Annual Report 2022
4.7.3
Identified risks

The risks identified are clustered into:

  • Strategic risks (including emerging risks);

  • Financial risks;

  • Non-financial risks.

Strategic risks

In 2022, a.s.r.’s risk priorities were:

  • Interest rates and inflation;

  • Climate change and energy transition;

  • Cyber- and information security;

  • COVID-19/pandemics;

  • Impact of supervision, legislation and regulations and juridification of society.

Interest rate and high inflation

The past decade was characterised by many years of stable inflation and low interest rates,well below long-term equilibrium levels. Following very high inflation, we saw a significant rise in interest rates in 2022. Looking ahead, the current situation may continue (stagflation). However, the possibility of the economy going into recession and interest rates falling cannot be ruled out.

According to economic theory, high inflation is linked to high interest rates - at least in the medium term. Depending on the positioning of the interest rate hedge and inflation hedge, the adverse effect of high inflation (higher indexation of benefits and increase in wage costs) is offset by higher interest rates (lower Ultimate Forward Rate (UFR) drag). A rise in interest rates also leads to increasing liquidity needs for collateral of the interest rate derivatives. If the interest rate development lags behind expected inflation, this may have a negative effect on balance. A fall in interest rates can also be detrimental to the solvency.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

In the annual SAA study, a.s.r. examines several possible economic scenarios, including stagflation. In the interim, follow-up analyses can be carried out. If necessary, this results in adjustments in the investment policy, in order to reduce solvency risks.

Depending on economic developments, interest rate and inflation hedges will be adjusted,taking into account the indirect effects from other asset classes.

Depending on the level and duration of inflation - and thus the impact on a.s.r. due to, amongother things, higher claims costs - possible premium increases will be implemented to offset inflation.

Climate change and energy transition

Climate change and energy transition affect insurable risks and investments. a.s.r. wants to minimise its negative impact on the climate and, where possible, make a positive contribution to climate mitigation and adaptation through its investments, products and services.

Climate-related risks are divided into physical, transition and reputational risks. Physical risks can be acute, such as extreme weather events, or chronic when they arise from gradual changes such as water shortages, rising temperatures or rising sea levels. Chronic climate change could lead to biodiversity loss. The Netherlands is also experiencing greater variations in weather patterns and climatic changes. The transition to a climate-neutral society involves changes in legislation and regulations, adapted supervision, technological developments, market changes and changes in consumer preferences/needs.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

Developments from climate change are taken into account in the products and services that a.s.r. develops and offers. Examples include offering flood cover, the sustainability mortgage and offering sustainable damage repair. To mitigate transition risks, a.s.r. cooperates with several research institutes, reinsurers and other insurers, and knowledge holders to gain as much knowledge as possible about the new technologies. These cooperations enable a.s.r. to determine the right price and conditions to insure these risks in a responsible manner.

a.s.r. expresses a clear ambition in the field of sustainability, partly to comply with the Paris Agreement (to which a.s.r. committed in 2015). a.s.r. also supports the energy transition through impact investments in, for example, wind and solar farms and a strict Socially Responsible Investment (SRI) policy to reduce CO2-eq emissions in the investment portfolio. In addition, a.s.r. has joined the Net Zero Insurance Alliance (NZIA), committing to a climate-neutral insurance portfolio by 2050. In 2023, a.s.r. will develop shorter-term targets (2030) in this context. In terms of investments, a.s.r. has also committed to net-zero by 2050.

Finally, a.s.r. also encourages its (potential) customers to take preventive measures to avoid climate damage and/or save energy. Business customers can obtain advice through a risk inspection. For individuals, a.s.r. has the digital Sustainable Living platform. For this, a.s.r. works with PorteRenee.nl to get (potential) customers to make their homes more sustainable and save energy.

To adequately address mitigation and adaptation of climate risks, a.s.r. will continuously strengthen its policies and measures.

