SulAmérica

Risk acceptance is an essential part of SulAmérica’s business. In order to ensure that risk acceptance is consistent and in line with its strategic goals, the Company established a corporate risk management policy, with the focus on five key aspects:

• Control the impact of negative events;
• Manage the uncertainties inherent to the accomplishment of goals;
• Seek opportunities to obtain competitive advantage and increase value for shareholders;
• Align the Company’s risk policy with the strategies adopted; and
• Optimize the capital allocation framework.

To define the Corporate Risk Management strategies, a Risk Committee was set up, consisting of the following permanent members: the Chief Executive Officer (CEO), the Vice-President of Control and Investor Relations (CFO), the Chief Risk and Actuarial Officer (CIRO) and the Vice-Presidents of business units. The Corporate Risk Committee is a collective decision-making body with an integrated vision of the Company‘s risks and interdependence among the various risk categories.

Definition of Corporate Risk Management’s Responsibilities

The Corporate Risk Committee’s responsibilities are to approve the risk management policies, to align the risk policy with the corporate strategy, to assist in managing the Company’s strategic risks for better capital allocation, to report to the Management and the Board of Directors the treatment given to material risks, and to approve retention levels per insurance segment and significant changes in underwriting policies.

As the Company’s top decision-making body, the Board of Directors sets the general guidelines to be observed and their limits, and also supervises the management of risks. The CEO is responsible for periodically reviewing the overall strategies of the business together with the Risk Committee, in order to analyze and manage the material risks and to keep them within acceptable levels.

The whole process is monitored through the Enterprise Risk Management (ERM) system, which is permanently fed with information about processes, identification and classification of risks and controls. The system consists of the following components: internal environment, definition of targets, identification of events, risk assessment, response to risk, control activities, information and communication, and monitoring.

These components measure the level of awareness and culture across the organization with regard to risk management and control, align the goals with the Company’s strategy, Mission and Vision, identify the events that effect them positively or negatively, assess the risks qualitatively and quantitatively, and provide response options (avoid, accept, mitigate, share or transfer) for the creation of internal policies and procedures to comply with the strategic and operational goals, thus providing the information that serves as the basis for implementing action plans in the business units.

To ensure that risk management permeates the entire Company, employees have access to the electronic documentation of the company’s policies and procedures, organizational structure manuals and the Executive Board’s resolutions.

Description of Risks

Corporate Risk Management in SulAmérica covers the following risk categories: Operational, Credit, Market, Underwriting, Strategic, Legal and Compliance.

Operational Risk

Operational risk represents the risk of loss resulting from the failure, insufficiency or inadequacy of internal processes, people and systems or from external events. Fraud, employee relations, systemic failures and interruption of activities are examples of operational risk.

Since 2001, SulAmérica has had specific communication channels and an area exclusively dedicated to prevent fraud and design fraud prevention policies. In addition, to further reduce risks, the Company provides continuous training for its employees on the subject.

All internal processes are mapped into a data system, which shows the flow of activities and helps identify the respective risks and controls involved in each operating procedure. Each risk and its respective control bring qualitative information, enabling the company to classify the processes according to their risk levels and to identify possible action plans to mitigate operating losses.

SulAmérica is currently designing a project to manage operational risks with the aim of attaining excellence in management. The project is in line with best practices and recommendations of international agreements and treaties, such as Basel II, Solvency II and COSO (Committee of Sponsoring Organizations), among others.

The business continuity plan is handled at the corporate level and, with the help of appropriate tools and methodologies, envisages the functioning of SulAmérica’s essential operations during crises, thereby avoiding and minimizing financial losses to the Company and its customers.

Credit Risk

Credit Risk is the risk that a debtor or borrower fails to comply with the terms of an agreement or fails to comply with what was agreed upon. It is present in all activities whose success depends on compliance with the agreement reached by the other party, issuer or borrower. To qualify this risk, each institution or fund that carries out financial transactions with SulAmérica receives a score in relation to its credit risk.

For each business segment, maximum exposure limits are set for investments in institutions or private funds, in addition to maximum exposure limits for each of the scores.

For insurance operations, risk acceptance limits are based on the credit history of the insured member and the risk exposure in each operation. For reinsurance operations, the Company has specific assignment rules, consolidated exposure limits for each business, assignment limits per rating, and credit limits per reinsurer, all subject to regulatory limits. Finally, any reinsurance agreement has to abide by the internal rules set by the Risk Committee.

