Risk Governance Framework
This section describes Sampo Group's governance framework regarding risk control. The reporting segments of Sampo Group are P&C insurance, Life insurance and Holding. These segments correspond to the legal entities of If P&C, Mandatum Life and Sampo plc respectively.
If P&C and Mandatum Life organise their activities autonomously but in accordance with the Group level risk management principles. The Board of Directors of the parent company defines return and capitalisation targets of the subsidiaries. The risk exposure and capitalisation reports of the subsidiaries are consolidated on Group level on a quarterly basis and reported to the Board and Audit Committee of Sampo plc. Sampo Group's overall corporate governance and system of internal control is described in the Corporate Governance section.
The roles and responsibilities of different governing bodies in Sampo Group and individual subsidiaries are described in more detail in figure "Risk management governance framework in Sampo Group".
Group Risk Governance
The Board of Directors of Sampo plc is responsible for ensuring that the Group's risks are properly managed and controlled.
The Audit Committee (AC) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group's risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these, control Sampo Group's risks and risk concentrations as well as control the quality and scope of risk management in each company. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from those members of the Board, who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.
The Group Chief Risk Officer (CRO) is responsible for the appropriateness of risk management on Sampo Group level. The CRO´s responsibility is to monitor Sampo Group's aggregated risk exposure as a whole and coordinate and monitor company specific and group level risk management.
The Boards of Directors in each insurance subsidiary have the overall responsibility for the risk management process and they are the ultimate decision making bodies at If P&C and Mandatum Life respectively. The Boards ensure that the management and monitoring of the risks are satisfactory, and approves the risk management plan. The Boards of Directors of If P&C and Mandatum Life appoint the individual risk management committees within each legal entity and are also responsible for identifying needs for changing policies, guidelines and instructions related to risk management.
Risk Governance in If P&C
If's Risk Control Committee (IRCC) assists the CEO and the Board of Directors of If P&C in fulfilling their responsibilities relating to the risk management process. IRCC monitors reports from the relevant committees and functions as well as the risk position of If P&C in relation to restrictions and limits given by the Board and in comparison to the capital position. The Risk Management department is the responsible function for coordinating the risk management work on behalf of the IRCC.
The Investment Control Committee (ICC) is responsible for the control of investment activities in If P&C by ensuring compliance with the principles and limits specified in the Investment Policy. ICC reports to the Board and IRCC, and meets at minimum once a month.
The separate risk committees in If P&C which report to the IRCC are Underwriting Committee (UWC), Actuarial Committee (AC), Reinsurance Committee (RC), and Operational Risk Committee (ORC). UWC is responsible for maintaining the Underwriting Policy and for reporting all deviations from the Underwriting Policy to IRCC. AC monitors the technical provisions and technical calculations and reports on reserve risk to the IRCC on a quarterly basis. RC is responsible for approving deviations from the Reinsurance Security Policy and for reporting all deviations to IRCC. ORC considers various policies and recommendations concerning operational risk management within If P&C and monitors deviations from these policies. Moreover, the committee is responsible for follow-up of operational risks identified in the operational risk assessment process.
Risk Governance in Mandatum Life
In Mandatum Life the Board of Directors is responsible for risk management and adequacy of internal control. The Board annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.
The Managing Director has the overall responsibility for the risk management according to Board of Directors' instructions.
The Risk Management Committee (RMC) coordinates and monitors all risks in Mandatum Life. The committee is chaired by the Managing Director. Risks are divided into main groups which are insurance risks, market risks, operational risks, legal and compliance as well as business and reputation risks. Risks related to the Baltic subsidiary are also included. Each risk area has a responsible person in the committee.
Mandatum Life's Asset and Liability Committee (ALCO) controls that the investment activities are conducted within the limits defined in the Investment Policy approved by the Board and monitors the adequacy of capital in relation to the market risks in the balance sheet. ALCO reports to the Board and meets at a minimum on a monthly basis.
The Insurance Risk Committee is responsible for maintaining the Underwriting Policy and monitoring the functioning of the risk selection and claims processes. The committee also reports all deviations from the Underwriting Policy to RMC. The Insurance Risk Committee is chaired by the Chief Actuary who is responsible for ensuring that the principles for pricing policies and for the calculation of technical provisions are adequate and in line with the risk selection and claims processes. The Board approves the tariffs and prices and the central principles for the calculation of technical provisions. In addition, the Board defines the maximum amount of risk to be retained on the company's own account and approves the Reinsurance Policy annually.
Operational Risk Committee (ORC) analyses and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realised operational risk incidents. These are reported to the Risk Management Committee and to the Board of Directors quarterly. ORC is also responsible for maintaining and updating the continuity and preparedness plans.
The Baltic subsidiary has its own risk management system. All major incidents are also reported to Mandatum Life's Risk Management Committee.
Internal audit ensures with its audit recommendations that adequate internal controls are in place.Previous page Next page