The objective of operational risk management in Mandatum Life is to recognize the risks proactively, manage the risks efficiently and to minimize the potential effects of realized risks in as cost-effective a manner as possible.
Business units are responsible for the identification, assessment and management of their own operational risks, including organizing adequate internal controls. The Operational Risk Committee (ORC) monitors and coordinates risk management issues regarding operational risks within Mandatum Life, such as policies and recommendations concerning operational risk management. The committee ensures that risks are identified and internal control and risk management have been organized in a proper way. The committee also analyses deviations from operational risk management policies and monitors operational risks identified in the self-assessments as well as in occurred incidents. The committee meets three times a year at a minimum. Significant observations on operational risks are submitted to the Risk Management Committee (“RMC”) and the Board of Directors on a quarterly basis.
The Operational Risk Committee analyzes and handles operational risks, e.g. in relation to new products and services, changes in processes and risks as well as realized operational risk incidents. Significant observations are reported to the Risk Management Committee and to the Board of Directors quarterly. The ORC is also responsible for maintaining and updating the continuity and preparedness plans as well as the Internal Control Policy.
In order to limit operational risks, Mandatum Life has approved a number of policies including e.g. Internal Control Policy, Compliance Policy, Security Policies, Continuity Plan, Procurement and Outsourcing Policy, Complaints Handling Policy and a number of other policies related to ongoing operative activities. Deviations against different policies are followed up independently in each business unit and are reported to the Compliance Officer and the ORC.
The internal control system aims at preventing and identifying negative incidents and minimizing their impact. In addition, would there be an operational risk event or a near miss, this must be analyzed and reported to ORC.