UNIQA is conscious of the great significance of risk management and was therefore the first insurance company in Austria to define Risk Management as a separate management department at holding level.
Risk management policy
The risk management system of the UNIQA Group ensures that the risks relevant to the UNIQA Group are identified and evaluated in advance and any necessary proactive measures to minimise risk are initiated.
As a basis for risk management, a risk management policy has been created for the UNIQA Group and approved by the CRO (Chief Risk Officer) and Management Board.
The risk management structure follows the principles of a three-lines-of-defence approach.
First line of defence: risk management in business activities
Those responsible for business activities must establish and practise an appropriate control environment. The risks associated with business and its processes can thereby be identified and monitored.
Second line of defence: supervisory staff, including risk management staff
Risk management and supervisory staff, such as Controlling, must monitor business activities. However, they do so without any authority regarding operational tasks.
Third line of defence: internal and external auditing
The final line of defence comprises independent review of all internal control systems, including risk management and compliance. Internal auditing is one example.
Risk management process
The risk management process focuses on risks relevant to the company and is defined by the following risk categories:
- Insurance-related risk (property/accident insurance, health insurance, life assurance)
- Market risk/ALM (asset-liability mismatch) risk
- Credit risk/default risk
- Liquidity risk
- Concentration risk
- Strategic risk
- Reputation risk
- Operational risk
- Contagion risk
For these risk categories, the risks for the UNIQA Group and its subsidiaries are regularly identified, evaluated and reported according to the following structure: