The continuity of operational risk management in If P&C is secured through the Operational Risk Committee (ORC), which coordinates the operational risk process. The task of the ORC is to provide opinions, advice and recommendations to the committee’s chairman. The chairman reports a forward looking assessment of the operational risk status to ORSA. The ORC is responsible for preparing a comprehensive overview of the operational risk status in If P&C. The status assessment is based on the self-assessments performed by the organization, reported incidents and other additional risk information. Trend analyses are performed on a yearly basis, during which the most important trends affecting the insurance industry are identified and the effects on If P&C are assessed. The committee considers and proposes changes to policies and instructions regarding operational risks.
If P&C also has a Compliance Committee (CC), which is an advisory body for the Chief Compliance Officer regarding compliance issues. The task of the committee is to secure a comprehensive view of compliance risk and activities in If P&C.
The line organization and corporate functions have the responsibility to identify, assess, monitor and manage their operational risks. Risk identification and assessments are performed by the line organization twice a year and by corporate functions yearly. Identified risks are assessed from a probability and impact perspective.
Incident reporting and analysis are managed differently depending on the type of incident. All employees are required to report incidents via the intranet.
In order to manage operational risks, If P&C has issued a number of different steering documents: Operational Risk Policy, Business Continuity Policy, Security Policy, Outsourcing Policy, Complaints Handling Policy, Claims Handling Policy and other steering documents related to different parts of the organization. These documents are reviewed and updated at least annually.
A number of internal governing documents form the basis for the steering of compliance activities, including compliance risk: Sampo Group Compliance Principles, Compliance Policy, Policy on Conflicts of Interest, Internal Control Policy, Risk Management Policy, Compliance Plan, Working Routines for the Compliance Function and the Instruction for Compliance coordinators. The documents are reviewed and updated yearly or when necessary.