Risks associated with the execution of our business model
Effective risk management and control are essential for sustainable and profitable growth. Within each area of business, we believe that we must effectively manage all risks, most importantly financial risks, as it is only by remaining financially sustainable that we can deliver on our other commitments.
We face risks throughout our business, every day, in everything we do. Risks exist when the outcome of taking a particular decision or course of action is uncertain and could potentially impact whether, or how well, we deliver on our objectives. Certain risks are the result of external events which impact our business – such as electricity shortages, economic shifts and regulatory change. We choose to take select risks after appropriate consideration – such as lending money to a customer or client. Other risks may arise from unintended consequences of internal actions, for example an IT system failure or poor sales practices.
The role of risk management is to evaluate, respond to and monitor risks in the execution of our strategy. Our risk management framework sets out the activities, tools, techniques and practices so that material risks facing the Group can be better identified and managed. It also ensures appropriate responses are in place to protect the Group and prevent detriment to our customers and clients, employees and other stakeholders. It is essential that business plans are supported by an effective risk management framework, allowing us to grow in a sustainable and responsible manner.
Our key risks – those that are foreseeable, continuous and material – are grouped into five principal risks. Each has a control framework with supporting policies and standards.
The risk of financial loss should our customers, clients or market counterparties fail to fulfil their contractual obligations.
The risk that our earnings, capital or business objectives will be adversely impacted by changes in the level or volatility of market rates or prices such as interest rates, foreign exchange rates, equity prices, commodity prices and credit spreads.
- Traded market risk: The risk that we will be impacted by changes in the level or volatility of positions in trading books, primarily in investment banking.
- Non-traded market risk: The risk of our earnings or capital being reduced due to the market risk exposure from banking book positions which may arise net of hedging activities.
- Insurance risk: The risk that future experiences relating to claims, expenses, policyholder behaviour and investment returns are different from the assumptions made when setting premiums or valuing policyholder liabilities.
- Pension risk: The risk that arises when an adverse movement between pension assets and liabilities results in a pension deficit.
The risk that we are unable to achieve our business plans as a result of capital, liquidity and structural risk.
- Capital risk: The risk that we are unable to maintain adequate levels of capital. This could lead to an inability to support business activity, a failure to meet regulatory requirements, and/or changes to credit ratings, which could also result in increased costs or reduced capacity to raise funding.
- Liquidity risk: The risk that we are unable to meet our obligations as they fall due.
Operational risk arises when there is potential for direct and/or indirect losses resulting from human factors, inadequate or failed internal processes, systems or external events.
The risk that detriment is caused to customers, clients, counterparties or Barclays Africa and our employees because of inappropriate judgement in the execution of business activities.
Our risk appetite measures the extent and types of risk that we are prepared to take in executing our strategy. Our risk appetite framework combines a top-down view of capacity to take risk with a bottom-up view of the business risk profile associated with each business area’s plans. We aim to manage our risk profile in a forward-looking manner. A risk trigger and management framework serves as an early warning system in the event of deteriorating circumstances. The indicators include economic and industry sector indices directly correlated with risk measures and key financial indicators. A similar process is followed to manage insurance risk.
We use stress testing and scenario analyses to assess the performance of the Group’s portfolios in the expected economic environment and to evaluate the impact of adverse economic conditions. Actual market stresses, experienced throughout the financial system in recent years, were used to enhance the stress scenarios employed.
Three lines of defence
A clear and consistent control framework entails specific responsibilities. We apply a three lines of defence model in the governance of risk across all segments and functions. Our enterprise risk management framework establishes specific segregated responsibilities to each line of defence.
- The first line refers to process and control owners in customer-facing business segments and select Group functions. They are responsible for managing risk and control in their processes on an end-to-end basis.
- The second line includes independent risk, compliance, legal and control functions. These functions formulate the policies and standards for managing risk and control and ensure, through reviews, that the first line of defence meets the requirements of these policies and standards.
- The third line includes internal and external audit. The third line confirms through control testing and other reviews that the first and second line execute their responsibilities in an effective and consistent manner.
All our employees must take responsibility for their role in our risk management, regardless of position, function or location. They are required to be familiar with risk management policies relevant to their activities, must know how to escalate actual or potential risk issues, and have a role-appropriate level of awareness of the framework, risk management process and governance arrangements.
Evaluate, respond and monitor
This process is a structured, practical and easy to understand risk management approach for management to identify and assess the risk, determine the appropriate response, and then monitor the effectiveness of the response and the changes to the risk profile.
- Evaluate: Individuals, teams and departments, including those responsible for delivering the objective under review, identify and assess the potential risks.
- Respond: The appropriate risk response effectively and efficiently ensures that risks are within our appetite. We can respond in three ways:
- Accept the risk, but take necessary mitigating actions such as using risk controls.
- Stop the existing activity, or do not start the proposed activity.
- Continue, but transfer risks to another party e.g. insurance.
- Monitor: Once risks have been identified and measured, and controls are in place, progress towards objectives must be tracked. Monitoring is ongoing and can prompt re-evaluation of the risks and/or changes in responses. Monitoring is proactive and entails more than just ‘reporting’. It includes ensuring risks are being maintained within risk appetite and verifying that controls are functioning as intended and remain fit for purpose.