Risk Governance Framework
This section describes Sampo Group’s risk governance framework. Sampo Group’s overall corporate governance and system of internal control is described in the Corporate Governance section.
If P&C and Mandatum Life organize their activities autonomously but in accordance with the Group level risk management principles. The Board of Directors of the parent company defines return and capitalization targets of the subsidiaries. The risk exposure and capitalization reports of the subsidiaries are consolidated on Group level on a quarterly basis and reported to the Board and Audit Committee of Sampo plc.
The reporting lines of different governing bodies at Sampo Group level are described in figure 'Risk management governance framework in Sampo Group'.
The Board of Directors of Sampo plc is responsible for ensuring that the Group’s risks are properly managed and controlled.
The Audit Committee (AC) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group’s risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these, control Sampo Group’s risks and risk concentrations as well as control the quality and scope of risk management in each company. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from those members of the Board, who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.
The Group Chief Risk Officer (CRO) is responsible for the appropriateness of risk management on Sampo Group level. The CRO's responsibility is to monitor Sampo Group’s aggregated risk exposure as a whole and coordinate and monitor company specific and group level risk management.
The Boards of Directors in each insurance subsidiary have the overall responsibility for the risk management process and they are the ultimate decision making bodies in If P&C and Mandatum Life respectively. The Boards ensure that the management and monitoring of the risks are satisfactory, and approves the risk management plan. The Boards of Directors of If P&C and Mandatum Life appoint the individual risk management committees within each legal entity and are also responsible for identifying needs for changing policies, guidelines and instructions related to risk management.
Risk Governance in If P&C
The Board of Directors of If P&C bears overall responsibility for the risk management process and constitutes the ultimate decision making body. The Board ensures that the management and follow-up of risks are satisfactory, monitors risk reports and approves risk management plans.
The reporting lines of different governing bodies in If P&C are described in figure 'Risk management governance framework in If P&C'.
The If P&C Risk Control Committee (IRCC) assists the CEO of If P&C and the Board of Directors in fulfilling their oversight responsibilities pertaining to the risk management process. The IRCC monitors reports from the relevant committees, business areas, experts and specialist functions as well as the exposure in relation to limits given by the Board of Directors. The Risk Control unit is, on behalf of the Chief Risk Officer, responsible for coordinating and analyzing the information reported to the IRCC.
The responsibilities of the various risk committees in If P&C are as follows
- The Chairman of the Investment Control Committee (ICC) in If P&C is responsible for monitoring the investment activities and implementing the Investment Policy ensuring compliance with the principles and limits specified in the Investment Policy and for reporting deviations from the policy.
- The Chairman of the Underwriting Committee (UWC) is responsible for approving and giving opinion on proposed deviations from the Underwriting Policy.
- The Chairman of the Actuarial Committee (AC) is responsible for reporting on reserve risk and monitoring the technical provisions and the inherent provision risk.
- The Chairman of the Reinsurance Committee (RC) is responsible for approving and reporting deviations from the Reinsurance Policy and the Internal Reinsurance Policy.
- The Chairman of the Reinsurance Security Committee (RSC) is responsible for approving and reporting deviations from the Reinsurance Security Policy.
- The Chairman of the Operational Risk Committee (ORC) is responsible for reporting on the operational risk status of If P&C as a whole based on the risks identified in the Operational Risk Assessment (ORA) process.
- The Chairman of the Ethics Committee (EC) is responsible for maintaining the Ethics Policy and other policies dealing with values and behavior.
- The Compliance Committee is an advisory forum for the If P&C Chief Compliance Officer, who is responsible for the coordination of legal compliance issues within If P&C and the adherence of operations to Sampo Group’s Compliance Policy, a group level policy applicable to all Sampo Group companies.
Risk Governance in Mandatum Life
In Mandatum Life the Board of Directors is responsible for risk management and adequacy of internal control. The Board annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.
The Managing Director of Mandatum Life has the overall responsibility for the risk management according to Board of Directors’ instructions.
The Risk Management Committee (RMC) coordinates and monitors all risks in Mandatum Life. The Committee is chaired by the Managing Director. Risks are divided into main groups, which are insurance, market, operational, legal and compliance risks, as well as, business and reputational risks. Risks related to the Baltic subsidiary are also included. Each risk area has a responsible person in the Committee.
Mandatum Life’s Asset and Liability Committee (ALCO) controls that the investment activities are conducted within the limits defined in the Investment Policy approved by the Board and monitors the adequacy of capital in relation to the market risks in the balance sheet. ALCO reports to the Board and meets at a minimum on a monthly basis.
The Insurance Risk Committee is responsible for maintaining the Underwriting Policy and monitoring the functioning of the risk selection and claims processes. The Committee also reports all deviations from the Underwriting Policy to RMC. The Insurance Risk Committee is chaired by the Chief Actuary who is responsible for ensuring that the principles for pricing policies and for the calculation of technical provisions are adequate and in line with the risk selection and claims processes. The Board approves the insurance policy pricing and the central principles for the calculation of technical provisions. In addition, the Board defines the maximum amount of risk to be retained on the company’s own account and approves the reinsurance policy annually.
Legal and Compliance Unit is taking care of compliance matters and Head of the Unit is a member of Risk Management Committee. Managing director is responsible for business and reputation risk issues and he is also the Chairman of Risk Management Committee.
Operational Risk Committee (ORC) analyses and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realized operational risk incidents. Significant observations are reported to the Risk Management Committee and to the Board of Directors quarterly. ORC is also responsible for maintaining and updating the continuity and preparedness plans.
The Baltic subsidiary has its own risk management procedures. All major incidents are also reported to Mandatum Life’s Risk Management Committee. Chairman of the Baltic Subsidiary is a member of Risk Management Committee.
Internal audit ensures with its audit recommendations that adequate internal controls are in place.
The reporting lines of different governing bodies in Mandatum Life are described in figure 'Risk management governance framework in Mandatum Life'.