Area Tasks Results
Risk management
– underwriting risk In 2025, in the area of underwriting risk, PZU and PZU Życie conducted a systematic process of risk monitoring and assessment, including both the analysis of current trends and the identification of trends that could affect the level of insurance liabilities.

In response to the risk factors as identified, adequate management actions were taken both at the level of individual product groups and in aggregate.

 In 2025, the monitoring confirmed the stability of underwriting parameters and the absence of risk factors requiring special attention.
– market risk In 2025, in the area of market risk, a process for risk monitoring and assessment was developed. The greatest emphasis was placed on accelerating and automating market risk reporting to meet the expectations of the PZU Management Board. The system of market risk measures was also adjusted to guarantee an optimal level of information for participants in the investment process inside the PZU Group. In 2025, the monitoring process confirmed the stability of the market risk profile, with no factors identified that require special attention.
– liquidity risk The current conditions did not have a material impact on liquidity risk of PZU Group’s insurance business in 2025. Liquidity was maintained at a safe level. As part of routine management actions regarding liquidity risk, the PZU Group constantly monitored the level of available liquid funds and the current utilization of liquidity limits In 2025, there were no grounds to take extraordinary management actions regarding liquidity risk.
– credit risk In 2025, in the area of credit risk, PZU and PZU Życie conducted a regular process of risk monitoring and assessment, taking into account changes in the economic environment and their impact on the quality of credit exposures. In response to the risks as identified, adequate management actions were taken at the level of individual counterparties and debtors, individual investment portfolios, as well as in aggregate. In particular, regular reviews of foreign country risks and sections of the economy were performed, resulting in decisions to adjust credit and credit-guarantee limits and to introduce additional qualitative restrictions in response to identified risks. At the same time, process elements were developed, which included updating investment rules for selected asset classes, with mechanisms that were appropriate to their risk profile and ensured proper mitigation of specific risks. In 2025, monitoring confirmed the stable quality of credit exposures, and the analyses did not reveal risk factors requiring special attention.
– operational risk In 2025, in the area of operational risk, a regular process for risk monitoring and assessment was conducted. The base of operational risk indicators monitored monthly/quarterly was expanded, and the Operational Risk Self-Assessment formula was changed to direct the examination towards identifying and assessing the most important operational risks in the business.

As part of the crisis staff’s operation, ongoing monitoring is being carried out for two emergencies:

  • the emergency situation announced on 28 January 2022 and related to the attack of the armed forces of the Russian Federation on Ukraine, which includes ongoing monitoring of the current situation in terms of business continuity of companies and security of financial assets of the PZU Group;
  • announced on 22 February 2022, an emergency situation related to the heightened risk of cyberattacks, which included additional security measures in the areas of cyber threats and physical security, and a commitment for PZU Group companies to promptly report anomalies in these areas.

Additional cybersafety measures were introduced to mitigate risk with increasing probability of materialization. Anomalies in terms of cyber threats, extending to subsidiaries, are under continuous 24/7 monitoring. Due to the nationwide implementation of CRP Alert Level 3 (CHARLIE-CRP) and Alert Level 2 (BRAVO), a heightened state of readiness of the physical and cyber security areas has been maintained continuously since February 2022.

 In 2025, the monitoring did not reveal any operational risk factors requiring special attention. Control processes, including an expanded list of indicators, as well as strengthened physical and cyber security mechanisms, proved effective, and operational risks remained at stable, acceptable levels.
– model risk In 2025, in the area of model risk, PZU and PZU Życie conducted a regular process for risk monitoring and assessment. The model risk level was regularly determined and the validation plan was implemented. The results of the model risk management process, such as validation reports, were discussed on an ongoing basis within the work of a dedicated committee. In 2025, the monitoring and validations confirmed the stability of model performance and the absence of risk factors requiring special attention.
– compliance risk In 2025, in the area of compliance risk at PZU, the Compliance Department took efforts to further align the compliance function with the changing legal environment and the PZU Group’s current needs. This included, in particular, works to maintain the adequacy and effectiveness of compliance processes, taking into account the PZU Group’s status as a financial conglomerate. Moreover, the compliance area was involved in the activities aligning the Company to the requirements under new and amended legal acts. In 2025, the Compliance Department’s activities effectively supported the adaptation of processes to changing regulatory requirements. No significant non-compliance requiring specific intervention was identified.
– risk concentration In 2025, in the area of risk concentration, a process for risk concentration monitoring and assessment was conducted. Exposures exceeding established thresholds and thus requiring special attention were subjected to additional analysis for their risks and mitigants. These measures were aimed at ensuring an acceptable level of risk for such exposures. No need to take additional risk concentration measures was identified in 2025.
Internal control
Institutional control and Testing within the Internal Control System Under the 2025 Internal Control Plan, the Internal Control Department completed 12 problem audits. In particular, the audit covered the following areas of PZU’s operations: insurance distribution and servicing, claims and benefits handling, debt collection, fleet and telephony administration, occupational health and safety, real estate management, and IT access management. Testing within the Internal Control System.

Key vertical tests included the following topics:

  1. Properly documented test results. The control covered all of the Company’s units, which scheduled inspections in 2024.
  2. Fulfillment of the obligation for the risk analysis of the Internal Control System to include factors related to risk management and resulting from the recommendations made by the second-line units, in particular the Compliance Department and the Internal Audit Department, as well as KNF, UOKiK and statutory auditors. The test was conducted on a selected sample of units.
  3. Fulfillment of the obligation of the Company’s units to include mandatory tests in the annual audit plan. The test was conducted on a selected sample of units.
 The control tasks revealed irregularities of various weights and recommendations were made to remedy these irregularities or improve the implementation of the activities covered by the control. All recommendations with an implementation date of 2025 were implemented in whole or in part, according to schedules.

Re 1

Under the recommendations addressing the identified irregularities, the unit managers or the designated persons were obliged to:

  1. Make employees responsible for recording and verifying test results:
    • record control results properly,
    • verify the control results by the lead controller,
    • implement the planned examinations and accept the results in a timely manner.
  2. Accept the examination results in a timely manner.
  3. Make employees responsible for the implementation of the recommendations implement them in a proper and timely manner.

Re 2 & 3 No irregularities were identified.
Internal audit
Internal audit The 2025 audit at PZU Group concentrated primarily on areas that have a direct impact on customer experience and security, including service quality, data protection and process transparency. At the same time, the audit focused on areas critical to the organization’s stability and growth, including risk management, process efficiency and regulatory compliance. Special emphasis was put on data security, digital transformation and controls in strategic and operational areas. The audits resulted in recommendations to mitigate identified risks and improve operations. Supervision over the timely implementation of the recommendations is exercised by the supervising Management Board Members or Directors of the PZU Group, and the Internal Audit Department monitors and verifies their implementation, and then, after the analysis, the Department decides whether to consider them implemented.
Previous topic
Internal control system
Next topic
Dividend