Management of other significant risks

Operational risk

The Group has implemented an internal control system to mitigate operational risks through three lines of control. This system assigns primary responsibility for identifying and managing operational risks to individual risk takers (first line of control), with independent oversight and control by the Risk Management and Compliance functions (second line of control) as well as Group Internal Audit (third line of control). Members of the Group Executive Committee are required to certify the effectiveness of the internal control system for their area of responsibility on a quarterly basis.

Operational risk is inherent within Swiss Re’s business processes. As the company does not receive an explicit financial return for such risks, the approach to managing operational risk differs from the approach applied to other risk categories. The purpose of Operational Risk Management is not to eliminate risks but rather to identify and cost-effectively mitigate operational risks that approach or exceed Swiss Re’s tolerance.

Risk Management is responsible for monitoring and controlling operational risks based on a centrally coordinated methodology. This includes a pre-defined taxonomy that is used for identifying, classifying and reporting operational risks, as well as a matrix in which risks are assessed according to their estimated probability and impact. Risks are assessed for their residual economic, financial reporting, reputational and compliance impact, taking into account existing mitigation and controls.

The matrix is also used to assess residual exposures against Swiss Re’s tolerance limits for operational risk. This limit represents the level of operational risk that the Board of Directors and executive management teams are willing to accept. Material risks that exceed or are approaching risk tolerance are reported to executive management and Boards of Directors at Group and legal entity level. In addition, mitigation strategies are required for all risks that are outside of operational risk limits in order to bring them within tolerance.

Cyber risk and information security are a key focus of Swiss Re’s operational risk controls. The Group performs an annual cyber risk assessment to determine the current maturity of controls; this is based on internationally recognised standards defined by the Information Security Forum. The results of the assessment are shared with senior management and integrated into Swiss Re’s Group-wide cybersecurity programme. This programme focuses on five key areas: security culture, critical information, technology defence, incident response and supplier governance.

All operational events and issues are recorded and managed in a central Operational Risk Management system in order to address the identified problems and avoid the recurrence of similar events. The results are reviewed by the company’s CRO and reported to the management team and Board.

While techniques and technologies to turn data into risk knowledge are becoming increasingly sophisticated, Swiss Re further enhanced its organisational measures to protect privacy and safeguard data confidentiality in line with requirements of the European General Data Protection Regulation which took effect on 25 May 2018.

Processes have been finetuned to meet new requirements (eg, Data Subject Rights, Data Protection Impact Assessment, Personal Data Breach Notification) with further strengthening of Swiss Re internal control system and increased awareness of expected behaviors in respect of data protection.

Strategic risk

Overall responsibility for managing strategic risk lies with the Group Board, which establishes Swiss Re’s overall strategy. The Boards of legal entities are responsible for the strategic risk inherent in their specific strategy development and execution. Strategic risks are addressed by examining multi-year scenarios, considering the related risks, as well as monitoring the implementation of the chosen strategy year-by-year in terms of the annual business plan.

As part of their independent oversight role, Risk Management, Compliance and Group Internal Audit are responsible for controlling the risk-taking arising from the implementation of the strategy.

Regulatory risk

Swiss Re is strongly engaged in the regulatory debate and interaction, striving to mitigate potentially negative impacts while supporting reforms that could enhance the overall health of the sector, facilitate convergence of regulatory standards or generate business opportunities.

Regulatory developments and related risks that may affect Swiss Re and its subsidiaries are identified, assessed and monitored as part of regular oversight activities. Periodic reports and recommendations on regulatory issues are provided to executive management and the Board at Group and legal entity level.

The regulatory environment of the insurance industry continues to evolve on the regional, national and international level. While some regulatory changes create new business opportunities, others come with significant costs and business restrictions. Growing regulatory complexity, increased national protectionism and a fragile global economy are persistent themes affecting regulation and the way Swiss Re operates worldwide.

While prudential regulation in most regions is developing towards more risk-sensitive and economic-based capital regimes, regulatory fragmentation is increasing. Regulators show declining appetite for globally aligned policy reforms. Local capitalisation rules often fail to fully recognise the benefits of risk mitigation and diversification. In addition, there are moves to limit the use of internal models influenced by post-crisis banking regulation. Swiss Re strongly supports the use of internal models, full recognition of risk mitigation and diversification, appropriate consideration of counterparty default and concentration risk, and efficient application of eligible capital instruments. Uncoordinated regulatory approaches will be less effective in promoting financial stability and could undermine re/insurers’ ability to support economic activity and closing the protection gap.

