Risk Management

Risk management processes 

Grupo Línea Directa is exposed to various risks inherent to the activities and businesses it develops, as well as to those arising from external factors, which may prevent it from achieving its objectives and successfully executing its strategies. To ensure that the most relevant risks are properly identified, measured, managed, and controlled, the following principles of action are established: 

  • Integration: Risk management is part of management responsibilities and an integral part of all organizational processes. A risk management culture must be maintained in every decision made at all levels.
  • Independence: At the operational level, adequate segregation of duties must be ensured, as well as coordination mechanisms between business units and risk monitoring and control units. 

  • Comprehensive Management: All entities within Grupo Línea Directa Aseguradora must identify, measure, manage, and control all significant risks, establishing for each the appropriate policies, procedures, structure, and resources. The Risk Map is the tool that provides a global view of the most significant risks to which the entity is exposed.

  • Transparency: Appropriate channels must be maintained to facilitate internal information flow, enabling early detection of any threat to prevent or reduce its impact. 

  • Continuous Review and Improvement: The adequacy, suitability, and efficiency of risk management must be periodically reviewed and evaluated. Improvement opportunities will be analyzed, whether arising internally from lessons learned from reported incidents or externally through new tools and knowledge that can enhance risk management. 

  • Compliance with Internal Regulations: Actions must always be taken under the values and standards of conduct reflected in the Code of Ethics, especially the commitment to legality and the principle of “zero tolerance” toward illegal acts and fraud, as outlined in the Integrity and Compliance Policies. 

Risk Exposure Review 

Línea Directa has defined a Risk Map with associated indicators (KRIs) and internal controls, through which the company’s risk exposure is reviewed monthly, quarterly, semi-annually, or, in specific cases, annually, depending on the type of control. 

Audit of Risk Management Processes 

In 2023, the Internal Audit department conducted three audits focused on the risk management system, with the following scopes: 

Audit of the Internal Control System over Financial Reporting (SCIIF) – CAR and LDA Processes – Intercompany Operations and Simultaneous Debt: The objective was to evaluate the effectiveness of the design and execution of controls included in the SCIIF of the Advanced Repair Center (CAR, S.L.), covering processes such as: a) bank account management, b) payroll and incentive provisions, c) procurement and supplies, d) inventory management, e) operating expenses, and f) loans and income. The audit included verification of control objectives, proper implementation of controls, and traceability, custody, and archiving of documentary evidence. 

Audit on the Implementation Level of the Regulatory Compliance Risk Management System: Focused on reviewing governance processes related to environmental sustainability, evaluating the effectiveness in identifying, managing, and mitigating environmental risks. Social and governance risks were excluded from this review. 

Audit of Key Risk Indicators (KRIs): Aimed at analyzing the effectiveness of the process for identifying, designing, reporting, and monitoring KRIs, as well as the functionality and usefulness of the associated dashboard. 

In 2024, risk management processes, along with first-line internal control processes, were audited as part of the corporate assurance map. That same year, the Fraud Management function was also audited. All audits yielded similar results, with positive evaluations, although some weaknesses were identified. It is also important to note that the Corporate Risk area’s control functions actively complement and participate in all Internal Audit processes. 

Risk Culture 

Línea Directa has developed a risk management culture since its inception, and more extensively since its IPO in 2021. The creation of the Corporate Risk area in 2022 and the company-wide awareness of risks have been key to the exponential advancement of this culture. 

Additionally, each year, a large proportion of the workforce receives financial incentives linked to risk management objectives—from senior management to middle managers and back-office staff. In 2024, these objectives were closely tied to the update of the company’s Risk Map, the definition of a risk indicator dashboard, and the evaluation of specific risks such as climate change and regulatory risk related to data protection regulations.