Notes

View all notes

Close

View all pages

Close

Enter a phrase to see a short definition.

View full glossary

Close

Risk management

As a global company, we face a large and diverse number of risks. Each of these risks has the potential to harm our financial performance or hinder the achievement of our strategic objectives. If we don’t manage risk effectively we could miss potential opportunities to further develop and expand our business.

What sorts of risks do we face?

We group the type of risks we face into three categories: financial, strategic and operational.

  • Financial risks cover market and credit risk, insurance risk, liquidity and capital management.
  • Strategic risks include issues such as customer, products and markets as well as any risks to our business model arising from changes in our market and risks arising from mergers and acquisitions.
  • Operational risks arise from inadequately controlled internal processes or systems, human error or non-compliance as well as from external events. Operational risks include taxation, reputation and regulatory risks, such as compliance.

Naturally, it’s impossible to analyse every single risk we encounter, so instead we set limits to manage our material risks to ensure we stay within our risk appetite (the amount of risk we are willing to accept). To work out how “material” a risk is to our business we assess its size and scale based on how likely it is that it will occur and what potential impact it would have on our business and our stakeholders if it were to occur. Most importantly, when risks are outside of appetite we agree what actions need to be taken to manage the risks (or groups of risks).

Our Risk Management Framework provides the means for us to identify, assess, measure, manage and monitor all of these different types of risk to provide us with a single picture of the threats, uncertainties and opportunities we face. We’re then able to make appropriate decisions to limit and control the impact that all of these risks may have on our strategic objectives.

What risk management activity happens at Aviva?

To ensure that risks are effectively identified and assessed and that appropriate controls and responses are in place, our risk management activity needs to operate through clearly defined and agreed structures and processes.

At Aviva, we coordinate all group-wide risk management activities through a central risk team, led by the group chief risk officer. In each of our regions, local chief risk officers ensure that the regional risk profiles remain within the limits set centrally. The local chief risk officers work with business unit management to ensure that our risk management framework is being used consistently across all our businesses. They also work with the group chief risk officer to coordinate and communicate decisions that are taken at a group level.

As well as working with the regions, the central risk team is also responsible for managing group risk governance and oversight.

Our Risk Management Framework

At group centre, we monitor risks on a regular basis through our Risk Management Framework. The framework includes all our risk management processes, systems and tools and helps set standards for identifying, managing and reporting risks and establishing minimum standards for our control environment.

Corporate Governance and oversight: Risk committee structure

Corporate Governance and oversight: Risk committee structure Board. Set strategic objectives, monitor performance, set and uphold values Aviva plc Board Audit Committee Risk and Regulatory Committee CSR Committee Group. Set risk policies, monitor performance, oversee risk management, provide challenge, recommend risk activity Disclosure Committee Group Executive Committee Group ALCO ALCO Sub-committee Group ORC ORC Sub-committee Region. Oversee risk management, monitor regional risk profile, operate in line with policy, report to Group Regional Executive Committee Regional Rish Committee

This process allows us to:

  • assess the overall risk exposures we face as a group;
  • identify risk exposures across specific areas of our business or business activities; and
  • define the risks we’re prepared to accept.

The central risk team monitors these risk exposures on a regular basis with a specific focus on financial risks via a fortnightly report, and reports the findings to the Executive Committee and, as part of the performance management process, senior management review risk management information to ensure the successful delivery of our business objectives.

As well as the ongoing monitoring activities the central risk team produces a formal quarterly risk report for the Risk and Regulatory Committee of the board and the various risk oversight committees.

Corporate governance and oversight

Our Risk Governance Framework allocates responsibility for the oversight of risk management to a number of committees at group centre with the Group Asset Liability Committee (‘ALCO’) and the Group Operational Risk Committee (‘ORC’) providing a key focus on financial and operational risk. The Group centre committees are in turn supported by the regions. These relationships are summarised in the diagram above.

These committees monitor the aggregate risk profile, provide challenge and recommend risk management activity and ensure that our risk policies are used to manage risk to agreed standards.

Board oversight is maintained on a regular basis through its Risk and Regulatory Committee. The group chief risk officer has a reporting line to the chairman of the Risk & Regulatory Committee assuring independence of the function.

Policies and procedures

We have 35 policies that deal with the management of all our risks. These policies define our risk appetite and set out risk management and control standards for the group’s worldwide operations. The policies also set out the roles and responsibilities of businesses, regions, policy owners, and the risk oversight committees.

