Navigation Map Download our best practices

Interactive navigation is a tool that goes beyond the standard navigation of the integrated content (available in the report drop-down bar). New approach allowed to navigate in the two additional business dimensions of the PZU Group, i.e .:
- strategy (insurance, health, investments, finances);
- sustainable development (sales, employees, social responsibility, natural environment and ethics).
The above-mentioned areas were additionally supplemented with related GRI indicators, within each selected issue.

Risk management, taking into account non-financial risk

Annual Report 2018 > RISK AND ETICHS > Risk management, taking into account non-financial risk
Reference areas Ref. areas
Best Pratices in PZU

Risk management is one of the key internal processes in the PZU Group. The risk management system in place in PZU is based on three independent lines of defense. Its framework is outlined by the standards prevailing in the insurance sector and the guidelines laid down in regulatory regulations. The overriding objective of the risk management policy pursued in the PZU Group is to ensure early identification and adequate management of material risks associated with the company’s activities. The non-financial risk management processes are part of a broader risk management process in the Group.

“Are the risks managed centrally or in individual companies? Are the risks defined taking into account the specifics of the segments (insurance, health, investments, banking)?”

Comment made during a dialogue session

The main elements of the PZU Group’s risk management system have been implemented to ensure sectoral consistency and the execution of the various entities’ strategic plans and the overall PZU Group’s business objectives. PZU exercises supervision over the PZU Group’s risk management system on the basis of cooperation agreements entered into with other Group entities and the information provided thereunder.

Risk is managed at the PZU Group level on an aggregate basis, especially with respect to capital requirements. Risk Management Strategy is the overriding document. On the Group level, additionally policies for managing individual risk categories have been developed for operational, market, credit and actuarial risks. The risk management rules applicable to the PZU Group’s subsidiaries include a recommendation issued by PZU (the parent) regarding the organization of the risk management system in insurance sector and banking sector subsidiaries. In addition, guidelines regulating the various risk management processes in the PZU Group entities are also issued from time to time (this pertains to, among others, banks).

The Alior Bank Group has implemented the Alior Bank Group Risk Management Policy for the subsidiaries. Additionally, the Risk Management Policy, Credit Risk Management Policy, Asset and Liability Management Policy for 2018-2020, Model Risk Management Policy and Operational Risk Management Policy have been introduced.

The Pekao Group has adopted Principles of Financial Risk Management in the Bank Pekao Group. In addition, in individual companies, internal risk management procedures have been implemented. In Bank Pekao the Management Board adopted and the Supervisory Board approved the ICAAP Policy. It defines the key elements of the overall approach to risk associated with the activity conducted by the Bank and following from the adopted business strategy on the level of the Bank and the entire Group. It also defines the risk types and the criteria for classifying risk as material, point to the objectives and the related risk management principles, target risk structure associated with the conducted activity and accepted risk level and structure, defined under the adopted risk appetite. As regards operational risk, over half of the companies have implemented their internal procedures which define the operational risk management system, including division of roles and responsibilities in the risk management process, internal control process, tools and reporting system.

Alior TFI has adopted a number of internal policies associated with the type of its activity. In addition to the Risk Management Policy, it has implemented a Market Risk Management Policy, which pertains to the portfolios of the funds managed by Alior TFI. It defines the procedures for assessment of exposure of each of the mutual funds managed by the TFI to market risk, including the rules for identification, measurement, assessment and reporting of market risk for the Funds and division of roles and responsibilities in the market risk management process. It has also introduced a Liquidity Risk and Credit Risk Management Policy.

“We are interested in an in-depth description of the ESG risk management in the PZU Group. What non-financial risks does the company face and does it manage each of them? How does it classify individual risks and which stakeholders do they affect? ”

Comment made during a dialogue session

As part of its activities PZU classifies the following risks to which the PZU Group is exposed as material: actuarial risk, market risk, credit risk, concentration risk, operational risk, model risk and compliance risk.

The non-financial risks are described primarily in the group of operational risks, compliance risks and actuarial risks, which reflect the product risks associated with catastrophic events, in particular resulting from climate changes, such droughts, floods and cyclones.

Risk categories in the PZU Group:

Risk categories in the PZU Group

The risk management process consists of the following stages:

The risk management process consists of the following stages

Key non-financial information

From the perspective of the impact on issues related to social, employee, environmental, human rights and prevention of corruption, compliance risk and operational risk are of special importance. In addition, the PZU Group identifies environmental risk in the process of financing entities.

