dcsimg

Your browser version is not updated, please update it.

Since its listing on the Stock Exchange Poste Italiane has gradually consolidated, within the Internal Control and Risk Management System (SCIGR), a model of risk governance based on the Enterprise Risk Management (ERM) framework, in line with the Corporate Governance Code for Listed Companies and international best practice.

In the development and continual improvement of this model, which is still ongoing, the Company examined all areas - financial, insurance and business - with the aim of achieving an organic overall vision of the Group, harmonizing risk management tools and methods and reinforcing its awareness that understanding and measuring risk and identifying sustainable actions to contain it, in the various forms in which it may arise in a complex and variegated organization such as Poste Italiane, is one the priorities which can significantly impact the achievement of its strategic targets.

Among the organizational measures required for the effective surveillance and handling of corporate risks, Poste Italiane Group has begun a process to integrate all structures performing the same functions in different companies/corporate departments, with the aim of achieving tighter governance and more efficient procedures.

In the Corporate Affairs department specifically, Poste Italiane has recently set up the Group Risk Management unit, charged with the following tasks:
 
  • establish a structured and integrated process to identify, evaluate and monitor risks in conjunction with the other SCIGR actors;
  • guarantee harmonized and integrated models and data flows between specialist second level control units, group companies and supervisory bodies through the implementation of an integrated platform across departments to manage and monitor risk at Group level;
  • oversee reporting to the Corporate Bodies with the aim of strengthening the SCIGR;
  • foster the diffusion of a risk management culture at every corporate level to systematically manage the organization's biggest risks and identify potential opportunities.

The Risk Management process of Poste Italiane Group features the following stages:


The Group’s Risk Governance unit supports the top management in effectively implementing Group-wide Enterprise Risk Management, covering all areas/types of risk, primarily identified according to a process-based rationale.
Poste Italiane group risks can be grouped into the following macro categories:
 
  • strategic risks: risks capable of affecting the achievement of the Strategic Plan objectives; they are identified and classified with the involvement of the Management, describing the key characteristics, triggering causes and possible consequences or effects, whether economic (i.e. losses, higher costs and / or lower revenues) or of any other kind (i.e. customer satisfaction);
  • reputational risks: risks originating from a negative perception by the Group's stakeholders, to counter which the adopted framework provides for analysis and management actions (stakeholder engagement) for evaluating the sources of risk. With the support of the Group Risks Government unit, the corporate functions responsible for analysing perception by stakeholders (Reputational Impact Specialist) detect and prioritize the reputational issues within their remit; these topics are the basis for the identification - by the company departments that directly manage them (Risk Owner) - of the risks with reputational impact, which are then assessed by taking into account the reputational metrics, for which appropriate strategies and treatment actions are identified;
  • financial and insurance risks: these include market risks (price risk, currency risk, interest rate risk and spread risk), credit risk, liquidity risk and technical risks arising out of the operating environment of the insurance sector; the relevant risk management processes are specifically regulated and monitored by the competent Authorities (Banca d'Italia and IVASS) and overseen by the respective Risk Management systems coordinated by the single representative in the Group’s Risk Governance unit;
  • operational risks: risks of loss from inadequate or failed internal processes, from Group-wide human resources and internal systems, or from external events; this category includes, among others, losses from fraud, OHS risks, IT security risks, besides cyber risks and legal risks;
  • non-compliance risks: are the risks arising out of breaches of existing regulations, such as Legislative Decree 231/01, Law 262/05, the privacy and market abuse regulations, or any other future rules and/or regulations applicable to the business sectors in which Poste Italiane Group operates. 

Poste Italiane SpA’s financial transactions primarily relate to BancoPosta’s operations, asset financing and liquidity investment, and Poste Vita SpA’s operations, investments designed to cover contractual obligations to policyholders on traditional life policies and index-linked and unit-linked policies.
The main market risk factors are: i) interest rate risk, the risk that the value of a financial instrument fluctuates as a result of movements in market interest rates, and ii) spread risk, the risk of a potential fall in the value of bonds held, following a deterioration in the creditworthiness of issuers.
Insurance risks derive from the stipulation of insurance contracts and the terms and conditions contained therein (technical bases adopted, premium calculation, terms and conditions of cash surrender, etc.). In technical terms, the main risk factors for Poste Vita SpA are mortality, i.e. any risk associated with the uncertainty of a policyholder’s life expectancy, and lapse.
 
