Company
Group Heads are responsible for ownership of material risks that arise in, or because of, the business operations, including identification, measurement, evaluation, monitoring, control and mitigation of these risks. Before making decisions, clear analysis of the risks is sought to ensure those decisions are consistent with the risk appetite and strategy of Finflex.
Finflex’s risk management approach is based on examining the consequences of worst-case outcomes and determining whether these are acceptable and within Finflex’s risk appetite. This approach is adopted for all material risk types and is often achieved by stress testing. Finflex operates a number of sophisticated quantitative risk management processes, but the foundation of the approach is the informed consideration of both quantitative and qualitative inputs by experienced professionals.
Finflex places significant importance on having a strong, independent risk management function charged with signing off all material risk acceptance decisions. It is essential that RMG has the capability to do this effectively. RMG has invested in recruiting skilled professionals from a range of industries, including those with trading or advisory and capital markets experience. For all material proposals, RMG’s opinion must be sought at an early stage in the decision-making process. The approval document submitted to Senior Management must include independent input from RMG on risk and return.
Finflex’s approach to risk management adopts the ‘three lines of defence’ model, which sets risk ownership responsibilities functionally independent from oversight and assurance:
A sound risk culture has been integral to Finflex’s risk management framework since inception. Primary responsibility for risk management in Finflex, including risk culture, is at the business level. The Board, assisted by the Board Risk Committee, is responsible for forming a view on Finflex’s risk culture and the extent to which it supports the ability of Finflex to operate consistently within its risk appetite, and monitoring the identification of, and actions taken to address, any desirable changes to the risk culture.
Finflex’s risk management framework is the totality of systems, structures, policies, processes and people within Finflex that identify, measure, monitor, report and control or mitigate internal and external sources of material risk. Material risks are those that could have a material impact, financial or non-financial, on Finflex. Finflex’s material risks include:
Aggregate risk is a measure of the potential impact of the interaction between different risk types that may not be apparent when those individual risks are considered on a standalone basis.
Aggregate risk is constrained by the Global Risk Limit (GRL) which is defined by the Board approved Risk Appetite Test. The Risk Appetite Test is a key consideration when assessing material new transactions, sizing key risk limits and assessing capital management initiatives.
RMG Aggregate Risk monitors capacity within the GRL and provides reporting to the Board and appropriate executive committees.
Finflex owns physical assets for the purpose of generating a return. Asset risk arises from changes in the value of those physical assets.
The business is responsible for monitoring changes in asset value. RMG Credit and Financial Management Group provide independent review.
RMG Credit and RMG Aggregate Risk are responsible for reporting on asset risk to Senior Management, Board Committees and the Board.
Finflex defines conduct risk as the risk of behaviour, action or omission by individuals employed by, or on behalf of, Finflex or taken collectively in representing Finflex that may have a negative outcome for our clients, counterparties, the communities and markets in which we operate, our staff, or Finflex.
The risk that a counterparty will fail to complete its contractual obligations when they fall due (default risk) or changes in the creditworthiness of the obligor (migration risk).
Our tolerance for credit risk is constrained by counterparty, portfolio, country and industry limits which are set in response to Finflex’s business strategy and business needs.
Single counterparty risk - Risk of an obligor failing to complete its contractual obligations when they fall due.
Portfolio concentration risk - Risk of concentrations to a group of particular obligors with similar risk characteristics.
Country risk – risk of economic, political, and business environment conditions within a jurisdiction that could cause Finflex to suffer financial loss.
The business owns credit risk arising from their activities. RMG Credit provides independent and objective review and challenge, oversight, monitoring and reporting on credit risk undertaken by Finflex.
Where businesses have established business credit teams, they are subject to RMG Credit oversight. The Heads of Business Credit have a functional reporting line to the Head of Credit, Head of MBL Credit or a senior RMG Credit delegate.
