Your browser version is not updated, please update it.

Since its listing on the Stock Exchange Poste Italiane has gradually consolidated, within the Internal Control and Risk Management System (SCIGR), a model of risk governance based on the Enterprise Risk Management (ERM) framework, in line with the Corporate Governance Code for Listed Companies and international best practice.

In the development and continual improvement of this model, which is still ongoing, the Company examined all areas - financial, insurance and business - with the aim of achieving an organic overall vision of the Group, harmonizing risk management tools and methods and reinforcing its awareness that understanding and measuring risk and identifying sustainable actions to contain it, in the various forms in which it may arise in a complex and variegated organization such as Poste Italiane, is one the priorities which can significantly impact the achievement of its strategic targets.

Among the organizational measures required for the effective surveillance and handling of corporate risks, Poste Italiane Group has begun a process to integrate all structures performing the same functions in different companies/corporate departments, with the aim of achieving tighter governance and more efficient procedures.

In the Corporate Affairs department specifically, Poste Italiane has recently set up the Group Risk Management unit, charged with the following tasks:
  • establish a structured and integrated process to identify, evaluate and monitor risks in conjunction with the other SCIGR actors;
  • guarantee harmonized and integrated models and data flows between specialist second level control units, group companies and supervisory bodies through the implementation of an integrated platform across departments to manage and monitor risk at Group level;
  • oversee reporting to the Corporate Bodies with the aim of strengthening the SCIGR;
  • foster the diffusion of a risk management culture at every corporate level to systematically manage the organization's biggest risks and identify potential opportunities.

The Risk Management process of Poste Italiane Group features the following stages:

The Group’s Risk Governance unit supports the top management in effectively implementing Group-wide Enterprise Risk Management, covering all areas/types of risk, primarily identified according to a process-based rationale.
Poste Italiane group risks can be grouped into the following macro categories:
  • strategic risks: risks capable of affecting the achievement of the Strategic Plan objectives; they are identified and classified with the involvement of the Management, describing the key characteristics, triggering causes and possible consequences or effects, whether economic (i.e. losses, higher costs and / or lower revenues) or of any other kind (i.e. customer satisfaction);
  • reputational risks: risks originating from a negative perception by the Group's stakeholders, to counter which the adopted framework provides for analysis and management actions (stakeholder engagement) for evaluating the sources of risk. With the support of the Group Risks Government unit, the corporate functions responsible for analysing perception by stakeholders (Reputational Impact Specialist) detect and prioritize the reputational issues within their remit; these topics are the basis for the identification - by the company departments that directly manage them (Risk Owner) - of the risks with reputational impact, which are then assessed by taking into account the reputational metrics, for which appropriate strategies and treatment actions are identified;
  • financial and insurance risks: these include market risks (price risk, currency risk, interest rate risk and spread risk), credit risk, liquidity risk and technical risks arising out of the operating environment of the insurance sector; the relevant risk management processes are specifically regulated and monitored by the competent Authorities (Banca d'Italia and IVASS) and overseen by the respective Risk Management systems coordinated by the single representative in the Group’s Risk Governance unit;
  • operational risks: risks of loss from inadequate or failed internal processes, from Group-wide human resources and internal systems, or from external events; this category includes, among others, losses from fraud, OHS risks, IT security risks, besides cyber risks and legal risks;
  • non-compliance risks: are the risks arising out of breaches of existing regulations, such as Legislative Decree 231/01, Law 262/05, the privacy and market abuse regulations, or any other future rules and/or regulations applicable to the business sectors in which Poste Italiane Group operates. 

Poste Italiane SpA’s financial transactions primarily relate to BancoPosta’s operations, asset financing and liquidity investment, and Poste Vita SpA’s operations, investments designed to cover contractual obligations to policyholders on traditional life policies and index-linked and unit-linked policies.
The main market risk factors are: i) interest rate risk, the risk that the value of a financial instrument fluctuates as a result of movements in market interest rates, and ii) spread risk, the risk of a potential fall in the value of bonds held, following a deterioration in the creditworthiness of issuers.
Insurance risks derive from the stipulation of insurance contracts and the terms and conditions contained therein (technical bases adopted, premium calculation, terms and conditions of cash surrender, etc.). In technical terms, the main risk factors for Poste Vita SpA are mortality, i.e. any risk associated with the uncertainty of a policyholder’s life expectancy, and lapse.
A more detailed description and analysis of the relevant financial and insurance risks is contained in Poste Italiane’s Annual Report for the year ended on 31 December 2017.

Operational risks are managed by both the dedicated systems within the Group (Risk Management BancoPosta and Risk Management Poste Vita), in accordance with the regulations by the competent Supervisory Authorities, and in an integrated manner by the Group-wide Risk Governance unit.
In particular, both the BancoPosta RFC, Poste Vita and Poste Assicura  have formalised a methodological and organisational framework to identify,measure and manage the operating risk related to its products/processes. The framework, which is based on an integrated (qualitative and quantitative) measurement model, makes it possible to monitor and manage risk on an increasingly informed basis.

At Group level, the following risks, among others, are attentively monitored: i) IT risks, in particular, any risks arising out of the malfunctioning and/or security shortcomings of the IT systems that could result in the loss of information integrity, privacy and confidentiality; ii) OHS risks, particularly as a result of accidents to employees or contractors engaged in operational activities in the workplace (e.g. receiving, handling and sorting parcels and mail, or delivering mail by motorcycle or motor vehicle); iii) physical safety risks, in particular when accessing Group company premises, post offices, or restricted-access premises by persons not adequately authorized / identified, or as a result of the limited protection of Poste Italiane assets / property against predatory behaviour (burglary, theft, attacks on ATMs, acts of vandalism, etc.)

The Group Risk Management process enables the identification of various kinds of risks and their classification, based on their ultimate probability/impact within a matrix (Heat Map), for obtaining an overview of the risks to be monitored and prioritized.

The Group has also implemented an integrated Governance, Risk and Compliance (GRC) platform for surveying and filing all risks and displaying the collected data to each player in the process, consistently with the relevant profiling. The system also supports the GRG function and other players in respect of integrated risk reporting.

© Poste Italiane 2020 - VAT registration number: 01114601006

vai a inizio pagina