Risks Exposure

Immagine

For the year 2025, the main risks to which the Group is exposed are Market risk, Financial sector risks, and Non-Life underwriting risk based on both their magnitude and their likelihood:

1. Market risk represents the largest component of the SCR and has further increased in the past year, with an economic impact of approximately €/bln 3.21, highlighting its magnitude. It comprises exposures to interest rate volatility, equity market fluctuations, and credit spread movements. Its material relevance is demonstrated by the results of sensitivity testing: for instance, a -30% downward shock to equity markets  would cause a 9 percentage point decline in the Solvency Ratio, underscoring the system's sensitivity to market shifts.
2. Financial sector risks (Credit and fin. sector risks in the graph) arise from the Group’s strategic participations in BPER Banca, with a capital impact of approximately €/bln 2.24 corresponding to the proportional share of the SCR from these banking entities under Solvency II. The likelihood of this risk materialising is related mostly to the asset quality of credit portfolio and creditworthiness of the debtors.
3. Similarly, Non-Life underwriting risk shows a significant impact, contributing around €/bln 1.82 in magnitude to the SCR. This risk includes potential losses arising from pricing inadequacies, claims volatility, and exposure to catastrophic events. Its likelihood is amplified by the increasing frequency and severity of natural disasters, confirming a rising trend in both occurrence and impact of climate-related events. In particular, inflation is a determining factor in the underwriting risk; sensitivity testing shows that an upward shift of +100 basis points would determine a loss of 4 percentage point in the Solvency Ratio.

Each risk is monitored and mitigated individually by implementing targeted actions based on the nature of each risk. For market risk, these include prudent asset allocation focused on investment-grade securities, robust asset-liability management strategies, and application of the Volatility Adjustment (VA) to reduce exposure to market volatility. Asset allocation and investment strategies are periodically reviewed in Investment committees involving business and risk functions where, among other things, solutions to risk appetite and risk limit breaches are devised if and when they occur. 

For non-life underwriting risk, mitigation strategies involve the use of telematics, satellite imagery, climate models, among others for more precise risk selection, development of proprietary vehicle repair networks such as UnipolService  and UnipolGlass (1) to channel and optimise claims costs and handling, portfolio repricing initiatives in response to climate-related exposures, and strategic reinsurance arrangements. 

Finally, financial sector risks are monitored by running a parallel model to the sectoral regulations where the Insurance Group Solvency ratio is calculated under the assumption that the banking associates are treated as non-strategic equity investments. This allows to monitor closely the value of shareholding participation and include it in equity and concentration risk metrics. 

In addition, the Solvency II regime requires to have sufficient available capital to face the aggregate risks to which the company is exposed. This is measured by calculating the excess capital that remains after the company has covered its risk requirements with its available own funds. 

At year-end 2025, Unipol Own Funds amounted to €/bln12.2, of which €/bln 7.7was classified as Tier 1 insurance, while the SCR stood at 5.3€bn, leading to an Excess Capital of roughly €/bln 6.9. 
These practices, embedded in the Internal Control and Risk Management System, reflect Unipol’s commitment to maintaining a sound, forward-looking, and risk-aware operational culture.

Risk exposure is assessed quarterly, with flexibility for more frequent recalibration as needed by the Group. Notably, during 2025 and 2026, IVASS engaged in frequent supervisory assessments in the context of the authorization process for updates to the Group’s Internal Model. These activities involved a detailed examination of the methodologies, assumptions, controls, and decision-making processes underpinning the internal model, accompanied by a comprehensive evaluation of their consistency with regulatory requirements and their integration within the broader risk management framework.

(1) For more information on UnipolService and UnipolGlass go to https://www.unipolservice.it/  and https://www.unipolglass.it/  

Commitment

As part of its ERM Framework, Unipol is committed to maintaining a robust and forward-looking system for monitoring sustainability-related risks. This commitment aims to safeguard the Group’s capacity to create long-term value for both itself and its stakeholders. 

Risk Identification and Assessment 

The Group proactively identifies, assesses and mitigates potential ESG impacts, grounded in science-based research, across all stages of the value chain. Sustainability-related risks, including climate risk, are assessed by studying how they affect traditional risk categories in the ERM taxonomy (e.g., underwriting and market risks). This integrated approach facilitates monitoring by understanding the magnitude of potential financial and reputational impacts on the Group’s consolidated risk-adjusted balance sheet.

Forward-Looking Risk Analysis 

The Group studies macrotrends affecting sustainability-related risks using the same forward-looking techniques as for traditional risks. This enables early identification of emerging ESG risks and ensures they are addressed in decision-making and operations. 

Integration into Risk Appetite Framework (RAF) 

Since 2020, ESG risks have been integrated into the Group’s RAF. These risks are monitored through defined limits within the Group’s RAS. 

