Our risk management framework.

Our risk management framework.

Our framework enables the Group Board to draw assurance that the risks to which the Group may be exposed are being appropriately identified and managed, and that risks that may present significant financial loss or damage to our reputation are being minimised. The core elements of our framework are set out below.

FRAMEWORK

RISK APPETITE

Sets out our overall attitude to risk, and the ranges and limits of acceptable risk taking.

RISK TAKING AUTHORITIES

Cascade our risk appetite to our business managers and empower managers to make decisions that are consistent with our appetite for risk.

RISK POLICIES

Formal policies define our approaches to risk management and the necessary control standards to ensure these risks are managed in line with risk appetite.

RISK IDENTIFICATION AND ASSESSMENT

Tools that help business managers to identify and evaluate the risks to which we may be exposed and formulate appropriate risk mitigation plans.

RISK MANAGEMENT INFORMATION

Our framework to report and support the review of ongoing and emerging risks, and assess actual risk positions relative to the risk targets and limits that we set.

RISK OVERSIGHT

Review and challenge by the group chief risk officer (CRO) team of the effectiveness of our risk identification and management processes.

RISK COMMITTEES

Group level committees that oversee the management of risks and challenge how the risk framework is working.

Risk appetite

Our risk appetite expresses the types of risk that we are prepared to be exposed to in pursuit of our business strategy, the minimum capital requirements that we wish to maintain and the degree of volatility of earnings that we will seek to avoid.

Our risk appetite sets the ranges and limits of acceptable risk taking

RISK APPETITE

PRINCIPLES

KEY MEASURES

STRATEGY

We manage a diversified portfolio in which we accept risk in the normal course of business and aim to deliver sustainable returns on risk-based capital in excess of cost of capital.

Return on capital

We’ve an appetite for risks we understand and are rewarded for, and which are consistent with delivery of our strategic objectives.

Capital allocation and utilisation

CAPITAL

We aim to maintain an appropriate buffer of capital resources over the minimum regulatory and economic capital requirements.

Capital coverage ratio

VOLATILITY

We’ve a low appetite for volatility of earnings; in particular volatility arising from risks where we have more exposure than the wider market.

Variance in earnings to plan

CONDUCT, CUSTOMER AND REPUTATION

We treat our customers with integrity and act in a manner that protects or enhances the Group franchise.

Customer and reputation risk dashboard

LIQUIDITY

We expect to be able to meet our payment and collateral obligations under extreme, but plausible, liquidity scenarios.

Liquidity ratio

The Group Risk Committee leads an annual review of the Group’s risk appetite, assessing the continued appropriateness of our key measures and tolerances relative to the risk exposures of the Group. As part of the Group Board strategy day, assessment is made of the level of risk taking proposed in the group plan and the capacity for risk taking within the overall appetite framework.

The Group’s risk appetite is approved by the Group Board on the recommendation of the Group Risk Committee and the group chief executive. The regular management information received by Group Board and Group Risk Committee includes our risk appetite dashboard setting out actual risk positions relative to the targets and limits set in our risk appetite.

We further express our appetite for the specific risks to which we are exposed as follows:

TYPE

APPETITE

MANAGEMENT

MARKET RISK

We’ve an appetite for market risk within our annuities and with-profits businesses, and our shareholder funds, where we are rewarded for it.

We’ve limited appetite for significant losses or volatility from market risk and so we set clear risk limits which must be adhered to by group businesses.

CREDIT RISK

We’ve appetite for credit risk to the extent that accepting this risk enables us to optimise policyholder and group risk adjusted returns.

We’ve limited appetite for significant losses from counterparty failures and we therefore establish clear risk limits which must be adhered to by group businesses.

INSURANCE RISK

We’ve an appetite for longevity, mortality and morbidity risk together with selected household insurance risks as we expect to add value by accepting such risks.

We’ve a low appetite for persistency and expense risks. We manage these risks by investigations and monitoring experience and reflect the conclusions in our product design and reserving strategies. We’ve limited appetite for exposure to weather events and purchase excess of loss reinsurance to protect against this risk. We also use reassurance to manage significant aggregate exposures to longevity, mortality and morbidity risks.

OPERATIONAL RISK

We’ve very limited appetite for large operational losses due to the likely customer impact, reputational damage and opportunity costs.

We aim to implement effective controls to reduce operational risk exposures except where the costs of such controls exceed the expected benefits.

LIQUIDITY RISK

We’ve no appetite to fail to meet our obligations when they fall due or to incur material losses on forced asset sales to meet obligations.

We maintain at group level sufficient liquid assets and standby facilities to meet a prudent estimate of the Group’s cash outflows, as identified through annual planning processes.

Risk taking authorities

We cascade the parameters of our risk appetite to our business managers through ‘Risk and Capital Mandates’. Our mandates articulate the product types and features that may be written; the target capital positions and ranges of earnings volatility within which the overall profile of risks should be managed; and tolerances for specific risk exposures. Activities that would result in a business operating outside agreed parameters require formal approval from the Group centre.

Risk policies

Risk control

We have established strategies for managing market, insurance, credit, liquidity and operational risk. Formal policies define our approaches to risk management and the minimum control standards that should be applied in managing our significant risk exposures.

Risk mitigation

We deploy a range of risk management techniques to manage and mitigate risks, thereby controlling our risk exposures in line with our risk limits. For example, we use derivative instruments to hedge unrewarded risks as part of our asset liability management activity and reinsurance programmes to transfer significant aggregations and concentrations of insurance risk exposures. Our framework of controls includes documented underwriting policies and structured delegated pricing and underwriting authorities. It also includes investment policies which take into account the nature of our liabilities, guarantees and other embedded options given to policyholders.

