Corporate Governance structure of Zurich
Zurich Insurance Group Ltd has an effective structure for cooperation between the Board of Directors, management and internal control functions.
Providing institutional independence
An effective structure is in place providing for cooperation between the Board of Directors of Zurich Insurance Group Ltd, management and internal control functions. This structure establishes checks and balances and is designed to provide for institutional independence of the Board from the Group Chief Executive Officer (Group CEO) and the ExCo who together are responsible for managing the Group on a day-to-day basis. The Board of Directors of Zurich Insurance Group Ltd is composed entirely of independent non-executive members. The roles of Chairman of the Board of Directors and CEO are separated, thus providing for separation of powers between the functions and ensuring the autonomy of the Board.
Zurich uses the three- lines-of-defense model in its approach to governance and enterprise risk management. Zurich’s three-lines-of-defense approach runs through Zurich’s governance structure, so that risks are clearly identified, assessed, owned, managed and monitored.
1st line: Business Management
The first line of defense consists of business management and all functions except Group Risk Management, Group Compliance and Group Audit. The first line takes risks and is responsible for day-to-day risk management (i.e. risks are identified and monitored, mitigation actions are implemented and internal controls are in place and operating effectively).
2nd line: Group Risk Management and Group Compliance
The second line of defense consists of the two control functions, Group Risk Management and Group Compliance. Group Risk Management is responsible for Zurich’s enterprise risk management framework. The Group CRO regularly reports risk matters to the Group CEO, senior management committees and the Risk and Investment Committee of the Board.
Group Compliance is responsible for providing assurance to management that compliance risks within its mandate are appropriately identified and managed. The Group Chief Compliance Officer regularly provides reports to the Audit Committee and has an additional reporting line to the Chairman of the Audit Committee and appropriate access to the Chairman of the Board.
3rd line: Group Audit
The third line of defense consists of the assurance function Group Audit. Group Audit is responsible for auditing risk management, control and governance processes. The Head of Group Audit reports functionally to the Chairman of the Audit Committee and administratively to the Group CEO, and meets regularly with the Chairman of the Board and the Chairman of the Audit Committee and attends each meeting of the Audit Committee.
The Board is ultimately responsible for the supervision of the control and assurance activities.
External audit is responsible for auditing the Group’s financial statements and for auditing Zurich’s compliance with specific regulatory requirements. The Audit Committee regularly meets with the external auditors.