Managing risks

key business risks

In 2014/15, these key level 2 risks were identified and ranked by our group risk division in terms of our group risk management strategy and in consultation with subsidiary and group management. These key risks, and actions planned and taken, were interrogated, approved and monitored by the group Audit Committee. The risk categories listed against each key risk relate to the level 1 categorisation as per our group risk taxonomy. The level 1 risk categories are business, liquidity, market, underwriting, strategic and operational and are determined according to the business model, complexity and proportionality of the group.

An overview of our Risk Taxonomy including Level 1, 2 and 3 risk (see Governing risk management shown here).

Our major level 2 risks in 2014/15 and their level 1 risk categories

  1. Non-compliance with regulatory capital adequacy requirements (operational risk)
  2. Poor or perceived poor investment performance (operational risk)
  3. Resources and key management dependency (operational risk)
  4. Regulatory non-compliance (operational risk)
  5. Impact of retirement reform on the group’s business model (business risk)
  6. Failure to meet new business targets (business risk)
  7. Failure to maintain and generate shareholder value (strategic risk)
  8. Failure by counterparty to meet obligations (credit risk)
  9. Poorly structured contracts (business risk)
  10. Failure to provide the right advice, develop the appropriate products and perform according to the group’s higher purpose (operational risk)

It should be noted that the group’s highest inherent risk is that of errors and omissions (operational risk). This risk is mitigated by way of a comprehensive insurance programme which reduces the potential impact to a level below the top 10 risks identified above.


On this and the following page we detail our level 1 (high-level) risk categories, actions taken during the year under review and plans for the following year.

Level 1 risk categories

Actions taken during 2014/15

Plans for 2015/16

Operational risk
(incorporating regulatory risk)

The risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events which gives rise to errors and omissions.

  • Completed phase 2 of the group’s own risk and solvency model.
  • Enhanced systems for tracking operational risk losses and forward stress testing.
  • Revised the operational risk framework to adjust for regulatory changes.
  • Professional indemnity cover renewed to cover professional and operational risk failures.
  • Phase 1 of assessing the implementation of the advanced measurement approach (AMA) initiated.
  • Development and implementation of a real-time compliance tracker system.
  • Improve task segregation, preventing any one individual from taking advantage of numerous aspects of a particular transaction, business process or practice.
  • Limit complexities in business processes by curtailing manual activities and the number of people and exceptions that arise during the implementation of business processes.
  • Reinforce organisational ethics by creating a strong ethical compass that can be strengthened by aligning personal values with the ideology of the organisation.
  • Monitor and evaluate business processes at regular intervals with well-designed key performance indicators (KPIs) to ensure timely detection and mitigation of risks – in effect proactively identifying discrepancies and managing these accordingly.
  • Periodic assessment of all facets of operational risks to gauge regulatory obligations, IT assets, skills, competencies, processes and business decisions.
  • The group to renew its Comprehensive Professional Indemnity programme with approximately R2 billion cover for each claim year.

Business risk

The risk that the company will generate inadequate profits.

  • Implemented key risk indicators and risk tolerance levels for business risks.
  • Completed phase 1 of the group’s economic capital model to facilitate internal capital and solvency assessment.
  • Further refined business risk performance metrics.
  • Further enhancement of the group’s stress-testing capabilities to ensure appropriate definition of all possible stress-testing scenarios.
  • Further enhancement of the group’s key risk indicators to signal stress.

Credit risk (incorporating liquidity risk)

The risk that a supplier, while solvent on a balance sheet basis, either does not have the resources to meet its obligations or can secure these only at excessive cost.

  • Redefined the group’s credit and counterparty risk management system.
  • Reassessed and re-set key risk indicators and tolerance levels for flagging potential liquidity risks or vulnerabilities.
  • Enhanced systems for projecting liquidity within the group’s planning horizon.
  • Redefined credit risk tolerance levels for all businesses within the group.
  • Enhance the group’s liquidity risk tolerance model.
  • Develop a liquidity stress-testing model.
  • Enhance our processes for managing the group’s intra-day liquidity risk and collateral.

Market risk

Loss due to factors affecting the overall performance of financial markets.

  • Finalised the development and implementation of the group’s stress-testing policy.
  • Completed phase 1 of developing and implementing internal controls and systems to monitor consolidated market risk and associated exposures.
  • Established an independent group Capital Oversight Committee to monitor capital and concentration risk exposures.
  • Realign group stress-testing framework in line with regulatory requirements issued by the FSB in 2015.
  • Develop and disseminate market risk management policy.
  • Improved dynamic market risk reporting to Capital Oversight Committee.
  • Continuous development and improvement of proprietary scoring models for underwriting, affordability assessment, portfolio performance and collection activity.
  • Customer and risk-focused product development together with appropriate risk-based pricing.
  • Effective monitoring and understanding of the sensitivity of credit risk metrics and trends relative to various risk parameters.

Underwriting risk


Loss on underwriting activity, whether from factors within or beyond
our control.

  • Enhanced monitoring of reinsurance contacts to minimise potential losses from concentration risk.
  • Improved monitoring of claims ratio and root cause analysis.
  • Implemented improved framework to monitor and manage underwriting results.
  • Reassess and redefine reinsurance model guidelines.
  • Create dynamic repricing models.
  • Improve churn rate monitoring and intervention tools.

Strategic risk


Loss arising from the pursuit of an unsuccessful business plan.

  • Creation of clusters to drive strategic intent and monitor strategic risks.
  • Creation and implementation of an independent enterprise planning and management office (EPMO) to ensure that business plans supporting the strategic objectives are implemented successfully.
  • Develop an ongoing process to periodically update the assessment of strategic risks.
  • Develop a framework for using risk analytics to inform investment and strategic decisions.
  • Capacitation of the enterprise project management office to track and validate deliverables for strategic projects.