Risk management processes

Our risk processes

The processes we use to identify, measure, manage, monitor and report risks, including the use of our risk models, and stress and scenario testing, are designed to enable dynamic risk-based decision-making and effective day-to-day risk management.

Having identified the risks to our business and measured their impact, depending on our risk appetite and desired risk culture, we either accept these risks or take action to reduce, transfer or mitigate them.

You can read more about our approach to risk in the Risk and Risk Management section (PDF 169KB) of our Annual Report and Accounts.

Identify and measure

We carry out regular risk identification including as part of our business planning process and any major business initiatives. We draw on internal and external data, covering both normal conditions and stressed environments.

We measure risks on the basis of Solvency II capital (and other bases if appropriate) to determine their significance, relative to the potential return and appropriately direct resources to their management. We also measure the impact and likelihood of risks against our predefined appetites, tolerances and limits.

Manage and monitor

Having identified the risks of our business and measured their impact, we either accept these risks or take action to reduce, transfer or mitigate them, considering the expected return, associated risk and position relative to risk appetite. Monitoring ensures that the risk management approaches (accept, avoid, transfer, control) in place are effective. Monitoring may also identify risk-taking opportunities.


Our risk reporting is dynamic and focusses on:
  • material risks and trends
  • performance and its impact on our risk profile, historical and prospective
  • decisions, taking account of risk reward trade-offs
  • projections/forward-looking views
  • mitigating actions
  • risk vs. appetite, preferences, limits and tolerances.