A more detailed description and analysis of the relevant financial and insurance risks is contained in Poste Italiane’s Annual Report for the year ended on 31 December 2017.

Operational risks are managed by both the dedicated systems within the Group (Risk Management BancoPosta and Risk Management Poste Vita), in accordance with the regulations by the competent Supervisory Authorities, and in an integrated manner by the Group-wide Risk Governance unit.
In particular, both the BancoPosta RFC, Poste Vita and Poste Assicura  have formalised a methodological and organisational framework to identify,measure and manage the operating risk related to its products/processes. The framework, which is based on an integrated (qualitative and quantitative) measurement model, makes it possible to monitor and manage risk on an increasingly informed basis.

At Group level, the following risks, among others, are attentively monitored: i) IT risks, in particular, any risks arising out of the malfunctioning and/or security shortcomings of the IT systems that could result in the loss of information integrity, privacy and confidentiality; ii) OHS risks, particularly as a result of accidents to employees or contractors engaged in operational activities in the workplace (e.g. receiving, handling and sorting parcels and mail, or delivering mail by motorcycle or motor vehicle); iii) physical safety risks, in particular when accessing Group company premises, post offices, or restricted-access premises by persons not adequately authorized / identified, or as a result of the limited protection of Poste Italiane assets / property against predatory behaviour (burglary, theft, attacks on ATMs, acts of vandalism, etc.)

The Group Risk Management process enables the identification of various kinds of risks and their classification, based on their ultimate probability/impact within a matrix (Heat Map), for obtaining an overview of the risks to be monitored and prioritized.

The Group has also implemented an integrated Governance, Risk and Compliance (GRC) platform for surveying and filing all risks and displaying the collected data to each player in the process, consistently with the relevant profiling. The system also supports the GRG function and other players in respect of integrated risk reporting.
 

Principal risks associated with material topics deriving from the Group’s activities 

 
Material topics Principal risks
Digitalisation and innovation Delayed innovation of products and services offered to customers and of related operating processes, resulting in negative perception of the Company by stakeholders.
IT security and business continuity Malfunctions and/or deficiencies in the security of IT systems that may lead to personal data breaches, loss or impairment of data, operational freezes or slowdowns, and customer service disruptions.
Relations with social partners
Risks related to industrial unrest and labour union strikes that may have an impact on business continuity and on stakeholders’ perception of the Company.
Health and safety Risks of non-compliance with regulations that protect workers’ health and safety, which may lead to criminal, civil and/or administrative sanctions, as well as financial, economic and/or reputational damage to the Company.
Customer experience and product quality
Limited satisfaction of business and consumer customers needs, regarding the various products and services, throughout the customer life cycle, as well as provision of poor quality and failure to comply with regulatory and contractual standards, resulting in the payment of fines and penalties.
Inclusion Risks connected with lack of attention to inclusion issues, leading to negative impacts on the Company’s reputation.
Sustainable logistics Risks connected with inadequate management of the Group’s logistics and production processes, including in terms of environmental sustainability, which might influence stakeholders’ perception of the Company.
Human capital Risks connected with a lack of/inadequate staff management in terms of professional enhancement, training and development.
Corporate Governance Risks connected with a Corporate Governance system that is not in line with leading practices, resulting in negative impacts on the Company’s reputation.
Green building Risks connected with inadequate management of the Group’s buildings, including in terms of environmental sustainability, which may influence stakeholders’ perception of the Company.
Responsible supply chain management Risks connected with relations with suppliers, with possible impacts in terms of compliance and financial damage due to fraudulent behaviour.
Economic and financial sustainability Deterioration of the Company’s reputation in the financial community (rating agencies, investment banks, analysts, etc.) which could have a negative impact on the share price.
ESG product investment and development
Risks connected with inadequate assessment of social and environmental impacts in the development of new products and services, which may influence stakeholders’ perception of the Company

© Poste Italiane 2018 - VAT registration number: 01114601006

vai a inizio pagina