Our risk strategy, the Framework Guideline on Risk Management and the system of limits and thresholds for material risks of the Hannover Re Group describe the central elements of our risk management system. The risk management system is subject to a constant cycle of planning, action, control and improvement. Systematic risk identification, analysis, measurement, steering and monitoring as well as risk reporting are especially crucial to the effectiveness of the system as a whole.
The Framework Guideline on Risk Management describes, among other things, the major tasks, rights and responsibilities, the organisational framework conditions and the risk control process. The rules, which are derived from the corporate strategy and the risk strategy, additionally take account of the regulatory requirements set out in the amended Insurance Supervision Act for risk management as well as international standards and developments relating to appropriate enterprise management.
Risk-bearing capacity concept
The establishment of the risk-bearing capacity involves determining the total available risk coverage potential and calculating how much of this is to be used for covering all material risks. This is done in conformity with the parameters of the risk strategy and the risk appetite defined by the Executive Board. The quantitatively measurable individual risks and the risk position as a whole are evaluated using our risk model. A central system of limits and thresholds is in place to monitor material risks. This system incorporates – along with other risk-related key figures – in particular the indicators derived and calculated from the risk-bearing capacity. Adherence to the overall risk appetite is verified on an ongoing basis using the results of the risk model.
Risk identification
A key source of information for monitoring risks is the risk identification carried out on a rotating basis. All identified risks are documented in the central register containing all material risks. Risk identification takes the form of, for example, structured assessments, interviews or scenario analyses.
External insights such as recognised industry know-how from relevant bodies or working groups are incorporated into the process. Risk identification is important for ensuring that our risk management consistently remains up-to-date.
Risk analysis and assessment
In principle, every risk that is identified and considered material is quantitatively assessed. Only risk types for which quantitative risk measurement is currently impossible or difficult are qualitatively assessed (e. g. strategic risks or reputational risks). Qualitative assessment takes the form of inter alia expert evaluations. Quantitative assessment of material risks and the overall risk position is performed by Group Risk Management using the Hannover Re risk model. The model makes allowance as far as possible for risk accumulations and concentrations.
Risk steering
The steering of all material risks is the task of the operational business units on the divisional and company level. In this context, the identified and analysed risks are either consciously accepted, avoided or minimised. The risk / reward ratio and the required capital are factored into the division’s decision. Risk steering is assisted by, among other things, the parameters of the central and local underwriting guidelines and by defined limits and thresholds.
Risk monitoring
The monitoring of all identified material risks is a core task of Group Risk Management. This includes, inter alia, monitoring execution of the risk strategy as well as adherence to the defined limits and thresholds and to risk-related methods and processes. A further major task of risk monitoring is the ascertainment of whether risk steering measures were carried out and whether the planned effect of the measures is sufficient.
Risk communication and risk culture
Risk management is firmly integrated into our operational processes. It is assisted by transparent risk communication and the open handling of risks as part of our risk culture. Risk communication takes the form, for example, of internal and external risk reports, information on current risk complexes in the intranet and training opportunities for staff. The regular sharing of information between risk-steering and risk-monitoring units is also fundamental to the proper functioning of risk management. This is rounded off by clearly defined interfaces between the various areas of the company.
Risk reporting
Our risk reporting provides systematic and timely information about all material risks and their potential implications. The central risk reporting system consists primarily of regular risk reports, e. g. on the overall risk situation, adherence to the parameters defined in the risk strategy or on the capacity utilisation of natural catastrophe scenarios. This also includes the company’s annual “Own Risk and Solvency Assessment” (ORSA), which constitutes a central risk report. Complementary to the regular risk reporting, immediate internal reporting on material risks that emerge at short notice takes place as necessary. The already existing range of risk reports will be supplemented in the context of Solvency II implementation by further reports, including for example the “Regular Supervisory Report” (RSR) and the “Solvency and Financial Condition Report” (SFCR).
Process-integrated / -independent monitoring and quality assurance
The Executive Board is responsible for the orderly organisation of the company’s business irrespective of internally assigned competencies. This also encompasses monitoring of the internal risk steering and control system. Process-independent monitoring and quality assurance of risk management is carried out by the internal audit function and external instances (regulators, independent auditors and rating agencies). Most notably, the independent auditors review the trigger mechanism and the internal control system, including its process-integrated procedures.
More Information
Topic related links outside the report: