2023 annual report
3.6.3Identified risks

The risks identified are clustered into:

  • Strategic risks;

  • Emerging risks;

  • Financial risks;

  • Non-financial risks.

3.6.3.1 Strategic risks

In 2023, a.s.r.’s strategic risk priorities were:

  • Geopolitical and economic uncertainty;

  • Climate change and energy transition;

  • Cyber- and information security;

  • Impact of supervision, legislation and regulations, and juridification of society;

  • Biodiversity loss and damage to natural ecosystems;

  • Integration of Aegon NL (from 4 July 2023);

  • Unit linked insurance.

3.6.3.1.1 Geopolitical and economic uncertainty

Geopolitical tensions have increased sharply in recent years. Conflicts have arisen between countries, ranging from sanctions and protectionist measures to wars and terrorist attacks. These include, for example, the recent conflicts in the Middle East and the long-running war in Ukraine. As a result the world is undergoing diminishing interdependence and integration (de-globalisation). These conflicts can have an impact on matters including energy prices and inflation.

The past decade was characterised by many years of stable low inflation and low interest rates, well below long-term equilibrium levels. However, in 2022, inflation rose to record levels, partly due to changed supply and demand in products and services. Since then, inflation decreased. Following high inflation, a.s.r. also saw a rise in interest rates in 2022 and 2023, by the end of 2023 interest rates have also decreased (stagflation). However, the possibility of the economy falling into recession and interest rates falling cannot be ruled out.

a.s.r. monitors and assesses relevant geopolitical and economic developments for possible risks, and implements appropriate control measures, including the following:

  • In the annual Strategic Asset Allocation (SAA) study, a.s.r. examines several possible economic scenarios, including stagflation. In the interim, follow-up analyses can be carried out. If necessary, this results in adjustments to the investment policy, in order to reduce solvency risks;

  • Depending on economic developments, interest rates and inflation hedges will be adjusted, taking into account the indirect effects from other asset classes;

  • Depending on the level and duration of inflation – and thus the impact on a.s.r. due to, among other things, higher claims costs – possible premium increases will be implemented to offset inflation. When this is not possible it leads to a lower result and solvency.

3.6.3.1.2 Climate change and energy transition

Climate change and the energy transition affect insurable risks and investments. a.s.r. wants to minimise its negative impact on the climate and, where possible, to make a positive contribution to climate mitigation and adaptation through its investments, products and services.

Climate-related risks are divided into physical and transition risks. Physical risks can be acute, such as extreme weather events, or chronic when they arise from gradual changes such as water shortages, rising temperatures or rising sea levels. The transition to a climate-neutral society requires changes in legislation and regulations, adapted supervision, technological developments and results in changes in customer preferences/needs and market changes. a.s.r. monitors and assesses relevant developments for possible climate-related risks and implements appropriate control measures.

Climate change is taken into account in the products and services that a.s.r. develops and offers. To mitigate transition risks, a.s.r. cooperates with several research institutes, reinsurers and other insurers, and with experts in order to gain as much knowledge as possible about new technologies. These alliances enable a.s.r. to determine the right price and conditions to insure these risks in a responsible manner.

As a transition risk, a.s.r. recognises reputation risk. This refers to the risk of a.s.r. falling behind its own ambitions on climate change and biodiversity loss and/or key stakeholder expectations.

Climate change and biodiversity loss also create sustainability litigation risks. a.s.r. expects litigation in relation to the transition to a low-carbon economy to rise. This includes complaints and/or litigation on transition planning and holding companies responsible for reducing greenhouse gas emissions as well as complaints and/or litigation in relation to sustainability claims and targets, including greenwashing and mis-selling claims. There is a risk that a.s.r. may also become subject to claims and/or litigation in this regard. Claims and/or litigation may also be brought against directors individually. In addition, there is increased attention from regulators and supervisory authorities on sustainability claims and greenwashing. Moreover, current and future laws and regulations regarding sustainability may contribute to these risks. a.s.r. closely monitors these developments and takes action if and where needed. There is however a risk that these complaints, claims, litigation, regulatory actions and/or supervisory actions or sanctions may have a material adverse impact on a.s.r.’s business, reputation, revenues, results of operation, solvency, financial condition and prospects.

