Risk management

The Board establishes both the risk manage­ment principles and closely connected remuneration principles and provides guidance on the risk management governance structure and internal control in the business areas. Working within the framework of these principles and guidelines, the subsidiaries tailor their risk manage­ment practices to take account of the special features of their respective business activities. The Board makes decisions on strategy, performance targets and overall guidelines regarding capital management.

Risk is generally defined as the effect of uncertainty on objectives. Risk management means, in particular, making decisions about what risks to take and what risks are not to be taken. Risk management requires knowledge of risks and the ability to assess them. Integral parts of risk management are business continuity management and compliance with internal and external guidelines.

Principles and responsibilities in risk management

The Group’s holding company, Sampo plc, is responsible for the Group’s capital management activities. These actions are guided by targets set for Group level solvency and debt leverage and they include decisions on Group level investment exposures, business growth and performance targets, reinsurance strategies, capital distributions and capital instrument issuances.

The business functions are in charge of pricing their products and services and organising their sales and implementation processes, for ensuring the profitability, efficiency, quality, security and continuity of their operations as well as the liability towards the clients. The business functions are required to organise their risk management activities - identification, assessment, measurement, monitoring and adjustment of risks – within the principles and definitions described in the Sampo Group Risk Management Principles.

Managing risk includes first and second line roles. First line roles include business functions, most directly aligned with the delivery of products and services to clients, and portfolio management and support functions. Second line roles, including risk management and compliance functions, provide complementary expertise, support, monitoring and challenge related to the management of risk.

The third line consists of the Internal Audit function.

Risk management reporting

Group companies have internal and group-wide reporting responsibilities. At group-level profits, risks and capital are reported at least quarterly and reporting shall mainly be based on reporting undertaken in sub-groups. Reporting must take into account the specific features of companies’ business activities and their business environment.