CNA maintains risk management structures that involve all levels of our organization. This includes our Board of Directors, which is tasked with oversight of risk across the business, as well as our employees, who are tasked with identifying and escalating risks in our day-to-day operations. Each committee and business unit at CNA is designed to take ownership of their role in risk management, and functions communicate with one another to stay resilient in the face of emerging risks.

Woman presenting to colleagues in an office

The CNA Board of Directors monitors the effectiveness of policy and decision making across the organization with the purpose of growing shareholder value over the long term.

 

The Board’s responsibilities include selecting qualified candidates for membership, and they consider the strength of candidates based on their character, judgement, business experience, and areas of expertise. Loews has approximately 90% ownership in CNA, and five out of 10 directors on CNA’s Board of Directors represent Loews. Our Chief Executive Officer serves on the Board.

 

Learn more about CNA's Board of Directors.

CNA has a formalized risk governance structure that starts with the Board of Directors and cascades to underlying company committees, business units, and ultimately, all employees. We seek to promote a strong risk management culture and the belief that effective risk management is the responsibility of all employees.

 

Enterprise Risk Management

 

Our Enterprise Risk Committee, chaired by the Chief Risk & Reinsurance Officer, meets quarterly and is responsible for the oversight of CNA’s risk management framework on an enterprise-wide basis.

  • Membership includes senior executives from all relevant business and functional areas (e.g., Investments, Underwriting, Actuarial, Claims, Finance).
  • Risk owners provide updates on their key risks and controls, as well as key risk indicators, which form the basis of the Enterprise Risk Management function’s quarterly Enterprise Risk Report.
  • The Chief Risk & Reinsurance Officer also reports quarterly to the Audit Committee of the Board of Directors.

We strive to maintain a prudent approach and require investment personnel to always act with an appropriate amount of care and in the best interests of the Company in the management of our investment portfolio.

 

Governance of Investment Portfolio


CNA’s Finance Committee of the Board of Directors reviews investment portfolio performance and investment activity in quarterly meetings with the asset manager. All statutory insurance company transactions are reviewed and approved quarterly by the Board of Directors.

 

At least annually, the Board reviews and approves the investment policy statement of each statutory company. Our investment policy statement provides guidance for our investment decisions. The portfolio is managed to duration and credit quality targets – and we believe it is broadly diversified – and considers asset liability management, as well as prepayment, interest rate, and credit risks. In addition, an operating group meets monthly to discuss and monitor investment results, trading activity, and portfolio metrics relative to targets.

 

CNA regularly assesses risks, both to its investment portfolio and individual holdings, considering emerging trends and their potential impact on specific sectors. Risk assessments could include ESG-related risks such as climate-related impacts, energy prices, litigation exposure, public perception of corporate social responsibility and legal compliance.

 

We also conduct research on certain ESG-related topics to better inform our investment strategy. For example, we periodically analyze electric vehicles to inform our analysis of the automobile industry and other aspects of carbon transition in the economy. We aim to be disciplined in our evaluation of each investment’s risk return profile and the risks related to our entire investment portfolio.

 

Our Investments


Our portfolio is high credit quality, and our asset allocation is primarily fixed income, which provides a stable source of investment income. A portion of our investments have had the added effect of supporting certain environmental and social improvements. 


Our fixed income portfolio includes municipal bonds that support communities by providing funding for education, transportation infrastructure, water and sewer projects, and general liquidity needed to support the operations of communities. In addition, we have invested in solar bonds that allow consumers to finance and install residential solar powered systems and provided financing for renewable energy projects, which will help in the transition from fossil fuels.

Data privacy and information security are utmost concerns for CNA, our customers and our stakeholders. CNA has established structures and programs to manage and address data privacy and security at the senior executive level and at the employee level.

 

Data Security & Governance

 

To assist our workforce with the knowledge and tools to address these issues, we require all employees to complete information security and privacy training on an annual basis. This comprehensive training covers relevant policies and makes clear that noncompliance can result in disciplinary actions.

 

Certain employees hold designations such as Certified Information Systems Security Professional, International Association of Privacy Professional Certified, and certified professionals under the Security Industry Cybersecurity Certification, which helps us maintain a high standard of quality control in the organization.

 

These programs provide safeguards that seek to mitigate cybersecurity risks and secure the company’s information assets and data. Our security program employs a “defense-in-depth” strategy that involves layering controls to ensure that if one layer fails, additional layers detect and respond to threats.

