The PZU and PZU Życie risk profile did not change significantly in 2013, except for market risk. The change in the market risk profile was due to the fact that PZU Życie paid a dividend in the form of transfer of share fund units, as well as because of the implementation of a new internal model for calculating market risk. The main risks incurred by these companies include insurance risk, market risk, credit risk, concentration risk, operational risk and compliance risk.
Insurance risk is the risk of a loss or an adverse change in the value of insurance liabilities as a result of improper assumptions regarding valuation and the establishment of provisions. The insurance risk management process starts with the idea of creating an insurance product, while insurance risk assessment involves recognizing the degree of exposure or a group of exposures related to the possibility of incurring a loss and analyzing the risk elements in order to make a decision on whether the PZU Group should accept a risk for insurance and assume liability. The insurance risk analysis takes into account the scope of insurance cover granted, the amount of the premium and (in financial insurance) the level of security.
The insurance risk assessment also involves actions relating to:
- prevention, involving insurance risk management aimed at:
- reducing the frequency of losses;
- reducing the extent of the losses;
- reinsurance of risks of the greatest amount and exposure.
Insurance risk measurement is based in particular on:
- the analysis of selected ratios;
- the scenario method – analysis of impairment arising from an assumed change in risk factors;
- the factor method – a simplified version of the scenario method, reduced to one scenario per risk factor;
- statistical data;
- exposure and sensitivity measures;
- the expertise of the Company’s employees.
The PZU Group manages insurance risk in particular by:
- specifying the tolerance to and monitoring insurance risk;
- business decisions and sales plans;
- calculating and monitoring the adequacy of technical reserves;
- tariff strategy, as well as monitoring current estimates and assessing the adequacy of the premium;
- the process of assessment, measurement and acceptance of insurance risk;
- the use of insurance risk mitigation tools, including, in particular, reinsurance and prevention.
In the event of any circumstances which cause adverse changes in insurance liabilities or a financial loss arising from variations in the occurrence, frequency or scale of insured events or variations in the payment of settled claims and benefits, the PZU Group takes steps to:
- modify the tariffs;
- modify the scope of the PZU Group’s liability in the individual specific products;
- introduce new exemptions to the general terms of insurance;
- modify the underwriting principles;
- develop co-insurance programs;
- develop reinsurance programs;
- withdraw a product from sales.
The PZU Group takes the following actions to mitigate the insurance risk:
- definition of the scopes of liability in the general terms of insurance or templates of financial insurance agreements;
- definition of exemptions from liability in the general terms of insurance or templates of financial insurance agreements;
- co-insurance and reinsurance actions;
- adequate tariff policies;
- adoption of conservative assumptions for calculating provisions using methods which are in compliance with the applicable legal regulations;
- underwriting procedure;
- claims handling procedure;
- sales decisions and plans;
This is a risk of a loss or an adverse change in the financial situation, which directly or indirectly arises from fluctuations and changes in market prices of assets, liabilities and financial instruments.
The identification of market risk involves recognizing the actual and potential sources of such risk. In the case of assets, the market risk identification process begins when a decision is made to commence transactions on a given type of financial instrument. The units which decide to start transactions on a given type of financial instrument prepare a description of the instrument, including, in particular, a description of the risk factors, and submit it to the Risk Department, which identifies and assesses the market risk on this basis.
The process of identifying market risk related to insurance liabilities starts simultaneously with the process of creating an insurance product and involves identifying the relationship between the amount of financial flows associated with this product and the market risk factors. Identified market risks are assessed in terms of materiality, i.e. based on whether the materialization of a risk would be related to a loss that could affect the PZU Group’s financial position.
The PZU Group measures market risk using the following measures of risk:
- exposure and sensitivity measures;
- accumulated monthly loss.
The following stages of the market risk measurement process can be distinguished:
- collection of information on assets and liabilities that generate market risk;
- calculation of the value of the risk.
The risk measurement is performed:
- daily – to measure exposures and sensitivity of instruments contained in the Kondor+ transaction system;
- monthly – using a partial internal model. Market risk is monitored on two levels: internally at the organizational units responsible for operating market risk management and independently by the Risk Department. Market risk monitoring involves analyzing the risk levels and the utilization of limits. Monitoring is performed in daily or monthly cycles adequately to the defined limits.
Management actions regarding market risk include, in particular:
- concluding transactions to mitigate market risk, such as selling a financial instrument, closing a derivative and purchasing a hedging derivative;
- diversifying the portfolio of assets, in particular with respect to market risk categories, maturities of instruments, concentration of exposure in one entity, geographical concentration;
- investing in highly liquid instruments;
- setting market risk restrictions and limits.
The setting of limits is the main management tool for maintaining risk positions within acceptable risk tolerance levels. The structure of limits for the individual market risk categories and the PZU Group organizational units is defined by ALCO taking into account the risk tolerance defined by the Management Board. ALCO sets additional detailed market risk limits.
Credit risk and concentration risk
This is the risk of incurring a loss or an adverse change in the financial situation to which the PZU Group is exposed, which arises from changes in credibility and creditworthiness of issuers of securities, business partners and any debtors, as a result of which the business partner may fail to meet its obligations or the credit spread could increase.
Credit risk is measured with the use of the following tools:
- exposure measures (the amount of the gross and net credit exposure and maturity-weighted net credit exposure);
- VaR, i.e. Value at Risk - a risk measure quantifying the potential economic loss, which will not be exceeded over a period of one year with a 99.5% probability under normal market circumstances.
Credit risk measurement with respect to a single entity is estimated as the sum of single exposures, calculated as the product of the following two values:
- risk weight for internal rating;
- net maturity-weighted credit exposure.
