The objective of operational risk management in Mandatum Life is to enhance the efficiency of internal processes and decrease negative impact on Mandatum Life. The aim is to minimize operational risks subject to cost-benefit considerations.
Business units are responsible for the identification, assessment and management of own operational risks, including organizing adequate internal control. Operational Risk Committee (ORC) monitors and coordinates risk management issues regarding operational risks within Mandatum Life, such as policies and recommendations concerning operational risk management. The committee ensures that risks are identified and internal control and risk management have been organized in a proper way. The committee also analyses deviations from operational risk management policies and monitors operational risks identified in the self-assessments as well as the occurred incidents. The committee meets at minimum three times a year. Significant observations on operational risks are submitted to the Risk Management Committee and Board of Directors on a quarterly basis.
The Operational Risk Committee (ORC) analyzes and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realized operational risk incidents. Significant observations are reported to the Risk Management Committee and to the Board of Directors quarterly. ORC is also responsible for maintaining and updating the continuity and preparedness plans as well as the Internal Control Policy.
In order to limit operational risks, Mandatum Life has approved a number of policies including e.g. Internal Control Policy, Compliance Policy, Security Policies, Continuity Plan, Procurement and Outsourcing Policy, Complaints Handling Policy and a number of other policies related to ongoing operative activities. Deviations against different policies are followed up independently in each business unit and reported to the Compliance Officer and the ORC.
Internal control system in processes aims at preventing and identifying negative incidents and minimizing their impact. In addition, would there be an operational risk event or a near miss, this must be analyzed and reported to ORC.