 

The program continuously focuses on strengthening our defense based on the threat landscape and has controls and tools focused on:

 

  • Assuring operational visibility and capability to detect and respond to anomalous activity
  • Managing access to high-value assets
  • Detection and preventive controls
  • Monitoring and protecting critical data

 

Digitization

 

CNA views digitization as an opportunity to improve our business processes and efficiency and lessen our environmental impact. It also enables us to be more connected to our partners, including our network of brokers and agents.

 

Through online portals, automation and digital solutions, we can digitally transmit information across our global network. CNA pursues opportunities to utilize innovative technology, including artificial intelligence and robotics, to optimize efficiencies. We often develop these solutions in-house or work with external partners to integrate these tools into our systems.

 

For further information on related policies including cyber security, please refer to page 17 of the 2024 CNA Annual Report.

 

Our Enterprise Risk Committee, chaired by the Chief Risk & Reinsurance Officer, meets quarterly and is responsible for the oversight of CNA’s risk management framework on an enterprise-wide basis.

 

  • Membership includes senior executives from all relevant business and functional areas (e.g., Investments, Underwriting, Actuarial, Claims, Finance).
  • Risk owners provide updates on their key risks and controls, as well as key risk indicators, which form the basis of the Enterprise Risk Management function’s quarterly Enterprise Risk Report.
  • The Chief Risk & Reinsurance Officer also reports quarterly to the Audit Committee of the Board of Directors.

The use of artificial intelligence creates opportunities for innovation, enhanced customer experiences, improved decision making, and increased efficiency and productivity – but also presents risks that must be responsibly managed.

 

Artificial Intelligence Technologies are implemented in a thoughtful and considered manner, with active oversight and monitoring by the CNA AI Governance Committee and with an acknowledgement that all CNA employees have a responsibility to use AI tools and platforms appropriately and prudently in accordance with the Company’s AI policies and standards.

 

CNA has established governance structures and programs to manage and mitigate AI-related risks during the testing, implementation and ongoing use of artificial intelligence at the senior executive level and at the employee level.

 

Management Approach to AI Governance

 

CNA is committed to implementing AI Technologies in accordance with our values and in a manner that promotes fairness, equity and inclusivity. We are committed to mitigate the risk of bias in our AI Technologies, ensure data privacy and security, and to foster transparency in how AI technologies are implemented.

 

The CNA global artificial intelligence policy was published and communicated to all CNA employees, contractors and affiliates in 2024.  The policy was informed by evolving regulations and frameworks, including the EU AI Act, the NAIC Model Bulletin on AI, and the NIST AI Risk Management Framework.

 

Highlights of CNA AI Policy:

 

  • AI Principles: The policy sets forth the principles that will guide the use of AI, ensuring it aligns with our core values. We prioritize human accountability, safety, reliability, fair and ethical use of AI, data privacy, transparency and explainability, security and resiliency, and adherence to all applicable laws and regulations.
  • AI-Related Risks: It addresses the potential business, reputational, cybersecurity, privacy, legal, and compliance risks associated with AI. The policy also highlights specific risks such as GEN AI Input Risk, Gen AI Output Risk, Intellectual Property Risk, and Contractual Risk.
  • User Responsibilities: The policy details the acceptable use of AI technologies and one’s responsibilities when using or interacting with AI technologies.
  • AI Governance: The policy outlines the requirement for the AI Governance Committee to review and assess any new AI technologies before the same is piloted, tested or deployed in the Company’s environment. Any expanded use is also reviewed and assessed by the Committee. The policy sets forth approval requirements from CNA leadership prior to any AI  implementation.

At CNA, we promote a culture of integrity, and our leaders stress the importance of conducting business ethically. Each employee at CNA is responsible for upholding our reputation and must personally attest to the Code of Business Conduct and Ethics and the Commitment to Professional Conduct.

 

In addition, we require all employees to read and acknowledge their understanding of the Global Anti-Corruption Policy, which covers the approach to behaviors and expectations addressed in major anti-corruption laws globally.

At CNA, we believe it is vital to monitor and engage in the public policy making process to maintain effective business operations and to promote positions that are important to our employees, policyholders and shareholders. We engage responsibly and comply with applicable state and federal laws. 

 

Learn more about our Public Policy Engagement and Political Contributions by year: