Identification, measurement and assessment, monitoring and control, and undertaken management activities ensure ongoing adequacy and effectiveness of the risk management system. In the PZU Group, the risk management process consists of the following stages:
- risk identification commences with a proposal to start developing an insurance product, buying a financial instrument, modifying an operating process, and also whenever some other event occurs that may potentially lead to the emergence of risk. The identification process continues until the expiration of liabilities, receivables or activities associated with the risk. Risk identification involves identification of actual and potential sources of risk, which are later analyzed in terms of significance;
- risk measurement and assessment are conducted depending on the nature of the individual risk type and its significance level. Risk measurement is carried out by specialized units. Risk units in each entity are responsible for the development of tools and the measurement of risk in terms of risk appetite, risk profile and tolerance limits;
- risk monitoring and control consists in the ongoing analysis of deviations from benchmarks (limits, threshold values, plans, figures from prior periods, recommendations and guidelines);
- reporting allows for effective communication on risk and supports risk management on various decision-making levels;
- management actions include, among others, risk avoidance, risk transfer, risk mitigation, determination of risk appetite, acceptance of risk level, as well as the use of supporting tools, such as limits, reinsurance programs or underwriting policy reviews.
Two levels are distinguished in the risk management process:
- the PZU Group level, ensuring that the PZU Group attains its business objectives in a safe manner appropriate to fit the scale of the risk involved. Monitored at this level are the limits and risks specific to the PZU Group such as: catastrophic risk, financial risk, counterparty risk and risk concentration. The PZU Group provides support for the implementation of a risk management system, including the introduction of compatible mechanisms, standards and organization of an efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in the reinsurance area) and the security management system in the PZU Group, and monitors their ongoing application. While carrying out their tasks in the risk management system, authorized PZU Group personnel cooperates with the Management Boards of subsidiaries and the management of such areas as finance, risk, actuary, reinsurance, investments and compliance on the basis of appropriate cooperation agreements;
- the entity level, ensuring that the PZU Group entity attains its business objectives in a safe manner appropriate to the scale of the risk involved. Monitored at this level are the limits and risk categories specific to the company and, as part of the risk management system, mechanisms, standards and organization are implemented for the efficient operation of the internal control system (with particular emphasis on the compliance function), the risk management system (in particular in reinsurance area) and the security management system.