As our business needs to change and respond to market conditions and customer needs, we regularly monitor our policies and risk appetite to ensure they remain relevant and up-to-date. This helps to provide assurance to the various governance and risk oversight committees that there are appropriate controls in place for all our core business activities, and that the processes for managing risk are understood and followed consistently across our global businesses.

Risk and economic capital

We continue to develop our economic capital models to allow us to measure, compare and further understand our risks. The results of the modelling are incorporated into our key decision making processes. These models show us the relative impact to economic capital from the risks we face. In turn this allows us to consider appropriate and effective mitigating strategies where risks are outside of appetite.

The Financial Services Authority (FSA) requires Aviva to assess its economic capital requirements to ensure that it adequately reflects business and control risks. In turn this analysis supports our strategic planning and decision-making processes.

How are financial, strategic and operational risks managed at Aviva?

Financial risks

We’re exposed to financial risk as a result of changes in the values of our investments and the value of our insurance liabilities. This risk is caused by potential market movements in equity and property prices, the impact of interest rate changes and inflation expectations, credit risk exposures, foreign exchange rate movements and liquidity demands.

Market risk

Aviva is exposed to market risk from owning a portfolio of international insurance businesses. A decline in markets or an increase in market volatility may also adversely affect sales of our investment products and our fund management business. We recognise that market risk is part of the businesses that we run, and that a certain level of market risk is acceptable in order to deliver benefits to both policyholders and shareholders.

We manage market risk by applying our market risk policy to all of the assets under the group’s control. This includes policyholder assets (those assets supporting the technical liabilities) and shareholder assets (the surplus assets held that are not required to meet policyholder benefits and to cover regulatory margins). In practice assets can move between these categories.

To ensure we manage the risks around assets backing technical liabilities, we have set standards for the way businesses should match their liabilities with appropriate assets. Businesses also need to follow a clear decision-making and monitoring process when liabilities cannot be matched or a degree of mismatching is desired. Several of our long-term savings businesses sell products where the majority of the market risk is borne by the policyholder. Any market risk attributable to policyholders is managed to satisfy the policyholders’ objectives for risk and reward.

We monitor the financial impact of the changes to market values (including our staff pension schemes) through our measurement of economic capital and sensitivities to our key performance measures and set our risk appetite in respect of the amount to be invested in different types of asset.

Equity price risk

Falls in equity prices is our largest market risk exposure. We continually monitor our exposures relative to our risk appetite and have reduced our overall exposures to equity risk during 2008 by extending our portfolio of equity hedges. This is in addition to the significant equity de-risking we performed in 2007 within our main staff pension scheme and general insurance businesses. These hedges tend to take the form of a portfolio of options designed to provide protection against falls in equity prices at the lowest cost possible. Over the year we have actively managed our portfolio of equity hedges to ensure our equity risk remains within appetite without any adverse liquidity impacts.“Hedging” is a strategy used to reduce exposures to price risk movements.

A 10% decrease in equity prices would decrease total shareholders’ funds net of tax by £1,100 million on an MCEV basis and £600 million on an IFRS basis. Lines of business sensitivities to increases in equity prices are shown in note 55 to the financial statements and in the section on MCEV reporting. These figures are based on an instantaneous shock and include the impact of the hedges in place.

Deployment of assets

  %
1 Equities 12
2 Property 4
3 Cash 7
4 Loans 12
5 Debt securities 43
6 Other investments 10
7 Other net assets 12
Total 100
Deployment of assets

Credit risk exposures – debt securities

  %
1 AAA 44
2 AA 16
3 A 26
4 BBB 9
5 Speculative grade 1
6 Not rated 4
Total 100
Credit risk exposures – debt securities

Interest rate risk

Changes in the level of interest rates affect both the products we sell and the value of our investments. For example, long-term debt and fixed income securities are both exposed to fluctuations in interest rates. We are also exposed to movements in interest rates on business carrying investment return and surrender value guarantees.

A 1% increase in interest rates would decrease total shareholders’ funds net of tax by £500 million on an MCEV basis and £600 million on an IFRS basis. Lines of business sensitivities to increase in interest rates are shown in note 55 and in the section on MCEV reporting.

For some categories of our long-term business, we reduce interest rate risk through the close matching of assets and liabilities. For short-term business such as general insurance, we require a close matching of assets and liabilities by duration to minimise this risk. If we can’t entirely remove interest rate exposure through matching, then we may use a variety of derivative instruments in order to hedge against unfavourable market movements.

