Home | Risk management | Risk management process

Risk management process

The process of identifying, monitoring and reporting risk is covered by a system of internal controls. This ensures compliance with regulatory process and allows for a continuous improvement relative to the profile of the PZU Group.

Two levels are distinguished in the risk management process:

  • PZU Group’s level – It ensures that PZU Group implements its business objectives in a safe way which is adequate to the scale of risk involved. This level engages the monitoring of limits and specific types of risk occurring in business lines, e.g. catastrophe risk, entire exposure of PZU Group to financial risk or counterparty risk. PZU Group ensures support in the application of coherent risk management standards and monitors their implementation. Dedicated employees from PZU Group cooperate with Management Boards of the companies and with management of such areas as finance, risk, actuary, reinsurance, investment.
  • company’s level – It ensures that the company implements its business objectives in a safe way which is conformable to the scale of risk involved in its operations. This level involves the monitoring of limits and specific types of risk occurring in the given company and implementation of the risk management process at the level of the single company (both in terms of local legal regulations and standards of PZU Group).

The risk management process consists of the following stages:


Begins with the proposal to commence the creation of an insurance product, acquire a financial instrument, change the operating process, as well upon the occurrence of any other event which potentially results in a risk. The identification process takes place until the expiry of the liabilities, receivables or activities related to the given risk. The identification of market risk involves recognising the actual and potential sources of such risk which are then identified as to their relevance.

Risk assessment and measurement

Risk assessment and measurement are performed depending on the characteristics of the given risk type and the level o its relevance. The risk assessment is performed by specialised units. In every company, the risk unit is responsible for development of risk assessment tools and risk assessment process to the extent which specifies risk appetite, risk profile and risk tolerance levels.

Risk monitoring and control

This involves ongoing reviews of any variances from the assumed parameters, namely limits, thresholds, plans, values from the previous period, recommendations and guidelines issued, which are performed by dedicated units.


Allows efficient risk communication and supports risk management at various decision-making levels.

Management activities

These activities encompass among others risk mitigation, risk transfer, risk avoidance, specifying risk appetite, acceptance of risk tolerance levels, as well as tools which facilitate such activities, i.e. thresholds, reinsurance plans and reviews of underwriting policy.