3 Our risk management framework.

Our framework enables the Group Board to draw assurance that the risks to which the Group may be exposed are being appropriately identified and managed, and that risks that may present significant financial loss or damage to our reputation are being minimised. The core elements of our framework are as follows:


Sets out our overall attitude to risk, and the ranges and limits of acceptable risk taking.


Cascade our risk appetite to our business managers and empower managers to make decisions that are consistent with our appetite for risk.


Formal policies define our approaches to risk management and the necessary control standards to ensure these risks are managed in line with risk appetite.


Tools that help business managers to identify and evaluate the risks to which we may be exposed and formulate appropriate risk mitigation plans.


Our framework to report and support the review of ongoing and emerging risks, and assess actual risk positions relative to the risk targets and limits that we set.


Review and challenge by the Group Chief Risk Officer team of the effectiveness of our risk identification and management processes.


Group-level committees that oversee the management of risks and challenge how the risk framework is working.

Our risk appetite

Our risk appetite framework expresses the types of risk that we are prepared to be exposed to in pursuit of our business strategy, the minimum capital requirements that we wish to maintain and the degree of volatility of earnings that we are prepared to accept. The Group’s risk appetite is approved by the Group Board upon the recommendation of the Group Risk Committee (see the Group Risk Committee Report) and Group Chief Executive. The management information received by the Risk Committee and the Group Board includes our risk appetite dashboard setting out actual positions relative to the targets and limits set in our risk appetite.

Risk Appetite


Key Measures


We manage a diversified portfolio in which we accept risk in the normal course of business and aim to deliver sustainable returns on risk-based capital in excess of cost of capital.

Return on capital


We have an appetite for risks we understand and are rewarded for, and which are consistent with delivery of our strategic objectives.

Capital allocation


We aim to maintain an appropriate buffer of capital resources over the minimum regulatory capital requirements.

Capital coverage ratio


We have a low appetite for unexpected volatility in excess of disclosed sensitivities.

Variance in earnings to plan


We treat our customers with integrity and act in a manner that protects or enhances the Group franchise.

Customer and reputation risk dashboard


We expect to be able to meet our payment and collateral obligations under extreme, but plausible, liquidity scenarios.

Liquidity ratio

We further express our appetite for the specific risks to which we are exposed as follows:


We have an appetite for market risk within our annuities and with-profits businesses, and our shareholder funds, where we are rewarded for it.

We have limited appetite for significant losses or volatility from market risk and so we set clear risk limits which must be adhered to by Group businesses.


We have appetite for credit risk to the extent that accepting this risk enables us to optimise policyholder and Group risk adjusted returns.

We have limited appetite for significant losses from counterparty failures and we therefore establish clear risk limits which must be adhered to by Group businesses.


We have an appetite for longevity, mortality and morbidity risk together with selected household insurance risks as we expect to add value by accepting such risks.

We have a low appetite for persistency and expense risks. We manage these risks by investigations and monitoring experience and reflect the conclusions in our product design and reserving strategies. We have limited appetite for exposure to weather events and purchase excess of loss reinsurance to protect against this risk.


We have very limited appetite for large operational losses due to the likely customer impact, reputational damage and opportunity costs.

We aim to implement effective controls to reduce operational risk exposures except where the costs of such controls exceed the expected benefits.


We have no appetite to fail to meet our obligations when they fall due or to incur material losses on forced asset sales to meet obligations.

We maintain at Group level sufficient liquid assets and standby facilities to meet a prudent estimate of the Group’s cash outflows, as identified through annual planning processes.

Cascading our risk appetite

An important element of effective risk management is ensuring business managers understand the parameters of acceptable risk taking. We continue to evolve our risk appetite framework for each of our business units, putting in place ‘Risk & Capital Mandates’ that set out the ranges of acceptable risk taking and exposure limits for the risks that are implicit in each of these businesses.

Risk policies

We have well established strategies for managing market, insurance, credit, liquidity and operational risk. Formal policies define our approaches to risk management and the minimum control standards.

We set limits for our material risk exposures, which we monitor on a continuous basis. We also deploy a range of risk management techniques to manage and mitigate risks, thereby controlling our risk exposures in line with these limits. For example, we use derivative instruments to hedge unrewarded risks as part of our asset liability management activity and reinsurance programmes to transfer significant aggregations and concentrations of insurance risk exposures. Our framework of controls includes documented underwriting policies and structured delegated pricing and underwriting authorities. It also includes investment policies which take into account the nature of our liabilities, guarantees and other embedded options given to policyholders.

Our policies also set out our framework to ensure there is full consideration of new risks to the Group. For example, any new product or an amendment to an existing product that presents a new form of insurance risk to the Group, or includes an option or guarantee that is to be underwritten by Legal & General, must be approved by the executive-level Group Insurance Risk Committee prior to its launch. Similarly, approval must be received from the Group’s Investment and Market Risk Committee for the use of any new asset classes or innovative investment assets prior to their use within the funds backing the Group’s insurance liabilities. This ensures that there is direct line of sight to new risk taking and that appropriate exposure limits are set having regard to the Group’s risk appetite.

Continuous risk assessment

We operate a risk identification and assessment process under which our businesses regularly consider changes in the profile of existing and emerging risks. The assessment process evaluates the risks that are inherent in our products as well as those that are presented from changes in the environments that we operate; for example changes in regulation or legislation, competitor actions and broader economic and market conditions. Our risk assessment process considers both current factors and matters that may emerge over our planning cycle.

We record the risks we have identified and allocate responsibility to an owner to manage them within agreed tolerances. Risk mitigation plans are developed and implemented to manage and respond to these risks. As the nature, probability or impact of risks may change over time, these plans are kept under regular review. Significant risks identified through our risk assessment process are escalated to our Group-level risk committees.

Risk management information

Adequate and appropriate management information is a key tool in the effective management of risk. We have structured and continue to evolve our risk management information to:

  • enable all significant risk positions to be monitored;
  • compare actual risk exposures and capital positions to targets, limits and tolerances established as part of our risk appetite framework;
  • assess the delivery of our target customer outcomes;
  • consider changes in the profile of existing risks and emerging risk matters;
  • monitor the resolution of control failures and the remediation of control weaknesses;
  • aggregate risk exposures and concentrations of risks; and
  • assess the adequacy of capital relative to the risks to which the organisation may be exposed.


Our risk identification and assessment process forms part of our broader ‘Own Risk & Solvency Assessment’ process, designed to evaluate the resilience of our balance sheet to a range of market conditions and external events and to ensure that we maintain our target levels of capital. During 2012, extreme stresses included evaluation of a ‘Prolonged UK Stagnation’ and ‘Disorderly European Restructure’, together with a range of equity and property stresses and bond market downgrades. We also considered a range of ‘Reverse’ stress tests, including severe prolonged investment market disruption and defaults; significant improvements in annuitant longevity; the failure of reinsurance during an epidemic/pandemic; emergence of a new debilitating disease; and reputational shocks.


Over the last three years, as part of our preparations for Solvency II, we have significantly enhanced our economic capital and risk framework through the development of our Internal Model. Although the regulatory implementation of Solvency II has now been deferred, we believe economic capital to be an important measure in our assessment of the amount of capital that we need to hold to meet our objectives and an important metric in managing our business performance; for example, using the output as one of our decision analysis tools in areas such as capital allocation, product pricing, and the assessment of significant transactions. Whilst uncertainty remains over the final calibrations for the regulatory capital requirement under Solvency II, we believe our continued focus on our Internal Model and an economic capital calibration, alongside our IMAP submission which we made in November 2012, will position us well for a subsequent transition to a Solvency II capital regime.

Risk oversight

The Group Board has ultimate oversight responsibility for the Group’s risk management framework. The Group Risk Committee, supported by the Group Chief Risk Officer, serves as the focal point for Board oversight of risk management activities. The report of the Group Risk Committee is set out in the Governance section. The table below summarises our ‘three lines of defence’ risk governance model.

Our three lines of defence

Roles and responsibilities

Associated Committees and their role


Business Management
The Group’s business divisions are responsible for risk taking and accountable for effective risk management.

Divisional Committees
Risk management committees established within each of our business divisions provide a forum for the review of material risk exposures and risk mitigation activities.


Group Chief Risk Officer
The Group Chief Risk officer, who is independent of the business line, leads the Group’s risk management function. Key activities include:

  • Advising the Board on setting risk appetite and limits.
  • Establishing the Group’s risk and capital management framework, and its risk management strategies and policies.
  • Leading the Board evaluation of changes in significant Group level risks.
  • Forming independent views and advising on risk matters and risk:reward trade-offs.
  • Evaluating the adequacy of the management of key risks and their controls.
  • Ensuring the overall design, validation and effective operation of the Group’s Internal Model.
  • Assessing and reporting upon the sufficiency of the Group’s capital to deliver the Group’s strategic plans.

Group Risk Committee
The Committee’s primary role is to provide guidance to the Board in relation to the Group’s risk management policies and procedures and advice on what constitutes acceptable risk taking. The members of the Committee are non-executive directors of the Group Board.

Executive Risk Committee
The role of the Executive Risk Committee is to ensure that an appropriate framework is in place across the Group to identify, assess, and manage the Group’s principal risks and to oversee the effective operation of the framework. The Committee, which is chaired by the Group Chief Executive, meets quarterly. Its membership comprises the executive directors of the Group and the Group Chief Risk Officer. The Committee delegates oversight of specific aspects of the Group’s risk framework and responsibility for limit setting to the following sub-committees:

  • Group Insurance Risk Committee;
  • Investment and Market Risk Committee; and
  • Counterparty Credit Committee.


Group Internal Audit
Group Internal Audit provide Independent assurance on the effectiveness of both business risk management and the Group risk oversight and challenge processes.

Group Audit Committee
The responsibilities of the Committee include advising the Board on the effectiveness of the Group’s internal control environment and risk management systems.

As set out in the Group Risk Committee Report during 2012 the Board commissioned an externally facilitated review to assess the Group’s risk management framework against industry best practice in readiness for Solvency II.