Risk Management

The Integrated Control Framework (ICF) sets out how responsibilities are allocated within and describes the accountability procedures. This framework forms the basis Athora for controlling the business processes. The managing boards of the business units are responsible for day-to-day operations within these frameworks and every year they draw up operational plans, which are subject to the approval of the management of Athora. Further information about the ICF is contained in the annual report (VIVAT NV).

Athora has a procedure in place to assess, on a semi-annual basis, the way in which, and extent to which, the managing boards of each business unit and the corporate support departments manage essential risks. The procedure focuses on the discussion of risks in business operations and the measures taken to manage these risks that takes place between different layers of management. The In Control Statements that are periodically issued by the business units provide crucial input for this procedure. The outcome of this procedure contributes to the responsibility statements that are included in our annual report.

Our risk appetite is the extent to which we are prepared to accept risks in the pursuit of our objectives. We determine our risk appetite, as an integrated part of our overall business operations, at least once a year. Our risk appetite is limited by our risk capacity, which specifies the maximum amount of risk we can accept at consolidated level, given our capital and liquidity position and any restrictions due to funding agreements or requirements imposed by regulators. The risk appetite is subsequently translated into practical risk objectives.

Athora performs an Own Risk and Solvency Assessment (ORSA) at least once a year. The management of Athora Netherlands uses the ORSA to verify the amount of capital required and may decide on management actions to bring the capital into line with the risk profile and risk appetite. The combination of the business strategy, risk appetite, solvency position and continuous evaluation produces input for management's discussion on the amount of capital required.

Risk Owner

The first line has an operational role, focusing on the primary and operational process of the business activities. Within the policy framework and subject to internal procedures and risk limits, it is the objective of the risk owner to achieve the best possible risk/return ratios. Business plans are prepared in the first line.

Risk Management

The second line has a controlling and accepting role in respect of the transactions proposed by the first line. The second line assesses the actions and transactions in the first line as well as the effectiveness of procedures y means of testing key controls, and is responsible for ensuring that the risk profile matches the risk appetite. The second line is responsible for formulating the framework and has an oversight role, and thus shapes policy. It sets out the policy framework, but leaves the execution of policy on risk and capital management to the first line.

Audit

The independent audit function for the risk management process is entrusted to Internal Audit Athora Netherlands (Internal Audit). Internal Audit has no role in determining, implementing or steering risk policy. Internal Audit helps Athora Netherlands to achieve its objectives by implementing a systematic audit approach to evaluate and increase the effectiveness of activities in the areas of risk management, internal control and governance.