Risk management
Our Risk-Management Framework enables a consistent approach to the identification, mitigation and management of risks, which is essential to achieve our strategic objectives.
The Group’s business activities naturally expose it to strategic, financial and operational risks which are inherent in the nature of the business it undertakes and the financial, market and regulatory environments in which it operates. The Group recognises the importance of understanding and managing these risks and that it cannot place a cap or limit on all of the risks to which it is exposed. However, effective risk management ensures that risks are managed to an acceptable level.
To assist the Board in discharging its responsibilities, it has in place a Risk-Management Framework to support identification, mitigation and management of risk exposures. The Group regularly reviews the risk framework, risk capabilities and tools to maintain effective ongoing risk management to ensure it remains commensurate with current operations alongside its aspirations and diversification objectives.
There have been a number of improvements to the ERM framework during the year including enhancements to risk monitoring and reporting, and the consequent risk mitigation strategies. There have also been some organisational changes, to better align our people to the needs of the Group.
The Board, through its Group Risk Committee, is ultimately responsible for the implementation of an appropriate risk strategy. The main areas it encompasses are:
- identifying, evaluating and monitoring the principal and emerging risks to which the Group is exposed
- implementing the risk appetite of the Board in order to achieve its strategic objectives; and
- establishing and maintaining governance, policies, systems and controls to ensure the Group is operating within the stated risk appetite
Board
Executive Committees
Execution of Board's risk strategy including risk appetite.
Risk and control functions
Comprised of compliance, financial crime, financial risk, liquidity risk and operational risk. In addition, legal, finance, data privacy and security functions are also considered as part of the control functions within the Group.
Business functions
Identify, own, assess and manage risks. Design, implement and monitor suitable controls, issue management, KRI and risk appetite reporting.