Cyber and information security

Technological development results in opportunities and threats through ongoing digitisation and automation at both a.s.r., its IT suppliers, and its customers. IT risks related to cyber, information security, IT outsourcing and data are persistently high, due to a constant threat from cyber criminals and the visible growth of ransomware attacks. In addition, the use of IT outsourcing (including the use of cloud services), the growing volume of (sensitive) data, the increased use of new applications for digitisation (including the use of data) and automation, increases the importance of IT risk management. Geopolitical tensions are not yet leading to visibly increased criminal activity but are a reason to remain highly vigilant. Cyber risks increase when IT systems are not secured adequately or because of the human factor.

a.s.r. monitors and assesses relevant developments of these risks, and implements appropriate control measures both internally and at its suppliers.

a.s.r. has implemented a system of measures based on international standards. a.s.r. actively monitors the threat landscape and invests in prevention, detection and response skills and technology to strengthen its cyber resilience so that customers can continue to rely on a.s.r.’s secure digital services. If a.s.r. is hit by a serious comprehensive ransomware attack, only an ‘offline backup’ can restore business continuity. Due to the time required to investigate the cause of the cyber attack and the time required for recovery, the impact is very high. a.s.r. is taking several other measures, including an information security awareness programme, to improve employee awareness and behaviour towards information security. Specific tooling is used to increase the necessary mindset and skillset, such as Gamification and phishing campaigns.

a.s.r. is actively involved in partnerships with financial institutions and public governing bodies, such as the National Cyber Security Centre, Digital Trust Center, Insurance-ISAC, Insurance-CERT, and the DNB Threat Intel Based Ethical Red-team programme (TIBER-NL). The aim is to share information to improve the financial sector’s resilience to cyber risks.

Being cyber resilient is important for a.s.r. as it contributes to its customer-oriented strategy. Customer trust is a great asset in this regard, and cyber resilience contributes to this.

a.s.r. informs those affected in case of high risks and/or possible consequences and when those affected are required to take measures to mitigate risks.

COVID-19/repeated pandemics

The impact of the corona pandemic on a.s.r.’s strategic objectives, operational processes and financial performance has proved to be limited. The course of a pandemic and the (long-term) consequences on society, the economy and a.s.r. are inherently uncertain and potentially large.

There is a risk that society will face new impactful global infectious diseases in the future. Possible causes include population growth, changes in food systems, environmental degradation and increasingly frequent contact between humans and disease-carrying animals. Illness and government measures can affect a.s.r.’s strategic objectives and operational processes. The potential impact on financial markets could affect a.s.r.’s financial performance.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

Key control measures in place at a.s.r. to mitigate risks are:

  • a.s.r. has developed policies, provisions, measures and steering information to manage the impact of the corona crisis and is closely monitoring the development of the current pandemic. These resources and the lessons learned from the corona crisis at a.s.r. provide input for managing the impact of any new pandemic. A crisis organisation has been set up within a.s.r. which will be activated when necessary.

  • a.s.r. contributes to the government’s approach by following basic measures to preventany crisis spreading. In a broader sense, strategic developments such as continuously strengthening the physical and mental fitness of employees and encouraging exercise anda healthy lifestyle among customers/employees (a.s.r. Vitality) contribute to increasing the resilience of a.s.r. and its environment.

Impact of supervision, legislation and regulations, and juridification of society

Legislation and regulations, including Solvency II, IFRS, sustainability (ESG), Customer Due Diligence (CDD), General Data Protection Regulation (GDPR), and sanctions legislation and regulations, are increasing, as well as their complexity and amendments to them. A large amount of new regulations, as announced under the EU Sustainable Financial Regulations (SFR), need to be interpreted and implemented within a short period of time. The field of cyber/information security has seen an increase in legislation and regulations, such as the European AI Regulation, the Digital Markets Act and the Data Act, Cyber Resilience Act and requirements from the new Corporate Governance Code regarding the role of directors in cybersecurity measures. At the same time, not all regulations are final at this point. Related developments, such as the Solvency II review and the UFR, affect a.s.r.’s capital requirement and solvency. The implementation and continuous tightening of (additional) control measures to comply with legislation and regulations leads to an increase in required capital.

Another dimension is the impact of possible political choices such as government interventionin the social insurance and pension system. This may have an impact on a.s.r.’s strategic direction and products as an insurer. Among other things, these developments lead to more personal responsibility and choices for citizens. This places heavier demands on providers to support and guide their customers in this respect (digitally).