Risk identification and assessment

Review Process

We operate a risk identification and assessment process under which our businesses regularly consider changes in the profile of existing and emerging risks. The assessment process evaluates the risks that are inherent in our products as well as those that are presented from changes in the environments that we operate in.

Own Risk Solvency Assessment

Our risk identification and assessment process forms part of our broader ‘Own Risk and Solvency Assessment’ process, designed to evaluate the resilience of our balance sheet to a range of market conditions and external events and that we maintain our target levels of capital.

Risk management information

Our risk management information is structured to enable all significant risk positions to be monitored; compare actual risk exposures and capital positions to targets, limits and tolerances established as part of our risk appetite framework; and assess the delivery of our target customer outcomes.

Risk oversight

Group Risk and the Group CRO

The group chief risk officer (CRO), who is independent of the business line, leads our group risk team. The group CRO works closely with the Group Risk Committee and the Group Board on articulating acceptable risk taking and ensuring the effective operation of our risk and capital framework. The group risk team also provides objective advice and guidance on a range of risk matters to our business managers, including matters such as product development, business transactions and new asset classes. The team also carries out assessment of the group’s economic capital requirements to confirm that they meet regulatory solvency requirements.

Divisional Risk officers

During 2013 we reorganised our group risk team, appointing divisional risk officers to each of our divisions. This alignment reinforces our risk framework with each of our divisional leaders having a risk expert on their management team. Each divisional risk officer also has a reporting line to the group CRO to maintain their independence.

STRATEGIC PLANNING PROCESS

Our Group Risk team plays an integral role in the strategic planning process, assessing the risk profile of the plan and proposed risk taking.

RISK APPETITE

REVIEW AND ANALYSIS

The group CRO evaluates the group strategic plan, the impact of proposed risk taking and aggregation of risks.

DEBATE AND CHALLENGE

The Group Board and Risk Committee consider the Group CRO’s assessment of proposed risk taking.

RISK TAKING CAPACITY

Working with the Group Board, the Group CRO advises on the Group’s appetite for the profile of risk presented in the strategic plan.

STRATEGIC PLAN

ALIGNMENT TO RISK APPETITE

Risk limits and tolerances, aligned with the group’s risk appetite are cascaded to business units.

RISK MANAGEMENT STRATEGIES

Risk mitigation programmes are developed with input from the Group Risk team to ensure risks are managed to agreed tolerances.

GROUP CRO PLAN

The group CRO’s monitoring plan is aligned with the risk areas identified within the group strategic plan.

CAPITAL

STRESS AND SCENARIO TESTING

The group’s formal programme of stress and scenario tests are set with input from the Group CRO on the economic, market and business stresses.

ASSESSMENT AND AGGREGATION

Capital requirement are monitored within each business unit. The Group Risk team provides oversight of significant risk aggregations and variances to plan.

ASSESSING CAPITAL SUFFICIENCY

Using the output of our internal model the group CRO independently validates the business’s assessment of the sufficiency of capital to deliver strategic objectives.

EVALUATING TRANSACTIONS

Whether it’s a direct investment or a business acquisition, as well as assessing strategic fit and profitability, we undertake detailed evaluation of the risks that new opportunities present and our appetite for those risks. Our group CRO plays an integral role in facilitating the assessment of risks. Alongside the formal business proposal for each significant transaction, the group CRO presents a separate report setting out his assessment of the risks and our capacity to manage them.

USING REINSURANCE

We use reinsurance extensively in our protection businesses. As well as managing exposures to mortality and morbidity risks, and providing resilience against extreme events, working with our reinsurers has enabled us to further refine our underwriting practices and the pricing of risk. We are increasingly using reinsurance within our annuities business. We already reinsure a proportion of enhanced annuity business and we continue to develop ways to reinsure the longevity risk in our bulk annuity products. By using reinsurance we can continue to grow our annuities book in a way that both optimises our risk and capital and minimise earnings volatility.

Risk Committees

Three lines of defence

The Group operates a ‘three lines of defence’ risk governance model. The Group Board has ultimate responsibility for the group’s risk management framework. The Group Risk Committee supported by group risk (led by our group CRO), serves as the focal point of risk management activities.

OUR THREE LINES OF DEFENCE

ROLES AND RESPONSIBILITIES

ASSOCIATED COMMITTEES AND THEIR ROLE

1
RISK TAKING

BUSINESS MANAGEMENT
The group’s business divisions are responsible for risk taking, within the parameters of our risk appetite, and are accountable for the management risk in line with policies and procedures established in the group’s risk and capital management framework.

DIVISIONAL COMMITTEES
Risk management committees established within each of our business divisions provide a forum for the review of material risk exposures and risk mitigation activities.

2
RISK CONTROL AND OVERSIGHT

GROUP RISK
Advises on risk appetite; establishes the Group’s risk and capital management framework; evaluates the management of key risks; assesses the overall operation of the group’s internal model and considers the sufficiency of capital to deliver the group’s strategic plans.

GROUP RISK COMMITTEE
The Committee’s primary role is to provide guidance to the Board in relation to the group’s risk management policies and procedures and advice on what constitutes acceptable risk taking.

3
INDEPENDENT ASSURANCE

GROUP INTERNAL AUDIT
The group’s internal audit function provides Independent assurance on the operation and effectiveness of business risk management, the group risk oversight and challenge processes, and the processes in support of the group’s internal model.

GROUP AUDIT COMMITTEE
The responsibilities of the Committee include advising the Board on the effectiveness of the group’s internal control environment and risk management systems.

Executive level risk committees

Beneath the Group Risk Committee is a structure of executive director led committees providing more focused review and challenge of specific risks to the Group and reviewing the effective operation of the risk framework.

What do you think about this report?

Even though this feedback form is on every page, you only need to fill it out the once.