Risk Management
Management and Controls
Governance
The governance model comprises a robust and embedded committee structure that allows an efficient and mutually supportive control environment across the Group. The business and control environments of St. James’s Place plc and Invista Real Estate Investment Holdings plc fall outwith the governance framework described in this section of the Annual Report and Accounts.
The Board is responsible for setting the Group’s risk appetite and does so through an iterative process that aims to ensure that the Group’s approved business plan is consistent with the Board’s appetite for risk.
The strategy for managing risk is formulated by the Executive Committee and is informed through divisional and Group planning and key performance indicators, including monthly financial and business performance reporting of variances against plan.
The Board has overall responsibility for the Group’s system of control and approval of principal risk policies and standards. The Board is also responsible for reviewing the effectiveness of the systems and controls. The system of controls described in this section has been in place throughout the period to the date of approval of the Annual Report and Accounts. It accords with the Turnbull guidance on internal control and has also been reviewed by the Board specifically for the purposes of this statement. Within the Group, risk is managed in accordance with the principles overleaf.
Risk Appetite
HBOS uses risk appetite to describe:
- the level of acceptable risk given the Group’s appetite for earnings volatility, external stakeholder expectations and
any other defined objectives such as paying dividends; and - the types of risk the Group is prepared to accept in line
with HBOS control environment and the market conditions
in which it operates.
Key risks are identified and managed to achieve a balance between risk and reward which is acceptable to the Board. The Board carries out an annual strategic review of risk management, its appetite for risk and the Group’s annual business plan. This focus on aligning the taking of risk with the achievement of business objectives means that the control system is designed to manage, rather than eliminate, risk. The Board also reviews the effectiveness of risk management through regular management information reporting.
Responsibility for risk is a key element of managers’ competencies at all levels. Specialist Group and divisional risk teams have been established where appropriate to assist managers across the Group. Specialist risk managers research industry best practice and ensure that standards and policies within the Group evolve in line with recognised risk management practice.
Staff and systems resources are dedicated to ensuring that risk management information is accurate, timely and relevant to the business.
The Risk Management Framework
HBOS allocates specific roles in the management of risk to executives and senior managers and to the Board and Executive Committees. This is undertaken within an overall framework and strategy established by the Board. The model is based on the concept of ‘three lines of defence’, as shown in the table below.
Divisional management has primary responsibility for identifying and evaluating significant risks to the business and for designing and operating suitable controls. Internal and external risks are assessed, including economic factors, control breakdowns, disruption of information systems, competition and regulatory requirements.
The four Group Executive Risk Committees – Group Credit Risk Committee, Group Market Risk Committee, Group Insurance Risk Committee and Group Operational Risk Committee develop the policies and parameters within which Divisions are required to manage risk. The Committees provide central oversight by reviewing and challenging the work of the Divisions’ own risk committees and considering the application of appropriate risk management techniques.
| 1st Line of Defence | Risk Management |
|
|
| 2nd Line of Defence | Risk Oversight |
|
|
| 3rd Line of Defence | Risk Assurance |
|
|
The specialist Group Risk function, reporting to the Group Risk Director, supports these Committees. Its responsibilities are:
- to recommend Group policies, standards and limits;
- to monitor compliance with those policies, standards and limits;
- to provide leadership in the development and implementation of risk management techniques; and
- to aggregate risks arising in the Divisions and to monitor the overall Group position independently from the Divisions’ own analysis.
Consideration of capital, liquidity and balance sheet management is undertaken on an integrated basis. All capital and funding related activities are the responsibility of the Group Capital Committee, supported by three sub-committees, which focus on the core aspects of overall Group requirements. The Group Capital Committee is chaired by the Group Finance Director and operates under delegated authority from the Board to oversee and manage the Group’s Balance Sheet and Capital in accordance with the Board approved Group Business plan and within regulatory ratios.
In judging the effectiveness of the Group’s controls, the Board reviews the reports of the Audit Committee and management.
Certain responsibilities are delegated to the Audit Committee including ensuring that there is regular review of the adequacy and efficiency of internal control procedures. This role provides independent and objective assurance that there is an appropriate control structure throughout the Group.
The Audit Committee, supported by Divisional Risk Control Committees, obtains assurance about the internal control and risk management environment through regular reports from Group Functions (including Group Risk and Group Finance) and Group Internal Audit. It also considers external auditors’ reports.