Our risk strategy and our Risk and Capital Management Guideline including the system of limits and thresholds for material risks of the Hannover Re Group describe the central elements of our risk management system. This is subject to a constant cycle of planning, action, control and improvement. Systematic risk identification, analysis, measurement, steering and monitoring as well as risk reporting are especially crucial to the effectiveness of the system as a whole.
This guideline describes, among other things, the major tasks, rights and responsibilities, the organisational framework conditions and the risk control process. The rules, which are derived from the corporate strategy and the risk strategy, additionally take account of the regulatory requirements for risk management as well as international standards and developments relating to appropriate enterprise management.
The establishment of the risk-bearing capacity involves determining the total available risk coverage potential and calculating the funds required to cover all risks. This is done in conformity with the parameters of the risk strategy and the risk appetite defined by the Executive Board. The quantitatively measurable individual risks and the risk position as a whole are evaluated using our risk model. A central system of limits and thresholds is in place to monitor material risks. This system incorporates – along with other risk-related key figures – in particular the indicators derived and calculated from the risk-bearing capacity. Adherence to the overall risk appetite is verified on an ongoing basis.
A key source of information for monitoring risks is the risk identification carried out on a periodic basis. All identified risks are documented in a central register containing all material risks. Risk identification takes the form of, among other things, structured assessments, interviews or scenario analyses. External insights such as recognised industry know-how from relevant bodies or working groups are incorporated into the process. Risk identification is important for ensuring that our risk management consistently remains up-to-date.
In principle, every risk that is identified and considered material is quantitatively assessed. Only risk types for which quantitative risk measurement is currently impossible or difficult are qualitatively assessed (e. g. strategic risks, reputational risks or emerging risks). Qualitative assessment can take the form of, for example, expert evaluations. Quantitative assessment of material risks and the overall risk position is performed using Hannover Re’s internal capital model. The model makes allowance for risk concentration and risk diversification.
The steering of all material risks is the task of the operational business units on the divisional and company level. In this context, the identified and analysed risks are either consciously accepted, avoided or minimised. The risk / reward ratio is factored into the division’s decision. Risk steering is assisted by the parameters of the central and local underwriting guidelines and by defined limits and thresholds.
The monitoring of all identified material risks is a core function of risk management. This includes, inter alia, monitoring execution of the risk strategy as well as adherence to the defined limits and thresholds and to risk-related methods and processes. A further major task of risk monitoring is the ascertainment of whether risk steering measures were carried out and whether the planned effect of the measures is sufficient.
Risk management is firmly integrated into our operational processes. It is assisted by transparent risk communication and the open handling of risks as part of our risk culture. Risk communication takes the form, for example, of internal and external risk reports, information on current risk complexes in the intranet and training activities for staff. The regular sharing of information between risk-steering and risk-monitoring units is also fundamental to the proper functioning of risk management.
Our risk reporting provides systematic and timely information about all material risks and their potential implications. The central risk reporting system consists primarily of regular risk reports, e. g. on the overall risk situation, adherence to the parameters defined in the risk strategy or on the capacity utilisation of natural catastrophe scenarios. Complementary to the regular risk reporting, immediate internal reporting on material risks that emerge at short notice takes place as necessary.
Irrespective of internally assigned competencies, the Executive Board is responsible for the orderly organisation of the company’s business. This also encompasses monitoring of the internal risk steering and control system. Process-independent monitoring and quality assurance of risk management is carried out by the internal audit function and external instances (regulators, independent auditors and rating agencies). Most notably, the independent auditors review the trigger mechanism and the internal monitoring system. The risk management system is rounded off with process-integrated procedures and rules, such as those of the internal control system.