Unipol adopts a structured and integrated risk management process within its ERM framework. This process is structured into four key steps:
- Risk Identification
- Risk Assessment (Current and Forward-Looking)
- Risk Monitoring and Reporting
- Risk Mitigation
Unipol’s Risk Appetite is formalized in the Risk Appetite Statement (RAS) and embedded in the broader Risk Appetite Framework (RAF). The RAF is defined in alignment with the business model, strategic plan, ORSA, budget, and internal control system. It includes:
- Risk Capacity: The maximum risk the Group can bear in relation to its eligible own funds, ensuring solvency requirements are not breached.
- Risk Appetite: The level of risk the Group is willing to accept to achieve strategic and business objectives, set either as a target or a range.
- Risk Tolerance: The maximum deviation from the Risk Appetite allowed under stress scenarios, aimed at maintaining business continuity.
- Risk Limits: Operational thresholds that help control specific risk exposures.
- Risk Profile: The actual risk exposure of the Group, continuously monitored and assessed against the stated appetite. Quantitative metrics used to define Risk Appetite include capital adequacy, capital at risk (SCR), liquidity indicators, and - specifically for Unipol standalone - loss metrics related to severe convective storms and IT risks.
Qualitative and quantitative objectives are also set for compliance, emerging, strategic, reputational, sustainability, business continuity, and ICT risks. Annual validation of the RAF is conducted during the budget-setting process and revised as needed in light of extraordinary transactions or evolving strategic objectives.