Risk management
Effectively managing risks affecting Zurich is essential to our ability to help our customers manage theirs. While risk management has long been the core discipline of insurers, it has become even more critical for us and for our customers as the risk landscape evolves and becomes more complex.
We define risk management as an integrated, Group-wide approach to identifying, understanding, measuring and managing our risks. In addition to strategic and reputation risks, these include:
- Insurance – risk transferred to us from customers through the underwriting process
- Operational – risk associated with our people, processes and systems, and external events
- Credit – risk associated with a loss or potential loss from a counterparty failing to fulfill its financial obligations related to the investment portfolio, reinsurance assets and other exposures
- Financial market and asset/liability mismatch – risk associated with the Group’s investment portfolio, the relative duration of assets/liabilities, and currency fluctuations.
We manage risks throughout the organization, from the CEO to our businesses and functional areas, in alignment with our matrix organization. We have centers of expertise at the Corporate Center for such risk types as credit and financial market, with decentralized management of risks that occur mainly at the local level. We continue to strengthen Groupwide governance of our risk management, in 2006 with the creation of a Risk Committee of the Board of Directors.
Group-wide risk management policies specify risk limits and authorities, reporting requirements, and procedures for referring risk issues to senior management. We regularly monitor our risks through analyses and reports, as well as through relevant risk modeling.
We assess risks systematically through our Total Risk Profiling® process, which allows us to identify and then evaluate the probability of a risk scenario occurring, and the severity of the consequences should it occur. We then develop, monitor and implement improvement actions. The risk profiling process is integral to how we deal with change, and is particularly suited to evaluating strategic risks and risks to our reputation.
Our Risk Modeling Platform provides a robust, transparent and flexible modeling environment for evaluating and integrating risk and performance information. We use this platform to run our Risk-Based Capital (RBC) model, which measures the difference between what we expect in a normal business-operating environment and worst-case scenarios. We define RBC as the capital needed to protect our policyholders against the worst-case loss, which we calibrate according to our financial strength target of AA at a one-in-2000 probability of occurring over a one-year horizon; this translates to a 99.95% confidence level. We continue to embed RBC into our decision-making, such as allocating capital to our General Insurance lines of business for pricing purposes.
External perspectives
Various external stakeholders are placing increasing emphasis on the importance of sound risk management in our industry.
International Financial Reporting Standards require disclosure of information to help users of financial statements assess the extent of risk related to financial instruments. See the Financial Report, Consolidated Financial Statements, note 6 Analysis of Risk.
The new Swiss Insurance Supervisory Law came into effect on January 1, 2006. It includes the Swiss Solvency Test, which requires Zurich to run an internal capital model. We have been involved since 2004 in developing the new framework, and took part in previous field tests. In 2006 we submitted calculations for our Swiss legal entities within a compulsory field test. Because our internal model already is risk-based, we are building on it to fulfill the regulatory requirements. A similar initiative has been launched in the European Union. As with the Swiss Solvency Test, Solvency II aims for an economic risk-based capital framework. We are participating in quantitative impact studies with certain of our European entities.
We also seek external expertise to better understand and assess our risks, particularly regarding two areas of complex change: investments and natural catastrophes. We have commissioned panels of leading academic and industry experts whose input complements our analyses. The Investment Advisory Board provides feedback on achieving superior riskadjusted returns versus liabilities for the Group’s invested assets. The Natural Catastrophe Advisory Board provides insight into the patterns of occurrence, predictability and destructiveness of catastrophes, and feedback about our approaches – including natural catastrophe modeling – which helps us manage our underwriting and reinsurance purchasing more effectively.
Managing insurance risks for the Group
Our core business is insurance and so we carefully manage the risks that arise from our assuming certain of our customers’ risks.
It is increasingly important to evaluate emerging risks, which are new, evolving, highly uncertain and difficult to quantify with the possibility for high loss. Potential areas of emerging risk include genetic engineering, nanotechnology and pandemic diseases. A better understanding of emerging risks is key to meeting the challenges, and opportunities, they may present. We have cross-functional committees to evaluate and prioritize such risks for further action, based on their possible effect on our business. In 2006 we began to formally integrate information from both General Insurance and Global Life, which enhances our view of possible consequences.
Managing Global Life risk
In Global Life, we have formal local product development committees and a Group-level product approval committee for potential new products that could significantly increase or change our risks. Such reviews allow us to take planned risks as we develop our business.
