Risk management framework
Our risk framework is designed to enable the Group Board to draw assurance that risks are being appropriately identified and managed in line with our risk appetite.
We deploy a ‘three lines of defence’ risk governance model, whereby business divisions are responsible for risk taking within the parameters of our risk appetite and accountable for managing risks in line with our risk policies; risk functions led by the group chief risk officer provide objective challenge and guidance on risk matters; with Group Internal Audit providing independent assurance on the effectiveness of business risk management and the overall operation of the risk framework. The core elements of our risk framework are set out below.
The group’s risk appetite statement sets out our overall attitude to risk, and the ranges and limits of acceptable risk taking.
The Group Board’s Risk Committee leads an annual review of the group’s risk appetite, assessing the continued appropriateness of our key measures and tolerances relative to the risk exposures of the group. Additionally, as part of the annual planning cycle, assessment is made of the level of risk taking proposed in the group plan and the capacity for risk taking within the overall appetite framework.
The group’s risk appetite is approved by the Group Board on the recommendation of the Group Risk Committee and the group chief executive. The regular management information received by Group Board and Group Risk Committee includes our risk appetite dashboard setting out actual positions relative to the key targets and limits set in our risk appetite.
Risk taking authorities
We cascade the parameters of our risk appetite to our business managers through ‘Risk and Capital Mandates’, empowering managers to make decisions that are consistent with our appetite for risk.
Our mandates articulate the product types and features that may be written; the assets classes that may be held; the target capital positions and ranges of earnings volatility within which the overall profile of risks should be managed; and tolerances for specific risk exposures. Activities that would result in a business operating outside agreed parameters require formal approval from the group centre.
We set formal policies for the management of market, insurance, credit, liquidity and operational risks. The policies specify our overall strategies for ensuring each risk type is managed in line with our risk appetite and the minimum control standards that should be applied in managing our significant risk exposures.
We deploy a range of risk management techniques to manage and mitigate risks, so as to control risk exposures in line with our risk limits. For example, we use derivative instruments to hedge unrewarded risks as part of our asset liability management activity; and reinsurance programmes to transfer significant aggregations and concentrations of insurance risk exposures. Our framework of controls includes documented underwriting policies and structured delegated pricing and underwriting authorities. It also includes investment policies which take into account the nature of our liabilities, guarantees and other embedded options given to policyholders.
Risk identification and assessment
We operate a risk identification and assessment process under which all our businesses regularly consider changes in the profile of existing and emerging risks. The assessment process evaluates the risks that are inherent in our products as well as those that are presented from changes in the environments that we operate in.
Own risk solvency assessment
Our risk identification and assessment process forms part of our broader ‘own risk and solvency assessment’ process, our ongoing assessment of the risks to which Legal & General is exposed and an evaluation of the sufficiency of resources to sustain the business strategy over the horizon of the group plan.
Risk management information
Our risk management information framework is structured to report and support the review of ongoing and emerging risks and assess actual risk positions relative to the risk limits and targets that we set.
The group chief risk officer and his team, who are independent of the business line, support the Group Board and its Risk Committee in articulating acceptable risk taking and ensuring the effective operation of our risk and capital framework. This includes ongoing assessment of the group’s capital requirements to confirm that they meet regulatory solvency requirements.
The group chief risk officer also provides objective challenge and guidance on a range of risk matters to business managers, including the risks implicit in product developments, business transactions and new asset classes, and strategies for managing risks in line with the group’s overall risk appetite.
The Group Board has ultimate responsibility for the group’s risk management framework. The Group Board’s Risk Committee supported by the group chief risk officer, serves as the focal point for risk management activities. Details of the operation of the Group Risk Committee are set out Group Risk Committee report.
Beneath the Group Risk Committee is a structure of formal risk oversight committees providing more focused review and challenge of specific risks to the group, and reviewing the effectiveness of frameworks in place to manage those risks.