The Chief Risk Officer (CRO) supports the Board of Directors, the Managing Director and the Top Management in the evaluation, also at Group level, of the adequacy and effectiveness of the risk management system. The CRO highlights any issues and deficiencies in order to identify recommendations for their removal. The CRO identifies also the methodologies and methods used, in particular in the context of the current and prospective internal risk and solvency assessment, in order to manage risks.
The risk management system is the set of processes and tools used to support the risk management strategy of the Unipol Group; it provides adequate understanding of the nature and significance of risks to which the Group and the individual companies are exposed. The risk management system allows the Group to have a single point of view and a holistic approach to risk management, and it is an integral part of the management of the business.
In the risk management system, the Risk Area is responsible for identifying, measuring, assessing and monitoring on an ongoing basis the current and prospective risks to which the Group and individual companies are or may be exposed and their interdependencies, at an individual and aggregate level.
The risk management system is described in the Group’s policies and in particular in the “Risk Management Policy”, the “Current and Forward-looking Risk Assessment Policy”, the “Operational Risk Management Policy” and the “Group-level Risk Concentration Policy”. A key component of the risk management system are the policies that outline the principles and guidelines on (i) management of specific risk factors, (ii) management of a risk in a specific process, (iii) mitigation of a risk, and (iv) management of the risk measurement models.
The Risk Area is in charge of the design, implementation, development and maintenance of the risk measurement and control system. Among these, special relevance is given to the development and the use of instruments to calculate the capital required against the risks identified and specifically the Internal Model. Within the Group, the responsibility for the design and implementation of the Internal Model is separate from the responsibility for its validation.
The Risk Area also contributes to the dissemination of a risk culture throughout the Group.