Risk Governance

  • Home
  • Risk Governance
Risk Management

The Risk Management structure and process are part of the wider internal control and risk management system which operates according to three levels: 

  • the first line of defence is the operating structures; they are the primary bodies responsible for the risk management process and must ensure compliance with the adopted procedures;
     
  • the second line of defence is responsible for compliance with the operational limits assigned to the various functions, and is composed of control functions, including the Risk Area, which are distinct from the operational ones; 
     
  • the third line of defence is entrusted to the Internal Audit function, which verifies the completeness, functionality, adequacy and reliability of the risk management process.

 

Immagine

Within Unipol:
 

  • The Board of Directors, establishes the guidelines for the Internal Control and Risk Management System to support Unipol’s long-term value creation. The Board also assesses, at least annually, the adequacy of the system. 
     
  • The Control and Risks Committee plays a propositional, advisory, investigative and support role to the Board of Directors in defining the guidelines for the Internal Control and Risk Management System. 
     
  • The Chief Executive Officer is responsible for identifying the key corporate risks faced by the Group and its subsidiaries, considering the nature of their activities, and regularly presenting these risks to the Board of Directors for review. 
     
  • The Chief Risk Officer supports the Board of Directors, the General Manager, and Top Management in evaluating the adequacy and effectiveness of the Risk Management System. The CRO reports findings to these bodies, highlighting any deficiencies and proposing corrective actions. This responsibility is carried out within the framework of the Own Risk and Solvency Assessment (hereafter “ORSA”) process, ensuring that risk management activities across all relevant departments are properly coordinated. 
     
  • The Internal Audit Function is entrusted with the responsibility of assessing and monitoring the effectiveness, efficiency, and adequacy of the internal control system, as well as the broader components of the Unipol’s corporate governance framework. Audit activities are planned annually according to a risk-based approach, which considers the full range of business operations, the corporate governance structure, and anticipated developments and innovations.
     
  • The Regulator for the Italian insurance market IVASS (Istituto per la Vigilanza sulle Assicurazioni) is entrusted with external oversight- for the stability, transparency, and fairness of the Italian insurance sector. Among other things, IVASS is responsible for supervising insurers' financial soundness, by ensuring solvency and capital adequacy under the Solvency II framework and monitoring risk management and governance systems, including internal controls by conducting on and off-site inspections and reviews.