Risk management

The non-financial risk management processes are part of a broader risk management process in the Group. Non-financial risks were also identified at the stage of development of the ESG Strategy entitled “Balanced Growth”. They were addressed in strategic commitments, key performance indicators and strategic initiatives. Moreover, selected non-financial risks are taken into account in the investment decision-making process and in selected corporate client risk assessment processes, which enable the insurer to evaluate the premium.

PZU exercises supervision over the PZU Group’s risk management system by the power of cooperation agreements entered into with other Group entities and the information provided thereunder. It manages risk at the PZU Group level on an aggregate basis, especially in terms of capital requirements. The cooperation agreements signed with the PZU Group subsidiaries enable the collection and processing of information necessary for appropriate and effective management of risk at the PZU Group level. They also guarantee that the various risks generated by the individual PZU Group entities are assessed and are based on the same standards, taking into account the requirements and restrictions arising from the applicable law. The main elements of the PZU Group’s risk management system have been implemented to ensure sectoral consistency and the execution of the various entities’ strategic plans and the overall PZU Group’s business objectives.

Subsidiaries from outside of the financial sector introduce the risk management rules including the allocation of roles and responsibilities and the catalog of risks associated with the relevant activity. The determination of the appropriate level of risk in each company is the management board’s responsibility, whereas a review of the risk management system, especially the risk appetite level, is conducted once a year by the unit responsible for risk, with all actions being coordinated at the PZU Group level.

Effective risk management is supported by the Internal Control System implemented in PZU, which offers solutions for three levels of defense:

In addition, PZU as the leading entity in the PZU Financial Conglomerate manages risk concentration at the level of the overall conglomerate. The leading entity has established the risk concentration management standards, in particular through introduction of rules for identification, measurement and assessment, monitoring and reporting of significant risk concentration and making managerial decisions.

Once a year, the internal audit unit prepares an annual activity report, which includes, in particular, an evaluation of the internal control system and the risk management system. The procedure for preparing the report and its scope are governed by separate internal regulations. For the purposes of report, the risk unit prepares information as to the adequacy and effectiveness of the risk management system.

As part of its activities PZU classifies the following risks to which the PZU Group is exposed as material: actuarial risk, risk of models, compliance risk, credit risk, concentration risk and market risk (including liquidity risk).

* _{According to the European Commission guidance for non-financial reporting, transition risks refer to the transition of the economy to a low-carbon and climate-resilient future. Physical risk on the other hand entails financial losses stemming from the physical consequences of climate change and encompasses acute (e.g. storms, fires) and long-term risk (rising sea level).}

The management process for managing various risk categories comprises requirements of sustainable development, and the same applies at the level of each PZU Group subsidiary, in compliance with prevailing provisions of law and individually defined PZU Group internal policies, including the ESG Strategy which constitutes an integral part of the PZU Group Strategy.

The consistent split of powers and tasks in the PZU Group and in its various financial sector subsidiaries covers four decision-making levels: Supervisory Board, Management Board, Committees and various operating units within the three lines of defense.

1. Supervision over the risk management systems in the various financial sector entities is exercised by supervisory boards. PZU designates its representatives to the supervisory boards of its subsidiaries, including in particular the Alior Bank Group and the Pekao Group.
2. The management boards of PZU Group entities are responsible for executing their own duties in accordance with the generally applicable provisions of national and international law. In particular, they are responsible for implementation of an adequate and effective risk management system. The Management Board organizes the risk management system and ensures that it is operational by adopting strategies and policies, setting the level of risk appetite, defining the risk profile as well as tolerance levels for the individual categories of risk.
3. Committees decide about limiting the levels of individual risks to fit the risk appetite framework they have defined, adopt procedures and methodologies for mitigating the individual risks and accept the limits for individual risk types. Selected members of the Management Boards sit in the Committees.
4. The fourth decision-making level pertains to operational measures in the various business units divided into three lines of defense.

Under the agreement, regulated were issues in the fields of: procurement, risk management, IT management, internal audit, strategy, projects, marketing and brand management, consulting and legal assistance, security management, human resources management, corporate communication, tax policy, corporate governance, actuarial services, accounting, planning and controlling, compliance, reinsurance, customer experience management, claims and benefits handling, sustainable business development (ESG), tariff-related actuarial services, analysis of insurance evolution and tariffs, sales technologies development, sales and non-motor underwriting of business insurance products.

Listed below are selected regulations in force at PZU, which are key to building a consistent approach within the framework of policies and procedures adopted collectively, in the area of non-financial risk management (within the group of operational and compliance risks).