This section describes Sampo Group’s and its subsidiaries’ governance framework from a risk management perspective. A more detailed description of Sampo Group’s corporate governance and internal control system is included in the Corporate Governance section.
Risk Governance at Group Level
The Board of Directors of Sampo plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board of Directors of the parent company defines financial and capitalization targets for the subsidiaries and approves Group level principles steering the subsidiaries’ activities as described in section Sampo Group’s Operating Model. The risk exposures and capitalization reports of the subsidiaries are consolidated at Group level on a quarterly basis and reported to the Board and to the Audit Committee of Sampo plc.
The reporting lines of different governing bodies at Sampo Group level are described in the figure Risk governance in Sampo Group.
Risk Governance in Sampo Group
The Audit Committee (AC) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group’s risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these, control Sampo Group’s risks and risk concentrations as well as control the quality and scope of risk management in the Group companies. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from those members of the Board, who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.
The Group Chief Risk Officer (CRO) is responsible for the appropriateness of risk management on Sampo Group level. The CRO’s responsibility is to monitor Sampo Group’s aggregated risk exposure as a whole and coordinate and monitor company specific and Group level risk management.
The Boards of Directors of If P&C and Mandatum Life are the ultimate decision making bodies of the respective companies and have the overall responsibility for the risk management process in If P&C and Mandatum Life respectively. The Boards of Directors appoint the If P&C Risk Control Committee and the Mandatum Life Risk Management Committee and are responsible for identifying needs to change the policies, principles and instructions related to risk management.
Risk Governance in If P&C
The Board of If P&C ensures that the management and follow-up of risks are satisfactory, monitors risk reports and approves risk management plans.
The reporting lines of different governing bodies in If P&C are described in the figure Risk governance in If P&C.
Risk Governance in If P&C
The If Risk Control Committee (IRCC) assists the Chief Executive Officers (CEOs) and the Boards of Directors of If P&C in fulfilling their responsibilities pertaining to the risk management process. The IRCC reviews, discusses and gives input on risk issues raised from the relevant risk committees, experts and line organization. Furthermore, the IRCC also monitors that If P&C’s short-term and long-term aggregate risk profile is aligned with its risk strategy and capital adequacy requirements. The Risk Control unit within the Risk Management department is, on behalf of the Chief Risk Officer (CRO), responsible for coordinating and analyzing the information reported to the IRCC.
The respective risk committees in If P&C do not have a decision mandate. The responsibilities of the respective risk committees are:
- The Chairman of the Investment Control Committee (ICC) is responsible for monitoring the investment activities and supervising the implementation of the Investment Policy ensuring compliance with the principles and limits specified in the Investment Policy and for reporting deviations from the policy.
- The Chairman of the Underwriting Committee (UWC) is responsible for reporting deviations from the Underwriting Policy to the IRCC. UWC is responsible for monitoring compliance with the established underwriting principles. The committee shall propose changes and/or extensions to the Underwriting Policy.
- The Actuarial Committee (AC) is a coordination forum for the Actuarial Function in If Group, as well as a preparatory and advisory body for the Chief Actuary. The committee shall secure a comprehensive view and effective control over reserve risk, as part of the risk management framework. The committee shall discuss and give recommendations regarding policies and guidelines of technical provisions and review and give suggestions for update of the Risk Data Policy.
- The Reinsurance Committee (RC) is a collaboration forum formed to secure the objectives of Reinsurance in If. The Reinsurance Committee is an advisory body where decision items are discussed and recommendations given. The committee shall consider and propose updates and changes to the Reinsurance Policy and the Internal Reinsurance Policy.
- The Chairman of the Reinsurance Security Committee (RSC) is responsible for reporting deviations from the Reinsurance Security Policy to the IRCC. The committee shall monitor and evaluate estimated reinsurance credit risk exposure in the portfolio, and suggest possible actions.
- The Chairman of the Operational Risk Committee (ORC) is responsible for reporting on the operational risk status for If P&C as a whole based on the risks identified in the Operational Risk Assessment (ORA) process. The committee shall consider and propose changes and/or extensions to policies and instructions regarding operational risks.
- The Ethics Committee (EC) discusses and coordinates ethics issues within If P&C, within the scope of policies or other governing documents regarding values and ethical behavior. The committee also gives recommendations on ethical issues to the Chairman of the committee to be communicated to the line organization and management. The committee shall also propose changes and/or extensions to the Ethical Policy.
- The Compliance Committee (CC) is a coordination forum and advisory body for the Chief Compliance Officer regarding legal compliance issues. The task of the forum is to secure a comprehensive view on compliance risk and activities in If P&C.
Risk Governance in Mandatum Life
In Mandatum Life the Board of Directors is responsible for risk management and adequacy of internal control. The Board annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.
The Managing Director of Mandatum Life has the overall responsibility for the risk management according to Board of Directors’ instructions. The reporting lines of different governing bodies in Mandatum Life are described in the figure Risk governance in Mandatum Life.
Risk Governance in Mandatum Life
- The Risk Management Committee (RMC) coordinates and monitors all risks in Mandatum Life. The Committee is chaired by the Managing Director. Risks are divided into main groups which are insurance, market, operational, legal and compliance risks as well as business and reputational risks. Risks related to the Baltic subsidiary are also included. Each risk area has a responsible person in the Committee.
- Mandatum Life’s Asset and Liability Committee (ALCO) controls that the investment activities are conducted within the limits defined in the Investment Policy approved by the Board and monitors the adequacy of liquidity, profitability and solvency capital in relation to the risks in the balance sheet. ALCO prepares a proposal of Investment Policy to the Board of Directors. ALCO reports to the Board and meets at a minimum on a monthly basis.
- The Insurance Risk Committee is responsible for maintaining the Underwriting Policy and monitoring the functioning of the risk selection and claims processes. The Committee also reports all deviations from the Underwriting Policy to the RMC. The Insurance Risk Committee is chaired by the Chief Actuary who is responsible for ensuring that the principles for pricing policies and for the calculation of technical provisions are adequate and in line with the risk selection and claims processes. The Board approves the insurance policy pricing and the central principles for the calculation of technical provisions. In addition, the Board defines the maximum amount of risk to be retained on the company’s own account and approves the reinsurance policy annually.
- The Operational Risk Committee (ORC) analyzes and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realized operational risk incidents. Significant observations are reported to the Risk Management Committee and to the Board of Directors quarterly. ORC is also responsible for maintaining and updating the continuity and preparedness plans as well as the Internal Control Policy.
- The Legal and Compliance Unit is taking care of compliance matters and Head of the Unit is a member of the Risk Management Committee. Managing director is responsible for business and reputation risk issues and he is also the Chairman of the Risk Management Committee.
- The Baltic subsidiary has its own risk management procedures. All major incidents are also reported to Mandatum Life’s Risk Management Committee. The Chairman of the Baltic Subsidiary is a member of the Risk Management Committee.
In addition the above mentioned committees and units, the Internal Audit with its audit recommendations has a role to ensure that adequate internal controls are in place and provides Internal Audit’s annual review to the Board of Directors.