At its most fundamental level, risk management at Alexander Forbes is about protecting our ability to create value, and ensuring we preserve that value for our stakeholders. In doing so, we pursue opportunities while minimising potential negative consequences. Sound risk management is therefore an important enabler of our strategic intent, enhancing our ability to perform against our stated objectives.
The board of directors holds ultimate accountability for risk management; however senior management is responsible for developing and implementing risk strategy. This includes acting as the custodian of policies and procedures for risk mitigation, and ensuring compliance. The individuals heading various business units, lines or subsidiaries are held accountable for the risks they take.
Risk management is built into decision-making structures and processes at both the operational and top management levels. Independent parties (those who do not approve or take risk) review decisions around risk mitigation strategies within the constraints of the group’s risk appetite measures. These reviews include stress tests to key variables and systemic shocks. Contingency plans are in place for unexpected or worst-case scenarios.
The group manages risk along three lines of defence:
During the year under review, Alexander Forbes adopted a more defined risk management strategy including enhanced definitions of key risk indicators.
Furthermore, we refined our governance structures during the year, streamlining board and audit committee meetings as well as the information that informs them. The reports circulated to the board audit committee have been slimmed to approximately ten pages, highlighting only the most material issues and ensuring these are given the full attention of committee members.
During the year, the Financial Services Board (FSB) published board notice (BN) 158. The notice specifies certain governance arrangements related to risk management with requirements effective from 1 October 2015. As a result, a significant point of focus for the year was ensuring compliance by adjusting our policies and procedures while ensuring we do not compromise our existing risk management philosophy. Fortunately, these changes were relatively minor because we had anticipated and aligned with the recommendations in advance of BN 158’s introduction.
Alexander Forbes’s risk appetite – the amount of risk we are willing to accept in pursuit of our objectives – defines parameters within which we can operate. Our risk appetite therefore serves a valuable reference point for important business decisions and setting strategies.
Our risk appetite has been broadly defined around four key risk measures, with thresholds and metrics agreed at a group level:
During the year, these measures remained unchanged from previous years. However, we migrated to a new risk management system in order to improve the way the group tracks and reports on risk. The new system tracks a newly defined set of key risk indicators, flagging any material deviations and enabling us to identify and mitigate emerging risks more timeously. It also enables greater flexibility in setting tolerance thresholds according to changing circumstances and objectives.
During the year, the group and its insurance subsidiaries completed and submitted the mock ORSA as required by the FSB under SAM. The ORSA is defined as the processes and procedures employed to identify, assess, monitor, manage and report on the short- and long-term risks that the group is exposed to or may be exposed to and a determination of the adequacy of capital funding to ensure that the overall solvency and funding needs are met at all times. The ORSA also provides a correlation between regulatory capital and economic capital.
The ORSA report included detailed commentary on the risk profile for group, the stress and scenario test results, capital projections, as well as commentary on the risk management system and strategy. Mock ORSA reports were produced for the Alexander Forbes Group, Investment Solutions, Alexander Forbes Insurance and Alexander Forbes Life.
The executive management, board sub-committees and boards at both group and subsidiary level were integral to the ORSA process and exercised robust reviews and challenged results which culminated in the final sign-off of the reports submitted to the FSB.
Alexander Forbes identifies and classifies its key risks according to a three-level taxonomy system. Key risks are identified and ranked by our group risk division in terms of our risk management strategy and in consultation with subsidiary and group management. The table overleaf summarises the actions undertaken during the year to mitigate our level one risks.
Level one risk |
Actions taken during 2016 |
Plans for 2017 |
Business risk The risk that the company will generate inadequate profits |
|
|
Credit risk (incorporating liquidity risk) The risk that a supplier, while solvent on a balance sheet basis, either does not have the resources to meet its obligations or can secure these only at excessive cost |
|
|
Market risk Loss due to factors affecting the overall performance of financial markets |
|
|
Underwriting risk Loss on underwriting activity, whether from factors within or beyond our control |
|
|
Strategic risk Loss arising from the pursuit of an unsuccessful business plan |
|
|
Operational risk (incorporating regulatory risk) The risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events which gives rise to errors and omissions. |
|
|
These key risks, actions and plans were interrogated, approved and monitored by the group audit committee.
Risks are continuously shifting and we must therefore remain vigilant to make sure we identify and mitigate emerging risks before they hinder our ability to meet our objectives. In 2016, cyber security was identified as the most significant emerging risk. As the group and its clients adopt an increasingly digitised approach to conducting business, this can result in exposure to malicious attacks. Fortunately, we have adopted robust preventative protections and, as a result, have not been significantly impacted by the risk.
Our top-ten level two risks for the year under review are mapped on the heat map below, illustrating the likelihood of their occurrence, the potential impact to the business and their time frame (short, medium and long term).