Risk Governance
This section describes Sampo Group’s and its subsidiaries’ governance framework from a risk management perspective. A more detailed description of Sampo Group’s corporate governance and internal control system is included in the Corporate Governance section.
Risk Governance in If P&C
The main risk steering mechanism used by the Boards of Directors is the policy framework. As part of their responsibilities the Boards of Directors approve the Risk Management Policy and the other risk steering documents, receive risk reports and ensure that the management and follow-up of risks are satisfactory. The reporting lines of different governing bodies in If P&C are described in the figure Risk Governance in If P&C.
Risk Governance in If P&C
The Own Risk and Solvency Assessment Committee (ORSAC) assists the Chief Executive Officers (CEOs) of If P&C in fulfilling their responsibilities pertaining to the risk management process. The ORSAC reviews, discusses and gives input to reporting from If’s other committees within the Risk Management System, as well as from functions, experts and the line organization. Furthermore, the ORSAC also monitors that If P&C’s short-term and long-term aggregated risk profile is aligned with its risk strategy and capital adequacy requirements. The Risk Control and Reporting unit within the Risk Management department is, on behalf of the Chief Risk Officer (CRO), responsible for coordinating and analyzing the information reported to the ORSAC.
The responsibility to identify, evaluate, control and manage risks lies within the line organization. There are separate committees in place for key risk areas and they have the responsibility to monitor that risks are managed and controlled as decided by the Boards of Directors. The risk committees in If P&C do not have a decision mandate. The duties of these Committees are described later in the respective chapters discussing each relevant risk.
Policies are in place for each risk area specifying restrictions and limits chosen to reflect and secure that the risk level at all times complies with the overall risk appetite and capital adequacy constraints of If P&C. The committees shall also monitor the effectiveness of policies and give input to changes and updates if needed.
In addition to the risk specific committees, there are two other committees included in the Risk Governance structure. Their responsibilities are described as follows:
- The Ethics Committee (EC) discusses and coordinates ethics issues in If P&C. The committee gives recommendations on ethical issues and proposes changes to the Ethics Policy. The Chairman is responsible for the reporting on ethics risk and other issues dealt with by the committee.
- The Internal Model Committee is an advisory and preparatory body to the Boards of Directors and the CEOs. In accordance with the committee instruction its tasks are to identify sources for potential model changes and to give its opinion to the Chairman on the assessment and classification of potential changes and on further validation activities or internal model development. In addition to the tasks above, the committee discusses and analyzes information related to the internal model from other committees as well as monitors the status of internal model use and development activities.
Risk Governance in Mandatum Life
In Mandatum Life the Board of Directors is responsible for risk management and adequacy of internal control. The Board annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.
The Managing Director of Mandatum Life has the overall responsibility for the risk management according to Board of Directors’ instructions. Managing director is the Chairman of the Risk Management Committee (RMC) that coordinates and monitors all risks in Mandatum Life. Risks are divided into main groups which are insurance, market, operational, legal and compliance risks as well as business and reputation risks. Each risk area has its own specialized committee or unit and a responsible person in the RMC.
The reporting lines of the main governing bodies in Mandatum Life are described in the figure Risk Governance in Mandatum Life. The duties of Asset & Liability, Insurance Risk and Operational Risk Committees are described later in the context of each relevant risk.
Risk Governance in Mandatum Life
In addition to the risk specific committees, the duties related to compliance and risk management of the Baltic subsidiary have been organized as follows:
- The Legal and Compliance Unit is taking care of compliance matters and Head of the Unit is a member of the Risk Management Committee.
- The Baltic subsidiary has its own risk management procedures. All major incidents are also reported to Mandatum Life’s Risk Management Committee. The Chairman of the Baltic Subsidiary is a member of the Risk Management Committee.
Internal Audit with its audit recommendations has a role to ensure that adequate internal controls are in place and provides Internal Audit’s annual review to the Board of Directors.
Risk Governance at Group Level
The Board of Directors of Sampo plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board of Directors of the parent company defines financial and capitalization targets for the subsidiaries and approves group level principles steering the subsidiaries’ activities as described in section Sampo Group Steering Principles and Risk Management Process. The risk exposures and capitalization reports of the subsidiaries are consolidated at group level on a quarterly basis and reported to the Board and to the Audit Committee of Sampo plc.
The reporting lines of different governing bodies at Sampo Group level are described in the figure Risk Governance in Sampo Group.
Risk Governance in Sampo Group
The Audit Committee (AC) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group’s risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these, control Sampo Group’s risks and risk concentrations as well as control the quality and scope of risk management in the Group companies. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from those members of the Board, who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.
The Group Chief Risk Officer (CRO) is responsible for the appropriateness of risk management on Sampo Group level. The CRO’s responsibility is to monitor Sampo Group’s aggregated risk exposure as a whole and coordinate and monitor company specific and group level risk management.
The Boards of Directors of If P&C and Mandatum Life are the ultimate decision making bodies of the respective companies and have the overall responsibility for the risk management process in If P&C and Mandatum Life respectively. The Boards of Directors appoint the If P&C ORSA Committee and the Mandatum Life Risk Management Committee and are responsible for identifying needs to change the policies, principles and instructions related to risk management.