3.6.3.1.3 Cyber and information security

Technological development results in opportunities and threats through ongoing digitisation and automation at both a.s.r. and its IT suppliers. IT risks related to cyber, information security, IT outsourcing, data and digitisation are persistently high, due to a constant threat from cyber criminals and the visible growth of ransomware attacks. In addition, the use of IT outsourcing (including the use of cloud services), the growing volume of (sensitive) data, the increased use of new applications for digitisation (including the use of data) and automation, increases the importance of IT risk management. The financial sector remains ever vigilant as a result of the increased geopolitical tensions. The cyber risk grows where there are insufficient safe systems, malpractice through deployment of artificial intelligence such as deepfake technology and/or undesirable human actions.

a.s.r. monitors and assesses relevant developments of these cyber and information security risks and implements appropriate control measures, both internally and at its IT suppliers.

a.s.r. has implemented a system of measures based on international standards. a.s.r. actively monitors the threat landscape and invests in prevention, detection and response skills and technology to strengthen its cyber resilience, so that customers can continue to rely on a.s.r.’s secure digital services. If a.s.r. is hit by a serious comprehensive ransomware attack, only an ‘offline backup’ can restore business continuity. Due to the time required to investigate the cause of the cyber attack and the time required for recovery, the impact is still very high. a.s.r. is taking several other measures, including an information security awareness programme, to improve employee awareness and behaviour in relation to information security. Specific tooling is used to increase the necessary mindset and skillset, such as Gamification and phishing campaigns.

a.s.r. is actively involved in partnerships with financial institutions and public governing bodies, such as the National Cyber Security Centre (NCSC), the Digital Trust Centre (DTC), Insurance-ISAC, Insurance-CERT and the DNB Threat Intel Based Ethical Red-team programme (TIBER-NL). The aim is to share information to improve the financial sector’s resilience to cyber risks. Being cyber resilient is important for a.s.r. as it contributes to its customer-oriented strategy. Customer trust is a great asset in this regard, and cyber resilience contributes towards this.

a.s.r. informs those affected in the case of high risks and/or possible consequences and when those affected are required to take measures to mitigate risks. Additional management measures are being taken, for example, with the implementation of Digital Operational Resilience Act (DORA), to increase resilience and further protect (customer) information.

3.6.3.1.4 Impact of supervision, legislation and regulations, and juridification of society

The legal and regulatory environment of a.s.r. is subject to continuous change. Examples include changes to Solvency II, IFRS and Customer Due Diligence rules, and the introduction of new or enhanced sustainability requirements, such as through the CSRD and EU Taxonomy Regulation. In addition, cyber and information security requirements, as well as data-focussed legislation, such as the AI Act for Artificial Intelligence is introduced. A large number of new regulations need to be interpreted and implemented within a short period of time. At the same time, not all regulations are final at this point. Related developments, such as the Solvency II review affect a.s.r.’s capital requirement and solvency position.

Another dimension is the impact of possible political choices, such as government intervention in the social insurance and pensions systems. This may have an impact on a.s.r.’s strategic direction and products. Among other things, these developments lead to more personal responsibility and choices for citizens. This places heavier demands on providers to support and guide their customers (digitally) in this regard.

There is also an ongoing focus among regulators, government and society on privacy, the use of data and the gatekeeper function of the financial sector in the battle against matters such as money laundering, terrorist financing and tax evasion. This is characterised by more data-driven and rule-based supervision and stricter requirements for demonstrable (non-)financial risk management. Another aspect of this risk is the juridification of society. One example is the introduction of legislation in the field of settlement of large-scale losses in class actions. Another aspect here is the legalisation of society and a trend of customer protection. This plays out, among other things, in ex officio review of potentially unfair terms. An example is recent case law on rent indexation and uncertainty about the outcome of (other) legal disputes at a.s.r. and other financial institutions.

a.s.r. monitors and assesses relevant developments for possible legislative risks and implements appropriate control measures.

