Risk and risk management

The Group’s approach to risk management

Governance framework

We have established a risk and financial management framework whose primary objective is to protect the group from events that hinder sustainable achievement of our objectives and financial performance, including failing to exploit opportunities. Additionally, we have an established governance framework, details of which are given in the Corporate Governance section. The framework has three key elements:

• Clear terms of reference for the board, its committees and the associated executive management committees
• A clear organisation structure with documented delegated authorities and responsibilities from the board to executive management committees and senior management
• A group policy framework that sets out risk appetite, risk management and control and business conduct standards for the group’s worldwide operations. Each policy has a member of senior management who is charged with overseeing compliance with the policy throughout the group.

The governance structure and policy set is regularly reviewed to reflect the changing commercial and regulatory environment and our own organisational structure.

Integration of financial risk and capital management

We have developed a framework using Individual Capital Assessment (ICA) principles for identifying the risks that business units, and the group as a whole, are exposed to and quantifying their impact on economic capital. The ICA estimates the capital required to mitigate the risk of insolvency to a 99.5% confidence level against financial and non-financial tests. In addition, we are developing a risk-based capital model for our businesses that will provide a more detailed assessment of the capital needs of the business. We also use financial condition reports (FCRs) to inform capital management decisions.

Further details on the ICA and capital management are set out in the “Group capital strength and solvency” section of this review.

Regulatory impact on risks and risk assessments

A significant proportion of our longer-term savings business involves insurance products where the majority of the risk is borne by the policyholder. Risks attributable to policyholders are prudently managed to satisfy the policyholders’ risk and reward objectives. In addition, our worldwide insurance operations are subject to numerous local regulatory requirements that help to inform the acceptable level of risk in each of the jurisdictions in which we operate.

Management of financial and non-financial risk

We have established a number of policies dealing with the management of both financial and non-financial risks. The adoption of these policies throughout the group enables a broadly consistent approach to the management of risk at business unit level. Additionally, we operate a number of oversight committees that monitor aggregate risk data and take risk management decisions.

We also monitor specific risks on a regular basis through our risk monitoring framework. Business units are required to disclose all material risks along with information on the likelihood and severity of risks and mitigating actions taken or planned. The framework enables us to assess the overall risk exposure of the group, to develop a group-wide risk map identifying concentrations of risk and to define the risks that we are prepared to accept. The risk map is continually monitored and refreshed quarterly.

Insurance risk

Life insurance risk

Life insurance risk arises through our exposure to mortality, morbidity and experience factors such as persistency and unforeseen expenses.

The Life Insurance Risk committee monitors whether guidance and procedures are in place for each of the major components of life insurance risk and that businesses adopt a local risk management framework. The local frameworks adopted in business units are reviewed in detail and approved twice yearly by the committee. The committee also considers the reinsurance coverage across the life business. Business units can select reinsurers locally but the overall programme is assessed centrally to manage group-wide risk exposures.

We have exposure to the full range of life insurance risks, including a significant exposure to annuity business and the associated longevity risk. Longevity statistics are monitored in detail and the results are used to inform the reserving for, and pricing of, annuities. Inevitably, there remains uncertainty about future longevity that cannot be removed.

General insurance risk

General insurance risk arises from:

• Fluctuations in the timing, frequency and severity of claims and claim settlements relative to expectations
• Unexpected claims arising from a single source
• Inaccurate pricing of risk when underwritten
• Inadequate reinsurance protection or other risk transfer techniques
• Inadequate reserves.

Our underwriting strategy is agreed by the executive committee and communicated by specific policy statements and guidelines. Group policies exist for underwriting, claims management, reinsurance and reserving and operate within the group risk-management framework. The General Insurance Risk committee has been established to oversee management of these risks.

Mechanisms are in place in each of the business units to identify, quantify and manage accumulated exposures within the limits of our risk appetite. Reinsurance is used to assist in reducing the financial impact of a catastrophe and to reduce the volatility of earnings. Reinsurance purchases are reviewed annually at both business unit and group level to check that the levels of protection being purchased match developments in exposure. The basis of these reinsurance arrangements is underpinned by extensive financial modelling and actuarial analysis to optimise the cost and risk management benefits. Reinsurance arrangements are only placed with providers who meet our counterparty security standards.

The adequacy of our general insurance reserves is ultimately approved by the Reserving committee. The committee maintains the General Insurance Reserving policy and regularly monitors the adequacy of the general insurance reserves. The reserves are subject to audit and peer review.

Asset and Liability Management (ALM)

Our group-wide policy on asset/liability management for technical provisions sets out the minimum principles that business units are required to adopt. We centrally monitor adherence to this policy and regularly review how business units are managing ALM risks locally through the Investment committee and ultimately through the Asset Liability Management committee. The policy sets out the framework for matching assets with appropriate liabilities, approaches to take when liabilities cannot be matched and the monitoring processes that are required. Further details on specific areas of ALM risk are given below:

Cash flow and liquidity risk

Liquidity risk is the risk that we do not have sufficient available assets to meet our obligations as they fall due. Robust liquidity management forms an important component of our financial management practices.

Each business unit is required to identify sources of liquidity risk and implement systems to both measure and monitor potential exposures. Business units must also install controls to manage liquidity requirements. At group level, liquidity is maintained at a prudent level and consistent with the expectations of the FSA and the investment community. At a group level, we also maintain a liquid asset buffer to cover contingencies including the provision of temporary funds to business units that experience temporary liquidity shortfalls.

