The Hartford 2013 Annual Report Download - page 11

Download and view the complete annual report

Please find page 11 of the 2013 The Hartford annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 250

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250

11
Enterprise Risk Management Structure and Governance
At The Hartford, the Board of Directors (“the Board”) has ultimate responsibility for risk oversight. It exercises its oversight function
through its standing committees, each of which has primary risk oversight responsibility with respect to all matters within the scope of
its duties as contemplated by its charter. In addition, the Finance, Investment and Risk Management Committee (“FIRMCo”), which is
comprised of all members of the Board, has responsibility for the oversight of the investment, financial, and risk management activities
of the Company, and oversight of all risk exposures, including those that do not fall within the responsibility of any other standing
committee. The Audit Committee is responsible for, among other things, discussing with management policies with respect to risk
assessment and risk management.
At the corporate level, the Company's Enterprise Chief Risk Officer (“Chief Risk Officer”) leads ERM. The Chief Risk Officer reports
directly to the Company's Chief Executive Officer (“CEO”). The Company has established the Enterprise Risk and Capital Committee
(“ERCC”) that includes the Company's CEO, Chief Financial Officer , Chief Investment Officer, Chief Risk Officer, the Presidents and
Chief Operating Officers of each business segment, and the General Counsel. The ERCC is responsible for managing the Company's
risks and overseeing the enterprise risk management program. The ERCC also manages the capital structure of the enterprise and is
responsible for the attribution of capital to the lines of business. The ERCC reports to the Board primarily through FIRMCo and through
interactions with the Audit Committee.
The Company also has committees that manage specific risks and recommend risk mitigation strategies to the ERCC. These committees
include, but are not limited to, the Company and Division Asset Liability Committees, Catastrophe Risk Committee, Emerging Risk
Committees, Model Oversight Committees and Operational Risk Committee.
Risk Management Framework
At the Company, risk is managed at multiple levels. The Hartford utilizes three lines of defense in risk management to integrate its risk
management strategy and appetite into all functional areas of the Company, the Board and senior level risk committees. The first line of
defense in risk management is generally the responsibility of the lines of business. Senior business leaders are responsible for managing
risks specific to their business objectives and business environment. The second line of defense in risk management is generally owned
by ERM. ERM has the responsibility to ensure that the Company has insight into its aggregate risk and that risks are managed within the
firm’s overall risk appetite. Legal and Compliance also commonly perform second line of defense risk management. The third line of
defense in risk management is owned by Internal Audit. Internal Audit provides independent assurance services to evaluate the
effectiveness of management’s controls, informs the risk identification process and provides audit and consultative support to the
Company.
The Company's Risk Management Framework consists of five core elements:
1. Risk Culture and Governance: The Company has established policies for its major risks and a formal governance structure
with leadership oversight and an assignment of accountability and authority. The governance structure starts at the Board
and cascades to the ERCC and then to individual risk committees across the Company. In addition, the Company promotes
a strong risk management culture and high expectations around ethical behavior.
2. Risk Identification and Assessment: Through its ERM organization, the Company has developed processes for the
identification, assessment, and, when appropriate, response to internal and external risks to the Company's operations and
business objectives. Risk identification and prioritization has been established within each area, including processes around
emerging risks.
3. Risk Appetite, Tolerances, and Limits: The Company has a formal enterprise risk appetite framework that is approved by
the ERCC and reviewed by the Board. The risk appetite framework includes an enterprise risk appetite statement, risk
preferences, risk tolerances and an associated limit structure for each of the Company’s major risks. These limits, which are
encapsulated in formal risk policies, are reviewed by the appropriate governing risk committee.
4. Risk Management and Controls: While the Company utilizes the committee structure to elevate risk discussions and
decision-making, there are a variety of working groups that provide decisioning and management of risk within determined
tolerances and limits.
5. Risk Reporting and Communication: The Company monitors its major risks at the enterprise level through a number of
enterprise reports, including but not limited to, a monthly risk dashboard, tracking the return on risk-capital across
products, and regular stress testing. ERM communicates the Company's risk exposures to senior and executive
management and the Board, and reviews key business performance metrics, risk indicators, audit reports, risk/control self-
assessments and risk event data.