Effective risk management and control are essential for sustainable and profitable growth. Within each area of business, we believe we must effectively manage all risks and the financial implications since it is only by remaining financially sustainable that we can deliver on our other commitments.
We face risks throughout our business every day, in everything we do. Risks exist when the outcome of a decision or action is uncertain and could impact whether, or how well, we deliver on our objectives. Certain risks arise from external events such as electricity shortages, economic shifts and regulatory change. We take select risks – such as lending money to a customer or client – after appropriate consideration. Other risks may arise from unintended consequences of internal actions, for example, an IT system failure or poor sales practices.
Risk management’s role is to evaluate, respond to and monitor risks in the execution of our strategy. Our risk management framework sets out activities, tools, techniques and practices to better identify and manage material risks facing the Group. It also ensures appropriate responses are in place to protect the Group, and prevent detriment to our customers and clients, employees and other stakeholders. It is essential that business plans are supported by an effective risk management framework, allowing us to grow in a sustainable and responsible manner.
Our key risks – those that are foreseeable, continuous and material – are grouped into five principal risks. Each has a control framework with supporting policies and standards.
|Credit risk||The risk of financial loss, should our customers, clients or market counterparties fail to fulfil their contractual obligations.|
The risk that our earnings, capital or business objectives will be adversely impacted by changes in the level or volatility of market rates or prices such as interest rates, foreign exchange rates, equity prices, commodity prices and credit spreads.
The risk that we are unable to achieve our business plans because of capital and liquidity risk.
|Operational risk||Operational risk arises from potential for direct and/or indirect losses due to human factors, inadequate or failed internal processes, systems or external events.|
|Conduct risk||The risk of detriment to customers, clients, counterparties or Barclays Africa and our employees, because of inappropriate judgment in the execution of business activities.|
Improving risk data aggregation and reporting
The Basel Committee on Banking Supervision principles for effective risk data aggregation and risk reporting (BCBS 239) are intended to improve the quality of information that banks use in decision-making, particularly with regard to risk management.
Risk appetite and stress testing
Our risk appetite measures the extent and types of risk that we are prepared to take in executing our strategy. It combines a top-down view of capacity to take risk, with a bottom-up view of the risk profile associated with each business segment’s ambitions. We aim to manage our risk profile in a forward-looking manner, and our risk trigger and management framework – which is continuously reviewed and strengthened – serves as an early warning system in the event of deteriorating circumstances. The indicators include economic and industry sector indicators directly correlated with risk measure and key financial performance measures.
We use stress testing and scenario analyses to assess the performance of the Group’s portfolios in the expected economic environment, and to evaluate the impact of adverse economic conditions. Actual market stresses experienced throughout the financial system in recent years, are used to enhance the stress scenarios employed.
Three lines of defence
We apply a ‘three lines of defence’ model to govern risk across all segments and functions. Our enterprise risk management framework assigns specific responsibilities to each line of defence.
- First line: process and control owners in customer and client-facing business segments and select Group functions. They are responsible for managing risk and control in their processes on an end-to-end basis.
- Second line: independent risk, compliance, legal and control functions and management control groups which formulate the policies and standards for managing risk and control and ensure, through reviews, that the first line meets the requirements of the policies and standards.
- Third line: internal and external audit functions that confirm, through control testing and other reviews, that the first and second lines execute their responsibilities in an effective and consistent manner.
All our employees take responsibility for their role in risk management, regardless of position, function or location. They are required to be familiar with risk management policies relevant to their activities assisted by tailored training, must know how to escalate actual or potential risk issues, and have a role-appropriate level of awareness of the framework, the risk management process and governance arrangements.
Evaluate, respond and monitor
This is a structured, practical and easy-to-understand risk management approach to identify and assess the risk, determine the appropriate response, and then monitor the effectiveness of the response and the changes to the risk profile.
Individuals, teams and departments, including those responsible for delivering the objective under review, identify and assess the potential risks.
The appropriate risk response ensures that risks are managed within our risk appetite. We can respond in three ways:
- Accept the risk, but take necessary mitigating actions such as using risk controls.
- Stop an existing activity, or do not start a proposed activity.
- Continue, but transfer risks to another party e.g. insurance.
This is ongoing, proactive and is more than ‘reporting’. It includes ensuring risks are maintained within risk appetite and verifying that controls are functioning as intended, and remain fit for purpose. It can challenge and prompt re-evaluation of the risks and/or changes in responses.