Our business

Risk management processes

Our risk management processes.

We accept the risks inherent to our core business lines of life, health and general insurance and asset management. We diversify these risks through our scale, the variety of the products and services we offer and the channels through which we sell them.

The core processes we use to identify, measure, manage, monitor and report (IMMMR) risks are set out below:

Identify and measure

We carry out regular risk identification including as part of our business planning process and any major business initiatives. We draw on internal and external data, covering both normal conditions and stressed environments.

We measure risks on the basis of Solvency II capital (and other bases if appropriate) to determine their significance, relative to the potential return and appropriately direct resources to their management.

Manage and monitor

We monitor to make sure our risk management and mitigation approaches (accept, avoid, transfer, control) are effective. Monitoring may also identify risk-taking opportunities.

We regularly monitor our risk exposures against risk appetites, as well as key risk indicators against operating and financial risk limits and tolerances.  We monitor early warning indicators as triggers for management action, such as putting pre-prepared contingency plans into effect.

We monitor the effectiveness of controls in place to manage operational risks, including compliance with our internal business standards.


Our risk reporting is dynamic and focusses on:

  • material risks and trends
  • performance and its impact on our risk profile, historical and prospective
  • decisions, taking account of risk reward trade-offs
  • projections/forward-looking views
  • mitigating actions
  • risk vs. appetite, preferences, limits and tolerances.

Supported by our organisation and people

Good risk management is supported by our people having clear roles and responsibilities, the right skills and capabilities, and the right incentives and rewards.

We strive to embed a risk-aware culture and values in our business through employee training and communications.