Operational Risk Management in Mandatum Life
The objective of operational risk management in Mandatum Life is to enhance the efficiency of internal processes and decrease negative impact on Mandatum Life. The aim is to minimize operational risks subject to cost-benefit considerations.
Business units are responsible for the identification, assessment and management of own operational risks, including organizing adequate internal control. Operational Risk Committee (ORC) monitors and coordinates risk management issues regarding operational risks within Mandatum Life, such as policies and recommendations concerning operational risk management. The committee ensures that risks are identified and business units have organized internal control and risk management in a proper way. The committee also analyses deviations from operational risk management policies and monitors operational risks identified in the self-assessments as well as the occurred incidents. The committee meets at least three times a year. Significant observations on operational risks are submitted to the Risk Management Committee and Board of Directors on a quarterly basis.
Identification and Management
Operational risks are identified through several different sources and methods
- Macro analysis is conducted prior to the annual strategy process where the key trends in Mandatum Life’s business environment are identified, including a macro level business analysis of operational risks. External events are monitored continuously and the company reacts to those as soon as possible.
- Self-assessment process is used to map and evaluate the major operational risks and their probabilities and significance, including an evaluation of internal controls and sufficiency of instructions. Self-assessment is conducted annually.
- Analysis of incidents. Realized operational risks and near misses reported by the business units are collected and analyzed by ORC. Each business unit is responsible for ensuring that the occurred incidents and near misses are reported to the ORC.
- Internal audits.
The most significant operational risks for Mandatum Life identified in the operational risk self-assessment process include the following: changes in the external operating environment, IT and especially aging IT systems, manual phases in processes, loss of key personnel, miss-selling and false information to customers.
In order to limit operational risks, Mandatum Life has approved a number of policies including e.g. Security Policies, Continuity and Preparedness Plans, Outsourcing Policy, Complaints Handling Policy and a number of other policies related to ongoing operative activities. Deviations against different policies are followed up independently in each business unit and reported to ORC.
Internal control system in processes prevents negative incidents. However, would there be an operational risk event or near misses, this must be reported to ORC.