Home | Risk management | Risk profile

Risk profile

The risk profile did not change significantly in 2014.

The most important factors influencing PZU Group’s risk profile in 2014:

The acquisition of the Polish and Baltic assets was the key event from the point of view of PZU Group’s risk profile. The influence of this event is insignificant due to the traditional structure of the insurance portfolios in the acquired companies and the structure of assets characterised by low level of risk. Moreover, the new companies have already adopted and implemented the risk management model of PZU Group and all incidents are constantly analysed and monitored.

The main types of risks incurred by PZU Group include insurance risk, market risk, credit risk, concentration risk, operational risk and compliance risk.


It is the risk of a loss or an adverse change in the value of insurance liabilities as a result of improper assumptions regarding valuation and the establishment of provisions.

The process of risk identification starts with the idea of creating an insurance product and it lasts until the liabilities relating to it will expire. Insurance risk identification is carried out, i.a. by means of:

  • an analysis of general insurance terms in respect of the accepted risk and compliance with generally applicable provisions of law;
  • monitoring of the existing products;
  • an analysis of the policy relating to underwriting, tariffs, provisions and reinsurance, as well as the claims and benefits handling process.

Insurance risk assessment involves recognizing the degree of exposure or a group of exposures related to the possibility of incurring a loss and analysing the risk elements in order to make a decision on whether PZU should accept a risk for insurance and assume liability. The aim of the risk assessment (underwriting) is the assessment of future claims and the reduction of anti-selection.

Insurance risk measurement is based in particular on:

  • the analysis of selected ratios;
  • the scenario method - analysis of impairment arising from an assumed change in risk factors;
  • the factor method - a simplified version of the scenario method, reduced to one scenario per risk factor;
  • statistical data.

Monitoring and controlling of insurance risk includes the analysis of the level of risk by means of a set of reports including selected ratios.

The reporting aims to ensure efficient insurance risk communication and supports insurance risk management at various position from the employee level to the Supervisory Board. The frequency of individual reports and the scope of information are tailored to meet the information needs at different decision-making levels.

Insurance risk management process are carried out, in particular by:

  • specifying the level of tolerance to insurance risk and monitoring thereof;
  • business decisions and sales plans;
  • calculating and monitoring the adequacy of technical provisions;
  • tariff strategy, as well as monitoring existing estimates and assessing the adequacy of the premium;
  • the process of assessment, measurement and acceptance of insurance risk;
  • the use of insurance risk mitigation tools, including, in particular, reinsurance and prevention.

Furthermore, in order to reduce the insurance risk associated with the ongoing activities the following actions, in particular, are undertaken:

  • definition of the scopes of liability and exclusions in the general terms of insurance;
  • reinsurance activities;
  • adequate tariff policy;
  • employ of appropriate methodology of provisions calculation;
  • appropriate underwriting process;
  • appropriate claims handling process;
  • sales decisions and plans;
  • prevention.
Market Risk

This is a risk of a loss or an adverse change in the financial situation, which directly or indirectly arises from fluctuations and changes in market prices of assets, liabilities and financial instruments.

The identification of market risk involves recognizing the actual and potential sources of such risk. In the case of assets, the market risk identification process begins when a decision is made to commence transactions on a given type of financial instrument. The units which decide to start transactions on a given type of financial instrument prepare a description of the instrument, including, in particular, a description of the risk factors, and submit it to the unit responsible for risk management, which identifies and assesses the market risk on this basis.

The process of identifying market risk related to insurance liabilities starts simultaneously with the process of creating an insurance product and involves identifying the relationship between the amount of cash flows associated with this product and the market risk factors. Identified market risks are assessed in terms of materiality, i.e. based on whether the materialization of a risk would be related to a loss that could affect the financial position.

The market risk is measured using the following measures of risk:

  • VaR, i.e. Value at Risk - a risk measure quantifying the potential economic loss, which will not be exceeded over a period of one year with a 99.5% probability under normal market circumstances;
  • exposure and sensitivity measures;
  • accumulated monthly loss.

The following stages of the market risk measurement process can be distinguished:

  • collection of information on assets and liabilities that generate market risk;
  • calculation of the value of the risk.

The risk measurement is performed:

  • for the measures of exposure and sensitivity of instruments;
  • by using a partial internal model.

Monitoring and control of the market risk involves analysing the risk levels and the utilization of limits.

Reporting consists of communicating the level of market risk and the effects of monitoring and control to the different decision-making levels. The frequency of individual reports and the scope of information are tailored to meet the information needs at different decision-making levels.

Management actions regarding market risk include, in particular:

  • concluding transactions to mitigate market risk, such as selling a financial instrument, closing out a derivative transaction and purchasing a hedging derivative;
  • diversifying the portfolio of assets, in particular with respect to market risk categories, maturities of instruments, concentration of exposure in one entity, geographical concentration;
  • setting market risk restrictions and limits.

The setting of limits is the main management tool for maintaining risk positions within acceptable risk levels. The structure of limits for the individual market risk categories and the organizational units is defined by dedicated Committees in line with the risk tolerance.

Credit Risk and concentration Risk
Credit risk and concentration risk

Credit risk is the risk of loss or adverse change of the financial standing resulting from fluctuations of reliability and creditworthiness of issuers of instruments, counterparties and debtors, which materializes in the default of counterparty or an increase in credit spread.

Concentration risk is a risk arising from lack of diversification in the portfolio of assets or from too high exposure to the risk of default by a single entity or group of related entities.

Identification of the credit and concentration risk takes place at the stage of making a decision to invest in a new type of financial instrument or the credit exposure to a new entity.

Identification is based on an analysis of whether a given investment is related to credit or concentration risk, on which its level and volatility depends. The actual and potential sources of credit and concentration risk are identified.

The risk assessment is based on estimating how probable it is that the risk will occur and potential impact of such occurrence on the financial condition.

Credit risk is measured with the use of the following tools:

  • exposure measures (the amount of the gross and net credit exposure and maturity-weighted net credit exposure);
  • VaR.

Concentration risk measurement for a single entity is calculated as the product of the following two values:

  • the amount of exposure to this entity over the excessive concentration level;
  • the concentration risk ratio set for every internal rating.

The total concentration risk is measured as the sum of concentration risks of individual entities. In the case of related related, concentration risk is specified for all related entities cumulatively.

Monitoring and controlling of the credit and concentration risk involve analysing the current risk level, assessing creditworthiness and determining the level of utilization of the limits set.

Monitoring is conducted for:

  • financial insurance exposures;
  • reinsurance exposures;
  • exposure limits and VaR limits.

Reporting consists of communicating the level of credit and concentration risk and the effects of monitoring and control to the different decision-making levels. The frequency of individual reports and the scope of information are tailored to meet the information needs at different decision-making levels.

Management actions with respect to credit risk and concentration risk include, in particular:

  • setting limits of exposure to a single entity, group of entities, sectors or states;
  • diversifying a portfolio of financial assets and insurance, mainly with respect to the state, sector;
  • accepting security;
  • concluding transactions aimed at mitigating credit risk, such as selling a financial instrument, closing out a derivative transaction or purchasing a hedging derivative, restructuring of the granted debt;
  • reinsuring a financial insurance portfolio;

The structure of credit and concentration risk limits for the individual issuers is determined by dedicated Committees in line with the risk tolerance.

Operational Risk

Is a risk of loss resulting from incorrect or erroneous internal processes, human actions, operation of systems or external factors.

Identification of the operational risk is carried out, in particular, by means of:

  • collecting and analysing information on operational risk incidents;
  • operational risk self-assessment.

Assessment and measurement of the operational risk is carried out by means of:

  • identifying the results of operational risk incidents;
  • estimating the results of potential operational risk incidents which may occur in the course of business activity.

Monitoring and controlling the operational risk is carried out mainly by the established operational risk indicators which make it possible to assess the change of the operational risk level , and the factors that influence the risk level in business activities.

Reporting consists of communicating the level of operational risk and the effects of monitoring and control to the different decision-making levels. The frequency of individual reports and the scope of information are tailored to meet the information needs at different decision-making levels.

Management actions in response to the identified and assessed operational risk involve, in particular:

  • reducing risk by taking actions aimed at minimising the risk, i.a. by strengthening the internal control system;
  • risk transfer – in particular by means of concluding an insurance agreement;
  • avoiding risk by not engaging in or withdrawing from particular business activity when excessive operational risk is detected and its restriction would be too costly to make the venture profitable;
  • risk acceptance – approval of the consequences of a possible materialisation of the operational risk if its level does not exceed the tolerance level for operational risk.

The business continuity plans were implemented in the key companies of PZU Group. The companies tested also the actions that secure the correct operation of processes which are of key importance to these companies in the case of breakdown.

Compliance Risk

Is the risk of legal sanctions, financial losses or a loss of reputation arising from non-compliance with the law, internal regulations or adopted standards of conduct, including norms of ethics.

Compliance risk is identified and assessed for the individual internal processes by the managers of organizational units, in line with the division of reporting responsibilities. Additionally, the compliance unit identifies risks on the basis of entries in the register of conflicts of interest, gifts, benefits and irregularities, as well as the enquiries received.

Compliance risk is assessed and measured by determining the effects of materialization of the following risks:

  • financial, resulting from administrative penalties, court verdicts, penalties, damages etc.
  • intangible, such as loss of reputation, including damage to PZU Group’s image and brand.

Compliance risk is monitored mainly through:

  • the analysis of quarterly reports received from the managers of the organizational units;
  • the review of the regulatory requirements;
  • participation in legislative work on amending the generally applicable regulations;
  • participation in the activities of professional organizations;
  • coordination of external control processes;
  • coordination of reporting requirements arising from the stock exchange regulations and the statutory law;
  • review of the recommendations of PZU Group’s compliance unit.

Management actions taken in response to the compliance risk comprise in particular:

  • acceptance of risk, e.g. in connection with legal or regulatory changes;
  • mitigation of risk, including adjustment of procedures and processes to regulatory requirements, issuing opinions and drafting internal regulations from the point of view of compliance, participating in the process of agreeing marketing activities;
  • avoiding risk through the prevention of involvement in activities which do not comply with the regulatory requirements or good market practices or which could have an adverse effect on their image.