On key themes, programmes and/or projects are set up to ensure sound implementation, such as the implementation of sustainability (CRSD) legislation and regulations. Depending on the consequences of legislation and regulations, supervisory climate and juridification of society, and thus the impact on a.s.r. through factors such as higher internal costs, premium increases may be implemented to offset these consequences.

Solvency II

On December 14, 2023, a political agreement was reached on amendments to the Solvency II Directive, following the 2020 review of the Solvency II framework. The formal adoption of the amendments to the directive is expected to take place by April 2024. The amendments are expected to take effect in EU member states by mid 2026 or 1st of January 2027. The proposed amendments consist of various changes to the Solvency II framework, affecting most notably the liability discount curve, the risk margin and the volatility adjustment (VA), the equity risk module for the SCR calculation, the introduction of a prudential climate-transition plan and sustainability-related considerations in the prudent person principle and in the ORSA and group supervision. Some measures could include a phase-in period. The amendments to the Solvency II Directive will require amendments to the Solvency II Delegated Regulation and/or the introduction of additional delegated acts and guidelines, to be developed by EIOPA.

In addition to the revisions to the Solvency II Directive, an agreement was reached on the Insurance Recovery and Resolution Directive (IRRD), which provides for recovery and resolution framework for insurance companies at European level and to be implemented by EU member states, comparable to the Act on Insurance Recovery and Resolution, currently in force in the Netherlands.

IFRS 17 & IFRS 9

Since 2017, a.s.r. has had an internal programme in place for the implementation of IFRS 17 and IFRS 9 throughout the Group, and has completed this programme during 2023. Relevant systems have been brought into production and processes and controls have been implemented.

In the second quarter of 2023, a.s.r. also finalised the 2022 opening balance sheet. In the 2022 consolidated financial statements a provisional 2022 opening balance sheet was presented due to uncertainties in the valuation of insurance liabilities. During the first half year of 2023, certain updates of assumptions and model improvements were implemented and the uncertainties were resolved. IFRS 17 and IFRS 9 had a major impact on the Group’s primary financial processing and reporting and had a significant effect on the financial statements and related KPIs. Finance, Risk, Audit and the business segments have all been given due attention in the programmes due to the need to develop an integrated vision. For more information, see section 7.3.1.

Customer Due Diligence (CDD)

CDD risk (including anti-money laundering) remains relevant for a.s.r. in order to guarantee sound and controlled business operations. To mitigate the risks of non-compliance relating to CDD, a.s.r. centralised a major part of its CDD screening and tooling. a.s.r. has set up a CDD Centre that centrally manages compliance with CDD policy and reports centrally on this. The CDD Centre executes an action plan to further shape compliance with the relevant laws and regulations. The CDD Centre uses the advice of the central CDD desk consisting of Compliance, Investigations, Legal and representatives of the business segments.

In response to Russia's invasion of Ukraine, a large number of natural persons, legal entities and institutions have been placed on EU sanctions lists. The business units are immediately notified of new additions to the sanctions lists, which require immediate additional screening in addition to continuous screening. No new ‘hits’ were reported during 2023. 

Sustainability Regulations

a.s.r. is subject to sustainability regulation, which continues to evolve. Currently, a.s.r. is required to publicly report on non-financial information under the Non-Financial Reporting Directive (NFRD). As of next year, the NFRD-requirements will be replaced by the requirements of the Corporate Sustainability Reporting Directive (CSRD). The CSRD will require a.s.r. to report on sustainability matters in the management report of the Annual Report, in accordance with detailed reporting standards, referred to as ESRS, established by the European Commission, based on technical advice by the European Financial Reporting Advisory Group (EFRAG).

In addition, as of the financial year 2023, a.s.r. starts to report in accordance with article 8 of the EU Taxonomy Regulation. This provision requires companies, subject to the NFRD, to report on the eligibility for and alignment with the EU Taxonomy Regulation and accordingly, qualify as sustainable pursuant to the EU Taxonomy. The EU Taxonomy Regulation will be further developed over time.

Furthermore, amendments to existing regulatory frameworks, such as Solvency II, IDD, MiFID II and AIFMD have been enacted in 2022 to include sustainability considerations into various parts of these frameworks, affecting product development, advice, risk management, including the ORSA, capital requirements, investment rules and disclosure requirements relating to financial products. Further amendments to the relevant frameworks are expected, such as through the amendment of Solvency II Directive, discussed above.