We have implemented a portfolio of hedges in Delta Lloyd to protect against the interest rate guarantees within the business. This strategy protected our position in the light of the rapidly falling interest rates environment we have witnessed.

Property price risk

We also invest in property assets in different global locations. These assets are also subject to fluctuations in their value. Property investment is managed locally by our business units, recognising any local regulatory restrictions in respect of asset admissibility or liquidity and with reference to the business units’ risk appetite.

A 10% decrease in property values would decrease shareholders’ funds by £300 million pre-tax on an IFRS basis and embedded value would decrease by £355 million, net of tax on an MCEV basis. Sensitivities to property values are shown in note 55 and in the section on MCEV reporting.

Credit risk

We have significant exposures to credit risk through our investments in corporate bonds, commercial mortgages, and other securities. We hold these investments for the benefit of both our policyholders and shareholders.

We manage the exposure to individual counterparties, by measuring exposure against centrally set limits. These limits take account of credit ratings issued by rating agencies such as Standard & Poor’s.

We manage the level of risk we’re prepared to take via analysis that helps us define the optimal balance between the risk we take and the returns we can earn on the underlying assets, monitoring the types of investment available to us to achieve our aims. We also actively monitor and consider the risk of a fall in the value of fixed interest securities from changes in the perceived credit worthiness of the issuer.

We’re also exposed to credit risk through our use of reinsurance. Reinsurance arrangements are only placed with providers who meet our counterparty credit standards.

Foreign exchange risk

As an international business we’re exposed to fluctuations in exchange rates in the countries in which we undertake business. Over half of our premium income comes from currencies other than sterling. Generally, we don’t hedge these currency risks as profits are retained to support growth in the business units. However significant dividends from overseas business units are hedged as they are declared.

Movements in exchange rates will affect the value of shareholders’ funds which are expressed in sterling. This aspect of foreign exchange risk is monitored centrally against limits aimed at aligning capital deployed with capital required. We use currency borrowings and derivatives when necessary to keep currency exposures within these limits. We hedge specific foreign exchange transaction risks when we feel it’s appropriate; for example, acquisition or disposal activity.

We’re also exposed to some exchange risk from assets held in staff pension schemes, as a part of the investment strategy agreed with the scheme trustees.

Derivatives risk

We use derivatives in a number of our businesses to enable efficient investment management or as part of structured retail savings products. In addition we use derivatives to hedge the financial risks discussed above. Derivatives can involve complex financial transactions and, to minimise the risks involved we set minimum standards of control that we require our businesses to adopt when using derivatives.

Activity is overseen by the Derivatives Approvals Committee, which monitors implementation of the policy, exposure levels and approves large or complex transactions proposed by businesses. Speculative activity is prohibited, unless prior approval has been obtained from the Derivatives Approval Committee.

Liquidity risk

We need to ensure that we maintain sufficient liquid assets to meet our cash flow obligations as they fall due. All our businesses identify their sources of liquidity risk and monitor the potential exposures.

At group level, we maintain a prudent level of liquidity which meets the expectations of the FSA and the wider investment community. We maintain a buffer of liquid assets to cover unforeseen circumstances, including providing temporary funds to any of our business units that may experience temporary liquidity shortfalls. The group maintains significant committed borrowing facilities from a range of banks.

Insurance risk management

As an insurance business, we evaluate exposures to determine whether or not to insure risks and set terms and conditions for any insurance products underwritten.

Life insurance risk

Our life insurance businesses are exposed to a range of life insurance risks from various products. These risks are, typically, longevity (the risk that people will live longer than we have assumed), mortality (the death of a policyholder), and morbidity (ill health), as well as experience risks to changes in the underlying assumptions made at the start of the insurance policy, for example duration of the policy and expenses.

Longevity risk

We have a significant exposure to annuity business and our most significant life insurance risk is therefore associated with longevity. We monitor longevity statistics and compare these with emerging industry trends. We use the results of this analysis to decide both the reserving and pricing of annuities.

Inevitably, there remains uncertainty about the development of longevity that cannot be removed. Should our assumptions in respect of annuitant mortality worsen by 5% then shareholders’ funds would decrease by £320 million pre-tax on an IFRS basis and decrease embedded value by £415 million on an MCEV basis, net of tax.