Concentration risk measurement for a single entity is calculated as the product of the following two values:
- the amount of exposure to this entity over the excessive concentration level;
- the concentration risk ratio set for every internal rating.
The total concentration risk at the PZU Group is measured as the sum of concentration risks of individual entities. In the case of related entities, concentration risk is specified for all related entities cumulatively.
Credit and concentration risk monitoring involves analyzing the risk level, assessing creditworthiness and determining the level of utilization of the limits set.
Monitoring is conducted in the following cycles:
- monthly – for financial insurance exposures;
- half-yearly – for Reinsurance Department exposures;
- daily – for other exposure limits;
- monthly – for VaR limits.
Management actions with respect to credit risk and concentration risk include, in particular:
- concluding transactions aimed at mitigating credit risk, such as selling a financial instrument, closing a derivative or purchasing a hedging derivative;
- accepting security;
- reinsuring a financial insurance portfolio;
- diversifying a portfolio of financial assets and insurance, mainly with respect to the state, sector;
- setting limits of exposure to a single entity, group of entities, sectors or states.
The structure of credit and concentration risk limits for the individual issuers is determined by the CRC in line with the risk tolerance determined by the Management Board. Additionally, the CRC sets detailed limits on amounts and qualitative restrictions.
Operational risk is defined by the PZU Group as a possibility of incurring a loss arising from inappropriate or incorrect internal processes, human actions, the operation of systems or external events.
Operational risk management has the purpose of optimizing the level of operational risk and operating efficiency in the PZU Group’s operations, leading to a reduction of losses and costs arising from such risks and ensuring adequate and effective controls, with the use of appropriate organizational, procedural and technical solutions. The level of operational risk is identified and assessed by the PZU Group by collecting and analyzing information on this risk for the security, human resources, IT and legal areas. The scale of exposure to operational risk can be determined in this way.
The following solutions are applied by the PZU Group to mitigate the operational risk level:
- updating and optimizing processes and procedures;
- changing the structure of checkpoints, reconciliation and validation;
- automation of control systems;
- contingency plans;
- monitoring and analysis of the number of security incidents;
- analysis of employee turnover and actions taken to minimize the risk level in this area, such as appropriate staff selection, improvement of employee qualifications, incentive systems;
- monitoring and analyzing the reasons for failures of the key IT systems.
The PZU Group companies manage their operational risk in accordance with the guidelines defined by the PZU Group, taking into account their specific nature and the scale of their activities. The Management Board and Supervisory Board members regularly receive information on the operational risk level.
As part of their business continuity plans, PZU companies (PZU, PZU Życie, PZU AM, TFI PZU, PZU CO and PZU PTE) have implemented and tested the solutions to ensure the correct operation of processes of critical importance to these companies in the case of failure.
Compliance risk is the risk of legal sanctions, financial losses or a loss of reputation arising from non-compliance of the PZU Group with the law, internal regulations or standards of conduct adopted by the PZU Group, including norms of ethics.
At the PZU Group, compliance risk is managed on the basis of the Compliance Policy and the Methodology of Identifying and Assessing Compliance Risk for Internal Processes.
The demarcation of responsibilities with respect to systemic and ongoing compliance risk management is based on the above-mentioned regulations. Ongoing management of compliance risk relating to specific processes is the responsibility of the managers of the individual organizational areas and units within the PZU Group.
The activities in the compliance area include in particular:
- developing solutions for implementing compliance risk management principles;
- promoting and monitoring compliance with internal regulations and standards of conduct in the compliance area at the PZU Group;
- monitoring the compliance risk management process at the PZU Group.
The Management Boards are responsible for making strategic decisions regarding compliance risk and accepting risk levels in this area.
The compliance risk management process is coordinated by the Compliance Department, which was established on the basis of resolutions of the Management Boards of PZU and PZU Życie in June 2013.
Compliance risk identification, assessment and measurement are performed by the managers of the PZU Group’s organizational units and, additionally, by the Compliance Department. Compliance risk is identified and assessed for the individual internal processes of the insurance company defined in the Classification by the managers of organizational units, in line with the demarcation of reporting responsibilities. Additionally, the Compliance Department identifies compliance risk on the basis of entries in the register of conflicts of interest, gifts, benefits and irregularities, as well as the enquiries received.
Compliance risk is assessed and measured by determining the effects of materialization of the following risks:
- financial, resulting from administrative penalties, court verdicts, contractual penalties, damages etc.;
- intangible, such as loss of reputation, including damage to the PZU image and brand.
Compliance risk is monitored mainly through:
- the analysis of quarterly reports received from the managers of the organizational units;
- the review of the regulatory requirements;
- participation in legislative work on amending the generally applicable regulations;
- participation in the activities of professional organizations;
- coordination of external control processes;
- coordination of reporting requirements arising from the stock exchange regulations and the law;
- review of the Compliance Department’s recommendations.
Reporting on compliance risk takes place quarterly. Risk reports for the PZU Group are submitted to the Management Board every year by 15 March of the following year. No material compliance risk incidents were identified in 2013.
Management actions taken in response to the compliance risk comprise in particular:
- acceptance of risk, e.g. in connection with legal or regulatory changes;
- mitigation of risk, including adjustment of procedures and processes to regulatory requirements, issuing opinions and drafting internal regulations from the point of view of compliance, participating in the process of agreeing marketing activities;
- avoiding risk through the prevention of involvement of PZU Group companies in activities which do not comply with the regulatory requirements or good market practices or which could have an adverse effect on their image.