Corporate Governance
The major risks to which the PZU Group is exposed include the following: actuarial risk, market (including liquidity) risk, credit risk, concentration risk, operational risk, model risk and compliance risk.
The major risks associated with the operation of Alior Bank and Bank Pekao include the following risks: credit risk (including the risk of loan portfolio concentration), operational risk and market risk (involving interest rate risk, FX risk, commodity price risk and financial instrument price risk) and liquidity risk.
The overall risk of the banking sector entities, taking into account PZU’s shares in both banks, accounts for approximately 32% of the PZU Group’s total risk (Q3 2021), while the largest contribution is in credit risk.
In connection with the COVID-19 pandemic, increased risk was recorded in selected areas, especially mortality risk, liquidity risk and credit risk.
In 2021, initiatives were continued to improve the identification, measurement, assessment and monitoring of the risks associated with sustainable development, in particular with climate changes. The main risks in this area are transition risks and physical risks, which are managed as part of individual risk categories specified below in this Report.
According to the European Commission guidance for non-financial reporting, transition risks refer to the transition of the economy to a low-carbon and climate-resilient future. Physical risk on the other hand entails financial losses stemming from the physical consequences of climate change and encompasses acute (e.g. storms, fires) and long-term risk (rising sea level).
This is the likelihood of a loss or an adverse change in the value of liabilities under the existing insurance contracts and insurance guarantee agreements, due to inadequate assumptions regarding premium pricing and creating technical provisions.
Risk identification commences with a proposal to develop an insurance product and continues until the expiry of the related liabilities. The identification of actuarial risk is performed, among others, as follows:
The assessment of actuarial risk consists in the identification of the degree of the risk or a group of risks that may lead to a loss, and in an analysis of risk elements in order to make an underwriting decision.
The measurement of actuarial risk is performed using:
The monitoring and control of actuarial risk includes a risk level analysis by means of a set of reports on selected ratios.
Reporting aims to ensure effective communication regarding actuarial risk and supports management of actuarial risk at various decision-making levels – from an employee to the supervisory board. The frequency of each report and the scope of information provided therein are tailored to the needs at each decision-making level.
The management actions contemplated in the actuarial risk management process are performed by doing the following:
Moreover, mitigation of the actuarial risk inherent in current operations is supported by:
As a result of the COVID-19 pandemic, an increase in the mortality risk was recorded. It was taken into account in the regular business processes and the risk is subject to regular monitoring and control.
Market risk is understood as the risk of a loss or an adverse change in the financial situation resulting, directly or indirectly, from fluctuations in the level and in the volatility of market prices of assets, credit spread, as well as value of liabilities and financial instruments.
The risk management process for the credit spread and concentration risk has a different set of traits from the process of managing the other sub-categories of market risk and has been described in a subsequent section (Credit risk and concentration risk) along with the process for managing counterparty insolvency risk.
The market risk in the PZU Group originates from three major sources:
Numerous documents approved by supervisory boards, management boards and relevant committees govern investment activity in the PZU Group entities.
Market risk identification consists in the identification of actual and potential sources of this type of risk. For assets, the identification of risk begins with the decision to commence transactions in a given type of financial instrument. Units that make a decision to start entering into such transactions draw up a description of the instrument containing, in particular, a description of the risk factors. They convey this description to the unit responsible for risk that identifies and assesses market risk on that basis.
The identification of market risk associated with insurance liabilities commences with the process of developing an insurance product. It involves identification of the relationship between the cash flows generated by that product and the relevant market risk factors. The identified market risks are subject to assessment using the criterion of materiality, specifying whether the materialization of risk entail a loss capable of affecting the financial condition.
Market risk is measured using the following risk measures:
In the case of banking entities suitable measures are employed in accordance with the regulations applicable to this sector and best market practices.
Market risk measurement is divided into stages, in particular:
The risk measurement is performed:
Monitoring and control of market risk involves an analysis of the level of risk and of the utilization of the designated limits.
Reporting involves communicating to the various decision-making levels information concerning the level of market risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.
Management actions in respect of market risk involve in particular:
The application of limits is the primary management tool to maintain a risk position within the acceptable level of risk tolerance. The structure of limits for the various categories of market risk and also for the various organizational units is established by appointed committees in such a manner that the limits are consistent with risk tolerance as agreed by the management boards of the subsidiaries. Banking sector entities are in this respect subject to additional requirements in the form of sector regulations.