Mortality and morbidity risk

Our business units manage mortality and morbidity risk arising on insurance products through the setting of limits and the use of reinsurance to transfer excessive risk exposures. Sensitivity tests show that mortality risk is relatively low. A 5% worsening in assurance mortality experience reduces shareholder funds by £30 million on an IFRS basis and decreases embedded value by £265 million on an MCEV basis, net of tax.

Persistency risk

Persistency (or lapse) risk affects all of our life insurance businesses and is managed at a business unit level through frequent monitoring of experience. Where possible, the potential financial impact of lapses is reduced by the product design. Guidelines have been developed on persistency management, sharing best practice in the setting of lapse assumptions, product design requirements, experience monitoring, and required management actions.

Product Design and Pricing risk

Poorly designed or inadequately priced products can lead to both financial loss and reputational damage for Aviva. Guidelines have been developed to support the businesses through the complete cycle of the product development process, financial analysis and pricing.

Expense risk

Expenses are managed and monitored at a business unit level, as part of general day-to-day business management. Expense management is a key part of a business’ ability to meet financial targets. Expense risk arises not only from any failure to control the overall level of expenses but also from any deviation of actual experience from the assumptions made in pricing our insurance policies. Expense assumptions are regularly monitored to ensure they remain appropriate.

General insurance risk

Our general insurance businesses are exposed to a variety of risks, including fluctuations in the timing, frequency and severity of claims and claim settlements, inadequate reinsurance protection and inadequate reserves.

Catastrophe risk

Our largest general insurance risk is claims incurred from catastrophic events, such as flooding and windstorm. We manage this risk through central monitoring of risk aggregations and, where we do not wish to retain the risk within the group, by purchasing catastrophe cover from third-party reinsurers.

We use reinsurance to help reduce the financial impact of a catastrophe and to manage the volatility of our earnings. We use extensive financial modelling and analysis to ensure we understand the catastrophe risk and to ensure we get maximum benefit in terms of cost of providing the catastrophe reinsurance covers.

As catastrophe events become more remote, the amount of risk we retain increases, so that our total loss from our most concentrated exposure (northern European wind storm) is approximately £400 million for a one in ten year event, compared to approximately £850 million for a one in a hundred year event.

Worsening claims ratios

Another material risk is the financial impact of worsening claims ratios. The business units manage this risk through underwriting disciplines, control of claims management and exploring different solutions to the way we measure and price the risks we underwrite. For example, our UK business has developed digital flood mapping to understand better the risk to household insurance from flood damage.

Strategic risks

We are exposed to a number of strategic risks. Our strategy needs to support our vision, purpose and objectives and be responsive to both the external and internal environment, for example changes in the competitive landscape, regulatory changes, merger and acquisition opportunities and emerging trends (such as climate change, pandemic and improving longevity).

Strategic risk is explicitly considered throughout our strategic review and planning process. Developments are assessed during our quarterly performance management process where all aspects of our risk profile are considered.

We actively engage with external bodies to share the benefit of our expertise in supporting responses to emerging risks as well as challenging developments that could be damaging to our business and the industry as a whole.

Operational risks

We’re exposed to operational risk arising from inadequately controlled internal processes or systems, human error or non-compliance as well as from external events. Operational risks include taxation, reputation and regulatory risks, such as compliance.

Our businesses are primarily responsible for identifying and managing operational risks in line with minimum standards of control set out in our policies. Each operational risk is assessed against financial, operational and reputation criteria.

Business management teams must be satisfied that all material risks falling outside our risk appetite are being mitigated, monitored and reported to an appropriate level. Any risks with a high potential impact level are monitored centrally on a regular basis.

Supplier risk

Within Aviva, we have robust guidelines on how supplier risk should be assessed, mitigated and monitored through our Purchasing and Outsourcing policies. These policies are promoted and endorsed by Aviva's senior management and our local Procurement and Risk teams have the responsibility to ensure these are fully implemented. Performance against these guidelines is then assessed at both regional and group level on an ongoing quarterly basis. Risk is measured against four areas: financial impact, internal service disruption, customer impact and risk to the Aviva brand.

Where we identify any potential supply risk – detailed action plans are put in place and local senior management are informed to ensure appropriate focus is applied.

In addition we complete regular assessments of our major suppliers and ensure that we have robust alternative supply options available. We assess the ongoing financial health of our major suppliers globally, coupled with a review of the business contingency plans to ensure an adequate standard of assurance is maintained.

Top of page