A further pillar of Swiss Life’s responsible, sustainable business is its integrated, value-oriented risk management involving both quantitative and qualitative elements. The objective is to protect customers’ funds and ensure the best possible investment of risk capital, while complying with regulatory requirements and taking account of the persistently challenging capital market environment.
Risk management is a key component of Swiss Life’s management process. The responsible committees of the Corporate Executive Board and the Board of Directors continually monitor and manage risks, and their decisions are then incorporated into the annual planning process. On the one hand they conduct qualitative assessments of strategic risks, as well as evaluating operational risks, the internal control system (ICS) and measures to safeguard information and system security. On the other hand, they also cover quantitative elements, such as risk appetite at Group level, risk budgeting for the insurance units and Asset Liability Management’s investment strategy. The Board of Directors employs a limits framework based on solvency ratios and economic capitalisation to determine Swiss Life’s risk appetite. Limits for the financial risks taken by the individual business units are based on local regulatory provisions and risk appetite at Group level, and are used to determine their investment objectives.
The key risk management elements are presented and discussed below. Additional statements on the risk management principles and procedures plus the risk budgeting process, asset liability management and the management of insurance risks (including mortality, disability and longevity) are included in Annex 5 of the consolidated financial statements.
Strategic risk management
Swiss Life uses structured processes to ensure that strategic risks are dealt with adequately in what continues to be a very challenging economic environment. Swiss Life incorporates all the information on risks and corresponding earnings opportunities in its strategic decisions as part of its strategic risk management process. An understanding of the interplay of individual risks is essential to take due account of the factors influencing risks during strategy development, so that they can be addressed appropriately.
Integration of sustainability factors
Swiss Life has been systematically obtaining information on ESG ratings and CO2 since 2019. As part of a Group-wide sustainability program, these metrics are integrated into the existing risk framework for the management of the company’s business. Except for uncertainty about new regulatory requirements, the physical and transitory risks of the movement towards a climatecompatible society are not currently seen as strategic risks for a life insurer. Further information can be found in the sustainability report under the heading “Sustainable construction and renovation”.
Operational risk management and internal control system
Operational risk management at Swiss Life employs methods and processes to identify, assess, control and avoid operational risks. Operational risk management defines operational risk as the danger that losses may result from shortcomings or failures stemming from internal processes, people, systems or external events. Swiss Life’s internal control system consists of the entirety of procedures, methods and measures prescribed by the Board of Directors and the Corporate Executive Board to ensure the orderly conduct of business. The focus is on the reliability of financial reporting, the effectiveness of business processes and compliance with laws and regulations issued to protect the company’s assets. Risk Management prepares and maintains corresponding internal directives and minimum requirements for qualitative risk management and the ICS. These are based on the standard “Internal Control — Integrated Framework (2013)” of the internationally recognised Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Information and system security
Swiss Life depends on its information systems and communication technologies for the attainment of the operational goals derived from its business strategy. Ensuring availability, confidentiality and integrity of systems, data and information is a central component of its internal control system.
Risk Management prepares and maintains directives and minimum requirements for information security. These are based on various internationally recognised standards, such as British Standards ISO/IEC 27001 and 27002, the Control Objectives for Information and Related Technology (CobiT) Framework v5/2019, the Center of Internet Security (CIS) Controls v7.1 and the Cyber Security Framework v1.1 of the National Institute of Standards and Technology (NIST). Line management implements these requirements, and compliance with them is assessed at Group and divisional level in cooperation with information security experts. This includes topics such as vulnerability management, security operations, effective IT risk management and business continuity management. Corporate Internal Audit periodically reviews the area of information security as part of its audit activities, and appropriate measures are taken to deal with any weaknesses.
All Swiss Life employees, including external staff, undergo regular information security training in their divisions. There were no significant information or system security incidents within the Swiss Life Group during the reporting year.
Information security is closely related to locally applicable data protection provisions, such as the Swiss Federal Act on Data Protection (DSG) and the European Union’s General Data Protection Regulation (GDPR). More information on data protection is provided in the Compliance at Swiss Life section of the Sustainability Report.
Capital managementSwiss Solvency Test
The new SST standard model with company-specific adjustments has been used to determine regulatory solvency since 1 January 2019. The Swiss Solvency Test (SST) sets out the capital requirements valid for insurance companies and groups in Switzerland. The SST capital requirements are based on the understanding that insurers will meet their obligations towards policyholders even under difficult conditions. In addition to this solvency model, Swiss Life calculates economic solvency based on an internal model, as the standard model is too simplified to be used for business management.
Monitoring of solvency in accordance with the solvency model and the internal economic model is performed continuously. Calibration is based on the full SST calculations at the beginning of the calendar year.Economic assessment
Swiss Life uses an integrated approach to risk and capital management. The economic capital of a life insurance company for its shareholders comprises its economic net worth and the present value of future profits. The economic risk capital is determined bottom-up for each large business unit and takes into account market, credit and insurance risks. These risks are calculated on the basis of loss distributions using a specified risk measure. The overall capital requirement is obtained by taking into consideration respective diversification effects.
Economic and regulatory capital requirements and the profit target are the main elements in risk budgeting. Based on the overall risk budget set by the Investment and Risk Committee of the Board of Directors, the Group Risk Committee of the Corporate Executive Board defines the risk limits for the business areas. Adherence to these limits is checked continuously.Standard & Poor’s rating capital
In the Standard & Poor’s risk-based model, the total adjusted capital is the measure used for available capital, set against the capital required given the target rating category (target capital). The calculation of target capital takes into account, in particular, insurance risks, asset value volatility and credit risks.
Swiss Life has established a target capital level in line with its rating ambition. Within the capital analysis, in addition to assessing capital adequacy, Standard & Poor’s assesses the quality of capital with respect to its structure (including the share of equity and hybrid capital). Capital adequacy is monitored on an ongoing basis according to the Standard & Poor’s model.
In April 2019, in the light of Swiss Life’s improved diversification of profit sources and its capital position, which has stabilised at a sound level, Standard & Poor’s raised its rating to “A+”, outlook stable.