Risk Management

Risk Management System | The Risk Management Policy | Risk profile

This section aims at providing a disclosure of the risks the Group is exposed to and, more generally, of the system of management and supervision of these risks. In particular, the nature and extent of risks arising from financial instruments and insurance contracts, which the Group has been exposed to during the period, are indicated, along with related risk management processes.
This aims at compliance with the IFRS 7 requirements, introduced by the Regulation (EC) n. 108 of 11 January 2006 and following amendments. In the context of the Risk Management System, this Report is part of the reporting processes, aimed at a continuous monitoring of risks at various levels of the operational structure.

Generali Group has developed an Internal Control and Risk Management System, approved by the Board of Directors of the Parent Company. These principles apply to all Group companies. It defines the purposes, principles, structure, roles, responsibilities and key devices of the system, in line with laws and regulations applicable in terms of internal controls and risk management of the Group.
The ultimate objective of the Internal Control and Risk Management System of the Generali Group is the maintenance of acceptable levels of identified risks in order to optimize the available financial resources required for these risks and to improve the Group profitability in relation to its exposure to risks (risk-adjusted performance). The Group aims at maintaining a high degree of integration of its risk management processes in all business areas. The Risk Management processes apply to the Group as a whole in the countries where it operates, and also individual companies, with a varying depth and level of integration depending on the complexity of the underlying risks. This objective is pursued with the coordination and direction activity, with the adoption of policies and Group Guidelines, monitoring tools as well as common methodological frameworks. The coordination and direction is ensured also by the reporting of the local risk management functions to Group risk management function. The integration of processes within the Group is fundamental to ensure an efficient Risk Management System and capital allocation to business units on the basis of their specific risk profile.

In order to continuously enhance the assessment methodologies for the company’s risk profile, the Group is committed in the preapplication process,aiming at receiving the approval for the use of the internally developed methodology for the solvency capital requirements calculation under Solvency II. This task has required a significant development and model improvements, deriving both from the pre-application as well as from the model use in the business decision making.
During the period the Group has significantly enhanced its commitment in the Solvency II project due to the introduction of Interim measures within local regulations, in order to properly address the transition to the forthcoming regime. These refers in particular to the risk governance, ORSA process including forward looking assessment of risks as well as some planning related to Pillar III reporting requirements. Additional activities have been performed in terms of assessment of insurance liabilities with long term guarantees. During the year, the methodology, internally developed, aimed at monitoring and management of operational risk at Group level, has been further enhanced.

In July, the Generali Group has been included in the list of the nine international insurance groups with global systemically
relevance as defined by the Financial Stability Board (FSB). The Generali Group has been included in the above list, taking into consideration its size, its international presence and its role in the broader global financial system. This designation, which is part of an international framework in which various qualitative and quantitative criteria were considered, implies the need to adapt the internal processes of the Group to the specific requirements defined by 'International Association of Insurance Supervisors (IAIS) aimed at mitigating and managing global systemic risks. Although the international framework is undergoing further developments, some specific requirements and deadlines for adaptation have already been outlined. This refers in particular to:

  • satisfy an enhanced level of supervision (Enhanced Supervision) which means further strengthening of its protections ofsystemic risk (Systemic Risk Management Plan) and liquidity (Liquidity Risk Management Plan),
  • define the recovery plans (Recovery Plan) in order to demonstrate the Group's ability to face and overcome extreme scenarios of systemic crisis that could undermine the economic and financial stability of the Group, define plans of resolution (Resolution Plan) in order to demonstrate how can handle and overcome extreme scenarios ofsystemic crisis,
  • be subject to additional capital requirements on the basis of rules being defined at the international level, making itpossible to ensure a greater level of stability of the Group if international systemic crisis scenarios would appear. The capital requirements , being defined by the IAIS under FSB mandate, are based on the following principles: comparability between international groups that operate on different market and that are subject to different accounting and solvencyrules, simplicity in order to ensure that these rules are applicable to all international groups, the sensitivity to the risks intrinsic in international insurance groups.

The Generali Group has therefore undertook the definition of the various plans mentioned above, and the study of additional capital requirements being defined.

The Risk Management System

With the purpose of having a system that ensures an effective management of risks arising from the Company own activity and in particular of the most significant risks, whose consequences could undermine the solvency position or which could undermine the achievement of the Company objectives, the Board of Directors1 adopted the “Internal Control and Risk Management System” and the “Risk Management Policy”. In order to guarantee a consistent approach to the risk management, the adoption of these documents is required to all Group insurance entities.

