The continuity of operational risk management in If P&C is secured through the Operational Risk Committee (ORC), which coordinates the operational risk process. The committee’s task is to give opinions, advice and recommendations to the ORSA Committee as well as to report the current operational risk status. The ORC is responsible for preparing a comprehensive overview of the operational risk status in If P&C. The status assessment is based on the self-assessments performed by the organization, reported incidents and other additional risk information. Trend analyses are performed on a yearly basis, during which the most important trends affecting the insurance industry are identified and the effects on If P&C are assessed. The committee shall consider and propose changes to policies and instructions regarding operational risks. The Chairman is responsible for the reporting of issues dealt with by the committee.
If P&C also has a Compliance Committee (CC), which is an advisory body for the Chief Compliance Officer regarding compliance issues. The task of the committee is to secure a comprehensive view of compliance risk and activities in If P&C.
The business organization and corporate functions have the responsibility to identify, assess, monitor and manage their operational risks. Risk identification and assessments are performed quarterly. Identified risks are assessed from a probability and impact perspective. The control status for each risk is assessed using a traffic light system: green – good control of risk, yellow – attention required, red – attention required immediately. Severe risks with control status yellow or red are reported to the ORC.
Incident reporting and analysis are managed differently depending on type of incident. All employees are required to report incidents via intranet, and others are identified through controls and investigations.
In order to manage operational risks, If P&C has issued a number of different steering documents: Operational Risk Policy, Continuity Plans, Business Continuity Policy, Security Policy, Outsourcing Policy, Complaints Handling Policy, Claims Handling Policy, and other steering documents related to different parts of the organization. These documents are being reviewed and updated at least annually.