Technology regulation is increasing in importance. While this is mainly targeted at technology companies, it also has a significant effect on insurers and reinsurers where it concerns access to and usability of data. Insurance regulators have also to examine the use of data. If efforts at data regulation are not coordinated between jurisdictions, they could impact Swiss Re’s future use of data-linked technologies on a global basis.

Swiss Re continues to advocate for the removal or reduction of market access barriers, so that policyholders, governments, taxpayers and national economies can fully benefit from international diversification and therefore reliable, quality and affordable risk cover.

Political risk

Political developments can threaten Swiss Re’s operating model but also open up opportunities for developing the business. The Group adopts a holistic view of political risk and analyses developments in individual markets and jurisdictions, as well as cross-border issues such as war, terrorism, energy-related issues and international trade controls.

A dedicated Political Risk team identifies, assesses and monitors political developments world-wide. Swiss Re’s political risk experts exercise oversight and control functions for named political risks, such as in the political risk insurance business; this includes monitoring political risk exposures, providing recommendations on particular transaction referrals and risk reporting. In addition, the Political Risk team provides specific country ratings that cover political, economic and security-related country risks; these ratings complement sovereign credit ratings and are used to support risk control activities and inform underwriting or other decision-making processes throughout the Group.

Swiss Re seeks to raise awareness of political risk within the insurance industry and the broader public, and actively engages in dialogue with clients, media and other stakeholders. The Group also builds relationships that expand the company’s access to information and intelligence, and allow Swiss Re to further enhance its methodologies and standards. For example, Swiss Re participates in specialist events hosted by institutions such as the International Institute of Strategic Studies, the Geneva Center for Security Policy, or the Risk Management Association, and maintains relationships with political risk specialists in other industries, think tanks and universities, as well as with governmental and non-governmental organisations.

The ultimate outcome of Brexit and the relationship between the EU and the UK remain unclear. Swiss Re operates in the UK through the UK branches of Swiss Re’s Luxembourg entities and some UK-domiciled entities. Swiss Re is actively engaging with the relevant UK and EEA regulators to ensure minimum disruption from Brexit and has actioned contingency plans to mitigate the risk of any adverse impacts on Swiss Re’s businesses or the ability to service clients and customers as a result of Brexit.

Model risk

Swiss Re uses models throughout its business processes and operations, in particular to price insurance products, value financial assets and liabilities, assess reserves and portfolio cash flows, and estimate risk and capital requirements. Model owners have primary responsibility for model-related risks and are required to adhere to a robust tool development process, including testing, peer review, documentation and sign-off. A similar process also applies to model maintenance.

Swiss Re’s model governance is based on Group-wide standards for model assurance. These standards seek to ensure that each material model has a clear scope, is based on sound mathematical and scientific concepts, has been implemented correctly and produces appropriate results given the stated purpose. Furthermore, the calibration of model parameters (and the data on which calibration relies) must be trustworthy, while expert judgments are required to be sensible, documented and evidenced.

Analytical or financial models that are used for costing, valuation and risk capital calculations are governed by Swiss Re’s Model and Tool Assurance Framework. This requires the appropriateness of models to be assessed in an independent end-to-end validation process that includes specification, algorithms, calibration, implementation, results and testing. Material models used for costing, valuation of reserves and assets as well as Swiss Re’s internal risk model are validated by dedicated teams within Risk Management. These teams provide independent assurance that the framework has been adhered to, and also conduct independent validations. Swiss Re’s risk model is also subject to regulatory scrutiny.

Model-related incidents are captured within Swiss Re’s operational risk framework. In addition, material model developments, incidents and risks are reported in regular risk updates to executive management and the Board at Group and legal entity level.

Swiss Re works closely with industry peers to develop and share best practices for assessing and managing model-related risks. In this context, Swiss Re is actively participating in a CRO Forum working group that provides a platform for such exchanges and are working on frameworks for model risk.

Valuation risk

Financial valuation risk is managed by a dedicated team within Financial Risk Management. The team performs independent price verification for financial risk positions to confirm that valuations are reasonable and ensure there are no material misstatements of fair value in Swiss Re’s financial reports. The results of the independent price verification process are reviewed by the Asset Valuation Committee. Summary results are regularly reported to executive management and the Board at Group and legal entity level. In addition, Swiss Re’s external auditor conducts quarterly reviews as well as a comprehensive year-end audit of controls, methodology and results.

