The continuity of operational risk management in If P&C is secured through the Operational Risk Committee (“ORC”). The task of the ORC is to provide opinions, advice and recommendations to the committee’s chairman. The ORC is responsible for preparing a comprehensive overview of the operational risk status in If P&C. The status is based on the self-assessments performed by the organization, reported incidents and other additional risk information. External operational risks are identified in the strategy risk process which is performed on a yearly basis, during which the most important trends affecting the insurance industry are identified and their effects on If P&C are assessed. The chairman of the ORC reports a forward looking assessment of the operational risk status to the Own Risk Solvency Assessment Committee (ORSAC). The chairman also proposes changes to policies and instructions.
The line organization and corporate functions have the responsibility to identify, assess, monitor and manage their operational risks. Risk identification and assessments are performed by the line organization twice a year and by corporate functions yearly. Identified risks are assessed from a probability and impact perspective.
Incident reporting and analysis are managed differently depending on the type of incident. All employees are required to report incidents via the intranet.
In order to manage operational risks, If P&C has issued a number of different steering documents: Operational Risk Policy, Business Continuity Policy, Security Policy, Outsourcing Policy, Complaints Handling Policy, Claims Handling Policy and other steering documents related to different parts of the organization. These documents are reviewed and updated at least annually.
A number of internal governing documents form the basis for steering compliance activities, including compliance risk: Sampo Group Compliance Principles, Compliance Policy, Policy on Conflicts of Interest, Internal Control Policy, Risk Management Policy, Compliance Plan, Working Routines for the Compliance Function and the Instruction for Compliance coordinators. The documents are reviewed and updated annually or as necessary.