There is also an ongoing focus by regulators, government and society on privacy, the use of data and the gate keeper function of the financial sector in the battle against money laundering, terrorist financing and tax evasion, among others. This is characterised by more data-driven and rule-based supervision and stricter requirements for demonstrable (non-)financial riskmanagement. Another aspect of this risk is the juridification of society. One example is the introduction of legislation in the field of settlement of large-scale losses in class actions and uncertainty about the outcome of legal disputes at a.s.r. and other market participants.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

On key themes, programmes and/or projects are set up to ensure sound implementation, such as the implementation of sustainability (ESG) legislation and regulations. Depending on the consequences of legislation and regulations, supervisory climate and juridification of society -and thus the impact on a.s.r. through, among other things, higher internal costs - possible premium increases will be implemented to offset these consequences.

CDD

CDD risk (including anti-money laundering) remains relevant for a.s.r. in order to guarantee sound and controlled business operations. To mitigate the risks of non-compliance relating to CDD, a.s.r. centralised a major part of its CDD screening and tooling. a.s.r. has set up a CDD Center that centrally manages compliance with CDD policy and reports centrally on this. The CDD Center has drawn up an action plan to further shape compliance with the relevant laws and regulations. The CDD Center uses the advice of the central CDD desk consisting of Compliance, Investigations, Legal and representatives of the business segments.

In response to Russia's invasion of Ukraine, a large number of natural persons, legal entities and institutions have been placed on EU sanctions lists since 23 February 2022 through various sanctions packages. The business units are immediately notified of new additions to the sanctions lists, which require immediate additional screening. In addition to continuous screening, all business units have been asked to carry out additional checks on client portfolios, including those that are clients of a.s.r. through intermediaries or agents. Agents have been reminded to be extra vigilant.

As a result, Compliance notified supervisory authorities of 10 business relations (companies) in which (sometimes several) UBOs produced a hit on the sanctions lists (total of 26). In all cases it concerns hits on regulations dating after 23 February 2022. Immediately after the discovery of a (possible) hit, the business relations were frozen. In the case of several 'hits', it was decided to part company relations (implementation of exit policy). In some cases, in collaboration with a legal advisor, it was assessed whether sufficient guarantees could be received from the business relations in question that the relationship could be continued. The aim is to establish that no funds flow from a.s.r.'s business client to a sanctioned UBO(s) and that adequate organisational measures are in place to prevent the sanctioned UBO(s) from having or exercising control.

IFRS 17/9

In June 2020, the International Accounting Standards Board (IASB) published the revised International Financial Reporting Standard 17 (IFRS 17) which was endorsed by the EU and will be effective from 1 January 2023. IFRS 17 is designed to facilitate comparability between insurers and to increase transparency in relation to risks, contingencies, losses and embedded options in insurance contracts. IFRS 9 Financial Instruments was published in July 2014 and will have a major impact on accounting for financial instruments (investments). In order to maintain cohesion between the two standards, a.s.r. applies the option in IFRS 4 which allows for the deferral of the implementation of IFRS 9 until the implementation of IFRS 17 in 2023. Since 2017, a.s.r. has had an internal programme in place to prepare for the implementation of IFRS 17 and IFRS 9 throughout the Group. In 2022, the programme IFRS 17 and IFRS 9 entered its final implementation phase. Systems were brought into production or are being further improved. The opening balance sheet and comparative figures 2022 have been prepared and analysed and included in the audit process. a.s.r. expects all systems, processes and the control environment to be implemented before the end of 2023. The presented condensed opening balance sheet and related disclosures in these consolidated financial statements 2022 are provisional. Since implementation has not been finalized some uncertainties have been identified.IFRS 17 and IFRS 9 had a major impact on the Group’s primary financial processing and reporting and had significant effect on financial statements and related KPIs. Finance, Risk, Audit and the business segments have all been given due attention in the programmes due to the need to develop an integrated vision. For more information, see chapter 6.3.3.

