The main purpose of the Risk Committee is to assist the Board in ensuring that management has an effective risk management process that identifies and monitors the key risks facing the Group in an integrated and timely manner. Together with the Company’s Risk Manager the Committee reviews any and all risks that could have a significant impact on the Company’s business.
The Committee comprises two independent Non-executive Directors and one Executive Director.
The Risk Committee exists only at the AHL level as this is where the management of risks is required for the operating activities of the Group. Any significant risks identified by the AHL Risk Committee are escalated to the Audit Committee.
Four meetings were held in the year under review.
The duties of the Risk Committee are to:
review the risk management reports with regards to the adequacy and overall effectiveness of the Company’s risk management function and its implementation by management. Review risk in its widest sense, including, but not limited to: technology risk; disaster recovery plan; operational risk; prudential risk; reputational risk; competitive risk; legal risk; compliance and control risk; concentration of risk across a portfolio’s dimensions and asset valuation risk;
review adequacy of insurance cover;
review risk identification and measurement methodologies;
monitor processes and procedures to deal with and review the disclosure of information to clients;
formulate criteria for the appointment of a Risk Manager and terms of reference/Charter for the risk management functions; and
monitor processes and procedures to deal with and review the disclosure of information to clients.
The Group applies the “three lines of defence” governance model as its key principle of risk management. This model is designed to promote risk ownership, transparency, accountability and consistency within the risk governance process through the clear identification and segregation of roles.
A staged approach is used for risk management at the operating company level. This allows time for the new practices introduced at each stage to become embedded in the business, providing a solid foundation on which to build.
A strategic risk assessment was conducted during the reporting period with the following outcomes:
Revised risk register: The risk universe was reviewed and key risks identified and rerated.
Risk taxonomy: A draft risk categorisation document has been defined to standardise the risk universe.
Risk roadmap: A review of current and proposed risk management practices, including the different stages of risk management capability.