Risks Exposure

Immagine

For the year 2024, the main risks to which the Group is exposed are Market risk, Financial sector risks, and Non-Life underwriting risk based on both their magnitude and their likelihood: 

1. Market risk: represents the largest component of the SCR, with an economic impact of approximately €/bln 2.97, highlighting its magnitude. It comprises exposures to interest rate volatility, equity market fluctuations, and credit spread movements. Its material relevance is demonstrated by the results of sensitivity testing: for instance, a 100-basis point decrease in interest rates would cause a 9 percentage point decline in the Solvency Ratio, underscoring the system's sensitivity to market shifts. 
    
2. Financial sector risks (Credit and fin. sector risks in the graph): arise from the Group’s strategic participations in BPER Banca and Banca Popolare di Sondrio, with a capital impact of approximately €/bln 2.05 corresponding to the proportional share of the SCR from these banking entities under Solvency II. The likelihood of this risk materialising is linked to the volatility of capital adequacy and profitability of the participating banks, as well as to market and regulatory shocks affecting the banking sector.
    
3. Similarly, Non-Life underwriting risk: shows a significant impact, contributing around €/bln 1.80 in magnitude to the SCR. This risk includes potential losses arising from pricing inadequacies, claims volatility, and exposure to catastrophic events. Its likelihood is amplified by the increasing frequency and severity of natural disasters, confirming a rising trend in both occurrence and impact of climate-related events. 

In terms of risk mitigation, Unipol implements targeted actions based on the nature of each risk. For market risk, these include prudent asset allocation focused on investment-grade securities, robust asset-liability management strategies, and application of the Volatility Adjustment (VA) to reduce exposure to market volatility, hedging strategies through interest rates and equity derivative contracts. Asset allocation and investment strategies are periodically reviewed in Investment committees involving business and risk functions where, among other things, solutions to risk appetite and risk limit breaches are devised if and when they occur. 

For non-life underwriting risk, mitigation strategies involve primarily the use of reinsurance coverage and telematics, satellite imagery, climate models, among others for more precise risk selection, development of proprietary vehicle repair networks such as UnipolService¹ and UnipolGlass to channel and optimise claims costs and handling, portfolio repricing initiatives in response to climate-related exposures, and strategic reinsurance arrangements. 

Finally, financial sector risks are monitored by running a parallel model to the sectoral regulations where the Insurance Group Solvency ratio is calculated under the assumption that the banking associates are treated as non-strategic equity investments. This allows to monitor closely the value of the shareholding participation and include it in equity and concentration risk metrics. 

These practices, embedded in the Internal Control and Risk Management System, reflect Unipol’s commitment to maintaining a sound, forward-looking, and risk-aware operational culture. 

Risk exposure is assessed quarterly, with flexibility for more frequent recalibration as needed by the Group. Notably, in Q1 2024, IVASS authorized significant updates to our risk assessment methodologies, by accepting major change model adjustments, accompanied by a review of associated processes.

¹For more information on UnipolService and UnipolGlass go to https://www.unipolservice.it/ and https://www.unipolglass.it/  

Commitment

As part of its ERM Framework, Unipol is committed to maintaining a robust and forward-looking system for monitoring sustainability-related risks. This commitment aims to safeguard the Group’s capacity to create long-term value for both itself and its stakeholders. 

Risk Identification and Assessment 

The Group proactively identifies, assesses and mitigates potential ESG impacts, grounded in science-based research, across all stages of the value chain. Sustainability-related risks, including climate risk, are assessed by studying how they affect traditional risk categories in the ERM taxonomy (e.g., underwriting and market risks). This integrated approach facilitates monitoring by understanding the magnitude of potential financial and reputational impacts on the Group’s consolidated risk-adjusted balance sheet.

Forward-Looking Risk Analysis 

The Group studies macrotrends affecting sustainability-related risks using the same forward-looking techniques as for traditional risks. This enables early identification of emerging ESG risks and ensures they are addressed in decision-making and operations. 

Integration into Risk Appetite Framework (RAF) 

Since 2020, ESG risks have been integrated into the Group’s RAF. These risks are monitored through defined limits within the Group’s RAS. 

Immagine

The Group has structured sustainability-related risk controls within the individual categories of current risk, so as to manage such risks at all stages of the value-creation process and to mitigate the onset of any reputation risk associated with such risks. These measures are also designed to prevent the concentration of exposures to areas and/or sectors that are significantly exposed to sustainability-related risks. In this context, particular consideration is given to climate change and its impacts on underwriting and investment activities.

The safeguards designed to prevent the onset of sustainability-related risks and to mitigate their effects are defined in the Management Policies of individual risk categories, where appropriate, such as, inter alia: 

• Investment policy;
• Underwriting Policies relating to the Non-Life business and the Life business;
• Reserving Policies relating to the Non-Life business and the Life business;
• Outsourcing and supplier selection Policy;
• Reinsurance and other risk mitigation techniques Policy;
• Policy on the protection and valorisation of personal data.

For climate risk, Unipol has developed its impact assessment analysis through stress testing based on more than one climate scenario. 

Climate scenarios allow to quantify, according to a single storyline, the aggregated potential losses to the Group’s risk adjusted balance sheet and capital strength considering both: 

• Physical climate risks i.e. physical damage such as but not limited to the damage due to deteriorating weather conditions on physical assets owned by the Group and used for its own operations (real estate risk), and, 
• Climate transition risk i.e. transition effects arising from the constraints and/or opportunities that will exist to switch to a more sustainable climate environment such as but not limited to the impact of changes to legislation that are adopted to combat climate change (legal risk), the impact of shifts in customer behavior and sentiment as climate change worsens (litigation/ business/ reputational risk), and/or the effects of technological innovation that help or hinder the transition to a more sustainable alternative (technological risk). 

These scenarios represent pathways where global temperatures rise either above or remain below 2°C by 2100. 
In addition, qualitative assessments were carried out on a third NGFS scenario and additional IPCC scenarios, for completeness. 

Both quantified scenarios are developed across multiple timelines (short- and medium/long-term time horizons) and consider the Group’s business “as-is”. They are based on: 

• the Network for Greening the Financial System (NGFS) Phase IV. NGFS which identifies the macroeconomic variables for the assessment of transition risks, and 
• the Intergovernmental Panel on Climate Change (IPCC), which identifies the geophysical variables used to assess physical risks. 

In line with a conservative approach, the scenarios do not consider the impacts of future management actions (e.g. investment portfolio reallocation), infrastructural changes (e.g. planned capex improvements to buildings for own use), or market conditions. 

Immagine

For the 2024 ORSA, the scenarios selected are: 

• Current Policies as the scenario with the highest risk in terms of physical climate impacts. This scenario assumes no additional measures to mitigate climate change and no significant technological advancements to support the transition. It aligns with the 'Hot House World' pathway, characterized by high physical climate risks and low transition risks. It does not achieve the objective of limiting global temperature rise to below 2°C by 2100. The RCP 6.0 IPCC pathway is chosen to assess physical risks. The selected time horizon is consistent with the increase in target temperature provided by the Current Policies scenario in a 30-year forward-looking assessment. 
• Delayed Transition for its high level of severity while remaining underneath 2°C. This scenario is characterised by high emissions levels until 2030, assuming the late introduction of very stringent climate policies from that year onwards to limit warming to 2°C by the end of the century. This scenario falls within the Disorderly category of the NGFS scenarios and is characterised by (i) high transition risks, due to the late and potentially more stringent implementation of the measures necessary for decarbonisation and (ii) moderate physical risks, considering that the goal of limiting global warming is in any case pursued, albeit with a delay in action. The RCP 8.5 IPCC pathway is chosen to assess physical risks. The selected time horizon is consistent with the increase in target temperature provided by the Delayed Transition scenario in a 10-year forward-looking assessment. 
• NetZero 2050 scenario as the only scenario aligned with a 1.5°C global warming trajectory. This scenario assumes that ambitious climate policies and technological shifts are introduced immediately and forcefully impact the economy. However, this scenario was deemed unlikely in the near term due to shifts in the geopolitical landscape. Nevertheless, the Group conducted a qualitative analysis over a short-term time horizon to assess whether its impacts were similar to those observed in the two previously considered scenarios. 

More details on the identification, evaluation and monitoring of climate-related risks and the nature and related opportunities and the scenario analyses are available in the reports : “Unipol and climate change””; “ESG Supplementary communication for Market”; “Consolidated Sustainability Statement” specifically dedicated to reporting climate-related information

Immagine

Immagine

Governance

Unipol has implemented a robust and structured governance model for managing information security and ICT risk, fully integrated into the Group’s internal control and risk management system. 

• Board-level oversight is ensured by the Board of Directors, which approves the Information Security Policy, the ICT Strategic Plan, and the Digital Operational Resilience Strategy. The Board is also responsible for establishing an effective ICT risk management system as part of the broader ERM framework. The Control and Risks Committee receives regular updates and reports on cybersecurity matters, ensuring continuous and informed oversight. 
• Executive responsibility is assigned to senior executives with clearly defined mandates around information security: 
  • The Chief Risk Officer (CRO) plays a central role in overseeing the Group-wide ICT risk analysis and mitigation framework, ensuring the validation of risk scenarios and stress testing outcomes. This strategic oversight is reinforced by his direct reporting line on the ICT Risk Manager, responsible for defining the Group’s Information Security Policy and corporate Cyber Security Guidelines and for monitoring their consistent implementation by the first level functions. 
  • The Chief Information Officer (hereafter “CIO”) is responsible for preparing the ICT Strategic Plan and contributes to the implementation of the Digital Operational Resilience Strategy, ensuring that the technological infrastructure can support the business objectives while complying with the Group policy and Guidelines (Section 6.5). 

Policy and Program

 Unipol’s commitment to information security is formalized through a certified and continuously evolving governance framework. The Group being certified under ISO/IEC 27001:2013, has adopted an ISMS designed to establish, implement, maintain, and continuously improve its information security practices. 

The Information Security Policy defines the overarching principles for information security, strategic guidelines for managing cyber and information security risks, and the roles and responsibilities of the actors involved in the processes. 

Key elements of the Policy include: 

• Continuous Improvement of Information 
  Security Systems Unipol adopts a continuous improvement approach to its Information Security Management Program, ensuring that systems evolve in response to emerging threats and operational needs. 
   
• Integrity and Protection of Data 
  Unipol adopts a risk-based approach to safeguard the confidentiality, integrity, and availability of information. The policy includes strict controls for data classification, secure access, encryption, and backup management, ensuring data accuracy and business continuity.
   
• Monitoring and Response to Information Security Threats 
  The Group has implemented continuous monitoring of ICT infrastructure to detect anomalies, vulnerabilities, and potential intrusions.
   
• Assignment of Individual Responsibilities Across the Workforce 
  Executive accountability is assigned to senior executives, including the CRO and CIO. All employees are trained and made aware of their responsibilities through regular cyber risk awareness and training programs.
   
• Security Requirements for Third Parties 
  Unipol extends its security governance to external partners and suppliers. Contracts include specific clauses on data protection, confidentiality, and service level agreements, ensuring that external risks are effectively managed.