Immagine

The Group has structured sustainability-related risk controls within the individual categories of current risk, so as to manage such risks at all stages of the value-creation process and to mitigate the onset of any reputation risk associated with such risks. These measures are also designed to prevent the concentration of exposures to areas and/or sectors that are significantly exposed to sustainability-related risks. In this context, particular consideration is given to climate change and its impacts on underwriting and investment activities.

The safeguards designed to prevent the onset of sustainability-related risks and to mitigate their effects are defined in the Management Policies of individual risk categories, where appropriate, such as, inter alia: 

• Investment policy;
• Underwriting Policies relating to the Non-Life business and the Life business;
• Reserving Policies relating to the Non-Life business and the Life business;
• Outsourcing and supplier selection Policy;
• Reinsurance and other risk mitigation techniques Policy;
• Policy on the protection and valorisation of personal data.

For climate risk, Unipol has developed its impact assessment analysis through stress testing based on more than one climate scenario. Climate scenarios allow to quantify, according to a single storyline, the aggregated potential losses to the Group’s risk adjusted balance sheet and capital strength considering both:

Physical climate risks i.e. physical damage such as but not limited to the damage due to deteriorating weather conditions on physical assets owned by the Group and used for its own operations (real estate risk), and, 

Climate transition risk i.e. transition effects arising from the constraints and/or opportunities that will exist to switch to a more sustainable climate environment such as but not limited to the impact of changes to legislation that are adopted to combat climate change (legal risk), the impact of shifts in customer behavior and sentiment as climate change worsens (litigation/ business/ reputational risk), and/or the effects of technological innovation that help or hinder the transition to a more sustainable alternative (technological risk). 

These scenarios represent pathways where global temperatures rise either above or remain below 2°C by 2100, in line with regulatory requirements (2). For completeness, quanti/qualitative assessments were carried out  on additional IPCC scenarios. These were analysed with short-, medium- and long-term time horizons.

One of the fully quantified scenarios was developed across multiple timelines (short- and medium-term time horizons) and considered the Group’s business “as-is”. They are based on: 

- the Network for Greening the Financial System (NGFS) Phase V. NGFS which identifies the macroeconomic variables for the assessment of transition risks, and 

- the Intergovernmental Panel on Climate Change (IPCC), which identifies the geophysical variables used to assess physical risks. 

In line with a conservative approach, the scenarios do not consider the impacts of future management actions (e.g. investment portfolio reallocation), infrastructural changes (e.g. planned capex improvements to buildings for own use), or market conditions.
 

Immagine

Graph: NGFS scenarios in Phase 5 – indication of the scenarios used by Unipol

For the 2025 ORSA, the scenarios selected are: 

Current Policies representing a climate pathway characterized by an increase in global average temperatures of approximately 3°C by the end of the century, under a scenario in which no additional climate mitigation actions are implemented beyond those already in place. This scenario falls within the Hot House World category of NGFS Phase V scenarios, which are characterized by high physical risks and low transition risks, as the limited global efforts undertaken are insufficient to prevent significant global warming. As a result, this pathway does not achieve the objective of net-zero CO₂ emissions by 2050. The absence of additional climate policies, combined with slow and limited technological progress and a low deployment of carbon dioxide removal (CDR) technologies, leads to a substantial increase in global temperatures well beyond the targets set by the Paris Agreement. For the assessment of impacts on the Group’s Non-Life business and real estate exposures, the conditions of this scenario are approximated using a combination of IPCC RCP 6.0—one of the more severe pathways considered—and a long-term time horizon around 2065. This combination corresponds to an estimated increase in global average temperatures of approximately 2.1°C compared to pre-industrial levels, which is consistent with a 30-year forward-looking assessment of the NGFS “Current Policies” scenario.

NetZero 2050 Short Term scenario  representing a climate pathway consistent with the achievement of net-zero CO₂ emissions by 2050, based on the immediate and coordinated implementation of ambitious climate policies at global level, this scenario assumes a rapid acceleration of decarbonisation efforts across all sectors, driven by stringent regulatory measures, strong technological innovation and a widespread adoption of low-carbon solutions. As a result, the scenario is characterized by significant transition risks in the short term, due to abrupt adjustments in economic and financial systems, including changes in market prices, asset valuations and business models. At the same time, physical risks remain limited in the short term, as the benefits of mitigation actions progressively materialize over time. The limited increase in global temperatures associated with this pathway is consistent with a trajectory aimed at containing global warming to around 1.5°C above pre-industrial levels (i.e. well below 2°C), in line with the objectives of the Paris Agreement, and is broadly aligned with IPCC low-emission pathways, primarily RCP 2.6. The analysis is conducted over a short-term horizon, aligned with the business planning cycle, to assess the Group’s resilience to immediate transition shocks, particularly in relation to market dynamics, repricing effects and regulatory changes.