Financial liquidity risk means the possibility of losing the capacity to settle, on an ongoing basis, the PZU Group’s liabilities to its clients or business partners. The liquidity risk management system aims to maintain the capacity of fulfilling the entity’s liabilities on an ongoing basis. Liquidity risk is managed separately for the insurance part and the bancassurance part.
The risk identification involves analysis of the possibility of occurrence of unfavorable events, in particular:
Risk assessment and measurement involve estimation of the shortage of cash to pay for liabilities. The risk estimate and measurement is carried out from the following perspectives:
The banks in the PZU Group employ the liquidity risk management metrics stemming from sector regulations, including Recommendation P issued by the Polish Financial Supervision Authority.
To manage the liquidity of the banks in the PZU Group, liquidity ratios are used for different periods ranging from 7 days, to a month, to 12 months and to above 12 months.
Within management of liquidity risk, banks in the PZU Group also analyze the maturity profile over a longer term, depending to a large extent on the adopted assumptions about development of future cash flows connected with items of assets and equity and liabilities. The assumptions take into consideration:
Monitoring and controlling financial liquidity risk involves analyzing the utilization of the defined limits.
In connection with the COVID-19 pandemic, banks in Poland, including the banks from the PZU Group, experienced excess liquidity in 2021. However the data from the banking sector indicate that in the balance sheets of Polish banks, in Q4 2021, the volume of new loans came close to the level observed before the pandemic, which, if the trend continues, should contribute to gradual reduction of excess liquidity in this sector.
The COVID-19 pandemic did not have a material impact on liquidity of PZU Group’s insurance business in H1 2021. An increase in the number of deaths (mortality rate) was observed, which could result from, among other things, the hindered access to health care and COVID-19 related complications. However the situation did not significantly impact PZU Group’s liquidity risk. In H1 2021 there were no grounds for taking extraordinary management measures relating to liquidity risk in connection with the COVID-19 pandemic. As part of routine management actions regarding liquidity risk, the PZU Group constantly monitored the level of available liquid funds and the current utilization of liquidity limits.
Liquidity risk reporting involves communicating the level of financial liquidity to various decision-making levels. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.
The following measures aim to reduce financial liquidity risk:
Credit risk is understood as the risk of a loss or an adverse change in the financial situation resulting from fluctuations in the reliability and creditworthiness of issuers of securities, counterparties and all debtors. It materializes in the form of a counterparty’s default on a liability or an increase in credit spread. The following risk categories are distinguished in terms of credit risk:
Concentration risk is understood as the possibility of incurring loss stemming either from lack of diversification in the asset portfolio or from large exposure to default risk by a single issuer of securities or a group of related issuers.
Credit risk and concentration risk are identified at the stage of making a decision on an investment in a new type of financial instrument or on accepting credit exposure. It involves an analysis of whether the contemplated investment entails credit risk or concentration risk, what its level depends on and what its volatility over time is. Actual and potential sources of credit risk and concentration risk are identified.
Underwriting consists of estimating the probability of risk materialization and the potential impact exerted by risk materialization on a given entity’s financial standing.
The measurement of credit risk is performed using:
Concentration risk for a single entity is calculated using the standard formula.
A measure of total concentration risk is the sum of concentration risks for all entities treated separately. In the case of related parties, concentration risk is calculated for all related parties jointly.
In the case of banking entities suitable measures are employed in accordance with the regulations applicable to this sector and best market practices. Credit risk is measured using a set of loan portfolio quality metrics.
Monitoring and control of credit risk and concentration risk involves an analysis of the current risk level, assessment of creditworthiness and calculation of the degree of utilization of existing limits. Such monitoring is performed, without limitation, on a daily, monthly and quarterly basis.
The monitoring pertains to:
Reporting involves providing information on the levels of credit risk and concentration risk and the effects of monitoring and control. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.
Management actions in respect of credit risk and concentration risk involve in particular:
The structure of credit risk limits and concentration risk limits for various issuers is established by appointed committees in such a manner that the limits are consistent with the adopted risk tolerance determined by the management boards of the respective subsidiaries and in such a manner that they make it possible to minimize the risk of ‘infection’ between concentrated exposures.
In banking activity the provision of credit products is accomplished in accordance with loan granting methodologies appropriate for a given client segment and type of product. The assessment of a client’s creditworthiness preceding a credit decision is performed using tools devised to support the credit process, including a scoring or rating system, external information and the internal databases of a given PZU Group bank. Credit products are granted in accordance with the binding operational procedures stating the relevant actions performed in the lending process, the units responsible for that and the tools used.
