Corporate governance

Managing Risk

We put risk management at the centre of our decision-making, assessing all the risks facing our business.

We believe that our agile approach to assessing both short and long-term risk makes us a more resilient business and puts us in a stronger position to embrace opportunities, deliver continued success and therefore to enhance shareholder value.

Risk appetite

We take the view that risk can be a source of financial outperformance, and is not only a potentially negative influence on the business.

Our Board is responsible for deciding the level and type of risk that we are willing to take and ensuring that it remains in line with our strategy.

We identify and actively monitor the full range of financial and non-financial risks, and other longer term threats or challenges potentially facing the business. By regularly reviewing our risk appetite against this, we ensure that our risk exposure is well-matched to the cycle.

Governance

Our Board has overall responsibility for risk.

To do this effectively, it assesses the principal risks every year, looking at those that may threaten our business model, future performance, solvency or liquidity, as well as our strategic objectives.

We have a risk management and internal audit function which reports to the Audit Committee and works under the day-to-day supervision of the Director of Risk Management and Internal Audit. The Committee, in consultation with management, agrees an annual plan of activity which is aligned to the needs of the business.

Risk management framework

We have an established risk management and control framework that enables us to identify, evaluate and manage our principal risks. This is supported by a strong risk management culture among our employees.

Our approach is not intended to eliminate risk entirely but to provide a structure through which we’re risk aware and able to respond effectively and appropriately to create value for our shareholders.

We manage risk by operating a 'three lines of defence' risk and control model:

Risk management framework

Whistleblowing

We have a specific policy and process that allow employees to report concerns about suspected impropriety or wrongdoing in confidence and anonymously. These include an independent third-party reporting facility, which can be contacted online or through a telephone hotline.