The PZU Group has implemented an operational risk management system under which it prevents operational risk incidents and reduces operational losses. The operational risk management principles and structure in PZU are based on the adopted Operational Risk Management Policy. Operational risk is controlled on multiples levels in the organization. Supervision over the operational risk management system is exercised by an independent, dedicated unit within the Risk Department structures.

The key tool used to monitor operational risk is the Key Risk Indicator system, covering areas with special exposure to operational risk. The indicators are subject to regular reviews, at least once a year.

As part of the compliance risk and operational risk, employee, environmental, social, ethical and prevention of corruption issues have been identified. Below is a list of key issues.

Employees and respecting human rights

Risk category Risk description Description of the approach to risk management
The risk associated with the difficulty of hiring qualified staff Difficulties of hiring qualified staff pertain, in particular, to areas characterized by narrow specialization and areas where candidates with unique competences are sought. The risk is mitigated thanks to the high PZU band awareness among labor market participants, a highly valued range of fringe benefits, and implementation of candidate searches in alternative sources, such as social medial and industry portals.
The risk associated with quickly changing regulations and necessity to update the knowledge about prevailing regulations and obligatory operating methods It is increasingly necessary to update on an ongoing basis the knowledge about prevailing regulations and obligatory operating methods, e.g. the new responsibilities regarding verification of competences associated with the requirements of the insurance distribution act and introduction of operating methods in the form of Chinese walls in connection with inclusion of banks into the PZU Group. Verification of the competences and transfer of knowledge on the prevailing standards have to cover a large number of employees over a short period of time. Obligatory training courses are organized in the PZU Group, mainly in the form of e-learning, allowing for efficient transfer of knowledge in a short time to all employees to which it pertains. Training courses are combined with tests verifying their effectiveness and allow for monitoring whether the information has reached the target group.
The risk of failure to respect employee rights by unequal treatment of employees, discrimination of employees and cases of mobbing and discrimination Actions and behaviors pertaining to an employee or against an employee, involving persistent and lasting harassment or intimidation of an employee, impairing their professional self-esteem, causing or aimed at humiliating or ridiculing an employee, isolating them or eliminating them from the team of associates. No actions or behaviors having the features of mobbing are tolerated by the employer in any way. The approach to prevention of mobbing and discrimination is described in section 6.3 Diversity and respecting human rights.
Risk related to the lack of effective dialogue with the trade unions (collective dispute) A collective dispute of employees with the employer may pertain to terms of work, pay or social benefits and rights and freedoms of trade union employees or other groups entitled to association in trade unions. The employer has appointed a Social Dialogue Team in the HR Management Department. The team is supervised directly by the Director of the HR Management Department/Managing HR Director in the PZU Group. The team is composed of employees with many years of experience in social dialogue, specialized in collective labor law. The social dialogue policy is shaped directly by the company’s Management Board and the Managing HR Director in the PZU Group. The Social Dialogue Team employees conduct talks and participate in dedicated meetings with trade unions and respond on an ongoing basis to the needs of social partners. Meetings in the company’s head office are held on average every two weeks and last minimum two days.
The risk of overrunning the personnel budget The need to hire an employee for an amount higher than budgeted in connection with lack of qualified employees in the labor market. Unbudgeted employee hiring.   PZU Group financial planning procedure in the PZU Group. Looking for financing sources for such hiring or, as a last resort, using the central budget reserve. Due to its limited size, there is a risk of overrunning the budget.
Risk of failure to ensure a safe and healthy work environment Exposing employees to accidents at work. To prevent accidents the PZU Group focuses on increasing the safety awareness among employees. To develop employee awareness, a broad range of methods is used, including among others, stationary and e-learning courses, dedicated broad safety campaigns, and knowledge contests for employees on internal procedures and safety principles.