Additionally, the Sustainable Finance Disclosure Regulation (SFDR) requires financial service providers to make available product-level and entity-level information on the sustainability of their products and services.

Lastly, the Corporate Sustainability Due Diligence Directive (CSDDD), if and when adopted, will require a.s.r. to identify, prevent, mitigate and account for negative human rights and environmental impacts in its own operations, subsidiaries and their value chain (limited to their upstream value chain), as well as to develop and maintain a climate change transition plan. The financial sector will temporarily partly be excluded from the CSDDD, with respect to due diligence on their down-stream value chain. This exclusion will be reviewed over time.

The developments in sustainability regulations and the impact of these developments on a.s.r. are continuously monitored.

Digital and Data

An increase in legislation and regulations has also occurred in the cyber and information security fields, such as the Digital Operational Resilience Act (DORA), European AI Regulation, the Digital Markets Act Financial Data Access (FiDA) Regulation and the Data Act, Cyber Resilience Act and requirements from the new Corporate Governance Code regarding the role of management in cyber security measures.

3.6.3.1.5 Biodiversity loss and damage to natural ecosystems

Biodiversity loss and damage to natural ecosystems affect insurable risks and investments. a.s.r. wants to minimise its negative impact on the environment and, where possible, to make a positive contribution to biodiversity loss through its investments, products and services.

Biodiversity-related risks are divided into physical and transition risks. Physical risks can be acute, such as deforestation, or chronic when they arise from gradual changes such as decrease in the quality of air, water and soil. The transition to a climate-neutral society requires changes in legislation and regulations, adapted supervision, technological developments and results in market changes and changes in customer preferences.

a.s.r. monitors and assesses relevant developments for possible biodiversity-related risks and implements appropriate control measures.

Developments from biodiversity loss and ecosystem damage are taken into account in the products and services that a.s.r. develops and offers. The actual impact on a.s.r.’s investments, products and services will be mapped by 2024 through application of the Taskforce on Nature-related Financial Disclosures (TNFD) framework, see section 6.2. To identify key developments and anticipate them in a timely manner, business units of a.s.r. have formulated responsibilities in governance and participate in various collaborations with third parties.

To continue to adequately address the mitigation and adaptation of environmental risks, a.s.r. will continuously tighten its policies and measures.

3.6.3.1.6 Integration of Aegon NL

The integration of Aegon NL has an impact on the organisation, processes, systems, products, services and suppliers. The integration process is expected to be largely complete within three years.

Integration risks related to the strategy, organisation, processes, systems, products, services and suppliers may arise. Unforeseen financial and non-financial risks at Aegon NL may arise through potential accumulation of risks and complexity, for instance in insurance or financial systems, the reporting process, and in cyber/information security. There is also the risk that not all the envisaged synergies will be realised.

Central steering and collaboration at a.s.r. level are necessary for the implementation of the changes, as well as the correct deployment of necessary competencies. The planned integration of Aegon NL offers prospects of work and development for employees, certainly in the current tight labour market.

a.s.r. could suffer direct or indirect financial losses as a result of the integration or of additional policy measures that must be taken in order to control unforeseen risks.

a.s.r. conducted a risk analysis prior to the acquisition of Aegon NL, and took mitigating measures where necessary prior to the (intended) acquisition. Risks are also faced during the integration, with these being closely monitored.

3.6.3.1.7 Unit linked insurance

Holders of products1 where the customer bears all or part of the investment risk, or customer protection organisations acting on their behalf, have filed claims or proceedings against a.s.r. and may continue to do so. Such litigation and actions taken by regulators or governmental authorities against a.s.r. or other insurers in respect of these products (including unit-linked life insurance products), settlements, collective or otherwise, or other actions taken by other insurers and sector-wide measures could substantially affect ’s insurance business and, as a result, may have a material adverse effect on a.s.r.’s business, reputation, revenues, results, solvency and financial condition.

