Identification, measurement and assessment, monitoring and control, and undertaken management activities ensure ongoing adequacy and effectiveness of the risk management system. The risk management process in PZU Group consists of:
- risk identification – commences with a proposal to start developing an insurance product, buying a financial instrument, modifying an operating process, and also whenever some other event occurs that may potentially lead to the emergence of risk. The identification process continues until the expiration of liabilities, receivables or activities associated with the risk. Risk identification involves identification of actual and potential sources of risk, which are later analyzed in terms of significance;
- measurement and assessment of risk – conducted depending on the nature of the risk type and its significance level. Risk measurement is carried out by specialized units. Risk units in each entity are responsible for the development of tools and the measurement of risk in terms of risk appetite, risk profile and risk tolerance;
- risk monitoring and control – consists in the ongoing analysis of deviations from benchmarks (limits, threshold values, plans, figures from prior periods, recommendations and guidelines);
- reporting – allows for effective communication on risk and supports risk management on various decision-making levels;
- management actions – including, among others, risk avoidance, risk transfer, risk mitigation, determination of risk appetite, acceptance of risk level, as well as the use of supporting tools, such as limits, reinsurance programs or regular review of internal regulations
Two levels are distinguished in the risk management process:
- the PZU Group level – ensuring that the PZU Group attains its business objectives in a safe manner appropriate to fit the scale of the risk involved. The PZU Group provides support for the implementation of a risk management system, including the introduction of compatible mechanisms, standards and organization of an efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in the reinsurance area) and the security management system in the PZU Group, and monitors their ongoing application. While carrying out their tasks in the risk management system, authorized PZU Group personnel cooperates with the Management Boards of subsidiaries and the management of such areas as finance, risk, actuary, reinsurance, investments and compliance on the basis of appropriate cooperation agreements. A risk concentration management system was implemented to ensure that entities in the financial conglomerate attain their business objectives in a manner ensuring financial stability at the level of both the entire conglomerate and individual entities. The system monitors appropriate risk concentration measures and their limits and threshold values. Risk measurement permits identification of the sources of concentration in individual risks at the level of both the financial conglomerate and individual regulated entities and supports an assessment of the impact of these concentrations on financial stability;
- the entity level – ensuring that the PZU Group entity attains its business objectives in a safe manner appropriate to the scale of the risk involved. Monitored at this level are the limits and risk categories specific to the company and, as part of the risk management system, mechanisms, standards and organization are implemented for the efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in reinsurance area) and the security management system.