2. Risk management system


The focus of risk management with management structures and defined processes is the attainment of the strategic goals of the UNIQA Group and its subsidiaries.

The UNIQA Group’s Risk Management Guidelines form the basis for a uniform standard at various company levels. The guidelines are approved by the Group CRO and Management Board and describe the minimum requirements in terms of organisational structure and process structure. They also provide a framework for all risk management processes for the most important risk categories.

In addition to Group Risk Management Guidelines, a set of Risk Management Guidelines have also been prepared and approved for the company’s subsidiaries. The Risk Management Guidelines at subsidiary level were approved by the Management Board of the UNIQA subsidiaries and are consistent with the UNIQA Group Risk Management Guidelines.

They aim to ensure that risks relevant to the UNIQA Group are identified in advance and evaluated. If necessary, proactive measures are introduced to transfer or minimise the risk.

Intensive training on the content and utilisation of these guidelines is required in order to enshrine risk management in everyday business activities. Very extensive information and training measures have therefore been implemented since 2012, which will be continued in 2014 and extended to further target groups.

2.1. Organisational structure (governance)

The detailed set-up of the risk management process and organisational structure is set out in the UNIQA Group’s Risk Management Guidelines. These reflect the principles of “three lines of defence” and the clear differences between the individual “lines of defence”.

First line of defence: risk management within the business activity

Those responsible for business activities must build up and embody a reasonable monitoring environment to identify and monitor the risks that arise in connection with the business and the processes.

Second line of defence: supervisory functions including risk management functions

The risk management function and the supervisory functions, such as controlling, must monitor business activities without encroaching on operational activities.

Third line of defence: internal and external auditing

This enables an independent review of the formation and effectiveness of the entire internal control system, which comprises risk management and compliance (e.g. internal auditing).

The following describes the organisational structure and the most essential process responsibilities within the UNIQA Group. Functional tasks and obligations are described precisely in the Risk Management Guidelines.

The UNIQA Group Management Board is responsible for establishing business policy targets.

The Chief Risk Officer (CRO) function has its own department on the Management Board of the holding company. This ensures that the topic of risk management is represented on the Management Board. In his risk management activities, the CRO is supported in the implementation and fulfilment of his duties in particular by the departments of risk management & internal control system, market risk management, and value-based management & compliance.

Furthermore, CRO and risk manager functions were also established at Management Board level in the operative insurance companies. This ensures a continuous and uniform risk management system within the Group.

The risk management committees constitute a central element in the risk management organisation, at both Group level and in every UNIQA company. The risk management committee is the management body for controlling and both short- and long-term steering of the risk profile for UNIQA companies. The risk management committee establishes the risk strategy, monitors and steers compliance with risk-bearing capacity and limits and therefore plays a central role in the UNIQA Group’s risk management system steering process.

The Supervisory Board of the UNIQA Group is informed in depth of the preparation of the risk report at Supervisory Board meetings.

2.2. Risk management process

The UNIQA Group’s risk management process (UNIQA ORSA process) delivers periodic information about the risk profile and enables the top management to make the right decisions for the long-term achievement of objectives.

The process concentrates on risks relevant to the company and is defined for the following risk categories:

  • Actuarial risk (property and casualty insurance, health and life insurance)
  • Market risk/asset/liability mismatch risk
  • Credit risk/default risk
  • Liquidity risk
  • Concentration risk
  • Strategic risk
  • Reputation risk
  • Operational risk
  • Contagion risk

A Group-wide, standardised risk management process regularly identifies, evaluates and reports on risks to the UNIQA Group and its subsidiaries within these risk categories.

UNIQA Group risk management process

UNIQA Group – risk management process (graphic)

Risk identification:

Risk identification is the starting point for the risk management process, systematically recording all major risks and describing them in as much detail as possible. In order to conduct as complete a risk identification process as possible, different approaches are used in parallel, and all risk categories, subsidiaries, processes and systems are included

Evaluation/measurement:

The risk categories of market risk, actuarial risks, counterparty default risk and concentration risk are evaluated in the UNIQA Group framework by means of a quantitative method based on the standard approach of Solvency II and the ECM (economic capital model) approach. Furthermore, risk drivers are identified for the results from the standard approach and analysed to assess whether the risk situation is adequately represented (in accordance with ORSA).

All other risk categories are evaluated with their own risk scenarios.

Scenario analysis in UNIQA risk management

One essential element of the risk management process is the derivation and development of risk scenarios based on the economic, internal and external risk situation of the UNIQA Group.

A scenario is a possible internal or external event that causes a short-term or medium-term effect on the Group profit, solvency position or sustainability. The scenario is formulated in accordance with its expression (e.g. the start of Greece’s insolvency) and evaluated in terms of its financial effect on the UNIQA Group. The likelihood that the scenario will actually occur is also considered.

