Operational Risk Management in If P&C

The continuity of operational risk management in If P&C is secured through the Operational Risk Committee (ORC), which coordinates the operational risk process. The committee’s task is to give opinions, advice and recommendations to the If Risk Committee (IRC) as well as to report the current operational risk status. The status assessment is based on the self-assessments performed by the organization, reported incidents and other additional risk information. A trend analysis is being performed annually, whereby the most important trends affecting the insurance industry are identified and the effects on If P&C assessed.

The business organization and corporate functions have the responsibility to identify, assess, monitor and manage their operational risks. Risk identification and assessments are performed quarterly. Identified risks are assessed from a probability and impact perspective. The control status for each risk is assessed using a traffic light system: green – good control of risk, yellow – attention required, red – attention required immediately. Severe risks with control status yellow or red are reported to the ORC.

Incident reporting and analysis are managed differently depending on type of incident. All employees are required to report incidents via intranet, and others are identified through controls and investigations.

In order to manage operational risks, If P&C has issued a number of different steering documents: Operational Risk Policy, Continuity Plans, Business Continuity Policy, Security Policy, Outsourcing Policy, Complaints Handling Policy, Claims Handling Policy, Underwriting Guidelines, Internal Control Policy and other steering documents related to different parts of the organization. These documents are being reviewed and updated at least annually.