To minimize credit risk, adequate collateral is established in line with the credit risk incurred. The establishment of a security interest does not waive the requirement to examine the client’s creditworthiness.
Because of the continuing COVID-19 pandemic, in 2021, despite the improved repayment rate on the loan portfolio, PZU Group’s banks continued their conservative approach, including stricter model parameters, restrictions in underwriting and close monitoring of exposures potentially at risk. No additional COVID-19-related allowances were recognized in this period.
In the PZU Group insurance segment, in the credit risk area, the impact of the COVID-19 pandemic was low; in the entire 2021, no indications of impairment were identified in the portfolio, hence no exposure was classified to basket 3 (instruments for which impairment has been recognized).
No significant changes in the structure of financial instruments held were recorded in 2021. The value of credit risk allowances and the coverage, which is defined as the ratio of cumulative credit risk allowances to the gross carrying amount of all PZU Group assets exposed to credit risk subject to the IFRS9 regime, did not change materially compared to Q4 2020. At the same time, the value of lifetime allowances increased after foreign treasury bonds from a single issuer were reclassified to the 2nd credit quality bucket when the issuer’s rating was downgraded in June 2021. The main source of changes in allowances in 2021 was the realization of systematic risk, which is deemed to reflect changes in the macroeconomic environment.
In 2021, no impact of COVID-19 on the increase of the loss ratio in the insurance guarantee portfolio was confirmed. The standing of individual clients is monitored on an ongoing basis.
Operational risk is the risk of suffering a loss resulting from improper or erroneous internal processes, human activities, system failures or external events.
Operational risk is identified in particular by:
Operational risk is assessed and measured by:
Both banks in the PZU Group, upon KNF’s consent, apply advanced individual models to measure operational risk and to estimate capital requirements on account of this risk.
Monitoring and control of operational risk is supported mainly by an established system of operational risk indicators and limits enabling assessment of changes in the level of operational risk over time and assessment of factors that affect the level of this risk in the business.
Reporting involves communicating to the various decision-making levels information concerning the level of operational risk and the results of monitoring and controlling it. The frequency of each report and the scope of information provided therein are tailored to the information needs at each decision-making level.
Management actions involving reactions to any identified and assessed operational risks involve primarily:
Business Continuity Plans in the PZU Group are regularly tested and, consequently, updated.
On 25 February 2020, a Crisis Management Team was appointed in PZU and PZU Życie, which remained operational in 2021. The Crisis Management Team is monitoring the situation and takes the necessary measures to ensure business continuity of the companies while observing the safety measures and restrictions resulting from, among others, the Council of Ministers’ Regulation imposing specific restrictions, prohibitions and orders in connection with the state of pandemic. A crisis situation was declared at PZU and PZU Życie on this day in connection with the COVID-19 pandemic.
PZU and PZU Życie implemented solutions and processes to minimize the risk of infection and spread of the coronavirus in the organization and to adapt their functioning to the evolving external situation. Appropriate safety measures were applied:
Remote work was introduced already in March 2020. The necessary technical and organizational measures were ensured to enable as many employees as possible to work remotely or work in a rotation system. Employees were informed monthly of the current working model, which was adjusted on an ongoing basis to the external situation and to the current business processes. In H1 2021, 64% of employees in PZU and PZU Życie performed their work remotely. In H2 2021, it was on average 48% of all employees of both companies. For the entire year 2021, this ratio was 57% on average.
Insurance branches and agencies remained open, adapting to all legal limitations and sanitary restrictions associated with the spread of COVID-19.
The sales, service and claims handling processes were adapted in a similar manner to ensure business continuity and, at the same time, safe customer service.
The Crisis Management Team receives regular reports on the number of infections among employees, work organization in PZU Group companies, availability of the branches and the agency network, execution of orders for personal protective equipment and disinfectants, and expenditures incurred from the Crisis Management Team budget.Some of the decisions made by the Crisis Management Team were forwarded as recommendations to PZU Group subsidiaries.
The Business Continuity Plans operate in accordance with the internal regulations and procedures in place in PZU Group companies. Despite the crisis situation, there were no major disruptions associated with continuity of operation of the business processes
Model risk, classified by the PZU Group as significant, is defined as the risk of incurring financial losses, incorrectly estimating data reported to the regulatory authority, taking incorrect decision or losing reputation as a result of errors in the development, implementation or application of models.
The formal identification and assessment process for this risk is currently being developed in PZU and PZU Życie. The process aims to ensure high quality of model risk management practices.
