Organisation and processes of risk management

Organisation and processes of risk management

Our Group-wide risk management is geared to making a significant contribution to profitable growth and hence to implementation of our strategy through the systematic weighing up of opportunities and risks. Profit and value creation constitute the foundation of our sustainable development in the interests of our clients, shareholders, employees and business partners. Hannover Re has set up risk management functions and bodies Group-wide to safeguard an efficient risk management system. The individual elements of risk management are closely interlinked in this system and the roles, tasks and reporting channels are clearly defined and documented in guidelines. This makes possible a shared understanding of Group-wide and holistic monitoring of all material risks. Regular meetings of the Group-wide risk management functions are held in order to promote risk communication and establish an open risk culture. The organisation and interplay of the individual risk management functions are fundamental to our internal risk management and control system. The chart on the following page provides an overview of the central functions and bodies within the overall system as well as of their major tasks and powers.

Systematic risk identification, analysis, measurement, steering and monitoring as well as risk reporting are crucial to the effectiveness of risk management as a whole. Only by giving prompt consideration to risks can the continued existence of our Group be assured. The system that is in place – in common with the corporate and risk strategy – is subject to a constant cycle of planning, action, control and improvement.

The Hannover Re Group’s Framework Guideline on Risk Management sets out the existing elements of the risk management system that has been put in place. It describes, among other things, the major tasks, rights and responsibilities, the organisational framework conditions and the risk control process. The guideline also contains principles governing the evaluation of new products in light of risk considerations as well as requirements for the outsourcing of functions. It aims to establish homogeneous Group standards for risk management. Key elements of our risk management system are as follows:

Risk-bearing capacity concept

The establishment of the risk-bearing capacity involves determining the total available risk coverage potential and calculating how much of this is to be used for covering all material risks. This is done in conformity with the parameters of the risk strategy and the risk appetite defined by the Executive Board. The quantitatively measurable individual risks and the risk position as a whole are evaluated using our risk model. A central system of limits and thresholds is in place to monitor material risks. This system incorporates – along with other risk-related key figures – in particular the indicators derived and calculated from the risk-bearing capacity. Adherence to the overall risk appetite is verified using the results of the risk model. The calculation is updated half-yearly.

Risk identification

The most important source of information for monitoring risks is the risk identification carried out on a rotating basis. In order to ensure that all risks are identified in the context of risk identification an overarching categorisation containing all material risks has been established. Risk identification is carried out – adjusted to fit the particular risk – by way of, for example, structured assessments, interviews, scenario analyses, checklists or standardised questionnaires. External insights such as recognised industry know-how (e. g. from position papers of the CRO Forum; the CRO Forum is an international organisation comprised of the Chief Risk Officers (CRO) of large insurance and reinsurance companies) are incorporated into the process. Risk identification ensures that new risks identified from the current and rotating monitoring are added and known risks can be revised if necessary.

Risk analysis and assessment

Every risk that is identified and considered material is quantitatively assessed. Only risk types for which quantitative risk measurement is currently impossible or difficult are qualitatively assessed, e. g. reputational risks or emerging risks. Evaluation is carried out using, for example, qualitative selfassessments. As part of the Hannover Re risk model Group Risk Management carries out a quantitative assessment of material risks and the overall risk position. In so doing, allowance is made as far as possible for risk accumulations and concentrations.

Risk steering

The steering of all material risks is the task of the operational business units on the divisional and company level. In this context, risk steering encompasses the process of developing and implementing strategies and concepts that are designed to consciously accept, avoid or minimise identified and analysed risks. The risk/reward ratio and the required capital are factored into the division’s decision. Risk steering is operationally assisted by, among other things, the parameters of the local underwriting guidelines, the system of limits and thresholds and the internal control system.

Risk monitoring

The monitoring of all identified material risks is a fundamental risk management task. This includes, inter alia, monitoring execution of the risk strategy and adherence to the defined limits and thresholds. A further major task of risk monitoring is the ascertainment of whether risk steering measures were carried out at the planned point in time and whether the planned effect of the measures is sufficient.

Risk communication and risk culture

The Executive Board is responsible for the implementation of Group-wide risk communication and risk culture. Risk Management takes responsibility for operational implementation on behalf of the Executive Board. Key elements of communication include internal and external risk reporting, information on risk complexes in the intranet (e. g. position papers on emerging risks) as well as regular meetings of risk management officers within the Group.

Risk reporting

The aim of our risk reporting is to provide systematic and timely information about risks and their potential implications and to safeguard adequate internal communication within the company about all material risks. The central risk reporting system consists primarily of regular risk reports, e. g. on the overall risk situation, adherence to the parameters defined in the risk strategy or on the capacity utilisation of natural catastrophe scenarios. Complementary to the regular risk reporting, immediate internal reporting on material risks that emerge at short notice takes place as necessary.

Process-integrated/-independent monitoring and quality assurance

The Executive Board is responsible for the orderly organisation of the company’s business irrespective of internally assigned competencies. This also encompasses monitoring of the internal risk steering and control system. Process-independent monitoring and quality assurance of risk management is carried out by the internal audit function and external instances (independent auditors, regulators). Most notably, the independent auditors review the trigger mechanism and the internal monitoring system. The entire system is rounded off with process-integrated procedures and rules, such as those of the internal control system.


Your last visited pages:

More Information

Topic related links within the report:

Topic related links outside the report:

My Annual Report

Your page has been added successfully. Please click on "My Annual Report" in the service section to see your selection.

Link für Popup