Análisis de las cinco fuerzas competitivas de Porter

Risks facing the Group are identified and assessed annually through the Group’s annual Risk Identification Process. Arising out of the Risk Identification Process, the identified risks are aggregated and the key risk types are identified which could have a material impact on the Group’s earnings, capital adequacy and / or on its ability to trade in the future. These key risk types, of which there are currently ten, form the basis on which risk is managed and reported in the Group.

A risk owner is assigned to each key risk category and appropriate policies and / or processes put in place and a formalised measurement and management process defined and implemented.

Business and strategic risk is the volatility of the Group’s projected outcomes (including income, net worth or reputation) associated with damage to the franchise or operational economics of a business and reflected in the income or net worth of the Group. It includes volatilities caused by changes in the competitive environment, new market entrants, new products or failure to develop and execute a strategy or anticipate or mitigate a related risk. Typically business risk is assessed over a one year timeframe and relates to volatilities in earnings caused by changes in the competitive environment, new market entrants and / or the introduction of new products and / or inflexibility in the cost base. Strategic risk generally relates to a longer timeframe and pertains to volatilities in earnings arising from failure to develop or execute an appropriate strategy.

Credit risk is the risk of loss resulting from a counterparty being unable to meet its contractual obligations to the Group in respect of loans or other financial transactions. This risk comprises country risk, default risk, recovery risk, exposure risk, the credit risk in securitisation, cross border (or transfer) risk, concentration risk and settlement risk.

Life insurance risk is the volatility in the amount and timing of claims caused by unexpected changes in mortality, morbidity, persistency and longevity.

• Mortality risk is the risk of deviations in timing and amounts of cash flows due to the incidence of death. • Longevity risk is the risk of such deviations due to increasing life expectancy trends among policyholders

and pensioners, resulting in higher than normal payout ratios.

• Persistency risk is the risk to profitability if policies surrender early as the company will lose the future income streams on these contracts.

• Morbidity risk is the risk of deviations in timing and amount of cash flows (such as claims) due to incidence or non-incidence of disability and sickness.

Liquidity risk is the risk that the Group will experience difficulty in financing its assets and / or meeting its contractual payment obligations as they fall due, or will only be able to do so at substantially above the prevailing market cost of funds.

Market risk is the risk of loss arising from movements in interest rates, foreign exchange rates or other market prices. Market risk arises from the structure of the balance sheet, the Group’s business mix and discretionary risk taking.

Model risk is the risk of loss resulting from the Group’s suite of models (credit, market, liquidity and operational) inaccurately measuring the risk of the Group’s exposures, resulting in the Group mispricing deals, holding insufficient or too much capital (economic and / or regulatory) and being subject to economic, regulatory and / or market censure.

Operational risk is the risk of loss arising from inadequate or failed internal processes, people and systems or from external events.

Pension risk is the risk in the Group’s defined benefit pension schemes that the assets are inadequate or fail to generate returns that are sufficient to meet the schemes’ liabilities. This risk crystallises for the sponsor when a deficit emerges of a size which implies a material probability that the liabilities will not be met. Regulatory risk is the risk of failure to meet new or existing regulatory and / or legislative requirements and deadlines or to embed requirements into processes. It also includes the risk to the Group’s capital, liquidity and profitability from the impact of future legislative and regulatory changes.

Reputation risk is the risk to earnings or franchise value arising from an adverse perception of the Group’s image on the part of customers, suppliers, counterparties, shareholders, investors, staff, legislators or regulators. This risk typically materialises through a loss of business in the areas affected.

In addition to, and separate from, the Group’s Risk Identification Process, a review of the top five risks facing the Group is carried out on a semi-annual basis. This review facilitates a senior management assessment of any new or emerging macro threats to the Group, independent of the risk management and reporting structures that apply to the above ten key risk types. Members of the Group Executive Committee (GEC) and the GRPC identify and rank the top five risks facing the Group for consideration by the CRC and the Court. The following criteria are used to identify and assess the top five risks: • the severity of the risk in terms of materiality and the length of time it would take the Group to recover; • the likelihood of the risk occurring; and

• the impact of the risk, taking mitigants and likelihood into account. Risk measurement

The ten identified key risk types are actively analysed and measured in line with the formalised policies and management processes in place for each risk type.

For credit, market, liquidity, operational and life insurance risk, risk models are used to measure, manage and report on these respective risk types. Risk concentrations, in particular for credit and liquidity / funding risk, could lead to increased volatility in the Group’s expected financial outcomes. Risk limits and diversification, together with regular review processes, are in place to manage such risk concentrations. Additionally, the Group’s calculation of economic capital takes into consideration the extent to which credit concentration risk exists in respect of single name, sector and geography.

At Group level, common measures and approaches for risk aggregation and measurement have also been adopted, in order to inform operational and strategic plans and to steer the business within the boundaries of its risk appetite. These include one-year or multi-year forecasting / stress testing and a capital allocation framework which incorporates economic capital modelling and risk adjusted return analysis.

The Group uses a suite of risk measurement models and systems to support decision-making processes at transaction and portfolio levels, e.g. approving a loan facility to a borrower.

The common measure of return on risk used by the Group is Risk Adjusted Return on Capital (RAROC). RAROC provides a uniform measure of performance that the Group utilises to analyse the economic profitability of businesses with different sources of risk and different capital requirements.

Forecasting and stress testing (including reverse stress testing) are risk management tools used by the Group to inform potential risk outcomes under different scenarios and mitigating actions.

The Group conducts solvency stress tests in order to assess the impacts of adverse scenarios on the Group’s impairment charges on financial assets, deleveraging losses, earnings, capital adequacy, liquidity and financial prospects.

The results of solvency stress tests are used to assess the Group’s resilience to adverse scenarios and to aid the identification of potential areas of vulnerability. The tests are applied to the existing risk exposures of the Group and also consider changing business volumes as envisaged in the Group’s business plans and strategies. Macroeconomic scenarios of different levels of severity are combined with assumptions on volume changes and margin development. Impacts are measured in terms of potential impairment charges on financial assets, earnings, capital adequacy, liquidity and financial prospects. Solvency stress test results are presented to the GRPC, the CRC and the Court.

The Group also performs other scenario analyses and stress tests to measure exposure to liquidity risk, operational risk and market risk to inform management and limit setting of individual risks.

Risk reporting

The key risk types identified under the Group’s risk identification process are assessed and their status is reported quarterly by the CCMRO in the Court Risk Report which is reviewed by the GRPC, the CRC and the Court. The content of the report includes an analysis of and commentary on all key risk types as set out on pages 82 and 83. It also addresses governance and control issues and compliance with risk appetite. In addition, the GRPC and the Court consider monthly formal updates on all key risk types.

The reports also provide data on the external economic environment and management’s view of the implications of this environment on the Group’s risk profile. The Court Risk Report forms the top of a reporting hierarchy with more detailed risk information being considered by divisional level management. The CRC also receives risk information through its review of the GRPC minutes and through investigations carried out into specific risk matters.

3 Management of key Group risks