management. “Compliance is a goal and
something the business understands.
Having an effective enterprise risk management program does help you when
you need to talk with regulators and
rating agencies. However, compliance is
not the ultimate objective,” says Dunbar.
An effective ERM function helps
companies optimize the risk-taking that
is central to insurance. McKinsey points
out that companies that create and follow a risk management framework (see
sidebar, page 28) outperform other companies in terms of less volatile returns
and a more resilient stock price.
“Enterprise risk management ben-
efits span from compliance and avoid-
ing downside to outperforming other
companies,” says Ari Chester, partner at
McKinsey & Company. “It moves a com-
pany to better performance by helping
“We often hear from
companies that they have
learned more about their
risk by embarking on the
holistic exercise that is
ERM,” says Howard Mills,
global insurance regulatory
leader, Deloitte Services. “It
allows them to identify and
remedy weak points, avoid
unacceptable risks, and
better understand the risks
they are willing to accept as
Needing to report to both Swiss and U.S.
regulators, Zurich’s enterprise risk manage-
ment process began largely with a compli-
ance focus. However, the company quickly
realized additional benefits of having a good
understanding of risk. “Over the years,
Zurich has developed a framework that not
only helps us comply with capital require-
ments of regulators and build shareholder
value, but can also give us a competitive
advantage,” says Linda Conrad, Zurich’s
head of strategic business risk.
For instance, ERM has paid divi-
dends at Zurich in the improvement
of operational capital efficiency. In one
case, switching from an asset-focused
approach to a risk-based approach
enabled a business unit to experience a
reduction of nearly 22 percent in capital
consumption, freeing up money to fund
other initiatives.
“At a high level, ERM has an impact
on better protecting our reputation and
rating with rating agencies. On a more
operational level, we use ERM to help
ensure that our business
strategies are aligned
around our understanding
of our appetite for risk. We
have evolved to the point
where ERM is an indis-
pensable tool to managing
our business,” Conrad says.
Technology’s Role
By definition, enterprise
risk management is an
evaluative process, and
the most important tool
in that process may well be the human
brain. But when it comes to connecting
the dots and running simulations, there
is no substitute for the power of tech-
nology, which has taken a central role in
insurers’ ERM efforts.
“Technology is a big part of risk
management today,” Mills says. “Scenar-
io planning and modeling have evolved
dramatically, and the amount of data
insurers use in the risk management
process continues to grow.”
Zurich’s expansive portfolio of risk
management tools had humble begin-
nings. “We started off with spreadsheets,”
Conrad says. Today the company uses
a variety of ERM-focused technology,
including what it calls “opportunity
analysis tools.”
“The real value [of ERM] comes from
the predictive capabilities it can deliver,”
Conrad says. “Finding opportunities,
and finding them early enough to cap-
italize on them, starts with identifying
and understanding risk.”
At the core of Zurich’s risk manage-
ment function is its proprietary Total
Risk Profiling, which is both a tool and
a process for identification, assessment,
management, and tracking of risks. The
product of decades of refinement, Total
Risk Profiling develops risk scenarios
based on components of vulnerability,
risk triggers, and consequences, which
allows the company to evaluate both
individual risks and connections across
“Compliance is a
goal and something
the business
understands.
However,
compliance is
not the ultimate
objective.”
Thomas Dunbar, XL Catlin
Howard Mills
