4.1.1 Objectives of the risk management system
Objectives of the risk management system:
- increase in the Group's value by added attention paid both to return and risks;
- care for the appropriate capitalisation, liquidity and profitability of the Group;
- support for better decision-making, as it enables in-depth insight into risks and their effects and/or consequences;
- care for the security and satisfaction of investors, employees, clients and other stakeholders.
The risk management system is made of three lines of defence with clearly defined responsibilities as described below.
The first of the three lines of defence in the system is spread over individual divisions, which are primarily responsible for active risk management per division. They are also responsible for the effective functioning of internal controls and the implementation of business activities within the set limits and in accordance with the strategic objectives.
The second line of defence consists of the Risk Management Committee, the Assets and Liabilities Committee (ALCO) (see chart below) and the Risk Management Department. The two committees supervise the functioning of the integrated management system and the proper communication of activities. Each committee includes at least one Management Board member, the relevant executive directors and the directors of departments directly accountable to the Management Board of Zavarovalnica Triglav.
The Risk Management Department draws up a risk management framework (methodologies used for risk identification, measurement and management, minimum requirements for the internal control system, development of assets and liabilities management models, setting investment policy limits and operational risk limits, verifying compliance with the risk management framework). The Director of the Risk Management Department, who is directly accountable to the Management Board, is also a member of the Risk Management Committee and Chairman of the ALCO. This and other parts of the organisational structure clearly reflect the Company's awareness on the importance of risk management.
An important component of the risk management system is the compliance function, which was set up in order to provide advice on all areas of regulatory principles, to monitor regulatory compliance, and to develop and monitor anti money-laundering and terrorist financing measures with respect to regulatory requirements.
Internal audits represent the third line of defence in the scope of the risk management system. The internal audit constantly test the quality of the internal control framework in compliance with the regulatory requirements. It also performs an assessment of the risk governance and risk management system on a periodic basis.
Risk-related decision-making competences and authorities are shown in the figure below
- Defines the risk management strategy in line with the business strategy of Zavarovalnica Triglav;
- Approves the risk management policy;
- Approves individual components of the risk management system;
- Approves the internal documents with reference to risk management.
Risk Management Committee
- Gives preliminary approval to the Management Board’s decisions relating to individual components of the risk management system, including the target risk exposure;
- Defines risk management standards;
- Defines methodologies of risk measurement and management for all risk categories;
- Defines operational risk exposure limits and monitors the operational risk exposure levels;
- Monitors the implementation of IT security polices;
- Monitors the implementation of the compliance system;
- Monitors the outsourcing risk exposure levels.
Assets and Liabilities Committee (ALCO)
- Gives preliminary approval to the Management Board’s decisions relating to assets and liabilities management;
- Approves investment policies for individual long-term business funds and assets backing liabilities;
- Gives preliminary approval to the Management Board’s decisions relating to bonus allocations
- Monitors risk exposures arising from assets and liabilities management to the insureds;
- Monitors changes in the external environment relating to assets and liabilities management (e.g. changes concerning measurement methods, the legislative environment, external reporting).
Risk Management Department
- Develops the risk management system of Zavarovalnica Triglav, including the methods, processes, models and framework of the internal control system;
- Regularly carries out risk analyses and reports on exposure levels to the Management Board;
- Drafts the Management Board’s decisions on risk reduction;
- Coordinates preparations for Solvency II;
- Provides operational support to the Risk Management Committee and the ALCO;
- Promotes good practices in the risk management culture through workshops, seminars and the like.
- Actively manage risks in their business segments by adhering to the set limits and strategic guidelines;
- Develop internal controls within the framework of the internal control system;
- Cooperate with the Risk Management Department in risk analyses and/or model development.
The scope of risk management activities is defined in the global risk management strategy statement. Accordingly, risk management policies have been developed that define risk governance, risk management competencies and authorities with respect to the stated risk appetite. Core development activities are focused on Zavarovalnica Triglav; however, the framework is gradually phased throughout the Triglav Group in line with its strategic objectives as well as Solvency II requirements.
