Corporate Governance structure of Zurich
Zurich Insurance Group Ltd has an effective structure for cooperation between the Board of Directors, management and internal control functions.
More about our Corporate Governance
Providing institutional independence
An effective structure is in place providing for cooperation between the Board of Directors of Zurich Insurance Group Ltd, management and internal control functions. This structure establishes checks and balances and is designed to provide for institutional independence of the Board from the Group Chief Executive Officer (Group CEO) and the Executive Committee (ExCo) which together are responsible for managing the Group on a day-to-day basis. The Board of Directors of Zurich Insurance Group Ltd is composed entirely of independent non-executive members. The roles of Chairman of the Board of Directors and CEO are separated, thus providing for separation of powers between the functions and ensuring the autonomy of the Board.
Three lines of defense at Zurich Insurance Group
as of December 31, 2024
Zurich uses a model of three lines of defense in its approach to enterprise risk management. This model runs through Zurich’s governance structure, so that risks are clearly identified, assessed, owned, managed and monitored.
First line: Business management
The first line of defense consists of business management and all functions except Group Risk Management, Group Compliance and Group Audit. The first line takes risks and is responsible for day-to-day risk management (i.e., risks are identified and monitored, mitigation actions are implemented and internal controls are in place and operating effectively).
Second line: Group Risk Management and Group Compliance
The second line of defense consists of the two control functions, Group Risk Management and Group Compliance.
Group Risk Management is responsible for supporting the development, implementation and maintenance of Zurich’s Enterprise Risk Management and Internal Control Integrated Frameworks. The Group CRO regularly reports risk matters to senior management committees, the Group CEO and the Board’s Risk and Investment Committee (e.g., in the form of quarterly risk reports and updates).
Group Compliance enables business management to manage its compliance risks by providing compliance solutions and independent challenge, monitoring and assurance related to relevant processes and controls, new business opportunities and complex transactions. Group Compliance is vertically integrated to support a global framework and is led by the Group Chief Compliance Officer, who reports directly into the Group CEO, while maintaining functional independence as second line of defense. The Group Chief Compliance Officer has direct access to the Audit Committee Chair and appropriate access to the Chairman of the Board.
Third line: Group Audit
The role of Group Audit is to help the Board and ExCo to protect the assets, reputation and sustainability of Zurich. It does this by performing independent, risk-based and objective audit activities to systematically evaluate and challenge the adequacy and effectiveness of the Group’s governance, risk management and internal controls.
The scope of Group Audit’s mandate is unrestricted and spans the whole of Zurich and includes all activities undertaken within and on behalf of the Group.
The Group Chief Auditor reports functionally to the Audit Committee Chair and administratively to the Group CEO. Group Audit has no operational responsibilities for the areas it reviews and, to ensure independence, all Group Audit staff ultimately report to the Group Chief Auditor, while recognizing local legislation or regulation. Heads of Internal Audit for subsidiaries may have additional reporting lines to the local CEO and/or subsidiary audit committee or board.
Board
The Board is ultimately responsible for the supervision of the control and assurance activities.
External audit
The external auditors are responsible for auditing the Group’s financial statements and for auditing Zurich’s compliance with specific regulatory requirements. The Audit Committee regularly meets with the external auditors.