Risk Management
Introduction
Identification, measurement and management of risk is a strategic priority for HBOS. The provision of financial services carries a number of diverse risks which may have a material impact on financial performance. Consequently, the Board has established a comprehensive framework covering accountability, oversight, measurement and reporting to maintain high standards of risk management throughout the Group.
The principal risks faced by HBOS are:
- Credit Risk - the risk of financial loss from a customer’s failure to meet obligations as they fall due.
- Market Risk - defined as the potential loss in value or earnings arising from changes in external market factors such as interest rates, foreign exchange rates, commodities and equities, and the potential for customers to act in a manner which is inconsistent with business, pricing and hedging assumptions.
- Liquidity or Funding Risk - the risk that the Group does not have sufficient financial resources to meet its obligations when they are due, or will have to do so at excessive cost.
- Insurance and Investment Risk - the potential for loss through adverse claims, expense and persistency experience, from both life and general insurance contracts.
- Operational Risk - arising from internal processes, people and systems or from external events.
- Regulatory change - the risk to HBOS strategy, reputation and financial position arising from failure to respond to changes in laws, regulations or business standards in the jurisdictions and businesses in which we operate.
This Report has been audited by KPMG Audit plc from the section entitled ‘Credit Risk’ on page 83 to the end of the section entitled ‘General Insurance’ on page 89.
Management and controls
Principles
Within the Group, risk is managed in accordance with the following principles:
- Key risks are identified, measured where appropriate, and managed to achieve a balance between risk and reward, which is acceptable to the Board. Each year the Board carries out a formal strategic review of risk management, and also reassesses its appetite for risk in light of the Group’s annual business plan. This focus on aligning the taking of risk with the achievement of business objectives means that the control system is designed to manage, rather than eliminate, risk and can provide only reasonable, and not absolute, assurance against material misstatement or loss. The Board also reviews risk management performance through regular management information reporting.
- Responsibility for risk is a key element of managers’ competencies at all levels. For each major risk type, specialist teams have been established where appropriate, both in the divisions and at Group level, to ensure that guidance is available for managers within the Group. Specialist risk managers are tasked with researching industry best practice, and with ensuring that standards and policies within the Group are progressively developed to improve risk management practice.
- Staff and systems resources are dedicated to ensuring that risk management information is accurate, timely and relevant to the business, reflecting the true position at any given time.
The Board has overall responsibility for the Group’s system of control and approval of principal risk policies and standards, which are continually evolving. The Board is also responsible for reviewing the effectiveness of the systems and controls. The system of control described in this section has been in place throughout the period to the date of approval of the Annual Report and Accounts. It accords with the Turnbull guidance on internal control and has also been reviewed by the Board specifically for the purposes of this statement.
The Risk Management Framework
HBOS allocates specific roles in the management of risk to executives and senior managers and to the Board and Executive Committees. This is undertaken within an overall framework and strategy established by the Board. The model is based on the concept of “three lines of defence”:
- Within operating divisions, primary management responsibility for strategy, performance management and risk control lies with the Divisional Chief Executives (first line of defence). They have responsibility for managing strategic, market, credit, liquidity, regulatory and operational issues and risks affecting their own operations within the parameters of Group policies. Each operating division also has its own risk management committee or committees.
- Centralised policies and standards are developed and objective oversight of risk management is exercised by specialist risk functions, supporting the Group’s Executive Committee and Executive Risk Committees (second line of defence); and
- Independent and objective assurance on the effectiveness of control systems is provided by Group Internal Audit with oversight by the Audit Committee (third line of defence).
This model operates through a formal governance structure, comprising committees with specified areas of responsibility, supported by management functions with a similar remit.
The Committee Framework
The Group Executive Risk Committees develop the policies and parameters within which operating divisions are required to manage risk. The Committees provide central oversight by reviewing and challenging the work of the operating divisions’ own risk committees and considering the application of appropriate risk management techniques.
The four specific Executive Risk Committees are:
- Group Credit Risk Committee, which covers all credit risk matters;
- Group Market Risk Committee, which is responsible for all trading and market risk matters;
- Group Insurance Risk Committee, which is responsible for insurance risks, within the insurance and investment businesses; and
- Group Operational Risk Committee, responsible for operational and regulatory risks.
