Risk is generally defined as the effect of uncertainty on objectives. Risk management means, in particular, making decisions about what risks to take and what risks are not to be taken. Risk management requires knowledge of risks and the ability to assess them. Integral parts of risk management are business continuity management and compliance with internal and external guidelines.

Principles and responsibilities in risk management

Sampo Group's parent company, Sampo plc is a holding company and it does not have any business activities of its own. The Group’s business activities are conducted in four business areas, which manage the risks related to their operations and continuously assess the capital required to cover their risks. In addition, Sampo plc manages key financial strength metrics and solvency for the consolidated group and the parent company. The Group’s parent company steers the wholly owned subsidiaries by setting targets for their underwriting performance and operating efficiency and by defining the main preconditions for the subsidiaries’ operations in the form of the Group-wide principles. The most important of these guidelines are the Code of Conduct, Internal Control Policy, Risk Management Principles, Remuneration Principles and Compliance Principles. There are also further guidelines which are followed to prevent reputational and compliance risks, for example the Disclosure Policy. The subsidiaries approve their own more detailed policies and instructions and organize their reporting to management bodies by themselves.

Managing risk includes first and second line roles. First line roles include business functions, most directly aligned with the delivery of products and services to clients, and portfolio management and support functions. Second line roles, including risk management and compliance functions, provide complementary expertise, support, monitoring and challenge related to the management of risk.

The third line consists of the Internal Audit function.

Risk management reporting

Group companies have internal and group-wide reporting responsibilities. At group-level profits, risks and capital are reported at least quarterly and reporting shall mainly be based on reporting undertaken in sub-groups. Reporting must take into account the specific features of companies’ business activities and their business environment.