Risk Governance

This section describes the governance framework of Sampo Group and its subsidiaries from a risk management perspective. A more detailed description of Sampo Group’s corporate governance and internal control system is included in the Corporate Governance section.

Risk Governance at Group Level

The Board of Directors of Sampo plc is responsible for ensuring that Group’s risks are properly managed and controlled. The Board of Directors of Sampo plc defines financial and capitalization targets for the subsidiaries and approves group level principles which steer the subsidiaries’ activities. The risk exposures and capitalization reports of the subsidiaries are consolidated at group level on a quarterly basis and reported to the Board and to the Audit Committee of Sampo plc.

The reporting lines of different governing bodies at group level are described in the figure Risk Governance in Sampo Group.

The Audit Committee (“AC”) is responsible, on behalf of the Board of Directors, for the preparation of Sampo Group’s risk management principles and other related guidelines. The AC shall ensure that the operations are in compliance with these guidelines, control Sampo Group’s risks and risk concentrations as well as control the quality and scope of risk management in the Group companies. The committee shall also monitor the implementation of risk policies, capitalization and the development of risks and profit. At least three members of the AC must be elected from members of the Board who do not hold management positions in Sampo Group and are independent of the company. The AC meets on a quarterly basis.

Group Chief Risk Officer (“CRO”) is responsible for the appropriateness of risk management on the group level. The CRO’s responsibility is to monitor Sampo Group’s aggregated risk exposure as a whole and coordinate and monitor company specific and group level risk management.

The Boards of Directors of If P&C and Mandatum Life are the ultimate decision making bodies of the respective companies and have the overall responsibility for the risk management process in If P&C and Mandatum Life respectively. The Boards of Directors appoint the If P&C ORSA Committee and the Mandatum Life Risk Management Committee and are responsible for identifying any need to change the policies, principles and instructions related to risk management.

Risk Governance in If P&C

The main risk steering mechanism used by the Boards of Directors is the policy framework. As part of their responsibilities, the Boards of Directors approve the Risk Management Policy and the other risk steering documents, receive risk reports from the Chief Risk Officer and the Chief Executive Officers, take an active part in the forward looking risk and solvency assessment process and ensure that the management and follow-up of risks is satisfactory and effective. The reporting lines of different governing bodies in If P&C are described in the figure Risk Governance in If P&C.

The Own Risk and Solvency Assessment Committee (“ORSAC”) assists the Chief Executive Officers (”CEO”) of If P&C in fulfilling their responsibilities to oversee the risk management process. The ORSAC reviews and gives input to reporting from If P&C’s other committees within the Risk Management System, as well as reporting from both corporate functions and the line organization. Furthermore, the ORSAC monitors that If P&C’s short-term and long-term aggregated risk profile is aligned with its risk strategy and capital adequacy requirements. The Risk Management function is responsible for coordinating the risk management activities on behalf of the Boards of Directors and the CEOs.

The responsibility to identify, evaluate, control and manage risks lies within the line organization. There are separate committees in place for key risk areas and they have the responsibility of monitoring the management and control risks to ensure compliance with the instructions of the Boards of Directors. The risk committees in If P&C do not have a decision mandate.

There are policies in place for each risk area which specify restrictions and limits chosen to reflect and ensure that the risk level is constantly in compliance with the overall risk appetite and capital adequacy constraints of If P&C. The committees also monitor the effectiveness of policies and give input to changes and updates if needed.

In addition to the risk specific committees, there are two other committees included in the Risk Governance structure. Their responsibilities are described as follows:

• The Ethics Committee (“EC”) discusses and coordinates ethical issues in If P&C. The committee gives recommendations on ethical issues and proposes changes to the Ethics Policy. The Chairman is responsible for the reporting of ethics risk and other issues dealt with by the committee.
• The Internal Model Committee is an advisory and preparatory body to the Boards of Directors and the CEOs. In accordance with the committee instruction, its tasks are to identify sources for potential model changes and to give its opinion to the Chairman on the assessment and classification of potential changes and on further validation activities or internal model development. In addition to the tasks above, the committee discusses and analyzes information related to the internal model from other committees as well as monitors the status of internal model use and development activities.

Risk Governance in Mandatum Life

In Mandatum Life the Board of Directors is responsible for risk management and the adequacy of internal control. The Board of Directors annually approves the Risk Management Plan, Investment Policy and other risk management and internal control instructions.

The Managing Director of Mandatum Life has the overall responsibility for risk management according to the Board of Directors’ instructions. The Managing Director is the Chairman of the Risk Management Committee (“RMC”) which coordinates and monitors all risks in Mandatum Life. The risks are divided into one of several main groups, the main groups being insurance, market, operational, legal and compliance risks as well as business and reputation risks. Each risk area has its own specialized committee or unit and a responsible person in the RMC.

The reporting lines of the main governing bodies in Mandatum Life are described in the figure Risk Governance in Mandatum Life.

In addition to the risk specific committees, the duties related to compliance and risk management of the Baltic subsidiary have been organized as follows:

• The Legal and Compliance Unit takes care of compliance matters with the Head of the Unit being a member of the Risk Management Committee.
• The Baltic subsidiary has its own risk management procedures. All major incidents are also reported to Mandatum Life’s Risk Management Committee. The Chairman of the Baltic Subsidiary is a member of the Risk Management Committee.

Internal Audit, through its audit recommendations, has a role to ensure that adequate internal controls are in place and provides Internal Audit’s annual review to the Board of Directors.