The model risk management process involves:
In the entities from the banking sector, given the high significance of model risk, the management of this risk has already been implemented in the course of adaptation to the requirements of Recommendation W issued by the KNF. Both PZU Group banks have defined standards for the model risk management process, including the rules for developing models and evaluating the quality of their operation, ensuring at the same time appropriate corporate governance solutions.
The compliance risk understood as the risk that the PZU Group may infringe on the law, internal regulations and adopted standards of conduct, including ethical standards, which results or may result in:
PZU makes efforts aimed at ensuring adequate and uniform standards of compliance solutions in all subsidiaries and monitors compliance risk throughout the entire Group.
In 2021 the compliance systems of PZU Group entities were aligned with the standards set by PZU.
The provision of full information on compliance risk in Group companies is the responsibility of their compliance units. They are required to assess and measure compliance risk, undertake and implement appropriate remedial actions, which reduce the likelihood of realization of this risk.
PZU Group entities are obligated to provide ongoing information on compliance risk to the PZU Compliance Department. The tasks of the Compliance Department include, among others:
Compliance risk includes, in particular, the risk that the operations performed by PZU Group entities will be out of line with the changing legal environment. This risk may materialize as a result of delayed implementation or absence of clear and unambiguous laws, or what is known as a legal gap. This may cause irregularities in the PZU Group’s business and, as a result, lead to higher costs (for instance, administrative penalties, other financial penalties) and a heightened level of loss of reputation risk.
Due to the broad spectrum of the PZU Group’s business, reputation risk is also affected by the risk of litigation is predominantly inherent in the Group’s insurance companies and banks.
The identification and assessment of compliance risk for each internal process in PZU Group entities is the responsibility of the heads of organizational units, in accordance with the allocation of responsibility for reporting. Moreover, compliance units in PZU Group entities identify compliance risk on the basis of notifications to the register of conflicts of interest, gifts and irregularities, and from inquiries sent to them.
Compliance risk is assessed and measured by calculating the effects of risk materialization of the following types:
Compliance risk is monitored through:
Management actions in response to compliance risk include in particular:
As part of efforts aimed at reducing compliance risk in the PZU Group at system level and day-to-day level, the following risk mitigation actions are undertaken:
The actions in 2021 in the compliance area were also associated with the PZU Group continuing to meet the criteria for treating it as a financial conglomerate, and hence applying supplementary oversight to it under the Act of 15 April 2005 on supplementary oversight over credit institutions and insurance undertakings, reinsurance undertakings and investment firms comprising a financial conglomerate.
Moreover, the compliance area was involved in the work on aligning the Company to the requirements stemming among others from the following legal acts:
Moreover, PZU Życie implemented the necessary measures that ensured adaptation to the product intervention (KNF’s decision of 15 July 2021 prohibiting the marketing, distribution and sale of investment products – life insurance agreements if they feature unit-linked funds), and in particular it assured that the updated product offer included solely and exclusively products that meet all the criteria set forth in the decision issued by the regulatory authority.
When managing the various categories of risk, the PZU Group identifies, measures and monitors risk concentration. Compliance with the regulatory obligations imposed on groups identified as financial conglomerates is supported by the model introduced in 2020 to manage significant risk concentration in the PZU Financial Conglomerate in keeping with the requirements of the Supplementary Supervision Act.
Supplementary supervision protects the financial stability of lending institutions, insurance undertakings, reinsurance undertakings and investment firms being members of financial conglomerates. The supervision is exercised, among others, through measuring the risk concentration level in the financial conglomerate as a whole, also from the perspective of regulated entities being its members.
The implementation of this model served the purpose of defining the risk concentration management principles and supporting the units involved in the process, in particular through:
Regulated subsidiaries monitor and submit regular reports to the leading entity in the PZU Financial Conglomerate on the measures and data required to identify risk concentrations. In the case of identification of an excessive risk concentration, management actions are implemented on the level of the given entity or the whole financial conglomerate.
Risk concentration is measured and monitored, in particular, in the following dimensions:
e-mail: IR@pzu.pl
Magdalena Komaracka, IR Director, tel. +48 (22) 582 22 93
Piotr Wiśniewski, IR Manager, tel. +48 (22) 582 26 23
Aleksandra Jakima-Moskwa, tel. +48 (22) 582 26 17
Aleksandra Dachowska, tel. +48 (22) 582 43 92
Piotr Wąsiewicz, tel. +48 (22) 582 41 95