The “Internal Control and Risk Management System” defines the roles and the responsibilities of the governance bodies and the organizational structures in charge of risk management and control, with particular reference to those designated as "key functions" in the context of Solvency II regulation.

The “Risk Management Policy”, enclosed to the “Internal Control and Risk Management System”, defines the principles, the
strategies and the processes in place to identify, evaluate, monitor and mitigate all risks in integration with controls.

The risk management relies on the following building blocks:

  • risks governance: to establish an effective organizational structure based on clear definition of risk roles andresponsibilities, and on a set of Policies and Guidelines;
  • risk management process, to allow the ongoing management of all risks through the following phases: identification, strategy definition, taking, assessment, monitoring, mitigation and reporting.
  • business support: to increase the effectiveness of the risk management system, guaranteeing at the same time value creation for all stakeholders through the spread of a risk management culture based on shared values. All risk factors affecting the ordinary business are taken into consideration in the decision making process: a risk based approach isapplied in particular to the processes related to capital management, reinsurance, asset allocation and new productsdevelopment.

1 Board of Directors is meant to be the Board of Directors of Assicurazioni Generali S.p.A. (Parent Company).

1.1 - Roles and responsibilities

The risk management is put in place through a specific ongoing process which involves, with different roles and responsibilities, the Board2, the Top Management and the operating and control structures both at Group and Company level, as illustrated in the “Internal Control and Risk Management System”, annually approved by the Board of Directors of the Parent Company and subsequently, taking into consideration specificities and local regulations, by the Board of each entity.

The Board of Directors approves the risk management policies and strategies, as well as the risk tolerance levels. The performance targets are defined in coherence with the capital adequacy level.

The Board of Directors is informed by the Top management of the Parent Company and by the Risk Management function of the Group about the group risks exposures, on ongoing basis through periodical reports concerning the results and the underlying risk profile and on extraordinary basis whenever the adoption of mitigation actions is immediately needed. The Board is also informed by the Manager in charge of preparing the company’s financial reports, through the Risk and Control Committee, as regards the risk management and internal control over the process of financial reporting.

At Group level, the Board of all group companies maintain the ultimate responsibility to approve risk management policies and strategies and risk tollerance levels as weel as to periodically define risk adjusted targets, in alignment with Group directives and capital position of each company.

The Parent Company Top Management is in charge, at different levels, of implementing, mainteining and monitoring the risk management policies both at Assicurazioni Generali SpA and at Group level, in accordance with the Board of Directors’ directives.
To this purpose, the Top Management assigns the targets and defines the appropriate capital allocation to all Italian and Foreign Companies. It also ensures the definition of operational limits through guidelines which implementation is under the responsibility of each single Group Company. Moreover the Top Management controls and monitors the risk exposures, including the level of compliance with the assigned tolerance limits, on ongoing basis.

The Group CEO is also the director in charge of the internal control and risk management system which, among other task, have aim to identify the main company’s risks to be submitted periodilcally to the Board of Directors. Within the Group Management Committee (which is the main committee supporting the Top Management) in particular, the level of risk appetite is defined and proposals for updating the internal controls and risk management system at Group level, are developed.

The Top Management of the Parent Company is supported also by the Balance Sheet Committee, Finance Committee and Product & Underwriting Committee. The Balance Sheet Committee prepares proposals for the definition of the risk tolerance levels and develops contingency strategies and risk mitigation strategies. Finally, the Finance Committee monitors the management policies and the total exposure to financial risks, while Product and Underwriting Committee is appointed to monitor the assumption of extraordinary non-life insurance risks taking into consideration the industrial, financial and risk impacts and takes care of the formulation of proposals for the definition of the levels of risk tolerance and operating limits in the competence matters.

Unlike the committees structure in force in the Parent Company, Group companies have risk committees in support of the top management in terms of risk management.

