Loews Corporation operates in a complex, multi-industry risk environment. Our proactive enterprise risk management (ERM) framework draws upon industry and functional area expertise at the subsidiary and holding company levels, with assistance from third parties as needed, to help us identify, manage and mitigate risks across five key categories: strategic, compliance & regulatory, financial, operational and emerging risks. This proactive approach to ERM underlies our ability to create value for our shareholders over the long term.
An effective corporate governance framework is foundational to Loews’s goal of building long-term value for our shareholders, and to establishing the structures and processes necessary to manage all aspects of our businesses. We are committed to high standards in corporate governance, including a strong and independent Board of Directors, a robust ethics and compliance program, and a compensation framework that incentivizes prudent risk management and long-term financial success. Additional information can be found at ir.loews.com and in our annual Proxy Statement.
At Loews, we also recognize the importance of understanding, evaluating and managing our risks on an enterprise-wide basis. We have an established Risk Council that acts as a cross-disciplinary forum within the parent company to discuss Loews’s stand-alone and enterprise-wide risk profile. The Risk Council also reviews Loews’s corporate risk management framework, which outlines the strategies, policies, procedures and systems established to identify, assess and manage material risks.
As part of Loews’s Enterprise Risk Management Framework, spanning the holding company and its subsidiaries, the Loews management team regularly discusses risks and opportunities with the Loews Board of Directors. Annually, the Loews Board undertakes an Enterprise Risk Management Review that addresses individual entity and enterprise-wide risks as well as emerging risks.
Our subsidiaries also have robust enterprise risk management processes that are tailored to their individual businesses. Across the enterprise, our subsidiaries implement policies and practices that aim to ensure business resilience and compliance with statutory and regulatory requirements in the industries in which they operate. Compliance with these policies is monitored closely by management, including through the Loews Risk Council and our internal and external audit processes.
Loews’s cyber risk strategy is constantly evolving to prevent, detect, anticipate and respond to cyberthreats. Loews’s data privacy and security program consists of policies, controls, and training designed to safeguard company and employee data. Our Cyber Risk Committee provides oversight of the program. Loews works collaboratively with our subsidiaries on cybersecurity information sharing, regular testing and to ensure continual improvement of our cyber risk profiles. Loews and our subsidiaries follow the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which provides guidance for how private-sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.