Group to be identified, assessed, controlled and monitored consistently, objectively and holistically. We have operated our ERM framework for a number of years and we continue to seek opportunities to strengthen the framework and to ensure that it is aligned with external best practice.
There are five key elements to our ERM framework which are set out in the adjacent diagram. The operation of this
framework provides for a risk-based approach to managing our business, integrating concepts of strategic planning, operations management and internal control.
You can find out more about each element of the framework below.
We believe that our current ERM framework is closely aligned to the requirements of emerging regulatory frameworks relating to risk management and systems of governance, although we recognise there will continue to be developments in line with regulatory developments and industry best practice.
During the year we have further developed and embedded our ORSA process. This has been built on our ERM framework which provides a good foundation for this in terms of identifying, assessing, controlling and monitoring risks.
Our experience of operating and improving our ERM framework over a number of years means that we are well placed to meet the future requirements of Solvency 2 which we anticipate will support the further embedding of risk management within the Group. You can find out more information about our risk exposures at 31 December 2013 in Note 41, Risk management which shows the impact of applying this framework in managing our business and in Section 1.5 of the Strategic report – Risk management.
Risk culture
Our approach
• right people, right jobs, right behaviours, roles and responsibilities clearly defined
• right structure, effectively implemented, risk focused committees and management
• Group-wide awareness, deepening understanding of risk, ongoing embedding and change. Risk governance structure
The risk governance structure we use in defining our risk culture includes the Risk and Capital Committee (the”RCC”) which is made up of non-executive Directors as detailed in the Report from the Chairman of the RCC above. The Group Chief Risk Officer also attends meetings of the RCC. The main role of the RCC is to provide oversight and challenge of, and advice to the Board on:
• the Group’s risk strategy, limits and tolerances, material risk exposures and future risk strategy and their impact on capital
• the structure of the Group’s ERM framework and its suitability to react to the changing nature of risks
• the risk aspects of major investments, major product developments and other corporate transactions
• material risk and capital matters affecting the Heritage With Profits Fund.
The RCC also provides advice to the Remuneration Committee on an arm’s length basis on various matters, including whether specific risk adjustments need to be applied to performance-related payments in incentive packages.
The Group ERMC consists of the members of the executive team which includes the Group Chief Risk Officer. The Group ERMC meets at least quarterly, and usually in conjunction with the executive team. The main role of the Group ERMC is to:
• oversee compliance with the Group’s ERM framework
• support the Chief Executive in the management of risk across the Group.
The Group ERMC is supported by the Group Credit Risk Committee which deals with all types of credit risks arising from the current and proposed activities of the Group. In addition, our internal Chief Risk Officer (CRO) Forum, comprising our business unit CROs, meets monthly to review risk matters.
Group Risk supports the operation of these risk committees (the RCC, the Group ERMC and the Group Credit Risk Committee) and provides assurance, assistance and advice to them as required.
Group Risk is supported by the Risk functions within the business units which each have their own business unit ERMC. The business unit risk functions are responsible for providing assurance that the financial and non-financial risks inherent in business activities are identified and managed in accordance with the appetite and limits approved by the Board and relevant subsidiary boards. They are also responsible for producing risk management information for use within the business unit and for aggregation across the Group.
2. Governance information – Corporate governance continued
Three lines of defence
The Group operates a three lines of defence model of risk management, with clearly defined roles and responsibilities for committees and individuals:
First line: day-to-day risk management is delegated from the Board to the Chief Executive and, through a system of delegated authorities and limits, to business managers.
Second line: risk oversight is provided by the Group CRO and established risk management committees, including the Group ERMC. These management committees are supported by the specialist Risk Management and Compliance functions across the Group.
Third line: independent verification of the adequacy and effectiveness of the internal risk and control management systems is provided by the Audit Committee, which is supported by the GIA function, and the RCC.
Qualitative risk appetites
The Group has defined qualitative risk appetite principles and statements to provide guidance to our businesses and help to drive our strategy in line with the Group’s appetite for risk.The general principles are:
• the Group has no appetite for unrewarded risk
• the Group has no appetite for any risk that is not consistent with the delivery of our strategic objectives
• the Group’s appetite for accepting risk is dependent on the expected return exceeding the cost of capital
• the price charged for accepting risk should seek to maximise the risk/reward profile; prices charged for our products should fully reflect all risks.
Quantitative risk limits
Quantitative risk limits are used to support the qualitative risk appetite statements and allow regular objective reporting of
exposures against risk limits. The quantitative risk limits used during 2013 have been based on the following key risk metrics which are a focus of our risk management activity:
• excess working capital
• economic capital resources.
These metrics enable us to measure risk and capital consistently across the Group’s diverse range of businesses, activities and projects. These metrics supplement, rather than replace, the wide range of metrics currently used throughout the Group and, where appropriate, make allowance for local regulatory capital considerations. The Group’s risk profile is assessed and reviewed regularly.
During 2013 the Group has managed its exposures using quantitative risk limits based on economic capital resources and excess working capital risk metrics.
Economic capital resources are a quantification of the capital available within the Group. They are a measure, based on an internal economic capital methodology, of the value of the Group's assets less liabilities. This metric supports management of the financial strength of the Group and delivery of long-term shareholder value. Under this metric, risk exposures are measured as the amount of capital that is needed to cover the risks taken by the Group, calibrated to withstand a defined risk event.
Excess working capital is shareholder cash that is in excess of regulatory requirements, target solvency requirements and any further operational constraints. This metric supports management of the primary source of funding for the business, the strategic activities of the Group and distributions to shareholders. Under this metric, risk exposures are measured as the reduction in excess shareholder cash that a business might expect to see as a consequence of a defined risk event.
For 2014, the Group is transitioning away from excess working capital as a key risk metric. Economic capital resources will be the key risk metric for managing risk exposures against quantitative risk appetites across the group. Although excess working capital will be not be used for the purposes of the risk appetite framework, we will continue to track and manage the business through a wide range of risk, capital and profit metrics.
You can find out more about our approach to assessing risk exposures and establishing risk limits in the Risk and capital model detailed below.
ERM reporting
Group Risk continues to review and challenge risk reporting from the risk functions across the Group to ensure that accurate and adequate information is delivered to the risk committees (as detailed above) to support their risk management mandates. To support this, during 2013, the RCC and Group ERMC risk reporting content and style were refreshed.