Risk management – online only content
Internal control system
The internal control system is overseen by the Group Board of Directors and the Group Executive Committee. It aims to provide reasonable oversight and assurance in achieving three objectives:
- Reliability of reporting – addressing the preparation of reliable reporting arrangements as well as related data covering significant financial, economic, regulatory and other reporting risks
- Compliance with applicable laws and regulations − addressing legal and regulatory requirements which Swiss Re is subject to, including compliance, legal and tax risks
- Effectiveness and efficiency of operations − addressing basic business objectives, including performance and profitability goals, and the safeguarding of assets covering significant market, credit, liquidity, insurance, technology and other risks
Operationally, the internal control system is based on Swiss Re’s three lines of control and comprises five components:
- Performed by risk takers (1st line of control)
- Based on Global Operational Risk Register
- Performed by risk takers (1st line of control)
- Based on Global Control Catalogue
- Performed by all lines of control
- All incidents logged in central repository
- Risk controlling by Risk Management and Compliance (2nd line of control)
- Assurance by Internal Audit and Compliance (3rd line of control)
- Standards, processes and structures that provide the basis for carrying out internal control (eg, operational risk tolerance)
- Risk culture, including Swiss Re’s corporate values, governance oversight, and roles and responsibilities, as well as performance measures, incentives, and rewards that drive accountability for performance
Risk tolerance and appetite assessment of plan
Risk oversight of planning aims to ensure that the Group and major legal entities fully understand the risk implications of the business and financial plan, and that the planning approach is based on sound assumptions. The plan represents the implementation of Swiss Re’s strategy under the baseline scenario. It is used to assess the risk and capital implications of the plan within the expected economic and business environment.
Risk Management provides both input into and risk oversight of the business and financial planning process. It does so by reviewing and challenging key assumptions supporting the plan as well as by assessing potential risks and threats that may arise from its implementation. Risk Management also provides transparency on detailed risk implications of the plan and works with Finance to test its adherence to risk appetite and risk tolerance, and determine whether it complies with the relevant capital and liquidity limits and targets. Adherence of the plan to risk tolerance is also subject to quarterly review based on updated plan information. Execution of the plan is subject to the risk control framework.
The implications of the business and financial plan are further assessed against selected sensitivities, as well as by projecting the risk, capital and liquidity positions under alternative scenarios. The insights gained from scenario analysis enable senior management to prepare a response to adverse events as they occur. In some cases, this may lead to preventative actions being carried out in advance, while in other cases management may react to events as they unfold, taking into consideration the insights gained during the planning process.
Risk identification is an ongoing process to establish transparency around all potentially material risks in order to make those risks controllable and manageable. This provides a basis for exposure monitoring, risk measurement, monitoring of capital requirements and reporting. All quantifiable risks must be reflected in costing, underwriting, reserving, capital and steering models.
Based on internal and external information, Swiss Re identifies risks such as:
- Previously unidentified risks
- Known non-material risks that have become material risks
- Known material risks that have changed following a re-assessment or increased understanding of the nature of the risk
- Changes in risk exposure from increased understanding of interdependencies between risks
Risk takers have primary responsibility for identifying risk, including emerging risks, by assessing all risk exposures arising from active positions (ie assets and underwriting) and operational processes as well as the risk factors underlying these exposures. Risk takers are also charged with providing Risk Management with all relevant information about their risk factors and exposures. Where the risk is relevant for multiple Swiss Re entities, this assessment is generally performed in cooperation with Group Risk Management.
Risk measurement enables Swiss Re to assess the magnitude of its risk exposures and set quantitative controls that limit risk-taking.
Swiss Re uses an internal risk model to determine the economic capital required to support the risks on the company’s books, as well as to allocate risk-taking capacity to the different lines of business. The model also provides the basis for capital cost allocation in Swiss Re’s Economic Value Management framework, which is used for pricing, profitability evaluation and compensation decisions. In addition to these internal purposes, the model is used to determine regulatory capital requirements under economic solvency frameworks such as the Swiss Solvency Test (SST) and Solvency II.
The internal risk model provides a meaningful assessment of the risks to which the company is exposed and is an important tool for managing the business. Swiss Re’s model has a history of more than 20 years of development and continuous improvement driven both by the company‘s specific risk profile and by changing requirements as a globally operating reinsurer.
While economic solvency regimes such as SST and Solvency II offer standard models for calculating regulatory requirements, such models are generally geared towards regulating the local or regional insurance market and thus do not take sufficient account of Swiss Re’s broad geographic and diversified portfolio structure. Swiss Re’s model uses the Monte Carlo simulation method to estimate a joint multivariate distribution of all relevant risk factors, rather than a limited set of deterministic scenarios and factors. It therefore provides more detailed results than standard formulas, which are based on simplified industry-wide common denominators.
Swiss Re’s internal model is based on two important principles. First, it applies an asset-liability management approach, which measures the net impact of risk on the economic value of both assets and liabilities. Second, it adopts an integrated perspective, recognising that a single risk factor can affect different sub-portfolios and that different risk factors can have mutual dependencies.
The model generates a probability distribution for economic profit and loss, specifying the likelihood that the outcome will fall within a given range. Risk measures derived from the model are expressed as economic loss severities taken from the total economic profit and loss distribution.
In line with the SST, the Group measures its economic risk capital requirement at the 99% shortfall (or tail value at risk) level. This represents an estimate of the average annual loss likely to occur with a frequency of less than once in one hundred years, thus capturing the potential for severe, but rare, aggregate losses.
In addition, the model is used to calculate value at risk (VaR) measures including 99.5% VaR, which is used in other regulatory regimes such as Solvency II. 99.5% VaR represents the loss likely to be exceeded in only one year out of two hundred and is thus more severe than the 99% VaR measure, which estimates the loss likely to be exceeded in one year out of one hundred. For Swiss Re’s loss distribution, the 99% shortfall (tail VaR) measure is generally larger than the 99.5% VaR measure.
In order to assess the risk and provide solvency information for individual financial reporting entities within a network of entities, it is necessary to consider the impact of intra-group relationships. For this purpose, the Group’s internal risk model takes the following items into account:
- Intra-group transactions (including loans, guarantees and retrocessions)
- Intra-group credit risk and (for SST) potential limited liability toward subsidiaries
- Secondary effects resulting from the potential insolvency of other reporting entities
Swiss Re’s risk model assesses the potential economic loss at a specific confidence level. There is thus a possibility that actual losses may exceed the selected threshold. In addition, the reliability of the model may be limited when future conditions are difficult to predict. For this reason, the model and its parameters are continuously reviewed and updated to reflect changes in the risk environment and current best practice. In addition, Swiss Re complements its risk models by ensuring a sound understanding of the underlying risks within the company and by applying robust internal controls.
The risk model is governed by Swiss Re’s Model and Tool Assurance Framework. This includes an independent end-to-end validation process that comprises specification, algorithms, calibration, implementation, results and testing.
As it is used for regulatory reporting purposes, Swiss Re’s risk model is subject to regulatory scrutiny. In November 2017, the Swiss regulator, FINMA, approved Swiss Re’s internal model for SST reporting (step one approval) following the new FINMA approval process that was initiated in 2016. Furthermore, the model has been approved by the Luxembourg regulator for the Solvency II reporting of Swiss Re’s legal entities in Continental Europe.
Risk exposure control
Swiss Re aims to carefully control exposure from active risk-taking decisions, the passive risk it is exposed to through its operations, as well as the cumulative impact of its risk exposures on capital and liquidity adequacy. Risk exposures are controlled in all activities to:
- Facilitate informed business steering decisions
- Ensure that the Group operates within its risk tolerance
- Ensure that operational risks are managed to an acceptable level
The following controls govern all risk-taking decisions across the Group:
- Clearly established authorities and delegations governed by referral triggers (eg quantitative and qualitative limits to delegated risk-taking authority)
- Capital and liquidity adequacy limits
- Risk limits
Regular internal risk and issue reporting ensures transparency at all stages. For the Group and key legal entities, holistic risk reports are produced and provided to the respective management and Board members. These reports cover qualitative and quantitative risk topics across all areas of Swiss Re’s risk landscape:
- Reporting of material risks and control issues including mitigation actions and recommendations; this is based on Swiss Re’s Group-wide risk matrix methodology, in which material risk items are grouped into themes and assessed for residual risk and required management attention
- Monitoring and analysis of adherence to risk tolerance, including adequacy of capital and liquidity, as well as the usage of risk limits
- Monitoring of exposure and other risk-related developments within Swiss Re, for underwriting, financial and operational risk, as well as assessment of external developments with a potential impact on Swiss Re, such as economic and insurance market trends, regulatory, legal and political developments.