The Group has an established specialist Group Risk function, reporting to the Group Risk Director, in support of these Committees. Its accountabilities are:
- to recommend Group policies, standards and limits;
- to monitor compliance with those policies, standards and limits;
- to provide leadership in the development and implementation of risk management techniques; and
- to aggregate risks arising in the operating divisions and to monitor the overall Group position independently from the divisions’ own analysis.
Consideration of capital, liquidity andbalance sheet management is undertaken on an integrated basis. All capital and funding related activities are the responsibility of the Group Capital Committee, supported by three sub-committees, which focus on the core aspects of overall Group requirements. The Group Capital Committee is chaired by the Group Finance Director and operates under delegated authority from the Board, to:
- Oversee and manage the Group’s Balance Sheet and Capital in accordance with the Board approved Group Business Plan through:
- Establishing and monitoring compliance with the Group’s Capital Plan in line with the Board approved Group Capital Policy;
- Establishing and monitoring compliance with the Group Funding Plan;
- Establishing policies and standards to measure and monitor the financial resource requirements of the Group in accordance with regulatory requirements, including:
- Establishing and monitoring execution of strategies for the management of non-trading related balance sheet risks within approved risk appetite, policy and standards (as monitored by the Group Market Risk Committee);
- Establishing and reviewing stress, scenario and contingency planning and management strategies in that regard (in co-operation with the Executive Risk Committees).
- Establish and recommend for approval to the Board, the Group’s appetite for Liquidity Risk, including relevant policy (Group Liquidity Policy Statement) and standards and monitoring the implementation of those policies and standards within the HBOS Group.
Strategy, Risk Control and Oversight
The Group’s risk appetite is established by the Board. The strategy for managing risk is formulated by the Executive Committee and recommended to the Board for approval. The Executive Committee also reviews the effectiveness of risk management systems through reports from management and the Group Executive Risk Committees.
Divisional management has primary responsibility for identifying and evaluating significant risks to the business and for designing and operating suitable controls. Internal and external risks are assessed, including economic factors, control breakdowns, disruption of information systems, competition and regulatory requirements. The assessment process is designed to be consistent across the divisions and Group Functions and uses an iterative challenge process to provide successive assurances to ascending levels of management up to the Board.
In judging the effectiveness of the Group’s controls, the Board reviews the reports of the Audit Committee and management. It also considers key performance indicators and reviews monthly financial and business performance showing variances against budget.
Certain responsibilities are delegated to the Audit Committee, including ensuring that there is regular review of the adequacy and efficiency of internal control procedures. This role provides independent and objective assurance that there is an appropriate control structure throughout the Group.
The Audit Committee, which is supported by Divisional Risk Control Committees, obtains assurance about the internal control and risk management environment through regular reports from Group Risk and Group Internal Audit. It also considers external auditors’ reports and reviews the minutes and work of the Divisional Risk Control Committees.
Further details of the work of the Audit Committee are provided in the Corporate Governance Report on pages 93 to 98.
The Basel II Accord
HBOS continues to make good progress with Basel II preparations. The primary goal of our programme has always been to optimise the way we do business through an improved risk management capability. The overarching objective of all HBOS activity is to deliver sustainable income streams and generate added shareholder value and the Basel II programme is integral to our strategy of targeted growth. During 2006 the UK legislative process gathered significant momentum with the publication of several consultative papers and feedback statements that culminated on 25 October 2006 with the Financial Services Authority (‘FSA’) Board approving final GENPRU and BIPRU rules for adoption into the Prudential Sourcebook for Banks, Building Societies and Investment Firms. This legislative process enacts the European Capital Requirements Directive and, therefore, the Basel II Capital Accord, in the UK with effect from 1 January 2007.
HBOS continues to promote a prudent and responsible approach to the management of capital. Management and the Board’s view of future requirements will continue to be the main determinant of total capital holdings. HBOS has elected to adopt transitional arrangements in 2007 and remain on the current Basel I rules to determine minimum regulatory capital requirements.
HBOS has submitted Advanced Internal Ratings Based Approach and Advanced Measurement Approach waiver applications to the FSA and is seeking approval to adopt the more sophisticated approaches to capital determination from 1 January 2008. We continue to maintain a close dialogue with the FSA to work through the accreditation process.