Products and client relations

Risk category Risk description Description of the approach to risk management
Compliance risk in the marketing communication pursued by PZU Conducting marketing activities is, by definition, associated with the risk of non-compliance with generally prevailing laws and guidelines of state authorities, and reputational risk. Therefore, marketing materials need to be verified before publication for the perspective of, among others, transparency, truthfulness and accuracy of presented information. The Marketing Department uses the best practice of verification of planned marketing messages with other PZU units, in particular the Legal Department and Compliance Department (for compliance risk, including in particular with regard to compliance with the law – risk of misleading the consumer, use of messages infringing the addressees’ interests) and pertinent product departments (consistency of the message with the facts – risk of misleading the consumer). To ensure reliable and ethical communication, the Group has introduced principles for issuing opinions on marketing activities and internal and corporate communication activities, and all marketing activities are conducted on the basis of the Code of Ethics in Advertising. More information about responsible marketing communication can be found in section 2.3 Responsible sales.
Misselling risk The risk associated with unfair communication with clients as regards PZU Group’s offers through unreliable or inaccurate description of the risks associated with PZU Group’s offers. To prevent misselling, the PZU Group has implemented Policies for the fair design and sale of financial products and services which have been described in more detail in section 2.3 Responsible sales. Additionally, addressing the requirements of the PRIIP Regulation3, the PZU Group has developed for all products subject to the regulation documents covering the key information (Key Information Documents – KID). The KID, prepared individually for each product, is aimed at facilitating comparison of the products of different companies and supporting clear communication of information that is important to the client.
The risk pertaining to disclosure of personal data and data subject to insurance secrecy to unauthorized persons   PZU and PZU Życie have implemented principles for client identification and provision of information depending on the client’s requests. In addition, access to personal data and data subject to insurance secrecy is granted only to authorized persons using the dedicated system CSZBI. Additionally, PZU has implemented a DLP class monitoring system which comprises appropriate rules minimizing the risk of disclosure of information, including personal data, to unauthorized persons.

3 Regulation (EU) No. 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based products

Corruption prevention area

Risk category Risk description Description of the approach to risk management
Risk of abuse in the PZU Group The risk associated with inappropriate implementation in the Group’s structure of anti-corruption procedures, including ensuring protection for whistleblowers. There is zero tolerance for any form of corruption in the PZU Group. Therefore, the Group companies have in place corruption prevention policies and rules for acceptance and giving of gifts. Additionally, PZU and PZU Życie have implemented an Anti-Corruption Program which defines examples of corruption and division of responsibilities to control the risk. More information in this regard can be found in section 6.5 Transaction security.
The risk associated with insurance crime and frauds The risk associated with inappropriate design and implementation of solutions in the area of compliance and anti-fraud structures in the organization. The PZU Group has in place special security procedures in the crime prevention area. Detailed information is presented in section 6.6 Cooperation with suppliers.

Protection of natural environment

Risk category Risk description Description of the approach to risk management
The risk of pollution of natural environment and risk of natural disasters The risk associated with failure to comply with environmental norms and standards by the company, its suppliers and business partners and prevention of the effects of natural disasters. The PZU Group exerts limited direct impact on the environment due to the type of its business activity in the financial services sector. The company monitors the consumption of energy and environmental resources (energy, fuels, water, paper). PZU is aware, however, of its indirect impact on the natural environment through the actions of its clients, especially those who extensively use natural resources in their operations. However, the company does not carry out any precise analyses of such impact. PZU has in place internal procedures regarding business partners, which required compliance with environmental norms and standards. PZU has developed a Code of CSR Best Practices for PZU Suppliers and compliance with its provisions by the business partners is incorporated into the contract with PZU. In its insurance activity PZU uses a clause of extended liability for losses arising in connection with the release of hazardous substances into the air, water or soil and the costs associated with the removal, treatment and disposal of any pollutants. PZU also offers insurance cover for clients and their property in the case of natural disasters. As part of its products, PZU also provides an insurance guarantee for performance of obligations on account of rectification and remedying of the negative effects for the environment and damages to the environment. The guarantee allows clients to obtain the required permits, among others: • decision approving the hazardous waste management program; • permit to conduct waste recycling and neutralization activity; • permit to construct waste landfills; • cover for negative effects in the environment (e.g. river water pollution); • permit for cross-border transport of waste.  

Risk management responsibility

The management boards of PZU Group entities are responsible for fulfilling their own duties in accordance with the generally applicable provisions of national and international law. In particular, they are responsible for the implementation of an adequate and effective risk management system.

Supervision over the risk management systems in the various financial sector entities is exercised by supervisory boards. PZU designates its representatives to the Supervisory Boards of its subsidiaries, including in particular the Alior Bank and Bank Pekao Group. In entities outside the financial sector, risk management is the direct responsibility of the Management Board of such companies.

Chart of the organizational structure for the risk management system

Chart of the organizational structure for the risk management system

Facebook Facebook Twitter Twitter Linkedin Linkedin All