Risk management processes

Our processes

The core processes we use to identify, measure, manage, monitor and report (IMMMR) risks are set out below:

We accept the risks inherent to our core business lines of life, health and general insurance and asset management. We diversify these risks through our scale, the variety of the products and services we offer and the channels through which we sell them.

Identify and measure

We carry out regular risk identification including as part of our business planning process and any major business initiatives. We draw on internal and external data, covering both normal conditions and stressed environments.

We measure risks on the basis of Solvency II capital (and other bases if appropriate) to determine their significance, relative to the potential return and appropriately direct resources to their management.

Manage and monitor

Our Board retains ultimate responsibility for internal control and risk management, and their effectiveness, and carries out a review of the systems on an annual basis. In-depth monitoring of the establishment and operation of prudent and effective controls in order to assess and manage risks associated with the Group's operations is delegated to the Audit, Risk and Customer, Conduct and Reputation Committees which report regularly to our Board. 


Our risk reporting is dynamic and focusses on:
  • material risks and trends
  • performance and its impact on our risk profile, historical and prospective
  • decisions, taking account of risk reward trade-offs
  • projections/forward-looking views
  • mitigating actions
  • risk vs. appetite, preferences, limits and tolerances.


Good risk management is supported by our people having clear roles and responsibilities, the right skills and capabilities, and the right incentives and rewards.

We strive to embed a risk-aware culture and values in our business through employee training and communications.