Our approach to risk management
Co-operative Financial Services (CFS) operates in regulated markets and is subject to significant regulation. Whilst not a regulated entity itself, a number of the companies within CFS and their subsidiaries are authorised and regulated by the Financial Services Authority (FSA). Regulatory intervention is an ongoing feature of UK financial services and changes could affect the profitability of our business.
The Bank, CIS and CISGIL Boards are responsible for approving entity strategy, their principal markets and the level of acceptable risks articulated through their respective statements of risk appetite.
The Boards are also responsible for overall corporate governance, which includes ensuring that there are adequate systems of risk management and that the level of capital held in each entity is consistent with the risk profile of the respective business.
Board committees and senior management committees oversee and challenge the risk management process, identifying the key risks facing each business and assessing the effectiveness of planned management actions.
1. Market risk
Market risk is managed separately in respect of CIS, CISGIL and Bank entities. CIS and CISGIL market risk arises from the mismatching of assets and liabilities. CIS with profits policyholders have an expectation that a proportion of their savings will be invested in equities and property to maximise returns and provide some protection of their savings against future inflation. However, with profits policies have traditionally also included a minimum guaranteed benefit to provide a minimum return to the policyholder, which requires investment in a substantial proportion of fixed interest securities. These conflicting investment objectives inevitably lead to a degree of mismatching of assets and liabilities, and, as a result, market risk is a major potential risk to the solvency of the long term business fund.
There is no longer any equity exposure in the CISGIL fund, which comprises mainly short dated bonds and gilts, and this has reduced the extent of market risk faced by the General Insurance business. However, there remains the risk that interest rates increase unexpectedly with an adverse impact on the market value of assets available to meet General Insurance liabilities.
Bank market risk arises from the effect of changes in market prices of financial instruments, on income derived from the structure of the balance sheet, execution of customer and inter bank business and proprietary trading. The majority of the risk arises from changes in interest rates as the Bank does not trade in complex financial derivatives or commodities and has minimal exposure to foreign exchange movements.
2. Credit risk
Credit risk arises from exposure to the risk of loss if a counterparty fails to perform its financial obligations to CFS. For CIS and CISGIL, this includes issuers of corporate bonds, counterparties to financial transactions and reinsurers.
For the Bank, this could arise out of exposure to individuals, corporates, financial institutions and sovereigns. Reasons for Bank counterparty default include general economic or sector specific downturns and structural changes such as increased personal indebtedness.
As credit risk is the most significant risk to the Bank we ensure that there are robust systems, controls, strategies and procedures in order to mitigate the impact of this risk. These mitigants are operated within a wide ranging governance framework that ensures adequate oversight and control of the risks involved.
3. Insurance and business risk
Insurance risk refers to fluctuations in the timing, frequency and severity of insured events relative to the expectations of the firm at the time of underwriting. The principal risk that CISGIL faces under its insurance contracts is that the actual claims and benefit payments exceed the carrying amount of the insurance liabilities.
In CIS, a significant potential risk is of increases in the cost of annuities in payment, the guaranteed benefits under deferred annuity contracts and Guaranteed Annuity Options (GAOs) costs on personal pensions arising from further improvements to pensioner longevity above those assumed in provisioning.
In CIS there is a persistency risk, where more policies than expected reach their investment guarantee dates resulting in an increase in the expected costs of guarantees. In particular, there is a risk that more personal pension policyholders reach their normal retirement date which is the date on which GAOs become available. There is also the risk that profits from non profit business fail to materialise as a result of more policies lapsing than expected.
Expense risk also exists in CIS. Although most of the long term business expenses can be charged directly to policyholders, there is a financial effect from higher expense charges to asset shares leading to a reduction in asset shares and so an increase in the cost of providing guaranteed benefits. In addition, for products written on fixed terms or on a fixed charge basis, such as non profit business and stakeholder pensions, higher expenses will result in reduced profitability. In CISGIL, insurance risk is made up of risks that arise in respect of claims that have already occurred and for which reserves are already held (reserving risk) and of claims that are yet to occur (underwriting risk).
The key insurance risks to CISGIL are the risk that there is a natural catastrophe which is significantly above the limit of the reinsurance programme on the property account, and the risk that motor bodily injury claims are materially worse than expected.
Business risk arises from changes to the Bank business, specifically the risk of not being able to carry out the Bank’s business plan and desired strategy, including the ability to provide suitable products and services to customers. In a narrow sense, business risk is the risk that the Bank suffers losses because income falls or is volatile relative to the fixed cost base. However, in a broader sense it is the Bank’s exposure to a wide range of macro economic, geopolitical, industry, regulatory and other external risks.