Solvency II

The Solvency II Directive came into force on 1 January 2016 and provided for two review clauses in its texts, a review in 2018 and a review in 2020. As part of the 2020 review, the European Commission (EC), the European Council and the European Parliament all published draft amendments to the Directive. Changes to the Solvency II Delegated Regulations are also in scope. The proposed amendments consist of various changes to the Solvency II framework, affecting most notably the liability discount curve, the risk margin and the volatility adjustment (VA). The trialogue negotiations (EC, Council and Parliament) will start in 2023. The implementation date is not yet known, but will probably not be before 1 January 2025. Some measures could include a phase-in period.

Sustainability Regulation

The Group has become subject to increasing sustainability regulations, such as SFDR, and to the EU Taxonomy Regulation, which is intended to facilitate sustainable investment. The EU Taxonomy Regulation will enter into force in stages and will be further developed over time. These regulations require the Group to report certain, additional information at the entity and product level. The sustainability regulations also include the amendment of existing directives and regulations such as Solvency II, the IDD, and the Markets in Financial Instruments Directive (MiFID II), Alternative Investment Fund Managers Directive (AIFMD), and Benchmarks Regulation (BMR). These amendments have an impact on product development and advice, CDD, risk management, solvency requirements and the disclosure of financial products. Other European sustainability legislation has been developed as well, such as the Corporate Sustainability Reporting Directive (CSRD) and draft Corporate Sustainability Due Diligence Directive (CSDDD). The CSRD will require the Group to disclose information on how it operates and manages social and environmental challenges. The main elements of the CSDDD are identifying, bringing to an end, preventing, mitigating and accounting for negative human rights and environmental impacts in the company’s own operations, their subsidiaries and their value chains. The developments in sustainability regulations and the impact of these developments on a.s.r. are continuously monitored. See chapter 4.9 for more detailed information on climate-related risks and opportunities, and Emerging risks.

Unit linked insurance

Political, regulatory and public attention has focused on unit-linked life insurance policies for some time now. Elements of a.s.r.’s unit-linked life insurance policies are challenged on multiple legal grounds in current legal proceedings and may continue to be challenged in the future. There is a risk that one or more of the current and/or future claims and/or allegations will be upheld. To date, a number of rulings relating to unit-linked life insurance products have been issued by the Financial Services Complaints Board (FSCB) and (appeal) courts in the Netherlands against a.s.r. and other insurers in specific cases. In these proceedings, different (legal) approaches have been taken to arrive at a ruling. The outcomes of these rulings are varied. Since the record of (a.s.r.’s) policies dates back many years, it contains a wide variety of products with different features and conditions and, since rulings are so diverse, no reliable estimate can be made of the timings and outcomes of these current and future legal proceedings. Although the financial consequences of these developments could be substantial, a.s.r.’s exposure cannot be reliably estimated or quantified at this point.

If one or more of these legal proceedings succeed, there is a risk that a judgement, though only legally binding for the parties involved in the proceedings, could be applied to, or be relevant for, other unit-linked life insurance policies sold by a.s.r. Consequently, the consequences of any current and/or future legal proceedings instituted against a.s.r. could be substantial for a.s.r.’s life insurance business and have a potential materially adverse effect on a.s.r.’s financial position, business, reputation, revenues, operating results, solvency, financial condition and/or prospects.

Regarding the investment insurance dossier, we can report that in an ongoing class action between a claims organisation and another Dutch insurer, questions for a preliminary ruling were referred tothe Supreme Court by the Court of Appeal of The Hague in Q1 2021. In its ruling of 1 February 2022, the Supreme Court answered these questions. The preliminary conclusion is that this ruling does not significantly advance the investment insurance dossier or parties involved for the time being.

Emerging risks

Emerging risks are defined by a.s.r. as new or existing risks with a potentially major impact, in which the level of risk is hard to define. In 2022, a.s.r.’s emerging risks were:

  • Biodiversity loss and damage to natural ecosystems;

  • Changes in society;

  • Geopolitical instability.

