A further pillar of Swiss Life’s responsible, sustainable business is its integrated, value-oriented risk management involving both quantitative and qualitative elements. The goal is to protect customers’ funds and ensure the best possible investment of risk capital, while complying with regulatory requirements and taking into account the persistently challenging capital market environment.
Risk management is a key component of Swiss Life’s management process. The respective committees of the Corporate Executive Board and the Board of Directors continually monitor and take decisions in the area of risk management; these are then incorporated into the annual planning process. On the one hand, they comprise qualitative assessments of strategic risks, as well as the evaluation of operational risks and the internal control system (ICS). On the other hand, they also cover quantitative elements, such as risk appetite at Group level, risk budgeting for the insurance units and Asset Liability Management’s investment strategy. The Board of Directors uses framework limits based on solvency ratios and the economic capitalisation to determine Swiss Life’s risk appetite. Limits for the financial risks taken by the individual business units are based on local regulatory provisions and risk appetite at Group level, and are used to determine their investment objectives.
The key risk management elements are presented and discussed below. Additional comments on the risk management principles and procedures plus the risk budgeting process, asset liability management and the management of insurance risks (including mortality, disability and longevity) are included in Annex 5 of the consolidated financial statements.
Strategic risk management
Swiss Life uses structured processes to ensure that strategic risks are dealt with adequately in what continues to be a very challenging economic environment. Swiss Life incorporates all the information on risks and corresponding earnings opportunities in its strategic decisions as part of its strategic risk management process. An understanding of the interplay of individual risks is essential to take due account of the factors influencing risks during strategy development so that these factors can be addressed appropriately.
Operational risk management and internal control system
Operational risk management at Swiss Life includes the methods and processes used for the identification, assessment, and steering or avoidance of operational risks. Operational risk management defines operational risk as the danger that losses may result from shortcomings or failures stemming from internal processes, people, systems or external events. Swiss Life’s internal control system consists of the entirety of procedures, methods and measures prescribed by the Board of Directors and the Corporate Executive Board to ensure the orderly conduct of business. The focus is on the reliability of financial reporting, the effectiveness of business processes and compliance with laws and regulations issued to protect the company’s assets. Risk management prepares and maintains appropriate internal directives and minimal requirements for qualitative risk management and ICS based on the “Internal Control — Integrated Framework (2013)” standard of the internationally recognised Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Information and system security
Swiss Life depends on its information systems and communication technologies for the attainment of the operational goals derived from its business strategy. Ensuring availability, confidentiality and integrity of systems, data and information is an integral part of its internal control system.
Risk management prepares and maintains directives and minimal requirements for information security based on various internationally recognised standards, such as the British standards ISO/IEC 27001 and 27002, the Control Objectives for Information and Related Technology (COBIT) Framework v5/2019 and the Cyber Security Framework v1.1 of the National Institute of Standards and Technology (NIST). The line implements these requirements and assesses their observance in collaboration with the relevant information security experts at Group and division level. This comprises subject areas such as vulnerability management, effective IT risk management and business continuity management. Corporate Internal Audit periodically reviews information security as part of its auditing activities and addresses any weak spots with the appropriate measures.
All Swiss Life employees are provided with regular information security training in their divisions. There were no significant information or system security incidents within the Swiss Life Group during the reporting year.
Information security is closely related to locally applicable data protection provisions, such as the Swiss Federal Act on Data Protection (DSG) and the European Union’s General Data Protection Regulation (GDPR). More information on data protection is provided in the Compliance chapter of the Corporate Responsibility Report.
Capital managementSwiss Solvency Test
The Swiss Solvency Test (SST) sets out the capital requirements valid for insurance companies and groups in Switzerland. The SST is a principle-based framework where the main objective is to align the required capital with the underlying risks. The SST requirements are based on the understanding that insurers will meet their obligations towards policyholders even under difficult conditions. Swiss Life uses an internal model to calculate the available and required capital for the SST. Based on this internal model, approved with conditions by FINMA, Swiss Life meets the capital requirements. As of 1 January 2019, Swiss Life will apply the new SST standard model with company-specific adjustments to determine regulatory solvency.
Monitoring solvency under the SST is conducted continuously; calibration is effected based on the full SST calculations as at the beginning of each calendar year and as at mid-year.Economic assessment
Swiss Life uses an integrated approach to risk and capital management. The economic capital of a life insurance company for its shareholders comprises its economic net worth and the present value of future profits. The economic risk capital is determined bottom-up for each large business unit and takes into account market, credit and insurance risks. These risks are calculated on the basis of loss distributions using a specified risk measure. The overall capital requirement is obtained by taking into consideration respective diversification effects.
Economic and regulatory capital requirements and the profit target are the main elements in risk budgeting. Based on the overall risk budget set by the Investment and Risk Committee of the Board of Directors, the Group Risk Committee of the Corporate Executive Board defines the risk limits for the business areas. Adherence to these limits is checked continuously.Standard & Poor’s rating capital
In the Standard & Poor’s risk-based model, the total adjusted capital is the measure used for available capital, set against the capital required given the target rating category (target capital). The calculation of target capital takes into account, in particular, insurance risks, asset value volatility and credit risks.
Swiss Life has established a target capital level in line with its rating ambition. Within the capital analysis, in addition to assessing capital adequacy, Standard & Poor’s assesses the quality of capital with respect to its structure (including the share of equity and hybrid capital). Capital adequacy is monitored on an ongoing basis according to the Standard & Poor’s model.
Owing to improved diversification of profit sources and a capital position stabilised at a sound level, Standard & Poor’s raised Swiss Life’s outlook in April 2018 from “stable” to “positive”, while maintaining its “A” rating.