Internal control and risk management system

The internal control and risk management system is a key element in the overall Group corporate governance system; it comprises the set of rules, procedures and organisational structures aimed at the effective and efficient identification, measurement, management and monitoring of the main risks, in order to contribute to the sustainable success of the Group and the individual companies.

This system is subject to regular assessment and review in relation to developments in company operations and reference context.

Within the scope of the internal control and risk management system, the Company set up the Key Functions (audit, risk management, compliance and actuarial functions) that:

  • are separated from an organisational point of view,
  • report directly to the Board of Directors and
  • operate under the coordination of the Director appointed by the Board of Directors to oversee the internal control and risk management system, identified as the Chief Executive Officer and Group CEO of the Company, in accordance with the Corporate Governance Code.

The Key Functions in the Company are allocated to the Audit Function, the Chief Risk Officer (and the Risk Area), the Compliance and Anti-Money Laundering Function and the Actuarial Function respectively, and carry out the activities for which they are responsible both at individual level, with regard to Unipol itself, and at Group level.

As the parent company, Unipol carries out activities of governance, direction and coordination for the Group, in a proportionate manner, also considering the activities carried out within the Group, the individual risk profile and the contribution of each company to the risk of the Group as a whole.

The Managers of the Key Functions submit to the company bodies on an annual basis the plan of activities and every six months a report on the activities carried out, the assessments made and the related results.

The main duties and responsibilities of the Key Functions are set out in the related sections. 

As part of the Compliance and Anti-Money Laundering Function, the anti-money laundering function has the duty to continuously verify that the business procedures adopted in the Group are in line with the goal of preventing and combating the violation of external provisions (laws and regulations) and internal regulations on the prevention of money laundering risk.

Other bodies and parties take part in the internal control and risk management system of the Company, including: the Board Committees, the Board of Statutory Auditors, the Supervisory Board established pursuant to Legislative Decree 231/2001, the Financial Reporting Officer, the Data Protection Officer and the Top Management.

Control activities cannot be assigned exclusively to some specific offices or to supervision and control bodies. All of the operating structures need to play their own role in verifying the transactions carried out, based on different levels of responsibility.

Key Functions

Audit
Assesses and monitors the effectiveness, efficiency and adequacy of the internal control system and of the other relevant components of the corporate governance framework.
Risk management
Identifies, measures, assesses and monitors on an ongoing basis the current and prospective risks to which the Group is or could be exposed and their correlation.
Compliance
Evaluates the adequacy of procedures, processes, policies and internal organization in order to prevent the risk of non-compliance with regulations.
Actuarial function
Coordinates the calculation of technical provisions, assessing the adequacy of methodologies, models and assumptions as well as the quality of the data used.