Biodiversity loss and damage to natural ecosystems

Biodiversity comprises the variety of natural ecosystems that, among other things, help regulate the climate and protect against (the effects of) climate change. As a result of environmental degradation such as air, water and soil pollution and deforestation caused mainly by human action, the quality of ecosystems is deteriorating with irreparable consequences for nature, society and the economy. The effects can be divided into acute and chronic. Estimating the chronic effects and subsequent possible systemic risks is particularly challenging. Missing information on the chronic effects of disturbance in ecosystems plays a role in this context. But these effects are almost certainly negative. Examples include lower food productivity, less healthy crops (nutrient loss) or water shortages.

Biodiversity legislation is under development as a result of the agreements made at the COP15 in Montreal (December 2022). In addition, the topic of biodiversity will be increasingly prominent in questions from stakeholders, benchmarks and ratings. Within a.s.r., this mostly applies to the rural property portfolio. Steps are already being taken to encourage leaseholders to produce in more nature-friendly ways.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

Developments from biodiversity loss and ecosystem damage are taken into account in the products and services that a.s.r. develops and offers. The actual impact on a.s.r.’s investments, products and services will be mapped by 2024 through application of the Taskforce on Nature-related Financial Disclosures (TNFD) framework. To identify key developments andanticipate them in a timely manner, business units of a.s.r. have formulated responsibilities in governance and participate in various collaborations with third parties.

a.s.r. is committed to making its own investment portfolio more sustainable by increasing its exposure to impact investments. This includes investments in green and sustainable projects and businesses, including investments that have a positive impact on biodiversity. In 2020, a.s.r. signed the Finance for Biodiversity Pledge. By doing so, a.s.r. committed itself to measuring, monitoring and improving its investment impact on biodiversity in a targeted way, for example by setting targets for the end of 2024. Due in part to the limited availability of data, the further development of consistent and widely applied standards for measuring and reporting biodiversity risks is important. a.s.r. Asset Management partners with other financial institutions and shares knowledge on assessment methodologies, biodiversity-related KPIs, targets and funding approaches for creating positive impact. In addition, a.s.r. conducted several pilots with data providers to understand the impact of the investment portfolio on biodiversity. Cooperation is also being sought with research institutes to improve mapping of the impact. The investment portfolio is already being adjusted to reduce investments in polluting and vulnerable companies and increase impact investments, biodiversity being one of the focus themes in this context.

a.s.r. real estate (Real estate) focuses on making the agricultural sector more sustainable with its ‘climatesmart farming’ strategy - which is aimed at creating a climate-robust landscape with enhanced biodiversity. One of the recent measures taken is to reward farmers who commit to sustainable farming, if they meet certain conditions. The sustainability requirements are divided into three themes: soil, biodiversity and business. Real estate is a co-initiator of the development of the Open Soil Index (openbodemindex.nl), which measures soil health and expects farmers to apply sustainable soil management. This improves soil health in and on the ground.

Together with ASN bank, Non-life (P&C) participates in Naturalis’ research programme Knowledge Naturally! which focuses on increasing knowledge relating to bio-based building, housing and living to gain more knowledge on new technological developments in nature-inclusive building, housing and living. Also, Non-life, in cooperation with a.s.r. Mortgages, provides customers with advice on home biodiversity, through the Sustainable Living platform.

To continue to adequately address the mitigation and adaptation of environmental risks, a.s.r.will continuously tighten its policies and measures.

Changes in society

Society in the Netherlands has become more fragmented, polarised, and individualised. Social dynamics of the changing welfare state (social system) also play a role. These circumstances divide society in people who can adapt to these changes and those who can’t adapt. Causes include:

  • Demographic developments including urbanisation, ageing, more singles and single-parent families and an increase in immigration. Moreover, inequality can be triggered by government intervention;

  • Financial developments including increasing disparities between rich and poor resulting in greater political uncertainty, i.e. populism;

  • Social developments including increasing differences between the theoretically educated and the more practically educated and changes in livelihood security through contract forms and jobs. In addition, conspiracy thinking and anti-government thinking are on the rise;

  • Technological developments including automation, digitisation, big data (including artificial intelligence and machine learning), Internet of Things (IoT), new forms of mobility such as (shared) electric cars and ‘pay for use’ propositions.

