imposed by the stock exchange (in respect of PZU) and by statute;
  • popularization of knowledge on compliance among PZU Group employees;
  • monitoring implementation of recommendations issued to a PZU Group entity;
  • ensuring uniform standards and consistent implementation of the compliance function within the PZU Group.
Management actions in response to compliance risk include in particular: 
  • acceptance of the risk arising, without limitation, from legal and regulatory changes;
  • mitigation of the risk, including by: adjustment of procedures and processes to changing regulatory requirements, evaluation and design of internal regulations to suit compliance needs, participation in the process of agreeing on marketing activities;
  • avoidance of risk by preventing any involvement of PZU Group entities in activities that are out of compliance with the applicable regulatory requirements, best market practices or activities that may have an unfavorable impact on the PZU Group’s image.

As part of efforts aimed at reducing compliance risk in the PZU Group at system level and day-to-day level, the following risk mitigation actions are undertaken:

  • continuous implementation of an effective compliance function as a key management function;
  • participation in consultations with legislative and regulatory authorities (supervised entities within the PZU Group) at the stage of development of the regulations (social consultations);
  • delegating representatives of the PZU Group’s supervised entities to participate in the work of various commissions of regulatory authorities;
  • facilitating the cooperation with the Insurance Guarantee Fund;
  • participation in implementation projects for new regulations;
  • training of staff on new regulations and standards of conduct;
  • issuing opinions on internal regulations and recommending possible amendments to ensure compliance with the applicable laws and accepted standards of conduct;
  • verifying procedures and processes in the context of their compliance with the applicable laws and accepted standards of conduct;
  • aligning documentation to upcoming changes in legal requirements before they are enacted;
  • systemic supervision exercised by PZU over the execution of the compliance function in PZU Group entities;
  • analyses and ongoing monitoring of the application of “Chinese wall” rules – in connection with the additional investor commitments made by PZU on 31 April 2017 in connection with the proceedings under the notification on the intent to purchase Bank Pekao’s shares;
  • ongoing monitoring of changes in the legal and regulatory environment in order to identify gaps or areas requiring action to ensure compliance.

The actions in 2022 in the compliance area were also associated with the PZU Group continuing to meet the criteria for treating it as a financial conglomerate, and hence applying supplementary oversight to it under the Act of 15 April 2005 on supplementary oversight over credit institutions and insurance undertakings, reinsurance undertakings and investment firms comprising a financial conglomerate.

  • Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector, entered into force;
  • Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020 on the establishment of a framework to facilitate sustainable investment, amending Regulation (EU) 2019/2088;
  • Commission Delegated Regulation (EU) 2021/1257 of 21 April 2021 amending Delegated Regulations (EU) 2017/2358 and (EU) 2017/2359 as regards the integration of sustainability factors, risks and preferences into the product oversight and governance requirements for insurance undertakings and insurance distributors and into the rules on conduct of business and investment advice for insurance-based investment products;
  • Commission Delegated Regulation (EU) 2021/1256 of 21 April 2021 amending Delegated Regulation (EU) 2015/35 as regards the integration of sustainability risks in the governance of insurance and reinsurance undertakings;
  • Commission Delegated Regulation (EU) 2022/1288 of 6 April 2022 with regard to regulatory technical standards specifying the presentation of information in relation to sustainability indicators;
  • Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law;
  • International Financial Reporting Standard 17 “Insurance Contracts” (IFRS 17);
  • Act of 9 February 2022Amending the Commercial Company Code and certain other acts;
  • Act of 18 November 2020 on Electronic Deliveries;
  • draft Act on Protection of Whistleblowers;
  • draft Act amending certain acts in connection with commitment to develop financial market and protect investors on that market;
  • draft Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (“DORA”);
  • proposed amendments to the Labor Code, including with regard to the implementation into the national law of Directive 2019/1152 of 20 June 2019 on transparent and predictable working conditions in the European Union (Information Directive) and Directive 2019/1158 of 20 June 2019 on work-life balance for parents and carers and repealing Council Directive 2010/18/EU (Work-Life Balance Directive).

Moreover, in 2021, PZU Życie implemented the necessary measures that ensured adaptation to the product intervention (KNF’s decision of 15 July 2021 prohibiting the marketing, distribution and sale of investment products – life insurance agreements if they feature unit-linked funds). The offer, modified in January 2022, included solely and exclusively products that met all the criteria set forth in the decision issued by the regulatory authority.

Risk concentration

When managing the various categories of risk, the PZU Group identifies, measures and monitors risk concentration.

Compliance with the regulatory obligations imposed on groups identified as financial conglomerates is supported by the model introduced in 2020 to manage significant risk concentration in the PZU Financial Conglomerate in keeping with the requirements of the Supplementary Supervision Act.

Supplementary supervision protects the financial stability of lending institutions, insurance undertakings, reinsurance undertakings and investment firms being members of financial conglomerates. The supervision is exercised, among others, through measuring the risk concentration level in the financial conglomerate as a whole, also from the perspective of regulated entities being its members.

The implementation of this model served the purpose of defining the risk concentration management principles and supporting the units involved in the process, in particular through:
  • defining the roles and responsibilities of individual participants of the significant risk concentration management process;
  • introducing consistent risk definitions;
  • introducing the principles of identifying, measuring and assessing risk; • determining the risk profile of exposures identified as material concentration;
  • defining the risk limits and threshold values;
  • defining the principles of monitoring significant risk concentrations;
  • introducing the principles of reporting and management decision-making

Regulated subsidiaries monitor and submit regular reports to the leading entity in the PZU Financial Conglomerate on the measures and data required to identify risk concentrations. In the case of identification of an excessive risk concentration, management actions are implemented on the level of the given entity or the whole financial conglomerate.

Risk concentration is measured and monitored, in particular, in the following dimensions:

  • concentration per counterparty or group of counterparties;
  • concentration per currency;
  • concentration per sector of economy;
  • concentration per country;
  • concentration per asset type.