A key pillar of Swiss Life’s responsible and sustainable business is its integrated, value-oriented risk management involving both quantitative and qualitative elements. The goal is to protect customers’ funds and ensure the best possible investment of risk capital, while complying with regulatory requirements and taking account of the persistently challenging capital market environment.
Risk management is a key component of Swiss Life’s management process. The responsible committees of the Corporate Executive Board and the Board of Directors continually monitor and manage risks, and their decisions are then incorporated into the annual planning process. On the one hand they conduct qualitative assessments of strategic risks, as well as evaluating operational risks, the internal control system (ICS) and measures aimed at continually improving information and system security. On the other hand, they also cover quantitative elements, such as risk tolerance of the Swiss Life Group, risk budgeting for the insurance units and Asset Liability Management’s investment strategy. The Board of Directors employs a limits framework based on solvency ratios and economic capitalisation to determine Swiss Life’s risk appetite. Limits for the financial risks taken by the individual business units are based on local regulatory provisions and risk appetite at Group level, and are used to determine their investment objectives.
The key risk management elements are presented and discussed below. Additional statements on the risk management principles and procedures plus the risk budgeting process, asset liability management and the management of insurance risks (including mortality, disability and longevity) are included in Annex 5 of the consolidated financial statements. In addition to the key risk management elements described above, Swiss Life also analyses systemic risks in cooperation with the Swiss regulator.
Strategic risk management
Swiss Life uses structured processes to determine the comprehensive risk profile to deal with risks that could jeopardise strategic target achievement in what continues to be a very challenging environment. Swiss Life incorporates all the information on risks and corresponding earnings opportunities in its strategic decisions as part of its strategic risk management process. An understanding of the interplay of individual risks is essential so that the factors which influence risk can already be factored in and properly addressed when strategies are being developed.
Emerging risks are a key element of strategic risk: they are regularly analysed and assessed in various risk categories. Examples of such risk categories include demographic and social transformation as well as political or regulatory changes. Any risks in connection with the environment, human rights and governance are also included in the comprehensive risk profile and assessed in the emerging risk process.
Operational risk management and the internal control system
Operational risk management at Swiss Life employs methods and processes to identify, assess, control and avoid operational risks. In this process, operational risks are defined as the risk of negative consequences that result from shortcomings or failures stemming from internal processes, people, systems or external events. Swiss Life’s internal control system consists of the entirety of procedures, methods and measures prescribed by the Board of Directors and by the Corporate Executive Board to ensure the orderly conduct of business. The focus is on the reliability of financial and non-financial reporting, the effectiveness of business processes and compliance with relevant laws and regulations issued to protect the company’s assets. Risk Management prepares and maintains corresponding internal directives and minimum requirements for qualitative risk management and the internal control system (ICS). These are based on the internationally recognised standard “Internal Control – Integrated Framework (2013)” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Information and system security
Swiss Life depends on its information systems and communication technologies for the attainment of the operational goals derived from its business strategy. Ensuring the availability, confidentiality and integrity of systems, data and information is a central component of its internal control system.
Risk Management prepares and maintains directives and minimum requirements for information security. These are based on leading and internationally recognised Data Security standards such as British Standards ISO/IEC 27001 and 27002, the Control Objectives for Information and Related Technology (CobiT) Framework v2019, the Center of Internet Security (CIS) Controls v7.1 and the Cyber Security Framework v1.1 of the National Institute of Standards and Technology (NIST). Line management implements these requirements, and compliance with them is assessed at Group and divisional level in cooperation with information security experts. This includes many different topics such as end-device encryption, remote network access control, vulnerability management, security operations, disaster recovery and cross-functional IT controls. Corporate Internal Audit reviews the area of information security and data protection several times a year as part of its internal auditing activities, and appropriate measures are taken to deal with any weaknesses.
All Swiss Life employees, including external staff, undergo regular information security and data protection training in their divisions. Relevant information or system security incidents are recorded and communicated to the appropriate units for analysis and rectification. Significant incidents are reported to the regulatory authorities. Information security is closely linked to locally applicable data protection provisions, such as the Swiss Federal Act on Data Protection (DSG) and the European Union’s General Data Protection Regulation (GDPR). More information on data protection can be found in the section Compliance at Swiss Life in the Sustainability Report.
Business continuity management
Business continuity management (BCM) is a Group-wide approach at Swiss Life to identify and assess business-critical processes and document continuity plans. These entail temporary measures being taken in the event of an emergency or crisis such as a pandemic or hacker attacks until business can return to normal. The continuity plans are tested annually.
As part of its Group-wide sustainability programme, Swiss Life is also integrating sustainability and climate aspects into its existing risk management frameworks for the management of the business. Aside from uncertainty about new regulatory requirements, Swiss Life does not currently deem the physical and transitory risks of the transition to a climate-compatible society to be strategic risks for the business model. In addition to its annual business and sustainability report, Swiss Life publishes a climate report based on the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). The climate report, which describes how climate risks are being addressed, is available online at www.swisslife.com/reports.
Capital managementSolvency model
The standard Swiss Solvency Test (SST) model, with company-specific adjustments, is used to determine regulatory solvency. SST sets out the capital requirements valid for insurance companies and groups in Switzerland. The SST capital requirements are based on the understanding that insurers will meet their obligations towards policyholders even under difficult conditions. In addition to this solvency model, Swiss Life calculates economic solvency based on an internal model for capital and solvency as the standard model is too simplified to be used for business management. Monitoring of solvency in accordance with the solvency model and the internal model for capital and solvency is performed continuously. Calibration is based on the full SST calculations at the beginning of the calendar year.Economic assessment
Swiss Life uses an integrated approach to risk and capital management. The economic capital of a life insurance company for its shareholders comprises its economic net worth and the present value of future profits. The economic capital is determined bottom-up for each large business unit and takes into account market, credit and insurance risks. These risks are calculated on the basis of loss distributions using a specified risk measure. The overall capital requirement is obtained by taking into consideration respective diversification effects.
Economic and regulatory capital requirements and the profit target are the main elements in risk budgeting. Based on the overall risk budget set by the Investment and Risk Committee of the Board of Directors, the Group Risk Committee of the Corporate Executive Board defines the risk limits for the business areas. Adherence to these limits is checked continuously.Standard & Poor’s rating capital
In the Standard & Poor’s risk-based model, the total adjusted capital is the measure used for available capital, set against the capital required given the target rating category (target capital). The calculation of target capital takes into account, in particular, insurance risks, asset value volatility and credit risks. Swiss Life has established a target capital level in line with its rating ambition. Within the capital analysis, in addition to assessing capital adequacy, Standard & Poor’s assesses the quality of capital with respect to its structure (including the share of equity and hybrid capital). Capital adequacy is monitored on an ongoing basis according to the Standard & Poor’s model.
In November 2020 – in the light of Swiss Life’s improved diversification of profit sources and its capital position, which has stabilised at a sound level – Standard & Poor’s confirmed its rating “A+”, outlook stable.