Net Zero 2050 Medium-Term scenario represents the progressive continuation of the decarbonization pathway initiated in the short term, with sustained policy action and technological transformation across the global economy. In this scenario, emissions reductions continue in a structured and coordinated manner, enabling the achievement of climate targets over the longer term. Compared to the short-term variant, transition risks remain present but become more gradual and predictable, as economic agents progressively adjust to the new regulatory and technological environment. At the same time, physical risks are significantly mitigated compared to high-emission scenarios, due to the containment of global temperature increase in line with climate objectives. From a physical risk perspective, this scenario is primarily associated with IPCC RCP 2.6, with possible reference to intermediate pathways (e.g. RCP 4.5) for sensitivity analyses, reflecting a trajectory of limited global warming relative to pre-industrial levels. The analysis is carried out over a medium-term horizon, consistent with the Group’s industrial planning cycle, allowing the assessment of how both residual transition risks and moderated physical risks evolve and impact the Group’s risk profile, financial position and strategic outlook over time.

Complementary hazard-based analysis (Flood and Severe Convective Storms – SCS), focusing on specific physical risk drivers particularly relevant for underwriting portfolios, especially in the domestic context. Flood risk is analyzed using multiple IPCC scenarios (e.g. RCP 2.6, 4.5, 6.0 and 8.5), assessed at regular time intervals up to long-term horizons, enabling the evaluation of short-, medium- and long-term exposures. Severe Convective Storms (SCS) are analyzed using selected IPCC pathways (e.g. RCP 4.5 and 8.5) across short- and long-term horizons. This complementary analysis supports a more granular understanding of the evolution of climate physical hazards and their potential impacts on underwriting performance.
 

(2) Application guidance on running climate change materiality assessment and using climate change scenarios in the ORSA (EIOPA-BoS-22/329).

Immagine

Governance

Unipol has implemented a robust and structured governance model for managing information security and ICT risk, fully integrated into the Group’s internal control and risk management system. 

• Board-level oversight is ensured by the Board of Directors, which approves the Information Security Policy, the ICT Strategic Plan, and the Digital Operational Resilience Strategy. The Board is also responsible for establishing an effective ICT risk management system as part of the broader ERM framework. The Control and Risks Committee receives regular updates and reports on cybersecurity matters, ensuring continuous and informed oversight. 
• Executive responsibility is assigned to senior executives with clearly defined mandates around information security: 
  • The Chief Risk Officer (CRO) plays a central role in overseeing the Group-wide ICT risk analysis and mitigation framework, ensuring the validation of risk scenarios and stress testing outcomes. This strategic oversight is reinforced by his direct reporting line on the ICT Risk Manager, responsible for defining the Group’s Information Security Policy and corporate Cyber Security Guidelines and for monitoring their consistent implementation by the first level functions. 
  • The Chief Information Officer (hereafter “CIO”) is responsible for preparing the ICT Strategic Plan and contributes to the implementation of the Digital Operational Resilience Strategy, ensuring that the technological infrastructure can support the business objectives while complying with the Group policy and Guidelines (Section 6.5). 

Policy and Program

 Unipol’s commitment to information security is formalized through a certified and continuously evolving governance framework. The Group being certified under ISO/IEC 27001:2013, has adopted an ISMS designed to establish, implement, maintain, and continuously improve its information security practices. 

The Information Security Policy defines the overarching principles for information security, strategic guidelines for managing cyber and information security risks, and the roles and responsibilities of the actors involved in the processes. 

Key elements of the Policy include: 

• Continuous Improvement of Information 
  Security Systems Unipol adopts a continuous improvement approach to its Information Security Management Program, ensuring that systems evolve in response to emerging threats and operational needs. 
   
• Integrity and Protection of Data 
  Unipol adopts a risk-based approach to safeguard the confidentiality, integrity, and availability of information. The policy includes strict controls for data classification, secure access, encryption, and backup management, ensuring data accuracy and business continuity.
   
• Monitoring and Response to Information Security Threats 
  The Group has implemented continuous monitoring of ICT infrastructure to detect anomalies, vulnerabilities, and potential intrusions.
   
• Assignment of Individual Responsibilities Across the Workforce 
  Executive accountability is assigned to senior executives, including the CRO and CIO. All employees are trained and made aware of their responsibilities through regular cyber risk awareness and training programs.
   
• Security Requirements for Third Parties 
  Unipol extends its security governance to external partners and suppliers. Contracts include specific clauses on data protection, confidentiality, and service level agreements, ensuring that external risks are effectively managed.