![Skip to main content [Access key C]](../../../../siteware/shim.gif){kind=small}
Risk
Risk appetite
The Group's risk profile is assessed regularly against the Board-approved risk appetite, and reviewed by the relevant executives and Group risk committees.Risk appetites and limits are established following due consideration of:
- The nature of current risk exposures in Group companies
- Gross exposures and concentrations of risk across the Group
- The Group's overall corporate strategy.
Risk Committees
Following a review of the risk management governance structure, the Group Chief Executive established the Enterprise Risk Management committee (ERMC) and two Forums in October 2007 which superseded the structure previously in place. These bodies provide support in the management of risks across the Group and oversee compliance with the Group's ERM Framework. The establishment of the ERMC represents a strengthening of the risk culture of the Group. The committee is constituted from the senior executives of the Group and chaired by the Group Finance Director.Prior to the establishment of the ERMC, there were two Group risk oversight committees, the Group Asset and Liability committee and Group Operational Risk committee. Their duties included ensuring that the financial risks (market, credit, liquidity and insurance risk) and operational risks inherent in the Group's activities were identified and managed in accordance with the risk appetite and limits approved by the Board.
Structure and organisation of the risk management function
The Group Chief Executive has allocated responsibilities for the management of risk to the Chief Risk Officer and Group Actuary, including reporting to the Board in relation to setting and controlling risk exposure. The Chief Risk Officer and Group Actuary reports directly to the Group Finance Director.The Group Risk Management function supports the Chief Risk Officer and Group Actuary in his day-to-day activities, including guiding senior management on the formulation of risk governance structures, developing and implementing enterprise risk management processes and systems, providing ongoing challenge and quality assurance of risk management processes and providing management with relevant information to inform and challenge business decisions. Each principal Group company has its own risk function, forming part of the 'second line of defence'. Group Risk Management liaises with these risk functions in relation to their risk management tools, analysis and management information.
Risk categorisation
The Group has classified the risks it is exposed to as insurance, market, credit, liquidity, and operational risk. Group policies have been defined for each category defining how to identify, assess, monitor and control these risks with reporting requirements for each. These policies are published internally and compliance with them is reported on a quarterly basis. This in turn forms an integral part of the risk and control reporting to the ERMC. Further detail on these risk categories can be found in the Risk Management section of the Business review.Risk control process
The objective of the Group's ERMF is to identify, assess, control and monitor potential events that may affect the interests of the Group's stakeholders.| Identify | Identify major sources of risk which may affest the Group's key stakeholders. |
| Assess | Assess exposures to each major source of risk, using qualitative and quantitative techniques as appropriate. |
| Control | Establish a defined response to risk. This may include one or more of the following - avoiding, accepting, reducing or transferring the risk exposure. |
| Monitor | Monitor exposure to each major source of risk, and report. |