In the Netherlands, certain customers and/or customer protection organisations acting on their behalf, have initiated litigation regarding individual unit-linked life insurance policies and continue to do so. The issue came to light after the AFM performed industry-wide research in 2006 in which it identified issues regarding cost transparency and cost levels in unit-linked insurance products. Since the end of 2006, individual unit-linked life insurance products have received negative attention in the Dutch media, from the Dutch Parliament, the AFM, customer and customer protection organisations. Elements of unit-linked policies are being challenged or may be challenged on multiple legal grounds in current and may be so in future legal proceedings. In particular, challengers have claimed that the costs associated with the policies are too high and that the return on investment was not what was expected. The criticism of unit-linked products led to the introduction of compensation schemes by Dutch insurance companies that have offered unit-linked products. In addition, on 29 November 2023 a.s.r. reached a settlement with five customer protection organisations.

In recent years there has been and there continues to be adverse political, regulatory and public attention focused on unit-linked policies. This has resulted in negative sentiment regarding the products. In total, a.s.r. has sold approximately 1.1 million individual unit-linked life insurance policies, primarily in the period between 1995 and 2000. As at 30 June 2023, the book of policies of a.s.r. included approximately 180,000 active individual unit-linked life insurance policies with recurring or single premiums. In total, Aegon has sold approximately 2.2 million individual unit-linked life insurance policies, primarily in the period between 1995 and 2000. As at 30 June 2023, the book of policies of Aegon NL included approximately 320,000 active individual unit-linked life insurance policies with recurring or single premiums. The unit-linked life insurance products of a.s.r. have been sold over several decades by multiple predecessors of a.s.r. Consequently, a.s.r. has a large variety of products with different product features and conditions.

Moreover, a.s.r. has in the past in the Netherlands sold, issued or advised on large numbers of insurance or investment products that have one or more product characteristics similar to those individual unit-linked products that have been the subject of the scrutiny, adverse publicity and claims in the Netherlands. Given the continuous political, regulatory and public attention to the unit-linked issue in the Netherlands, the increase in legal proceedings and claim initiatives in the Netherlands and the legislative and regulatory developments in Europe to further increase and strengthen customer protection in general, there is a risk that unit-linked products and other insurance and investment products sold, issued or advised on by a.s.r. may become subject to the same or similar levels of political, regulatory and public attention claims or actions by customers, customer protection organisations, regulators or governmental authorities.

There is a risk that one or more of the claims and/or allegations related to unit-linked life insurance products will succeed. Although a ruling by a court, including the European Court of Justice, against a.s.r. or other Dutch insurance companies in respect of unit-linked products would only be legally binding for the parties that are involved in the procedure, such a ruling might be relevant or applicable to other unit-linked life insurance policies sold by a.s.r. A ruling may force a.s.r. to take financial measures that could have a substantial impact on the financial condition, results of operations, solvency or the reputation of a.s.r.

To date, a number of rulings regarding unit-linked life insurance products in specific cases have been issued by the FSCB and Courts (of appeal) in the Netherlands against a.s.r. and other insurers. In these proceedings, different (legal) approaches have been taken to come to a ruling. The outcome of these rulings is diverse. Because the book of policies of a.s.r. dates back many years, contains a variety of products with different features and conditions and because of the fact that rulings are diverse, it is not possible to make a reliable estimation of the impact should one or more of these allegations and/or claims succeed. On 29 November 2023, a.s.r. has reached a settlement for unit-linked life insurance customers of a.s.r. affiliated to the customerprotection organisations Consumentenclaim, Woekerpolis.nl, Woekerpolisproces, Wakkerpolis and Consumentenbond. Condition for this settlement is that 90 % of the affiliated customers (of the customer protection organisations) agree with the settlement. As soon as this condition is met, the collective actions that these customer protection organisations have initiated in the past, will end. As soon as the 90% threshold is met, the risks involved in these proceedings are eliminated. Nevertheless, there still is a risk that one or more pending or future claims from individual customers and/or customer protection organisations could succeed. Also, there is a risk that other and/or new customer protection organisations will initiate a law suit or collective action against a.s.r. If one or more of these allegations or claims should succeed, the financial consequences could be substantial for a.s.r. and as a result could have an adverse material effect on a.s.r.'s business, reputation, revenues, results of operation, solvency, financial condition and prospects.