4. Pension scheme risk
The combined entity is exposed to two distinct areas of pension risk:
• PACE – CFSMS and Bank are participating members of The Co-operative Group Pension (Average Career Earnings) – defined benefit scheme; and • Britannia Pension Scheme – defined benefit and contribution sections, (defined benefit closed to new members since 2001).
The Bank and CFSMS currently participate in PACE in respect of pre 1 August 2009 employees. Following its merger with CFS, Britannia’s Pension Scheme passed initially to the Bank and then immediately afterwards on to CFSMS. CFSMS is the current principal employer and will therefore have to account for it on a defined benefit basis. As such the Britannia scheme is funded within CFS Management Services (CFSMS), with the Bank required to meet contributions. As an interim measure from the date of merger, new employees to the CFS business are eligible to join the defined contribution section of the Britannia Pension Scheme. The Co-operative Group, alongside the scheme trustees, are responsible for the risk management arrangements for PACE, agreeing suitable contribution rates, investment strategies, etc., taking professional advice as appropriate.
CFSMS and Bank, alongside the scheme trustees, are responsible for the risk management arrangements for the Britannia Pension Scheme, agreeing suitable contribution rates, investment strategies etc., taking professional advice as appropriate.
The CFS entities are therefore exposed to potential future increases in required contributions.
5. Operational risk and business continuity
Operational risk is defined within CFS as the risk of loss resulting from inadequate or failed internal processes, people and systems, or external events. This encompasses the effectiveness of risk management techniques and controls to minimise these losses within risk appetite.
Examples of such include internal and external fraud, loss or theft of confidential customer information, loss of key personnel, system capacity issues or programme failure, process failures affecting payment settlement and external events over which CFS has limited controls such as terrorist attack, floods and contagious disease. Operational risks are identified, managed and mitigated through ongoing risk management practices including risk assessments; formal control procedures; training; segregation of duties; delegated authorities; and business continuity planning. Operational risks are formally reviewed on a regular basis. Significant operational risks are regularly reported to executive directors, a management operational risk committee, the Audit and Regulatory Compliance Committee (a formal Board sub- committee) and the Board itself. These meet regularly to monitor the suitability of the risk management framework and management of significant risks within CFS. Capital requirements in relation to operational risk are monitored by the Risk Management Committee.
Business continuity is managed from within the Operational Risk team and sets out to take appropriate steps to minimise the risk of disruption in the event of a sudden, unplanned occurrence that could seriously disrupt customer service, or pose a risk to employees, business operations and/or reputation. This includes developing and exercising Crisis and Incident Management teams to maintain appropriate preparedness in the event of a major operational disruption. 2010 has seen a continued focus on developing our capability to respond to threats including swine flu, severe weather planning and a sustained focus on liquidity planning. CFS also has a corporate insurance programme to transfer specific risks to insurers as part of its risk management approach.
A particular development in 2010 has been the articulation of appetite for individual categories of operational risks, this will be developed further in 2011.
6. Change management risk
CFS has a major transition programme to replace core systems and provide an integrated financial service to our customers. These projects and programmes involve change to processes, systems and people within defined costs and timescales to deliver pre determined benefits. Projects therefore inherently carry some degree of risk:
• failure to deliver the expected changes to time/cost or quality;
• failure to realise expected benefits, implementation of the projects failing or impacting on normal business operations; and
• increasing the risk profile of the business into which change has been implemented through weakened controls or inefficient processes. Identification and management of change related risks is therefore integrated into day to day management of projects and programmes.
Effective governance structures have been established to evaluate the capacity and prioritisation of the change portfolio. Reviews of each programme are undertaken on a regular basis, considering resource requirements, progress and risks.
A business implementation management function has been established in change management to manage the release of change and provide clear sight of implementation dependencies between programmes.
The transformation impacts the whole business and thus, in addition to managing the change process, the Board and Executive are continually assessing the adequacy of the programme delivery supporting the achievement of the strategic outcomes.
7. Liquidity risk
Liquidity risk arises from the timing of cash flows generated from the CFS Group’s assets, liabilities and off balance sheet instruments. The CFS Group’s liquidity management policies are reviewed and approved annually by the Risk Management Committee and compliance reviewed monthly by the Asset and Liability Committee (ALCO).
The Bank’s retail assets are currently fully funded by retail deposits, ensuring there is no over reliance on wholesale funding. There is a target funding ratio set in line with the Board approved strategic plan, which is being met. The Bank’s structural liquidity risk management is therefore retail based and is dependent on behavioural analysis of both customer demand and deposit and loan drawdown profiles by product category based on experience. The behaviour of retail products is reviewed by ALCO on a quarterly basis. In addition, the Bank has maturity mismatch limits to control the exposure to longer term mismatches.