Risk Management Process in Sampo Group Companies
Sampo Group’s business activities and therefore also risk management activities are mainly performed by the subsidiaries. The figure Illustration of company level risk management framework presents the basic elements, tasks and goals of company level risk management.
Illustration of Company Level Risk Management Framework
The subsidiary companies’ risk management is based on the Risk Management Principles established by the parent company. The subsidiaries organize their own risk management based on these Group level principles taking into account the business specific characteristics as well as laws and regulations. The central elements for facilitating successful risk management in the subsidiaries include the following:
- Risk management governance structure and authorizations
- Companies’ own risk policies and more detailed instructions related to risk management
Also the reporting models and valuation and risk measurement procedures related to independent measurement and control are important prerequisites for successful risk management process. Parties independent of business activities are responsible for the risk management governance framework, risk policies, risk limits and authorizations which form the structure that sets the limits for risk taking and principles for risk monitoring. These structures reflect the capital adequacy targets and risk appetite in general.
Independent specialists are also mainly responsible for the determination of reporting models and calculation procedures in use, although the business line organisations are consulted as well. Depending on the nature of the task in question, either business line organisations or independent risk management is responsible for the preparation of detailed instructions related to the tasks included in the risk management process.
The risk management process consists of continuous activities that are partly a responsibility of the personnel involved in business activities and partly of independent risk management specialists. Although the responsibilities of business lines and independent risk management are clear, they are co-operating closely. The tasks considered as forming parts of the risk management process can be classified, for example, as follows:
- Actions, i.e., business transactions representing the actual insurance and investment operations are performed in accordance with the given authorizations, risk policies and other instructions. Activities related to capitalization and liquidity position are included in this part of the process. The actions are the responsibility of business functions and centralized functions such as the investment department.
- Continuous analysis and assessment of opportunities supporting the business transactions can be defined as a separate phase in the risk management process since a significant part of the time consumed in insurance and investment activities is allocated to the assessment of potential business activities and analysis of different opportunities. For example in investment activities, time is mainly consumed in the preparation of analyses supporting the transactions and not completing the decided transactions. Even though persons independent of business operations with relevant expertise may participate in the analyses, the business functions have always the responsibility for this phase.
- Independent measurement and control includes the statutory profitability, risk and capitalization calculations and independent monitoring of operations. Independent financial and risk management functions are explicitly responsible for this phase.
High quality execution of the above mentioned tasks contributes to the achievement of the three central goals of the risk management process:
- Balance between risks, capital and earnings
- risks affecting the profitability and other significant risks are identified, assessed and analyzed;
- capitalization taking into account the expected profitability of the businesses is adequate in terms of risks inherent in business activities and operating environment;
- risk bearing capacity is allocated into different business areas according to chosen strategies;
- insurance risks are properly priced, the expected returns and risks of investment activities are balanced according to the set targets and non-profit risks are managed at a sufficient level.
- Cost efficient and high quality processes
- client services and internal operative processes are working as expected in terms of quality and costs;
- decision making is based on accurate, adequate and timely information;
- continuity of operations is ensured and in case of discontinuity events recovery is fast and comprehensive.
- Strategic and operational flexibility
The goals of the risk management process are essential steps in achieving the return on equity targets set by Sampo plc. Achievement of the goals of risk management process may also mitigate the yearly fluctuations in profitability. The risk management process is therefore considered to be one of the central contributors in creating value for the shareholders of Sampo plc.The following sections describe in more detail the risk governance structures of the Group and the subsidiaries as well as one of the central areas in the subsidiaries’ risk management – managing the balance between the risks and capital.