The role insurers have in society is changing as these new developments impact the way an insurer invests, markets its products, and delivers its services. Supporting processes and technology also need adaptation to align with new demands, as well as implementing data-driven requirements needed by customers and regulators in light of this changing society.

a.s.r. monitors and assesses relevant developments for possible risks and implements appropriate control measures. In doing so, a.s.r. periodically monitors the progress of claims and determines what impact a.s.r. has on the changing society through its investments, products and services. To identify key developments and anticipate them in a timely manner, business units of a.s.r. have formulated responsibilities in governance and participate in various (Alliance) collaborations.

Measures taken by a.s.r. are the continuous improvement of processes, systems, products, services - including insurability and insurance rate - and data quality for data-driven applications as well as implementing technological developments including learning to use algorithms and understanding their capabilities and potential risks.

Geopolitical instability

Geopolitical tensions have risen sharply in recent years. There is a decreasing interdependence and integration in the world (deglobalisation). There are conflicts between countries which range from sanctions and protectionist measures to wars and terrorist attacks. These include, for instance, the sharply deteriorating relationship between the West and Russia and trade relations with China. These conflicts could impact, for example, energy prices, inflation and interest rates. Central bank policies and the (in)direct impact of other strategic risks, including the impact of (new) pandemics, can also bring economic uncertainty.

a.s.r. monitors and assesses relevant developments for possible risks, and implements appropriate control measures.

Financial risks

Currently, financial risks arise in particular from the war in Ukraine (see also the description under emerging risk 'Geopolitical instability'). There is high inflation that may persist for longer than initially expected. Central banks are raising interest rates to limit inflation. Lower consumer and investor confidence could hurt the real economy. Fears of a global stagflation scenario have increased. For more details on the financial risk management, refer to chapter 6.8.

Non-financial risks

In addition to strategic and financial risks, a.s.r. has recognized several non-financial risks. In 2022, the most relevant of these were outsourcing risk, data quality, and agile methodologies.

Outsourcing risk

Outsourcing risk continues to be relevant for a.s.r., especially in view of cyber resilience and growing dependence on suppliers. The risks related to outsourcing are managed and reported as part of the overall operational risk profile. An outsourcing framework is in place to define responsibilities, processes, risk assessments and mandatory controls. In 2022, a.s.r. started the implementation of a database which will increase the oversight of key suppliers. In 2023, a.s.r. aims to expand the available information from this database, as well as the number of connected suppliers. The insight obtained from this database supports the implementation of regulatory developments on suppliers such as CSRD and DORA. Furthermore a.s.r. has drawn up a code of conduct to provide clarity about key principles in the field of sustainable procurement. The code of conduct will be part of contractual agreements from 2023. a.s.r. invites suppliers to work together on solutions that support sustainable business.

Data quality

Sound data quality is important for a.s.r. in relation to financial (including regulatory) reporting (SII, IFRS) and the digital transformation and ambitions it pursues. In this regard, insufficient data quality could pose a threat to the degree to which:

  • Processes can be digitised;

  • Operations can be made efficient;

  • The front-end of business can be transformed;

  • Customer and advisory relationships/connections can be enhanced.

As such, a.s.r. recognises the importance of sound data quality (both financial and non-financial). To uphold the reliability and confidentiality of its data, a.s.r. has an explicit data quality policy in place defining the data quality (including control) framework and data governance. Adherence to this policy is ensured by the three lines of the defence risk governance model. With a dedicated Central Data Office and a Data Quality Improvement Programme, additional measures are taken to increase maturity in data management practices.

Agile methodologies

As mentioned earlier, digitisation is an important objective for a.s.r. Agility and risk management both drive the rate of change as they coincide in digitising the customer experience. Agility breaks down complexity and delivers focus while risk reduces uncertainty and insures value. a.s.r. shifts from traditional to digital communication channels which changes risk exposure and this leads to policy realignment. On an operational level, digitisation is an enabler to reduce effort in monitoring business processes and to automate risk management controls. At a strategic level, digitisation enables data-driven insight by combining process and customer experience data. The continuous change that digitalisation brings about requires development risks to be integrated in automated pipelines in order to optimise risks without hindering the continuous delivery of business value.