These scenarios are developed, assessed and constantly monitored by the experts in the UNIQA risk management department. Risk mitigation measures are taken on a proactive basis for potential threats.

Limits/early warning indicators:

The limit and early warning system determines risk-bearing capacity (available equity according to IFRS, financial equity) and capital requirements on the basis of the risk situation at ongoing intervals, thereby deriving the level of coverage. If critical coverage thresholds are reached, then a precisely defined process is set in motion, the purpose of which is to reduce the level of solvency coverage to a non-critical level.

Reporting:

A risk report is prepared twice a year for each operational company and for the UNIQA Group on the basis of detailed risk analysis and monitoring. The risk report for each individual UNIQA subsidiary and the UNIQA Group itself has the same structure, providing an overview of major risk indicators such as risk-bearing capacity, solvency requirements and risk profile.

A reporting form is also available for the UNIQA Group and all subsidiaries, which provides the management with a monthly update regarding the most significant risks.

2.3. Activities and targets of 2013
ORSA (Own Risk and Solvency Assessment) development

The interim guideline FLOAR (Forward Looking Own Assessment of Risk) is being implemented in all EU countries in 2014 and introduces the Own Risk and Solvency Assessment process to the European Union’s insurance companies. In Austria, this interim guideline will be incorporated into the Insurance Supervisory Act by way of an amendment (expected 1 July 2014) and is thus legally binding.

As part of the ORSA process, the business strategy process is linked with the risk management process and the capital management process.

Major components of the ORSA process are

  • An estimate of the development of economic capital and the solvency requirement derived from the corporate strategy,
  • A valid assessment of the risk situation of the UNIQA Group and its companies, and
  • Stress tests and scenario calculations.

In 2013, the UNIQA Group developed the corresponding process model and the required tools, which will be rolled out to the Group subsidiaries in 2014. The processes are described in the UNIQA Group’s ORSA policy.

A major factor when this was being conceived was to rely on existing process elements in order to make use of company processes that function well. Therefore, the existing planning process was used as a supporting process and synchronised with the existing risk management process. The comprehensive rollout of the process with an extensive information initiative is planned for 2014.

R3 training

A major success factor for a functioning Group-wide risk management framework is a good understanding of the objectives and effects of the risk management approach on the UNIQA Group. For this purpose, a comprehensive training programme was launched for top management, management and employees in key functions.

It deals with the regulatory framework of Solvency II, internal risk management governance and its processes, the calculation methods and their effects on the business model, IFRS accounting issues, the essentials of rating and reservation, and compliance issues.

Furthermore, a risk management case designed especially for the training programme is simulated.

Training the Supervisory Board of the UNIQA Group is a high priority, so that the members of the Supervisory Board are informed of the ongoing developments in the management approach (economic management) and can consider these developments while performing their supervisory function. These include the issues of “embedded value”, the UNIQA Group’s capital model and economic management indicators.

Internal control system

Implementing a Group-wide internal control system was a major project for the risk management process in 2013.

In addition to prudential requirements, the UNIQA Group places a particularly high value on transparent and efficient processes, which are a prerequisite for attaining the strategic goals defined in the course of the UNIQA Group’s reorientation.

The ICS guidelines, which were adopted at both the Group and company level in 2013, define the minimum requirements of an internal control system in terms of methods and scope. Central elements of these guidelines are in accordance with the framework that was developed by COSO (“Committee of Sponsoring Organizations of the Treadway Commission”).

The internal control system was implemented in accordance with the ICS guidelines for the following core processes (and their sub-processes):

  • Accounting
  • Asset management
  • Product development
  • Collection/disbursement
  • Underwriting
  • Processing of claims
  • Risk management process
  • Reinsurance
  • IT processes

The objective is to recognise in a timely manner risks that can occur during a process and prevent them. After the risk identification phase, key controls should be defined for all major risks, and these controls should reduce or eliminate risks. In addition to accounting processes, in which we want to minimise the risk of errors in the consolidated statements by means of appropriate controls, we also place great emphasis on error-free process procedures from the core business.

Description of the most important features of the internal control system (ICS) with regard to the accounting process according to Section 243a paragraph 2 of the Austrian Commercial Code

In terms of accounting processes, an ICS process has been defined and in operation since 2009.

The goal of the accounting process internal control system is to implement controls to ensure that a proper report can be reliably produced despite the identified risks. Operational and litigation risks are prevented or considerably reduced using the internal control system according to the UNIQA Group’s ICS framework. In order to guarantee a higher security level, a standardised internal control system has also been set up for the upstream processes.

