28 Sep 2011, MEGA International , Vittorio Corsano , Operational Risk & Regulation
With a strong commitment from the board of directors and Internal Control Committee, Unipol Group decided to meet the immediate needs related to Solvency II regulations while creating a broader, enterprise-wide source of process information. Unipol created a unique internal controls framework through the analysis of operational risks and business processes shared by stakeholders, and established a structured and federated approach to risk and control management.
Unipol partnered with MEGA, selecting the MEGA Suite to help define the project methodology, which was chosen to meet the Solvency II requirements related to the implementation of the internal model on operational risk. And, because of the software’s capabilities in both risk management and process analysis, Unipol was able to use a business process approach to help gather and analyse relevant, consolidated information that the board of directors and Internal Control Committee could use to make business decisions.
Unipol Group seeks solution for regulatory and efficiency challenges
Unipol Group is a major financial conglomerate in Italy. With €9 billion in premiums, six million customers, more than 7,000 bank branches and insurance agencies, and 7,400-plus employees, the 40-year-old company is a major force in insurance and banking.
In recent years, the group has quickly diversified and expanded its financial operations through the creation of new entities and acquisitions. This rapid company evolution and transformation prompted a review of internal processes to renew the overall organisation. Shortly after this review began, it was necessary to become Solvency II compliant. The convergence of these efforts convinced Unipol to manage the two projects together, and not consider the regulation requirement just an isolated initiative by the risk department.
“To meet the joint objectives, we needed a software solution to help define internal models to calculate the Solvency Capital Requirement (SCR) and create a common internal controls/process framework that would fulfil the varying needs of multiple departments,” explained Vittorio Corsano, head of regulation reporting rating and operational risk at Unipol.
This framework would be shared among different control and governance functions – risk management, business processes, controls law 262/2006, compliance and internal audit – thus increasing collaboration between stakeholders throughout the enterprise. With the framework in place, these stakeholders would gain access to important information that could be shared by the various groups. As a result, the company could meet its regulatory requirements, improve operational procedures, and increase company efficiency.
Finance leader links business process approach with operational risk
Once project goals were established, a team of people from the operational risk, internal audit and business process departments, along with specialised outside consultants, was dedicated to the Solvency II project. The team established close relationships with all relevant departments within the group, as well as those in several subsidiaries.
As part of the Solvency II ‘pre-application’ stage, Unipol began to define the operational risk framework and an internal model to calculate its SCR. The first step in this stage was outlining the project methodology. Workshops were held to establish a common understanding for the process, enhanced the collaborative efforts and contributed to the methodology definition.
The group’s methodology integrates risk management best practices of the Institute for the Research and Development of Insurance Studies and focuses specifically on risk and control assessment activities gathered from accurate knowledge of the Unipol Group organisation.
“Collaboration between the different control functions and with the business process department was key. A good understanding of our business processes lets us identify comprehensively and precisely the relevant risks and effective controls during the Risk Self-Assessment process,” says Corsano.
The assessment was conducted by business process owners and completed by analysing historical operational loss data. For that part of the project, a dedicated internal process to collect loss and event data was also defined.
Unipol followed a quantitative analysis approach to define the internal model to calculate the SCR. Statistical calculations were applied to the historical loss and event data, completed with scenario analysis information, and then weighted according to the methodology defined.
Risk reports, such as a business line/event type matrix, were available to help stakeholders and executives understand the results.
A holistic approach increases collaboration and benefits
“Because Unipol considered this initiative as a global project for all control and governance departments, and not just a risk management department project on Solvency II, groups throughout the enterprise quickly saw positive and tangible results,” according to Corsano.
Unipol made a shrewd decision at the beginning of the Solvency II project to select a software solution for all control functions, and to collect all relevant data – process, risk and control – in a common and shared repository. This has strengthened the collaboration between departments. Teamwork of this type is absolutely necessary for a programme such as this to succeed. It provides incredibly rapid results and a very solid understanding of the objectives, means, and results by individuals and groups across the enterprise.
This initiative has created a competitive advantage for Unipol, which now shares a common language to agree on corporate priorities, identify specific remedial actions, and provide relevant, consolidated information that the board and Internal Control Committee can use to make business decisions. As a result of this united and shared information, the project has improved the way the company operates.
Unipol extends the programme to other control departments
In parallel, other Unipol control functions, especially internal audit and compliance, will develop common and shared methodologies and best practices for the entire group, as a way to strengthen the benefits of the programme. These next efforts will be based on the methodology defined by all control and governance functions involved with the project.
MEGA was a solid partner for Unipol during this project, providing help and support in defining the methodology.
“MEGA provided critical value through their approach to our programme: they established a daily relationship with us and made us feel as if we were in their headquarters office,” says Corsano. “Even if we understood the standard model implemented in the tool, the requirements of our Solvency II project required significant customisation. The MEGA experts were totally available to share their knowledge and expertise to support us to define our specific internal model.”
View the article in PDF format