ROLE OF THE CHIEF RISK OFFICER AND GROUP RISK MANAGEMENT AT ZURICH
Zurich's chief risk officer (CRO) consults with the other assurance, control, and governance functions to provide the chief executive officer (CEO) with a review of risk factors to consider in the annual process to determine variable compensation. The CRO leads the Group Risk Management function, which develops methods and processes for identifying, measuring, managing, monitoring, and reporting risks throughout Zurich. The CRO is responsible for the oversight of risks across Zurich and regularly reports risk matters to the CEO, senior management committee, and the Risk Committee of the board.
The Group Risk Management organization at Zurich consists of central functions at the Corporate Center and a decentralized risk management network at all the segment, regional, business unit, and functional levels. At the Group level there are two centers of expertise: risk analytics and risk and control. The Risk Analytics department quantitatively assesses insurance, financial market, asset/liability, credit, and operational risks, and is Zurich's center of excellence for risk quantification and risk modeling. The Risk and Control department includes operational risk management, internal control framework, risk reporting, risk governance, and risk operations. Group Risk Management proposes changes to the risk management framework and Zurich's risk policies; it makes recommendations on the organization's risk tolerance and assesses the risk profile.
The risk management network consists of the chief risk officers (CROs) of the Group's segments and regions, and the local risk officers (LROs) of the business units and functions and their staff. While their primary focus is on operational and business-related risks, they are also responsible for providing a holistic view of all risks for their areas. The risk officers are part of the management teams in their respective businesses and therefore are embedded in the business units. The LROs also report to the segment or regional CROs, who in turn report to the Group's chief risk officer. The CROs of the Group's segments and regions are members of the leadership team of the Group's chief risk officer.
In addition to the risk management network, Zurich has audit and/or oversight committees at the major business and regional levels. These committees are responsible for providing oversight of the risk management and control functions. This includes monitoring adherence to policies and periodic risk reporting. At the local level, these oversight activities are conducted through risk and control committees or quarterly meetings between senior executives and the local heads of governance functions.
In 2012, Zurich strengthened the process through which the assurance, control, and governance functions provide risk and compliance information about each business unit as part of the annual individual performance assessment. Through these processes, Zurich encourages a culture of disciplined risk taking across the organization. It continues to consciously take carefully selected risks for which it expects an adequate return.