The functions involved in the risk management process operate according to the Three Line of Defense approach as outlined in the Internal Control and Risk Management System:

  • the operational structures (Risk Owner) are responsible for risk taking and management as well as to implement adequatecontrol management tools. To this aim, they provide the Top Management with the information needed in order to definepolicies, methodologies and tools for the management and control of risks, both at Group and Company level, and followtheir implementation while ensuring adequacy over time. They also grant the compliance with the target goals and policiesthrough operating units under their responsibility, by performing actions as part of their autonomy, and by producingspecific recommendations or suggestions to the Top Management;
  • the Group Risk Management and the Group Compliance are the second Line of Defence. The Group Risk Management,whose responsible is the Group Chief Risk Officer, acts as guarantor of the proper implementation and the overalltightness of the Risk Management System, as prescribed by the regulation and as stated by the Board of Directors,guaranteeing an holistic view of the risks. It also supports the Board of Directors and the Top Management in thedefinition of the risk strategy and in the development of the methodologies to identify, evaluate, control, mitigate andreport risks. With the purpose of fully comply with independence requirement from the business functions, the Group CRO reports directly to the Board of Directors. The Group Compliance function, whose responsible is the Group Compliance Office, has the task to evaluate if the organization and the internal procedures are adequate to prevent the compliance risk. Alsohe Group Compliance Officer reports directly to the Board of Directors;
  • the Group Internal Audit is the Third Line of Defence. It is in charge of performing the independent evaluation of the effectiveness both of the Internal Control and Risk Management System and of all the controls in place to guarantee the adequate execution of the processes. The Internal Audit function reports directly to the Board of Directors.

Within the first line of defence, the Manager charged with the preparation of the company’s financial reports, as provided for by Art.154 bis of the Consolidated Law on Finance, is responsible to set up adequate administrative and accounting procedures for preparing the annual accounts report and, where provided for, the consolidated accounts and every other disclosure of a financial nature.

The Parent Company risk governance structure has been adopted, at least concerning its essential aspects, in all the Group Companies taking into account the local specificities and regulations. Therefore, the Chief Risk Officers of local companies report directly to the Group CRO.

2 Board is meant to be the administrative, supervisory or management body according to the local governance.

The Risk Management Policy

The "Risk Management Policy" is the main reference point for all policies and guidelines related to risks.

It is integrated by a set of policies, submitted as well to the Board of Directors’ approval, that guide the management of each single
risk.

In this context particular attention has to be paid to the “Life Underwriting Policy”, the "Non-Life Underwriting Policy", the  “Investment Policy” and the "Operational Risk Management Policy".

These policies have been sent to all the Group Insurance Companies and, keeping into account the local specificities and regulations, have been approved by the Board of each entity.

In order to strengthen the risk taking procedure and the definition of the operational limits, the Parent Company technical structures have prepared a set of Guidelines in order to guide the management of the insurance and investment risks.

These Guidelines require each Group Company to prepare and update on ongoing basis an Operational Limits Handbook (OLH) related to the risk taking activity. The OLH is submitted to the Risk Committee and has to be approved by the Top Management.

Moreover each Group Company is required to prepare in accordance with a standard template and send to the Parent Company a reporting, to monitor the level of compliance with the limits and principles.

2.1 - The Risk Management process

The Risk Management process allows the ongoing identification, evaluation and management of all risks, taking into account the changes in the nature and size of the business and in the market environment.

This process is structured into the following phases:

  • Risk identification and evaluation methodology definition: to define suitable principles and quantitatively or qualitatively methodologies to identify, classify and evaluate risks;
  • Risk Strategy: to define the Company risk attitude and assign, on consistent and integrated basis risk targets and operating limits;
  • Risk management performed with the aim of maintaining an integrated approach in terms of risk taking, risk assessment,risk monitoring and risk mitigation according to risk policies and guidelines defining principles and/or operating limits for the undertaking of risks, Risk Reporting: to develop effective reporting on the Company risk profile and risk exposures, both for internal andexternal stakeholders and to supervisory authorities.

Risk profile

In terms of risks identification the main risks are indicated in the Group Risk Map, approved by the Company’s Board of
Directors within the Risk Management Policy, identifying the following main risks faced by the company: financial risks,
credit risks, insurance risks, operational risks, and other risks.

Financial risk Credit risk Insurance risk Operational risk Other risks
Interest rate movement risk Credit default risk Non life underwriting risk Compliance risk Liquidity risk
Interest rate volatility risk Credit migration risk – Pricing risk Financial reporting risk Strategic risk
Equity price risk Credit spread risk – Reserving risk Internal fraud Reputational risk
Equity volatility risk   – Catastrophe risk External fraud Contagion risk
Property risk   Life underwriting risk Employment practices Emerging risk
Currency risk   – Mortality CAT risk Clients&Products  
Concentration risk   – Mortality trend/ Uncertainty risk Damage to physical assets  
    – Longevity Business disruption & System failure  
    – Morbidity/ Disability risk Execution&Process management  
    – Lapse risk    
    – Expense risk    
Assicurazioni Generali S.p.A. - C.F. e P.IVA 00079760328