Interest rate risk and maturity periods

Interest rate risk arises primarily from the products we sell and the value of our investments. For example, long-term debt and fixed income securities are exposed to fluctuations in interest rates. Exposure to interest rate risk is monitored through several measures, including Value-at-Risk analysis, position limits, scenario testing, stress testing and asset and liability matching using measures such as duration. Interest rate risk is managed using a variety of derivative instruments, including futures, options, swaps, caps and floors in order to hedge against unfavourable market movements in interest rates inherent in the underlying assets and liabilities.

On certain categories of long-term business, interest rate risk is reduced through close matching of assets and liabilities. On short-term business such as general insurance business, we require a close matching of assets and liabilities by duration to minimise this risk.

Market risk

Market risk is the potential adverse financial impact of changes in values of financial instruments from fluctuations in foreign currency exchange rates, interest rates, property prices and equity prices. Market risks arise in business units due to fluctuations in the value of liabilities arising from products sold against the value of investments held. At group level, market risk also arises in relation to the overall portfolio of international businesses. For each of the main components of market risk described below, we have policies and procedures on how each risk should be monitored and managed. At group level, the Investment committee is responsible for overseeing market risk, including ALM risk. Additionally, the potential financial impact of changes to market values is monitored through the ICA and FCR processes.

Foreign currency exchange risk

We operate internationally, meaning we are exposed to foreign currency exchange risk arising from changes to the exchange rates of various currencies. Our financial results and competitiveness are also affected indirectly by the domestic currencies of our main competitors, principally sterling and euros. Over half of our premium income arises in currencies other than sterling and net assets are denominated in a variety of currencies.

We do not hedge foreign currency revenues as they are substantially retained locally to support the growth of our business and meet local and regulatory market requirements. Our foreign currency exchange policy requires that each of our subsidiaries maintain sufficient assets in the local currency to meet local currency liabilities. Therefore, capital held by business units should be able to support local activities regardless of foreign currency movements. However, such movements may affect the value of consolidated shareholders’ equity, which is expressed in sterling. This aspect of foreign exchange risk is monitored centrally against predetermined limits to control the extent to which capital deployment and capital requirements are not aligned. Currency borrowings and derivatives are used as required to keep exposures within the predetermined limits.

Property price risk

We are subject to property price risk through fluctuations in the value of investment properties that we hold in a variety of locations worldwide. Property price risk is managed at business unit level and is subject to local regulations on asset admissibility and liquidity requirements.

Equity price risk

We are subject to equity price risk due to changes in the market values of equity securities. The equity price risk is actively managed by the use of derivative instruments, including futures and options, to lessen anticipated unfavourable market movements. The Asset Liability Management committee actively monitors directly owned equities and material shareholdings in our strategic business partners. Business units model the performance of equities using stochastic models, in particular to understand the impact of equity performance on guarantees, options and bonus rates. We do not have material holdings of unquoted securities.

Derivatives risk

We are subject to derivatives risk due to the use of derivative contracts for efficient investment management, risk hedging purposes or structuring specific retail-savings products. We have a derivatives policy that sets out the minimum standards for the use and approval of derivatives. The Derivatives committee exists to maintain and monitor an appropriate control environment, monitor exposures and approve any proposed derivative transactions that fall outside the control framework.

Credit risk

Credit risk is the risk of loss in the value of financial assets due to counterparties failing to meet part or all of their obligations, or changes to the market value of assets caused by changed perceptions of the creditworthiness of counterparties.

Our management of credit risk includes monitoring of aggregate group exposures to individual counterparties. The aggregate exposure is then measured against centrally set limits based on the credit ratings issued by companies such as Standard and Poor’s. The process measures exposure to individual counterparties across a broad range of asset types including fixed income securities, bank deposits and mortgages. These specific credit risks are monitored by the Credit and Reinsurance Security committees. In addition to monitoring specific credit risks, we assess general credit risks such as the concentration of exposures by industry sector and geographic region. This general credit risk is the responsibility of the Investment committee.

Operational risk

Operational risk arises from inadequately controlled internal processes or systems, human error and from external events. This definition is intended to include all risks that we are exposed to, other than the financial risks described above and the strategic and group risks considered below. Operational risks include, for example, information technology, information security, human resources, project management, outsourcing, tax, legal, fraud and compliance.

In accordance with group-wide policies, line management in business units has primary responsibility for the effective identification, management, monitoring and reporting of operational risks to the business unit executive management team and to group. Business unit risk management and governance functions are responsible for implementing the group-wide risk management methodologies and frameworks to assist line management in this work. They also provide support and independent challenge on the completeness, accuracy and consistency of risk assessments and the adequacy of mitigating action plans. As a result, business unit executive management teams satisfy themselves that material risks that fall outside pre-set appetite levels are being mitigated and reported to an acceptable level.

Operational risks are assessed according to the potential impact and probability of the event concerned. Impact assessments are made against financial, operational and reputational criteria and are reported on a quarterly basis by business units to group. Risks assessed by business units to be at the two highest impact assessments are escalated to group between quarterly reporting. This reporting enables us to:

• Assess and monitor overall operational risk exposures
• Identify any concentrations of operational risk across the group
• Monitor progress towards the mitigation of operational risk
• Verify that operational risk exposures remain within risk appetites.

More detail of the operational and financial risks we face and the frameworks, processes and controls in place to mitigate those risks are given in note 50. Note 50 also contains data on significant financial risks we face and the sensitivity of the result to those risks.

Andrew Moss
Group Finance Director