5.4.1Risk governance

5.4.1.1Management of strategic risks and emerging risks

a.s.r.’s risk priorities and emerging risks are defined as a.s.r.'s main strategic risks. a.s.r.’s risk priorities are existing risks with impact on the achievement of the strategic objectives. a.s.r.’s emerging risks are new or existing risks with a potentially major impact on the achievement of the strategic objectives. Emerging risks often result from large-scale events that are outside a.s.r.'s direct control. a.s.r.’s risk priorities and emerging risks are defined annually by the MB, based on strategic risk analyses. Group Risk Management (GRM) monitors developments in risks and actions of the risk priorities and emerging risks centrally. Relevant updates are reported to the MB on a half-yearly basis. See section 5.4.3 for a.s.r.’s risk priorities and emerging risks.

To gauge the degree of individual strategic risks and emerging risks, what risks have been rolled up to the a.s.r. risk priorities and emerging risks, a.s.r. uses a risk scale (see figure below) based on likelihood and impact. The degree of risk is expressed as the Level of Concern (LoC). For each strategic risk, the LoC is determined for the gross and net risks. For each emerging risk, the LoC is determined for the gross risk. Gross risk is the degree of risk when no (control) measures are in place. Net risk is the degree of risk with mitigating (control) measures in place. If the degree of a net risk is not within a.s.r.'s risk appetite, then additional actions are taken in order to bring the risk priority within the risk appetite.

5.4.1.2Management of financial risks

Financial risk appetite statements (RAS) are in place to manage a.s.r.’s financial risk profile within the limits; see section 7.8.1.1.1. a.s.r. aims for an optimal trade-off between risk, return and capital. Steering on risk, return and capital takes place via decision-making through the entire product cycle, from the product approval and review process (PARP) to the payment of benefits and claims. At a more strategic level, decision-making takes place through balance sheet management. A robust solvency position takes precedence over profit, premium income and direct investment income.

Risk tolerance levels and limits are disclosed in the financial RAS and are monitored by the Financial Risk Committee (FRC). The FRC evaluates financial risk (FR) positions against the RAS on a monthly basis. Where appropriate, a.s.r. applies additional mitigating measures. In 2024, the Actuarial Function (AF) performed its regulatory tasks by assessing the adequacy of the Solvency II technical provisions, giving an opinion on reinsurance and underwriting, contributing to the Risk Management Framework and supporting the Risk Management Function (RMF). The AF report on these topics was discussed by the MB, FRC and A&RC. See section 7.8 for further information.

5.4.1.3Management of non-financial risks

Non-financial risk appetite statements (RAS) are in place to manage a.s.r.’s non-financial risk profile within the limits; see section 7.8.1.1.1. a.s.r. aims for an optimal trade-off between risk, return and capital. For non-financial risk, a.s.r. has prepared statements relating to strategy, processes, information and technology, projects, reporting and model, and integrity. Employees should use these statements as a framework for risk management decisions.

Risk tolerance levels and limits are disclosed in the non-financial RAS and are monitored by the Non-Financial Risk Committee (NFRC). The non-financial risk profile and internal control performance of each business line is discussed with senior management in the business risk committees each quarter. The Non-Financial Risk Committee (NFRC) monitors and discusses on a quarterly basis whether non-financial risks (NFR) are adequately managed. Where appropriate, a.s.r. applies additional mitigating measures.