2023 annual report
3.6.1Risk governance

The risks identified are clustered into:

  • Strategic risks;

  • Emerging risks;

  • Financial risks;

  • Non-financial risks.

3.6.1.1 Management of strategic risks and emerging risks

a.s.r.’s risk priorities are defined as the main strategic risks which could materially affect its strategic, financial and non-financial targets. a.s.r.’s risk priorities and emerging risks are defined annually by the MB, based on strategic risk analyses.

Definition of strategic risk concerns the most important risks of a.s.r. that prevent the achievement of the strategic objectives and definition of emerging risk concerns new or existing risks with a potentially major impact, in which the level of risk is hard to define. To gauge the degree of risk, a.s.r. uses a risk scale (see image) based on likelihood and impact (Level of Concern). For each risk priority, the degree of risk is determined for the gross and net risks. Gross risk is the degree of risk when no (control) measures are in place. Net risk is the degree of risk with mitigating (control) measures in place. If the degree of risk of a risk priority is not within a.s.r.'s risk appetite, then additional actions are taken in order to include the risk priority within the risk appetite. a.s.r.’s risk priorities and emerging risks are described in section 3.6.3.

3.6.1.2 Management of financial risks

Financial risk appetite statements (RAS) are in place to manage a.s.r.’s financial risk profile within the limits; see section 7.8.1.1.1. a.s.r. aims for an optimum trade-off between risk, return and capital. Steering on risk, return and capital takes place through decision-making on the entire product cycle, from the Product Approval & Review Process (PARP) to the payment of benefits and claims. At a more strategic level, decision-making takes place through balance sheet management. A robust solvency position takes precedence over profit, premium income and direct investment income.

Risk tolerance levels and limits are disclosed in the financial RAS and are monitored by the Financial Risk Committee (FRC). The FRC evaluates financial risk (FR) positions against the RAS on a monthly basis. Where appropriate, a.s.r. applies additional mitigating measures. In 2023, the Actuarial Function (AF) performed its regulatory tasks by assessing the adequacy of the Solvency II technical provisions, giving an opinion on reinsurance and underwriting, contributing to the Risk Management Framework and supporting the Risk Management Function (RMF). The AF report on these topics was discussed by the MB, FRC and A&RC. See section 7.8 for further information.

3.6.1.3 Management of non-financial risks

Non-financial risk appetite statements (RAS) are in place to manage a.s.r.’s non-financial risk profile within the limits; see section 7.8.1.1.1. The non-financial risk profile and internal control performance of each business line is discussed with senior management in the business risk committees each quarter. The Non-Financial Risk Committee (NFRC) monitors and discusses on a quarterly basis whether non-financial risks (NFR) are adequately managed. Should the risk profile exceed the risk appetite, the NFRC will decide on the steps to be taken.

a.s.r. employees gain risk management knowledge and skills through the implementation of risk management policies, procedures and practices and the execution and testing of controls within business processes for sound and controlled business operations. Training courses that cover the main risk-related topics, presentations, workshops, gamification and the use of governance, risk & compliance tooling also contribute to this. Courses include, for example, sustainability risk specifically ESG factors to better understand and identify material risks. In addition, risk management employees keep their knowledge and skills up to date through training courses - including in the context of permanent education - that cover specific risk-related topics.