How we manage ourselves and our impacts as an employer, community member, and business and market leader is critical in fulfilling our purpose.
MetLife has a comprehensive and well-established risk management framework that continues to evolve and is purposefully designed to address material financial and non-financial risks to our business. We embed risk management programs and practices in business and strategic decision-making, led by an independent Global Risk Management (GRM) organization headed by our Chief Risk Officer, who reports directly to MetLife’s CEO.
We operate under the “Three Lines of Defense” model which designates business and functional owners as the first and primary line of defense in identifying, measuring, monitoring, managing, and reporting risks. GRM, which includes Corporate Ethics and Compliance (CEC), forms the second line of defense and provides strategic advisory and effective challenge and oversight to business and functional owners. Internal Audit serves as the third line of defense, providing independent assurance and testing over the risk and control environment and related processes and controls.
Within GRM, CEC manages MetLife’s compliance risks to prevent violations of laws, rules, or regulations, and designs and delivers a compliance risk management framework. CEC is a risk-based department, focused on emerging risks, and partnering closely with businesses and functions to implement strong processes and effective controls, as well as to foster and embed a culture of compliance.
Our risk management framework provides strong governance through multiple Board and senior management risk committees. Management committees focused on specific financial and non-financial risks are responsible for establishing risk appetite, risk policies, and monitoring risk-taking. These committees are established at the enterprise, regional, and local levels, as needed, to oversee capital and risk positions, approve asset liability management strategies, and establish certain corporate risk standards.
The risk committee structure is designed to provide a consolidated enterprise-wide assessment and management of risk. Risk committee responsibilities include identifying, measuring, and managing material risks on an enterprise basis. The committees are comprised of senior leaders from the lines of business and functional areas as appropriate, ensuring comprehensive coverage and sharing of risk reporting.
ESG risks, including climate risks, are within the purview of multiple Board and senior management committees, as they underpin all aspects of risk management. In 2020, we focused on enhancing our ESG risk capabilities by integrating ESG risks (including climate risk) into our risk management framework and developing impact assessment capabilities.
The Finance and Risk Committee of the Board of Directors oversees the assessment, management, and mitigation of material risks, as well as capital and liquidity management practices. Other Board of Director committees also have significant risk management oversight responsibilities:
- Audit: legal and regulatory compliance and internal controls;
- Governance and Corporate Responsibility: ethics, compliance programs, sustainability, and sales practices;
- Investment: investment portfolio risks; and
- Compensation: compensation arrangement risks (e.g., avoiding incentives to take excessive or inappropriate risk).