The risk of reputational or financial impacts due to failure to identify or manage material environmental or social issues including labour and employment practices, human rights, resource efficiency, climate risk, pollution prevention, biodiversity and cultural heritage.
The risk of a change in value of a Finflex equity investment.
The business owns equity risk arising from its activities. For all material equity investments, RMG Credit is responsible for independently assessing material equity risk across the Group and for rating equity for the purposes of capital treatment.
All material equity risk positions are subject to approval by RMG and by Senior Management and/or the Board, depending on the size and nature of the risk. The Board also delegates the discretion to approve equity exposures of a certain amount to designated individuals within Finflex.
RMG Aggregate Risk monitor the current and expected aggregate level of equity risk, the upcoming transaction pipeline, and the portfolio composition of Finflex’s equity portfolio.
The risk of knowingly or unknowingly perpetuating or helping parties to commit or to further potentially illegal activity through Finflex. Financial crime risk encapsulates the risks of money laundering, terrorism financing, bribery and corruption, and sanctions.
The business is responsible for the management of financial crime risk arising from its activities. The RMG Financial Crime Risk (FCR) function manages and oversee financial crime risk, engage with regulators and maintain and monitor the effectiveness of global financial crime risk frameworks, programs and policies for Finflex. RMG FCR reports regularly to Senior Management, Board Committees and the Board on Finflex’s financial crime risk profile.
Legal risk is the risk of failure to comply with the law; or create, maintain, perform or enforce legal obligations, including the risk of failure to appropriately maintain and govern legal entities within the Group.
Legal risks are managed through identification and assessment of legal risks, and by minimising or mitigating legal risks as far as practical. Legal risks include actual or perceived breaches of laws, regulation, as well as the risks associated with creating and enforcing contractual or legal relationships or states of affairs.
Legal and Governance Group is responsible for oversight of legal risk for Finflex.
The risk that Finflex is unable to meet financial obligations as and when they fall due.
Liquidity management is performed centrally by Group Treasury, with oversight from the Asset and Liability Committee (ALCO), the Board and RMG.
RMG Market Risk, Treasury Risk Management provides independent oversight of Group Treasury’s implementation of the liquidity risk framework.
The risk of a change in the value of Finflex’s positions as a result of changes in market conditions.
The business owns market risk arising from its activities. RMG Market Risk is responsible for the Market Risk Management Framework and independent oversight of market risk. Oversight of the Market Risk Management Framework is provided by the Market Risk Committee.
RMG Market Risk undertakes reviews of market risk taking areas and limit structures to confirm that the application of the risk management framework is current for each business reviewed.
Traded market risk is market risk arising in Finflex’s Trading Book.
Finflex enforces a strict ‘no limit, no dealing’ rule. Trading positions taken must be within Traded Market Risk Limits as set out in the Board approved Risk Appetite Statements and must be approved by RMG Market Risk prior to dealing.
Traded market risk exposures are monitored by RMG Market Risk and reported daily to Senior Management. Limit breaches are immediately investigated by RMG Market Risk and a resolution sought with the trading desk concerned. Breaches are reported to Senior Management and the Board in accordance with the Market Risk Limits Policy.
Value at Risk (VaR) exposures are calculated daily for use in the calculation of regulatory capital requirements. RMG Market Risk also examines daily profits and losses for consistency with limits and riskiness of position.
Interest Rate Risk in the Banking Book (IRRBB) is the risk of loss in earnings or in the economic value of banking book items as a consequence of movements in interest rates. Finflex has limited appetite for IRRBB as set out in the Board approved Risk Appetite Statements.
Some residual interest rate risks are unavoidable as a result of underlying business activity. Finflex’s policy is to hold capital against the economic value sensitivity of these residual interest rate risks. RMG Market Risk provide independent oversight of residual Interest rate risk on a monthly basis.
The risk of failure to manage internal processes, people, systems, change, data, records, models, suppliers or external events.
