Enterprise Risk Management

MBIA has a comprehensive enterprise risk management framework in place that is designed to identify, assess, monitor and mitigate risks to the company including credit risk, liquidity risk, market risk, operational risk and reputational risk, while ensuring that such risks are regularly reported to the company's Board of Directors.

MBIA believes that its largest risk is the credit exposure in the insured portfolios of its insurance operating subsidiaries. The company's credit risk management and remediation functions are managed through committees and units that oversee risks in ongoing portfolio surveillance and remediation. The company's insured portfolio management groups monitor and remediate domestic and international public finance and structured finance risks. In addition, National Public Finance Guarantee Corporation and MBIA Insurance Corp. each has its own risk committee that, as appropriate, reviews certain portfolio decisions. Additionally, each subsidiary has its own investment committee that reviews its respective investment portfolio and investment-related decisions.

The company's Risk Oversight Committee (the "Risk Oversight Committee") reviews material transactions and provides firm-wide review of policies and decisions related to credit, market, operational, legal, financial, climate and business risks. The company and its subsidiaries' respective Loss Reserve Committee reviews loss reserving activity.

The company's Board of Directors and related committees, including Audit, and Finance and Risk, oversee risks faced by the company and its subsidiaries. The Board regularly evaluates and discusses emerging risks and risks associated with strategic initiatives. On an annual basis, the Board also evaluates and approves the company's risk tolerance policy. The purpose of the risk tolerance policy is to define the types and amounts of risks the company is prepared to accept. The assessment includes risks associated with credit, capital adequacy, market, liquidity, legal, operations, cybersecurity and technology. This policy provides the basis upon which risk criteria and procedures are developed and seeks to have these applied consistently across the company.

The Audit Committee oversees risks associated with financial and other reporting, auditing, legal and regulatory compliance, and risks that may otherwise result from the company's operations. The Audit Committee oversees these risks by monitoring (i) the integrity of the financial statements of the company and of other material financial disclosures made by the company, (ii) the qualifications, independence and performance of the company's independent auditor, (iii) the performance of the company's internal audit function, (iv) the company's compliance policies and procedures and its compliance with legal and regulatory requirements, and (v) the performance of the company's operational risk management function.

The Finance and Risk Committee oversees the company's credit risk governance framework, market risk, liquidity risk and other material financial risks. The Finance and Risk Committee oversees these risks by monitoring the company's: (i) capital and liquidity, (ii) proprietary investment portfolios, (iii) exposure to changes in the market value of assets and liabilities, (iv) credit exposures in the insured portfolios, and (v) financial risk policies and procedures, including regulatory requirements and limits.

Standard of Conduct

The MBIA Inc. Standard of Conduct, and the compliance policies incorporated therein, establishes the guidelines and rules of behavior for MBIA directors, officers and employees, whether full-time, part-time or temporary, and those consultants, contractors, interns, vendors and other individuals working for or on behalf of the Company who have regular access to Company property, who represent the Company to third parties or who are identified as Covered Persons in consultation with Compliance or the Legal Department (“Covered Persons”). It is the Company’s policy that Covered Persons must comply with all applicable MBIA policies and procedures as well as all applicable laws and regulations governing the Company's business activities worldwide, and that any actions taken on behalf of MBIA must be properly authorized by the Board of Directors of MBIA Inc. or a committee thereof, the Chairman of the Board, the Chief Executive Officer of MBIA Inc., a management committee or a Division head, or the board of directors or management of the MBIA subsidiary taking such action, as appropriate.

Cybersecurity Policy

The protection of information assets against unauthorized access, theft, and misuse is a critical issue for MBIA. These assets include business and technology applications, networks, computing platform(s) and the data stored therein. While the company does not deal directly with consumers and therefore does not possess any personally identifiable information other than with respect to its employees, it takes seriously its obligations to secure its employees' information and as well as the financial information and other data obtained from bond issuers in the course of the company's business.

The company's Cybersecurity Policy establishes the framework of its controls to mitigate risks from malicious and unauthorized use of, and cybersecurity threats or attacks against, the company's information assets. MBIA has established an Enterprise Security Council, whose members represent key roles within the company, which serves as the formal forum for the IT department to raise, address and coordinate issues related to the security program and related policies. The purpose of the policy and the Enterprise Security Council is to help ensure the company has implemented the necessary policies, protocols and controls related to the security of its information assets and properly assessed risks related to the security of its information assets in an ever-changing threat environment. In the event of a cybersecurity breach, the company maintains a Security Incident Response Plan that includes pre-defined policies, procedures, roles and responsibilities so that the company can react quickly to an event.

In support of MBIA's cybersecurity program, ongoing training and awareness related to best practices to prevent, identify and react to security incidents is provided to all employees. The training is oriented toward addressing the most pressing cybersecurity threats against the company's information assets.

As part of its overall cyber risk mitigation practices, the company conducts periodic vulnerability assessments performed by outside vendors. The company's Internal Audit team also performs periodic reviews of MBIA's data security policies and procedures, testing their operating effectiveness within the overall control environment.

MBIA has a robust Business Continuity framework in place to ensure continued access to information assets in the event of physical damage to or an inability to access company offices or following a Cybersecurity Incident that renders the company IT systems inaccessible.

Model Governance

The company has a designated Model Governance Team. Given the significance of models in the company's surveillance and remediation activities, financial reporting and corporate treasury operations, the company established a Model Governance Policy to enhance the consistency, reliability, maintenance and transparency of its models so that model risk can be mitigated on an enterprise-wide basis. The Model Governance Team is responsible for the Model Governance Policy as well as other Model Governance related initiatives.

Privacy Policy

The company's detailed Privacy Policy is publicly accessible on its website.

Engagement with Stakeholders

MBIA considers consistent and meaningful engagement with stakeholders to be an important part of its corporate strategy and a key responsibility as a public company in a regulated industry. Consequently, the company maintains an ongoing dialogue with shareholders, policyholders, regulators, equity analysts, members of the media and other interested parties.

  • The company's Investor Relations officers engage with the company's shareholders, holders of its issued securities and holders of the debt instruments that the company insures through its subsidiaries.
  • Each year, MBIA reaches out to its largest shareholders seeking feedback on its executive compensation practices and other matters. The company considers this outreach to be a foundational element of its executive compensation governance, and values its shareholders' perspectives.
  • MBIA's CFO and Chief Risk Officer are in regular contact with its regulators to keep them informed of the company's financial condition and developments within the insured portfolios.
  • MBIA is an active participant in the industry's trade association, the Association of Financial Guaranty Insurers.

Board Committee Charters

Title
Date
Format

Governance Documents

Title
Date
Format

Contact Information

MBIA Inc.
1 Manhattanville Road
Suite 301
Purchase, NY 10577
(914) 273-4545
Investor and Media
Relations
Greg Diamond
Managing Director
+1-914-765-3190
Greg Diamond
Transfer Agent
EQ
Shareholder Services (opens in new window)
+1-800-468-9716