3.6.3.2 Emerging risks

In 2023, the emerging risks identified for a.s.r. were:

  • Changes in society;

  • New pandemics;

  • Quantum computing.

3.6.3.2.1 Changes in society

Society in the Netherlands has become fragmented, polarised, and individualised. Social dynamics of the changing welfare state (social system) also play a role. These circumstances divide society into people who are able to adapt to these changes and those who are not. The causes include:

  • Demographic developments, including urbanisation, ageing, more singles and single-parent families and an increase in immigration. Moreover, inequality can be triggered by government intervention.

  • Financial developments, including increasing disparities between rich and poor resulting in greater political uncertainty, like populism;

  • Social developments, including increasing differences between the theoretically educated and the more practically educated and changes in income security through contract forms and jobs. In addition, conspiracy thinking is on the rise;

  • Technological developments, including automation, digitisation, artificial intelligence, the Internet of Things, new forms of mobility such as (shared) electric cars and ‘pay for use’ propositions.

The role of insurers in society is changing as these new developments impact on how insurers invest, how they market products and how they deliver services. Supporting processes and technology also need adaptation in order to align with new demands, as well as implementing data-driven requirements needed by customers and regulators in the light of social change. The course of developments and the (long-term) consequences for society, the economy and a.s.r. are inherently uncertain and potentially large.

a.s.r. monitors and assesses relevant developments for possible risks and implements appropriate control measures. In doing so, a.s.r. periodically monitors the progress of claims and determines what impact a.s.r. has on the changing society through its investments, products and services. To identify developments and anticipate them in a timely manner, business units of a.s.r. have formulated responsibilities in governance and participate in various collaborations.

Measures taken by a.s.r. are the continuous improvement of processes, systems, products, services, including insurability and insurance rates and data quality for data-driven applications, as well as implementation of technological developments, including learning to use algorithms and understanding their capabilities and potential risks.

3.6.3.2.2 New pandemics

The impact of the Covid-19 pandemic on a.s.r.’s strategic objectives, operational processes and financial performance proved to be limited. The course of a pandemic and the (long-term) consequences for society, the economy and a.s.r. are inherently uncertain and potentially large.

There is a risk that society will face new impactful (global) infectious diseases or changing patterns of infectious diseases in the future. Possible causes include climate change and population growth. There is also another uncertainty in zoonoses (infectious diseases that can pass from animals to humans) that can lead to new diseases or variants of known diseases that can be (extremely) harmful to health. People may also experience long-term symptoms after infection.

a.s.r. monitors and assesses relevant developments for possible risks and implements appropriate control measures.

Key control measures in place at a.s.r. to mitigate risks are:

  • a.s.r. developed policies and procedures, measures and steering information to manage the impact of the Covid-19 pandemic. These resources and the lessons learned provide input for managing the impact of any new pandemic. A crisis organisation is in place which is activated when needed;

  • a.s.r. contributes to the government’s approach by following basic measures to prevent the spread of any pandemics. In a broader sense, strategic developments such as continuously strengthening the physical and mental fitness of employees and encouraging exercise and a healthy lifestyle among customers/employees (a.s.r. Vitality) contribute to increasing the resilience of a.s.r. and its environment.

3.6.3.2.3 Quantum computing

Quantum computing is changing the way calculations are done and provides substantially more computing power. This affects applications based on complex computations, such as scenario analysis, artificial intelligence models and cryptographic encryption. Parts of the cyber security/information security of a.s.r. rely on cryptographic encryption of data and passwords.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst; AIVD) released a handbook on 4 April 2023 that supports organisations with concrete steps and advice to mitigate the threat of quantum computing to cryptography. The moment at which quantum computing will pose a threat to cryptography currently in use is unpredictable. The AIVD warns that regardless of this uncertainty, organisations will still need to work on solutions now because of the risk posed by quantum computing. In this context, the AIVD proposes advice to organisations processing data that should remain confidential even as long as 20 years from now, and specifically mentions insurers. In addition, the AIVD indicates that the most promising solution is ‘post-quantum cryptography’ (PQC). PQC works with algorithms that are also secure against quantum attackers.

a.s.r. monitors and assesses relevant developments for possible risks and implements appropriate control measures.