Reserve valuation risk is managed by Swiss Re’s Actuarial Control function, with dedicated teams for property and casualty, and life and health valuation. These teams ensure that Swiss Re’s reserve setting process uses an appropriate governance framework, including defined accountabilities and decision-making processes for risk takers (as the first line of control) as well as for Actuarial Control. The framework ensures that there is independent assurance on the data, assumptions, models and processes used for valuation purposes; for all property and casualty business and selected life and health portfolios, it also includes an independent valuation of coverage provided to ensure that reserves are within an adequate range. Regular deep-dive investigations are performed into selected portfolios in order to review the appropriateness of both the reserves and the applied reserving approach.

Sustainability risk

Swiss Re’s continued business success depends on the successful management of sustainability risks, thus helping to maintain the trust of its stakeholders. The Group has a long-standing commitment to sustainable business practices, active corporate citizenship, as well as good, transparent governance. All employees are required to commit to and comply with Swiss Re’s values and sustainability policies.

Potential sustainability risks are mitigated through clear corporate values, active dialogue and engagement with affected external stakeholders, and robust internal controls. These include a Group-wide Sustainability Risk Framework to identify and address sustainability risks across Swiss Re’s business activities. The framework comprises sustainability-related policies − with pre-defined exclusions, underwriting criteria and quality standards − as well as a central due diligence process for related transactional risks.

Sustainability risks are monitored and managed by dedicated experts in Swiss Re’s Group Sustainability Risk team, which is also responsible for maintaining the Sustainability Risk Framework. In addition, this unit supports Swiss Re’s risk management and business strategy through tailored risk assessments and risk portfolio reviews. It fosters risk awareness through internal training, and facilitates development of innovative solutions to address sustainability issues. Finally, it represents and advocates Swiss Re’s position on selected sustainability risk topics to external stakeholders.

Swiss Re is a founding signatory to the UN Principles for Sustainable Insurance (UN PSI) and is currently a board member of this initiative. The UN PSI provide a global framework for managing environmental, social and governance challenges. Swiss Re has been actively contributing to the initiative for several years, co-chaired it from 2013 to 2015 and publicly reports progress against the principles in its annual Corporate Responsibility Report; the 2018 edition has been published together with the 2018 Financial Report.

Swiss Re is currently developing a carbon risk steering mechanism that will help to guide the Group’s business towards a low-carbon world and support Swiss Re’s clients in their transition. In July 2018, Swiss Re launched a first element of the carbon steering mechanism in the form of a new thermal coal policy. The new policy is part of Swiss Re’s Sustainability Risk Framework and applies across all lines of direct, facultative and treaty business.

Reflecting the Group’s strong overall commitment to corporate responsibility, Swiss Re continued to be included in leading sustainability indexes and rankings such as FTSE4Good, Euronext Vigeo World 120, Ethibel Excellence Global, oekom Prime Investment and the Dow Jones Sustainability Index. For more information on Swiss Re’s sustainability practices, see also the Corporate Responsibility section as well as Swiss Re’s 2018 Corporate Responsibility Report.

Emerging risk

Anticipating possible developments in the risk landscape is a central element of Enterprise Risk Management. Swiss Re promotes pre-emptive thinking on risk in all areas of the business in order to reduce uncertainty and diminish the volatility of the Group’s results, while also identifying new business opportunities and raising awareness for emerging risks.

For this purpose, Swiss Re’s risk identification processes are supported by a systematic framework that identifies, assesses and monitors emerging risks and opportunities across all areas of Swiss Re’s risk landscape. This framework combines a bottom-up approach driven by employee input with central and regional experts on emerging risk. The resulting information is complemented with insights from external organisations such as think tanks, academic networks and international organisations, as well as from interaction with clients.

Findings are reported to management and internal stakeholders, including a prioritised overview of newly identified emerging risks and an estimate of their potential impact on Swiss Re’s business. Swiss Re also publishes an annual emerging risk report (Swiss Re SONAR) to raise awareness within the Group and across the industry, and initiate a risk dialogue with key external stakeholders.

To further advance risk awareness across the industry and beyond, Swiss Re continues to participate actively in strategic risk initiatives such as the CRO Forum’s Emerging Risk Initiative and the International Risk Governance Council.

From emerging risks to core business