MBIA has a comprehensive enterprise risk management framework in place that is designed to identify, assess, monitor and mitigate risks to the company including credit risk, liquidity risk, market risk, operational risk and reputational risk, while ensuring that such risks are regularly reported to the company's Board of Directors.
MBIA believes that its largest risk is the credit exposure in the insured portfolios of its insurance operating subsidiaries. The company's credit risk management and remediation functions are managed through committees and units that oversee risks in ongoing portfolio surveillance and remediation. The company's insured portfolio management groups monitor and remediate domestic and international public finance and structured finance risks. In addition, National Public Finance Guarantee Corporation and MBIA Insurance Corp. each has its own risk committee that, as appropriate, reviews certain portfolio decisions. Additionally, each subsidiary has its own investment committee that reviews its respective investment portfolio and investment-related decisions.
The company's Risk Oversight Committee (the "Risk Oversight Committee") reviews material transactions and provides firm-wide review of policies and decisions related to credit, market, operational, legal, financial, climate and business risks. The company and its subsidiaries' respective Loss Reserve Committee reviews loss reserving activity.
The company's Board of Directors and related committees, including Audit, and Finance and Risk, oversee risks faced by the company and its subsidiaries. The Board regularly evaluates and discusses emerging risks and risks associated with strategic initiatives. On an annual basis, the Board also evaluates and approves the company's risk tolerance policy. The purpose of the risk tolerance policy is to define the types and amounts of risks the company is prepared to accept. The assessment includes risks associated with credit, capital adequacy, market, liquidity, legal, operations, cybersecurity and technology. This policy provides the basis upon which risk criteria and procedures are developed and seeks to have these applied consistently across the company.
The Audit Committee oversees risks associated with financial and other reporting, auditing, legal and regulatory compliance, and risks that may otherwise result from the company's operations. The Audit Committee oversees these risks by monitoring (i) the integrity of the financial statements of the company and of other material financial disclosures made by the company, (ii) the qualifications, independence and performance of the company's independent auditor, (iii) the performance of the company's internal audit function, (iv) the company's compliance policies and procedures and its compliance with legal and regulatory requirements, and (v) the performance of the company's operational risk management function.
The Finance and Risk Committee oversees the company's credit risk governance framework, market risk, liquidity risk and other material financial risks. The Finance and Risk Committee oversees these risks by monitoring the company's: (i) capital and liquidity, (ii) proprietary investment portfolios, (iii) exposure to changes in the market value of assets and liabilities, (iv) credit exposures in the insured portfolios, and (v) financial risk policies and procedures, including regulatory requirements and limits.