3.6.3.3 Financial risks

Currently, financial risks arise in particular from the war in Ukraine and Middle-east (see also the description under emerging risk 'Geopolitical instability'). High inflation may persist for longer than initially expected. Central banks have raised interest rates to limit inflation. Lower customer and investor confidence could hurt the real economy. For residential property there are court cases relating to the indexation of the rent as included in standard contracts (in line with ROZ standards), which is market practice and applied in a.s.r.'s portfolio. The outcome is unclear at this point and a case proceeds to the Dutch Supreme Court. The legal proceeding might take a long time, leading to market uncertainty in the interim.

Fears of a global stagflation scenario have increased. For more details on the financial risk management, please see section 7.8.

3.6.3.4 Non-financial risks

In addition to strategic and financial risks, a.s.r. has recognised several non-financial risks. In 2023, the most relevant of these were:

  • Outsourcing;

  • Data quality;

  • Artificial Intelligence.

3.6.3.4.1 Outsourcing

Outsourcing risk continues to be relevant for a.s.r., especially in view of cyber resilience and growing dependence on suppliers. The risks related to outsourcing are managed and reported as part of the overall operational risk profile. An outsourcing framework is in place to define responsibilities, processes, risk assessments and mandatory controls. a.s.r. collaborates with a service provider for collecting and validating supplier information. The goal is to expand the available information from this database, as well as the number of connected suppliers. The insight obtained from this database supports the implementation of regulatory developments for suppliers such as CSRD and DORA. Furthermore a.s.r. has drawn up a code of conduct to provide clarity about key principles in the field of sustainable procurement. a.s.r. invites suppliers to work together on solutions that support sustainable business.

3.6.3.4.2 Data quality

Sound data quality is important for a.s.r. in relation to financial and non-financial (including regulatory) reporting (Solvency II, IFRS, CRSD) and the digital transformation and ambitions that it pursues. In this regard, insufficient data quality could pose a threat to the degree to which:

  • Processes can be digitised;

  • Operations can be made efficient;

  • The front-end of the business can be transformed;

  • Customer and advisory relationships/connections can be enhanced.

As such, a.s.r. recognises the importance of sound data quality (both financial and non-financial). To uphold the reliability and confidentiality of its data, a.s.r. has an explicit data quality policy in place defining the data quality (including control) framework and data governance. Adherence to this policy is ensured by the three lines of the defence risk governance model. With a dedicated Central Data Office under the direction of the Chief Data Officer, additional measures are taken to increase maturity in data management practices.

3.6.3.4.3 Artificial Intelligence

The use of artificial intelligence (AI) delivers speed and simplicity in business processes and customer experience throughout a.s.r. Oversight of AI and a strategy on AI deployment is part of the central data governance within a.s.r. and is managed by the Central Data Officer.

After adoption of the AI Act by the EU, its impact will be assessed and addressed within the risk policy. The robustness needed for dependable and safe use of AI is an inherent part of quality assurance within a.s.r. The technical and performance requirements needed are already factored into regulatory and industry standards. Standards for statistical accuracy and bias mitigation, cyber security or data quality exist and are updated accordingly.

a.s.r.'s generic blueprint of developing and bringing AI models to production ensures that basic measures and requirements are consistently applied. This blueprint entails a standard process, with assigned roles, tasks and responsibilities to create a closed-loop environment for delivering high quality models. Since use cases will differ in degrees of risk exposure and levels of control, specific use case risks are addressed and mitigated. If measures and calibrations are more widely applicable, the responsible parties ensure adjustment of the blueprint or required standards.

Furthermore, all data applications and processes of data-driven decision making that pose ethical risks, are subjected to the ethical framework for data-driven applications. This ethical framework is part of the binding self-regulation from the Dutch Association of Insurers and ensures ethically aware use of data in all key processes that impact the stakeholders concerned. More context about this framework can be found in section 3.7.4 Ethical framework for data-driven applications and decision-making.

  • 1a.s.r. and Aegon NL products.