Imperatives of good risk governance

Under the stewardship the Chief Risk Officer, good risk governance at Swiss Re is about adhering to five key principles.


The first rule of good risk governance is to ensure all regulatory demands are met, including full definition and documentation of the acceptance of risks within the organisation and the scrutinisation of any models used.


It is also important who owns, takes and controls risks in the business and on specific transactions. The owner is ultimately the Executive Board of the organisation. The risk taker is the responsible business team. It is vital that responsibility for the risk lies with the business and that risk management plays the independent role of influencing and controlling the risk. 

Risk tolerance

Individual risk managers must understand the risk tolerance and appetite of the risk owner. In governance terms, risk tolerance criteria should be set by the Board based on an evaluation of the available capital and required liquidity. For Swiss Re, overall risk is limited to ensure the company is able to continue to operate following an extreme loss event and honour the fundamental promise of insurance; to pay a legitimate claim in a timely fashion. The risk appetite is then defined  to assess where capital is best invested to maximise shareholder value.  Regular internal communication of the businesses risk strategy is vital in this regard. 


All company cultures contain criteria for how success looks. Financial bonuses are vital, but not the only factor. For example, in some cultures there is no glory in walking away from a deal. In motivational terms, a senior manager may also prefer to close a deal on weak terms than disappoint colleagues who have worked for weeks on contract details. Risk managers need to understand these drivers and their implications for how we manage risk.


A key part of the role definition for the risk manager is detailing how the day-to-day risk control processes will work and how they will ensure their independence. For example, if a deal team has been assembled around a specific transaction, is the risk manager a member of this team or officially separate?  One solution used at Swiss Re is a “three signature” approach to all major deals. This requires that large deals are signed off by underwriting, client management and risk management, again reinforcing the independent role of the risk manager.

Managing our risks

Risk Management at Swiss Re aims to ensure an appropriate risk-reward balance in all of the Group's risk taking activities. This requires a strong and independent risk management organisation and comprehensive...

Read the whole story

Cyber resilience for the 21st...

The news is increasingly dominated by stories of cyber attacks on large organisations. Recent examples serve as a blunt reminder of the substantial financial and reputational impacts that such events...

Read the whole story