Corporate Governance structure of Zurich
Zurich Insurance Group Ltd has an effective structure for cooperation between the Board of Directors, management and internal control functions.
Providing institutional independence
An effective structure is in place providing for cooperation between the Board of Directors of Zurich Insurance Group Ltd, management and internal control functions. This structure establishes checks and balances and is designed to provide for institutional independence of the Board from the Group Chief Executive Officer (Group CEO) and the Executive Committee (ExCo) which together are responsible for managing the Group on a day-to-day basis. The Board of Directors of Zurich Insurance Group Ltd is composed entirely of independent non-executive members. The roles of Chairman of the Board of Directors and CEO are separated, thus providing for separation of powers between the functions and ensuring the autonomy of the Board.
Three lines of defense at Zurich Insurance Group
as of December 31, 2023
Zurich uses a model of three lines of defense in its approach to enterprise risk management. This model runs through Zurich’s governance structure, so that risks are clearly identified, assessed, owned, managed and monitored.
First line: business management
The first line of defense consists of business management and all functions except Group Risk Management, Group Compliance and Group Audit. The first line takes risks and is responsible for day-to-day risk management (i.e., risks are identified and monitored, mitigation actions are implemented and internal controls are in place and operating effectively).
Second line: Group Risk Management and Group Compliance
The second line of defense consists of the two control functions, Group Risk Management and Group Compliance.
Group Risk Management is responsible for supporting the development, implementation and maintenance of Zurich’s Enterprise Risk Management and Internal Control frameworks. The Group CRO regularly reports risk matters to senior management committees, the Group CEO and the Board’s Risk and Investment Committee.
Group Compliance enables business management to manage its compliance risks by providing compliance solutions and independent challenge, monitoring and assurance related to relevant processes and controls, new business opportunities and complex transactions. Group Compliance is vertically integrated to support a global framework and is led by the Group Chief Compliance Officer who reports directly into the Group CEO while maintaining functional independence as second line of defense. The Group Chief Compliance Officer has direct access to the Audit Committee Chair and appropriate access to the Chairman of the Board.
Third line: Group Audit
The role of Group Audit is to provide independent and objective assurance on the adequacy and effectiveness of the Group’s risk management, internal control and governance processes. The Group Chief Auditor reports functionally to the Audit Committee Chair and administratively to the Group CEO. The Group Chief Auditor attends each Audit Committee meeting and has monthly meetings with the Chairperson of the Audit Committee and with the Chairperson of the Board.
Board
The Board is ultimately responsible for the supervision of the control and assurance activities.
External audit
External audit is responsible for auditing the Group’s financial statements and for auditing Zurich’s compliance with specific regulatory requirements. The Audit Committee regularly meets with the external auditors.