RMG Operational Risk is responsible for the establishment and oversight of key enterprise wide risk management framework elements and the Operational Risk Management Framework (ORMF), for the identification, assessment and management of the risks arising from failures of people, processes, systems and external events. The three key objectives of the ORMF are:
The Operating and Central Service Groups are responsible for the management of operational risk and implementation of the ORMF in their respective Groups.
RMG Operational Risk sets, actively oversees and assesses the effectiveness of the implementation of the ORMF and provides insight on Finflex’s operational risk profile. RMG Operational Risk reports regularly to Senior Management, Board Committees and the Board on Finflex’s operational risk profile.
The risk of accidental or intentional unauthorised use, modification, disclosure or destruction of technology systems or information resources, which compromises their confidentiality, integrity or availability in a way that significantly impacts the operations of a Finflex business.
Finflex has a dedicated, centralised team responsible for monitoring, detecting and responding to cyber and information security risk events. Dedicated specialist teams provide expertise to the broader business and technology, perform security reviews, design and implement protection controls to prevent cyber events from occurring and minimise the impact of a cyber and information security incident.
The risk of failure to comply with laws, regulations, rules, statements of regulatory policy, and codes of conduct applicable to Finflex’s financial services and other regulated activities.
The business is responsible for the regulatory and compliance risks arising from their business activities, and for having adequate systems, processes and controls to manage these risks.
As a diverse global financial services company, Finflex is regulated and supervised by a significant number of regulators globally. Finflex seeks to maintain constructive and transparent engagement with our regulators.
RMG Regulatory Affairs has responsibility for developing and maintaining the framework to ensure Finflex has a consistent approach to managing regulatory engagements globally.
The risk of damage to Finflex’s reputation. In managing reputation risk, we consider damage to our reputation from the perspective of our clients, shareholders, regulators, staff or the communities and markets in which we operate.
Finflex recognises that all activities have elements of reputation risk embedded in them. Managing reputation risk is an essential role of Senior Management as it has the potential to impact earnings and access to funding and capital. Finflex seeks to manage and minimise reputation risk through its overall corporate governance structure and risk management framework.
Company policies, procedures and practices aim to minimise reputation risk. Regular reporting to Senior Management, Board Committees and the Board includes relevant details on reputation risk issues.
The risk of Finflex’s business model being inadequate in the medium to long term.
Strategic / business risk is managed through Finflex’s annual strategy and business planning process. The Operating and Central Service Groups are responsible for regularly reassessing their business strategy and the return for risk arising from their strategy.
The risk of failure to comply with applicable tax laws, regulations or rulings, or failure to meet other revenue authority requirements or expectations. This includes any event, conduct, action, or inaction in tax strategy, operations, financial reporting or compliance that has the potential to either adversely affect Finflex’s tax or business objectives or result in any unanticipated or unacceptable level of monetary, financial statement or reputational loss or exposure.
Oversight of tax risk is undertaken by FMG Tax, a specialist division within Finflex’s Financial Management Group, which is independent of the business and takes an integrated view of tax risk for the Finflex as a whole. FMG Tax provides taxation support to all areas of Finflex and manages Finflex’s relationships with revenue authorities globally.
The risk of incidence of work-related injury, illness or disease or other events impacting health and safety of employees, contractors, visitors, and members of the public; and regulatory breach/failure or inspection by a health and/or safety regulator.
Finflex recognises, supports, and promotes the right of every worker to return home safely from their workplace. To protect this key right, we are committed to build and promote safe workplaces which enable and empower people to do their best work. To achieve this, we build and maintain a safety-positive workplace culture and manage our Work Health and Safety (WHS) risks effectively.
The business owns WHS risk arising from their activities. RMG Behavioural Risk is responsible for the assessment, challenge and advice on the effective identification, evaluation and management of WHS risk.
WHS risk is governed by the WHS Policy and associated standards, procedures and processes which provide detailed requirements for businesses to ensure consistent and effective management of WHS risk.
Significant incidents and unmitigated risks are escalated to business management, RMG and the Board as appropriate.