We have set up risk management functions and bodies Group-wide to safeguard an efficient risk management system. The organisation and interplay of the individual functions in risk management are crucial to our internal risk steering and control system.
The overarching framework governing our risk management system is defined by the Framework Guideline on Risk Management. The rules set out here are derived from our Corporate Strategy and our Risk Strategy and also reflect the Minimum Requirements under Supervisory Law for the System of Governance of Insurance Undertakings (MaGo) published by the Federal Financial Supervisory Authority (BaFin) as well as international standards and developments in relation to adequate corporate governance. The Framework Guideline purposely leaves open some room for manoeuvre and – like the MaGo – follows a principles-based approach in order to fulfil the minimum requirements in a manner that is risk-appropriate but at the same time cost-effective.
Our risk management structure is comprised of multiple elements and actors. Overall responsibility for risk management rests with the Executive Board. The Executive Board is responsible for defining the Risk Strategy and for the proper functioning of risk management. The Supervisory Board advises and supervises the Executive Board in its management of the company. An interdisciplinary Risk Committee serves as an oversight and coordinating body for operational risk management. It exercises its decision-making power within the Risk Strategy defined by the Executive Board. Group Risk Management takes responsibility for the monitoring of identified risks. It also performs tasks such as risk limitation and reporting and develops methods and processes for risk evaluation, analysis and steering. Original risk responsibility, inter alia for the identification and evaluation of risks, rests with the individual business centres.
Given the ever-increasing complexity of the structures, we use the "three lines of defence" model for the systematic recording, identification, analysis and evaluation of risks. The first line of defence consists of risk steering and the original risk responsibility on the divisional or company level. The second line of defence consists of the key functions of risk management, the actuarial function and the compliance function. These units are responsible for monitoring and control.
Group-wide auditing and process- as well as line-independent monitoring of all functional areas is performed by the Group Auditing function as third line of defence.
The following chart provides an overview of the central functions and bodies within the overall system as well as of their main tasks and powers: