This section describes Sampo Group’s and its subsidiaries’ governance framework from a risk management perspective. A more detailed description of Sampo Group’s corporate governance and internal control system is included in the Corporate Governance section.
Risk Governance in If P&C
The main risk steering mechanism used by the Boards of Directors is the policy framework. As part of their responsibilities the Boards of Directors approve the Risk Management Policy and the other risk steering documents, ensure that the management and follow-up of risks are satisfactory, monitor risk reports and approve risk management plans. The reporting lines of different governing bodies in If P&C are described in the figure Risk Governance in If P&C.
Risk Governance in If P&C
The If Risk Committee (IRC) assists the Chief Executive Officers (CEOs) and the Boards of Directors of If P&C in fulfilling their responsibilities pertaining to the risk management process. The IRC reviews, discusses and gives input on risk issues raised from the relevant risk committees, experts and line organization. Furthermore, the IRC also monitors that If P&C’s short-term and long-term aggregate risk profile is aligned with its risk strategy and capital adequacy requirements. The Risk Control unit within the Risk Management department is, on behalf of the Chief Risk Officer (CRO), responsible for coordinating and analyzing the information reported to the IRC.
The responsibility to identify, evaluate, control and mitigate risks lies within the line organization. There are separate committees in place for key risk areas. These committees have the responsibility to monitor that risks are managed and controlled as decided by the Boards of Directors. The chairmen of the committees are responsible for the reporting to the IRC. The risk committees in If P&C do not have a decision mandate.
Policies are in place for each risk area specifying restrictions and limits chosen to reflect and secure that the risk level at all times complies with the overall risk appetite and capital adequacy constraints of If P&C. The committees shall also monitor the effectiveness of policies and give input to changes and updates if needed.
The responsibilities of the respective risk committees are:
- The Investment Control Committee (ICC) is responsible for monitoring the implementation of and compliance with the Investment and Asset Coverage Policies. The committee shall consider and propose changes to the policies. The Chairman is responsible for the reporting of policy deviations and other issues dealt with by the committee.
- The Underwriting Committee (UWC) shall give its opinion on and propose actions in respect of various issues related to underwriting risk. The committee shall also consider and propose changes to the Underwriting Policy. The Chairman is responsible for the reporting of policy deviations and other issues dealt with by the committee.
- The Actuarial Committee (AC) is a preparatory and advisory body for If P&C’s Chief Actuary. The committee shall secure a comprehensive view over reserve risk, discuss and give recommendations on policies and guidelines for technical provisions, as well as consider and propose changes to the Risk Data Policy.
- The Reinsurance Committee (RC) is a collaboration forum for reinsurance related issues and shall give its opinion on and propose actions in respect of such issues. The committee shall consider and propose changes to the Reinsurance Policy and the Internal Reinsurance Policy. The Chairman is responsible for the reporting of policy deviations and other issues dealt with by the committee.
- The Reinsurance Security Committee (RSC) shall give input and suggestions to decisions in respect of various issues regarding reinsurance credit risk and risk exposure, as well as proposed deviations from the Reinsurance Security Policy. The Chairman is responsible for the reporting of policy deviations and other issues dealt with by the committee.
- The Operational Risk Committee (ORC) is responsible for preparing a comprehensive overview of the operational risk status in If P&C. The committee shall consider and propose changes to policies and instructions regarding operational risks. The Chairman is responsible for the reporting of issues dealt with by the committee.
- The Ethics Committee (EC) discusses and coordinates ethics issues in If P&C. The committee gives recommendations on ethical issues and proposes changes to the Ethics Policy. The Chairman is responsible for the reporting on ethics risk and other issues dealt with by the committee.
- The Compliance Committee (CC) is an advisory body for the Chief Compliance Officer regarding compliance issues. The task of the committee is to secure a comprehensive view of compliance risk and activities in If P&C.
Risk Governance in Mandatum Life
In Mandatum Life the Board of Directors is responsible for risk management and adequacy of internal control. The Board annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.
The Managing Director of Mandatum Life has the overall responsibility for the risk management according to Board of Directors’ instructions. The reporting lines of different governing bodies in Mandatum Life are described in the figure Risk Governance in Mandatum Life.
Risk Governance in Mandatum Life
- The Risk Management Committee (RMC) coordinates and monitors all risks in Mandatum Life. The Committee is chaired by the Managing Director. Risks are divided into main groups which are insurance, market, operational, legal and compliance risks as well as business and reputation risks. Risks related to the Baltic subsidiary are also included. Each risk area has a responsible person in the Committee.
- Mandatum Life’s Asset and Liability Committee (ALCO) controls that the investment activities are conducted within the limits defined in the Investment Policy approved by the Board and monitors the adequacy of liquidity, profitability and solvency capital in relation to the risks in the balance sheet. ALCO prepares a proposal of Investment Policy to the Board of Directors. ALCO reports to the Board and meets at a minimum on a monthly basis.
- The Insurance Risk Committee is responsible for maintaining the Underwriting Policy and monitoring the functioning of the risk selection and claims processes. The Committee also reports all deviations from the Underwriting Policy to the RMC. The Insurance Risk Committee is chaired by the Chief Actuary who is responsible for ensuring that the principles for pricing policies and for the calculation of technical provisions are adequate and in line with the risk selection and claims processes. The Board approves the insurance policy pricing and the central principles for the calculation of technical provisions. In addition, the Board defines the maximum amount of risk to be retained on the company’s own account and approves the reinsurance policy annually.
- The Operational Risk Committee (ORC) analyzes and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realized operational risk incidents. Significant observations are reported to the Risk Management Committee and to the Board of Directors quarterly. ORC is also responsible for maintaining and updating the continuity and preparedness plans as well as the Internal Control Policy.
- The Legal and Compliance Unit is taking care of compliance matters and Head of the Unit is a member of the Risk Management Committee.
- Managing director is responsible for business and reputational risk issues and he is also the Chairman of the Risk Management Committee.
- The Baltic subsidiary has its own risk management procedures. All major incidents are also reported to Mandatum Life’s Risk Management Committee. The Chairman of the Baltic Subsidiary is a member of the Risk Management Committee.
In addition to the above mentioned committees and units, the Internal Audit with its audit recommendations has a role to ensure that adequate internal controls are in place and provides Internal Audit’s annual review to the Board of Directors.
Risk Governance at Group Level
The Board of Directors of Sampo plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board of Directors of the parent company defines financial and capitalization targets for the subsidiaries and approves group level principles steering the subsidiaries’ activities as described in section Sampo Group Steering Model and Risk Management Process. The risk exposures and capitalization reports of the subsidiaries are consolidated at group level on a quarterly basis and reported to the Board and to the Audit Committee of Sampo plc.
The reporting lines of different governing bodies at Sampo Group level are described in the figure Risk Governance in Sampo Group.
Risk Governance in Sampo Group
The Audit Committee (AC) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group’s risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these, control Sampo Group’s risks and risk concentrations as well as control the quality and scope of risk management in the Group companies. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from those members of the Board, who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.
The Group Chief Risk Officer (CRO) is responsible for the appropriateness of risk management on Sampo Group level. The CRO’s responsibility is to monitor Sampo Group’s aggregated risk exposure as a whole and coordinate and monitor company specific and group level risk management.
The Boards of Directors of If P&C and Mandatum Life are the ultimate decision making bodies of the respective companies and have the overall responsibility for the risk management process in If P&C and Mandatum Life respectively. The Boards of Directors appoint the If P&C Risk Committee and the Mandatum Life Risk Management Committee and are responsible for identifying needs to change the policies, principles and instructions related to risk management.