Our use of the European Embedded Value reporting principles allows us to further understand and report on the risk profile of our Life products and how risks would change in differing market conditions. Embedded value is the measure markets use to value life businesses; we are using a market-consistent approach, which is considered industry best practice. See the Financial Report, Embedded Value Report for more information.
Ceded premium - trend
Managing General Insurance risk
A fundamental component of managing our risks is underwriting discipline. We set limits on underwriting capacity, and cascade authority to individuals based on their specific expertise. We set appropriate pricing guidelines with a focus on consistent technical price across the organization. Technical reviews confirm whether underwriters perform within authorities and adhere to our philosophies and policies.
Another foundation is appropriate reinsurance, which mitigates insurance risk. Our primary objectives for purchasing reinsurance are to support our earnings and capital risk profile, develop global capacity and maintain it for our key lines of business, and provide product capability for our customers. We centrally manage treaty reinsurance for efficiency and effectiveness. Our Corporate Reinsurance Security Committee manages the quality of our cessions and reinsurance assets. Due to our improved underwriting processes, and the flexibility afforded by our increased shareholders’ equity position, we have been able to restructure and realign our reinsurance programs to achieve a better risk/reward ratio.
Modeling natural catastrophe exposure
Understanding the potential effects of natural catastrophes is a critical component of our risk management for General Insurance. While specific catastrophes are unpredictable, modeling helps us determine potential losses should catastrophes occur. We use the models to help manage our underwriting and accumulations in modeled areas so that we stay within intended exposure limits and to help guide the reinsurance we buy.
We model at the local and Group level to assess and aggregate our exposures. The natural catastrophes of 2004–05 showed that industry-wide models underestimated expected losses, especially for windstorms. The models have been updated. In 2006 we began to model in new peril regions, we further standardized our data collection globally and we improved the granularity of our data collection. We also augmented the models’ output for important factors not included in the standard industry models. Finally, we realigned capacity across peril regions to achieve a more balanced insurance portfolio. Our review of North American exposure data from this realigned portfolio with both the old and the new models showed a significant decrease in exposure. We centrally oversee our modeling in order to get a global picture for comparison and accumulation, and we have technical centers closer to the business, which helps improve the overall quality of our information.
Peril regions assessed for 2006
Monitoring man-made catastrophe exposure
Zurich’s experience in monitoring potential exposures from natural catastrophes is also applicable to threats posed by man-made catastrophes, particularly terrorism. Due to the high degree of uncertainty about what events might actually occur, our accumulation monitoring and analyses contain a number of assumptions about the potential characteristics of the threat. We review and aggregate workers’ injury and property exposures to identify areas of significant concentration. The resulting data allows our underwriters, particularly in North America, to evaluate how insuring a particular customer’s risk might affect Zurich’s overall exposure. For other areas, our analysis has shown that our exposures are significantly lower, due in large part to government-provided pools. We periodically monitor accumulation limits for those areas.
Managing operational risk
Generally, all risks contain some aspect of operational risk. We have been working to more precisely identify key operational risks, by applying a common approach across the Group. We also leverage information from other sources of risk information such as internal controls, Total Risk Profiling®, and allocation of Risk-Based Capital. We are continuing the effort begun in 2005 to roll out this consistent approach to operational risk assessments and to build a loss-event data base. Analyzing such losses helps us make changes where needed.
As we develop an integrated operational risk management framework, we continue to focus on high priority operational matters such as outsourcing, information technology and managing business continuity. A key task is keeping our business continuity plans up-to-date, with an emphasis on recovery from unexpected events such as natural catastrophes and, more recently, the possibility of a pandemic. As a result, we have established an internal Pandemic Taskforce, which has developed a preparedness plan for the Group.
Our multi-year initiative to strengthen the consistency, documentation and assessment of our internal controls continues for significant controls and locations. Although mostly focused on important controls for financial reporting, this initiative also applies to related operational controls.
Managing risks in a changing world
Understanding and managing change is essential to effective risk management and, ultimately, profitable growth. We believe that taking proactive, insightful steps to understand, anticipate and manage the many risks we face today and will face tomorrow is more than simply a prudent approach to risk management: it is solid stewardship of the interests of all our stakeholders in a rapidly changing world.