The risk exposure limits are:
- overall portfolio limits,
- supplementary limits for individual risk types.
4.1.2 Added value of the risk management system
Risk management provides the opportunity to efficiently turn risk into value. It enables the Group to control and adjust its entire risk profile and to limit its amount of exposure to certain risks. The successful and prudent assumption and management of risks give the Company financial strength and, consequently, the ability to fulfil its obligations to its clients and meet their expectations, at the same time creating sustainable value for its investors.
The Group has developed a conservative culture and approach to risks which it controls with modern risk management tools. Since risk management is one of the most important functions of the Company, it requires adequate resources in terms of organisational structure, strategic orientation, staff training, and regular or continuous risk review. Monitoring and identification of risks constitute the foundation of the risk management system. The Group uses a set of advanced tools for efficient risk assessment, which among other things also analyse the interconnectedness of risks at the Group level. The same applies to reporting and control, supplemented with various rules and regulations. Common to all these, however, is a transparent sharing of information on which the risk management system for the Group as a whole is based. Consequently, the operation of the entire Group is more transparent, stable and secure. All together, this leads to favourable results and raises the satisfaction of all the participants in the business process.
Added value of Zavarovalnica Triglav's risk management system
To enable efficient risk taking and risk identification, which form the essence of the Company's risk management system, all business divisions have clearly defined limits and apply an internal control system for monitoring their operations.
The Risk Management Strategy is defined in a clear and precise manner, in line with the Group's business strategy. Its goals are to reinforce the Group's financial stability and strength, to cater to the clients' needs and to fulfil the obligations towards them as well as to increase the value of the Group for its shareholders. Moreover, the Strategy sets out the risk appetite, i.e., the framework and level of risks the Group is willing to assume and manage. The system is designed to allow transparency and efficient communication.
4.1.3 Risk management at the Group level
Risk Management at the Group level is more extensive than risk management system at the level of individual companies. At the Group level, the risk management system must be adequate, efficient and in proportion to the structure, nature, volume and complexity of transactions and the risks related. The system pays special attention to risks at the Group level and analyses the risks at the level of individual Group members, the interconnectedness of those risks and, of course, the concentration of risks. Because of the diversity of structures and systems within the Group, any decision made at the level of either the Group or an individual company must take into account the specifics of the situation and the impact of the decision at both levels. The Group reorganisation and centralisation of functions, including the establishment of the Subsidiary Management Committee, made such risk management possible.
In spite of its size and complexity, the Triglav Group succeeded in setting up an efficient and, most importantly, a reliable system of risk management. Two concepts are characteristic of systems at the Group level. The first requires consistent risk management at the broad level of the entire Group, while the second is the concept of centralised risk management. The Triglav Group applies both concepts and considers them complementary rather than contradictory to one another.
The Group itself has designed a strategy and policies that define, categorise and control the risks to which the Group is exposed. On this basis, the strategy of risk management has also been devised through policies distributed to all Group members, who then take care of the appropriate implementation of both strategies in the day-to-day operations at the level of Group member.
The efficiency of the system is secured by the hierarchy structure and through the cooperation of all employees, as well as thanks to a strong corporate culture which stresses the importance of risk management at all levels. Moreover, the system is supported by clear and transparent top-down and bottom-up information flow. The efficient flow of information and the transparency of the decision-taking process are possible thanks to compatible IT systems which at the same time enable uniform internal control systems.
Major development activities concerning the risk management system in 2011 included:
- definition of the minimum internal control standard to ensure the regularity and reliability of financial and accounting reporting for the insurance companies within the Group;
- development of ALM models for long-term business funds and assets backing liabilities of Zavarovalnica Triglav.
- other preparatory activities for the implementation of the Solvency II Directive and of IFRS 4 Phase II.