Market Risk

Market risk is the risk that the value of a financial instrument or a portfolio changes due to the volatility of market variables (interest rate, exchange rate, stock and commodities performance indexes, etc.) caused by adverse factors. Since 2003, SulAmérica has been using Asset Liability Management (ALM) techniques as one of the key tools to define the parameters to be observed in its investments.

According to the guidelines set by internal committees, and following the policies defined by an investment mandate (updated periodically), fund managers allocate financial assets in investments that are consistent with the behavior of the liabilities. The investment mandates reflect important points for adequate management of resources, such as the Company’s investment policy, the composition of portfolios per asset, the limits for each portfolio, the existing legislation, description of products and liabilities, among other aspects.

In general, SulAmérica’s investment policy aims to establish a degree of alignment between the minimum liquidity needed for each of the Company’s business segments and the investment guidelines to optimize the return on assets, considering the characteristics of the liabilities of each business. The methodology for managing market risk is based on the calculation of Parametric VaR (Value at Risk). Moreover, stress tests are performed to verify the expected loss in the worst scenarios. Market risk is monitored through daily reports containing information on VaR, as well as monthly analyses of investments.

Underwriting Risk

Underwriting risk arises from an adverse economic scenario that contradicts with the Company’s expectations at the time of preparing its underwriting policy, both in terms of the uncertainties existing in the actuarial and financial assumptions and in the constitution of technical provisions.

To manage and control these risks, the Company conducts the Procedures for Analysis and Review of Products (Procedimentos de Análise e Revisão de Produtos) periodically to review the bases of the products marketed such as product definitions, market studies, as well as sales and pricing expectations, and to evaluate the aspects relating to law, operational risks, corporate image, fraud, and money laundering. Based on these analyses, if necessary, action plans are defined to align the product with the Company’s expectations.

To manage and control the risk of provision arising from the risk of deviation in the type/and or average value of claims, SulAmérica adopts the following procedures:

• Tests of consistency of the methodologies used for creating provisions;
• Recalculation of technical provisions; and
• Monthly monitoring of variations in technical provisions.

With these analyses, whenever required, the Company makes changes to the methodology for calculating provisions and reviews the calculation and decision-making procedures. These measures help to maintain the technical provisions at adequate levels.

In addition to these controls, the Company relies on internal actuarial models to determine the economic capital due to underwriting risks. The models determine the VaR for each business line and enable more effective management of risk, as they make it possible to quantify the gains or losses from the adoption of new action plans to control or mitigate underwriting risks. The models provide the results to assess the underwriting risks and are structured to measure both the pricing risks and the risk of errors while constituting the technical provisions.

Strategic Risk

Strategic risk is the risk of losses resulting from processes or decisions that affect SulAmérica’s sustainability, growth or ability to obtain competitive advantage. SulAmérica has an Action Plan Appraisal Committee (Copa), consisting of members from the management, which analyzes the initiatives that imply investments or additional expenses.

In order to ensure compliance with the goals outlined in its strategic plan, SulAmérica adopts internal controls based on the Balanced Scorecard (BSC) methodology as a management tool, which allows it to monitor the achievement of goals in the short term and provides guidance for the long term. Thus, it enables the company to identify and correct any distortions during the implementation of the plan. BSC also seeks to make the strategy more clearly communicated throughout the organization, as all employees know about the vision for the future, the strategic objectives and the targets to be achieved.

The cost of capital used in the Company’s projects is calculated based on the methodology for calculating the Weighted Average Cost of Capital (WACC). The values of the assumptions are reviewed annually.

Legal and Compliance Risk

Legal and compliance risk is the risk of losses resulting from noncompliance with laws or regulations, loss of reputation and poorly formalized operations.

To reduce legal and compliance risks, SulAmérica has set up the Legal Department to be present in each business area, always aligned by a corporate vision. This department is responsible for reviewing the insurance contracts in order to mitigate legal risks and providing support in legal proceedings.

To further streamline these controls, SulAmérica set up a Compliance department with the objective of adapting the activities of the Company’s diverse areas to the rules laid down by the regulatory and inspection agencies. Each area has Compliance managers who are in charge of disseminating the methodology and the regulations in the business areas, thus ensuring effective risk management. They should be guided by a few basic procedures: a detailed description of the area’s key activities and their processes, identification of risks and controls, and the creation of action plans. It is worth mentioning that a self-appraisal of the internal control system is performed at least twice a year.

SulAmérica also has a communication channel to record instances that do not comply with the guidelines of the Legal Compliance Program. Messages can be sent through this channel to the Compliance, Internal Audit and Fraud Prevention areas.