Organisational structure and controlling scope

The accounting process of the UNIQA Group is standardised throughout the Group. Compliance guidelines, operational organisation manuals, balance sheet and consolidation manuals exist to ensure a reliable process. Processing is largely centralised for domestic affiliated companies. For international Group companies, the accounting process is largely decentralised.

Identification and controlling of risks

An inventory of the existing risks was taken and appropriate monitoring measures were defined for the identification of existing risks. The most important checks were defined in guidelines and instructions and coupled with an authorisation concept. The checks cover both manual coordination and reconciliation routines, as well as acceptance inspections of system configurations for connected IT systems. Identified risks and weak points in monitoring the accounting process are reported quickly to management so that corrective measures can be taken. The procedure for identifying and monitoring the risks is regularly evaluated by an independent, external consultant.

Phasing in/Solvency II – governance

According to Article 41 (1) Solvency II, every insurance company must have an effective governance system that guarantees sound and careful management of the business. This system entails at least an appropriate, transparent organisational structure with a clear allocation and appropriate separation of responsibilities and an effective information system.

In order to satisfy the many-faceted requirements of Solvency II regarding the governance system, UNIQA developed the governance model as a first step in 2012. The model consolidates major governance principles and clearly defines the competencies and responsibilities of individual executive bodies in the process of making decisions on major issues by applying a clearly structured decision matrix. This model applies to Austrian companies. In 2013, the UNIQA Group’s governance model was reviewed for the first time after a year of effective application. This review detected potential for improvement in some areas. These improvements will be included in the new version of the governance model, which is planned for 2014.

The extension of the governance model to UNIQA subsidiaries began in 2013. At the same time, a separate governance model is being prepared for all foreign subsidiaries, which anchors general governance principles in the particular attributes of the individual countries. In autumn 2013, two countries had the opportunity to examine the prescribed international governance model in a test phase and to comment on the content. The countries’ input was discussed in detail with the Uniqa International working group and incorporated into the initial version of the model.

Compliance

In the second half of 2013, the Group Compliance department began setting up and harmonising the compliance structures abroad. The goal is to establish a standard set of specifications and guidelines within the Group.

As a first step, local compliance officers were appointed in all subsidiaries. After creating this structure, the compliance risks of individual countries must be identified and assessed. A lean central structure to create the necessary tools and processes helps to prepare the organisation of UNIQA accordingly.

ALM/market and credit risk model

In 2013, the ALM process and the associated governance were enhanced. Further improvements were made, in particular regarding capital allocation to various sub-risks in the context of market and credit risk and regarding the measurement of capacity utilisation. A central ALM authority was established for all subsidiaries.

In addition, the models developed in 2012 to measure capital requirements were finally implemented or automated. This enabled regular/in-year depiction of the risk profile and limits based thereon. In connection with developments regarding evaluation (especially of complex financial instruments), important measures were implemented for the better, more transparent presentation of the current financial risk situation. It is managed on the basis of risk capital consumption and associated limits, which enables strategic decisions on the basis of the value-oriented risk/return analysis.

Actuarial practice

Products & profitability

The Group guidelines introduced in the last two years on standardised and mandatory profitability analyses, especially regarding life insurance and the motor vehicle sectors of property and casualty insurance, were implemented consistently in 2013 and have increased in importance in the product acceptance process. The target of high coverage of new tariffs was achieved in particular for the motor vehicle sectors, which were included in the analysis for the first time in 2013. In addition, clear improvements were made to profitability, primarily in life insurance, where the process is already established. As a next step, the minimum profitability requirement will be raised in 2014 and 2015.

Actuarial monitoring of core business

The implemented actuarial monitoring was enhanced in 2013, especially with regard to the increase of data quality and automation of the resulting reports. The two core analyses – source-of-profit analysis for life insurance and detailed analysis of settlement results in property and casualty insurance – are included in excerpts in corresponding committee meetings and decision-making processes.

Reinsurance

In 2013, one focus was bolstering expertise on the issue of natural hazard models. The medium-term priority in this segment is to establish and communicate in-depth knowledge of the structure and operation of individual natural hazard models, to develop validation methods at both market and company level, to improve the quality of input data on an individual company basis, and to prepare a training plan for the UNIQA Group companies.

The first internally generated documents with basic knowledge regarding individual natural hazards were compiled in 2013. In addition, a database structure was developed, which will include standardised technical specifications for each natural hazard model relevant to the Group. There are also initial plans for detailed model evaluations, which are already being implemented at the moment. The targeted deployment and management of the external service providers consulted on this are also the responsibility of this segment at UNIQA Re AG.

© UNIQA Group 2014