Risk management

Helsana has an effective, systematic and company-wide risk management system in place. This also includes an appropriate and effective internal control system (ICS). Risk management and the internal control system are based on what is known as the “three lines of defence model” and are an integral component of corporate management. They serve to help the company achieve its goals and ensure the survival and success of the Helsana Group.

Risk management at Helsana is based on the provisions of the Swiss Code of Obligations, the Insurance Oversight Act (VAG), the Federal Health Insurance Act (KVG) and the associated FINMA ordinances and circulars, as well as international standards – in particular COSO, ISO 31000 and ISO/IEC 27005.

Sustainability risks include environmental, social and governance (ESG) risks. Helsana incorporates sustainability risks into its existing risk categories and identifies them as such. Sustainability risks comprise physical and transition risks¹ and can serve as drivers for various risks. Transition sustainability risks are classed as strategic risks that arise from changes in overall external conditions, such as legislation, supervision, technology, the economy and the environment. Sustainability aspects can also represent a risk factor for operational risks, such as the risk of non-compliance with employment law requirements. In addition to financial aspects, the impact on the company’s reputation and the risk of official and judicial measures are assessed to determine whether sustainability risks are to be categorised as material. The formal risk management process is carried out every year and aims to ensure that all material risks in the risk categories are identified, assessed and managed, that the necessary reports are submitted to the responsible bodies and that the internal control system is appropriate and effective. Irrespective of this process, risks are identified, assessed, managed and documented on an ongoing basis.

Material sustainability risks

Significant risks in connection with the non-financial matters pursuant to Art. 964b CO (environmental matters, social issues, employee-related issues, respect for human rights and combating corruption) and the activities to manage these risks are described below. Significant risks, including sustainability risks, are mitigated appropriately using process controls, supporting precautions and risk management measures as part of the risk management process.

Based on the data currently available and the business model, there are no significant environmental risks for Helsana. Nevertheless, Helsana considers the environment to be an important overarching social issue and a central component of our sustainability strategy. Measures to reduce our emissions and our consumption of energy and resources are described in section “Environment”. In addition, possible implications of climate change on health and the associated risks will be analysed in greater depth in the future.

Social risks are risks relating to the protection of various stakeholders – e.g. customers, employees and suppliers. These include, among other things, risks related to communication with stakeholders as well as risks of insufficient service quality, inadequate advice or counselling, or sales of inadequate quality. Helsana strives to provide advice that meets the very highest quality standards. Corresponding measures are described in section “Business ethics & compliance”. Risks related to healthcare affordability and quality are also classed as social risks and addressed in section “Health of our customers”.

In the area of employee-related issues, there are risks relating to failure to comply with employment law requirements, such as equal opportunities and protection against discrimination, as well as risks associated with occupational safety hazards. To mitigate these risks, Helsana has an occupational health management system in place that combines all activities and services aimed at employee health. Further precautions relate to physical safety and building security. The employee category also includes transition risks relating to the recruitment, retention and employability of employees, aspects that are being driven by current developments on the labour market as well as social and economic developments. Existing measures to address employee-related issues are described in sections “Employee development”, “Employee health and well-being”, “Diversity and equal opportunities” and “Working conditions and corporate culture”.

The main risks related to respect for human rights include those relating to privacy and the protection of personal data, which also rank among Helsana’s top risks. The business model of any (supplementary) health insurer requires the handling of sensitive personal data. Data protection measures are described in section “Data protection”. The category “Respect for human rights” also includes the risks of child labour in the supply chain, the mitigation of which is described in section “Supply chain”.

Material risks in the area of combating corruption relate to the risk of a breach of the Code of Conduct and the requirements for the prevention of corruption and bribery, which could translate into significant reputational damage. The handling of risks related to breaches of statutory, regulatory and internal principles is described in section “Business ethics & compliance”.

We apply the principle of dual materiality to sustainability risks. In doing so, we assess the financial and reputational impact as well as the risk of official and judicial measures for Helsana. We also assess the potential impact of our business activities on our stakeholders, including the environment (see sections “Employees and working environment” to “Foundation of our business activities”).