Tullett Prebon plc Annual Report 2010
Risk management governance structure
Introduction Risk management is embedded throughout the business, with the overall risk appetite and risk management strategy being approved by the Board, and then propagated down throughout the business as appropriate. The principal elements of the Group’s risk management and governance structure are set out below. The systems of internal control operated by the Group are designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Board The Board is responsible for setting the Group’s risk appetite, ensuring that it has an appropriate and effective risk management framework, and for monitoring the ongoing process for identifying, evaluating, managing and reporting the signiﬁcant risks faced by the Group. Risk assessment framework The Group identiﬁes, assesses and monitors risk through the use of a Risk Assessment Framework, which is approved by the Board. The Risk Assessment Framework identiﬁes risks within eight risk categories: Market Risk, Credit Risk, Operational Risk, Strategic and Business Risk, Governance Risk, Regulatory, Legal and Human Resources Risk, Reputational Risk and Financial Risk. The risks within each area are analysed, mitigating factors assessed, and relevant controls identiﬁed. The risks are then graded for their expected severity and probability, and assigned a risk rating. Action is taken by the Board to manage the key risks, as appropriate, to safeguard the Group and the interests of its shareholders. The Risk Assessment Framework is regularly updated and is reviewed at least twice each year by the Board, with particular focus on high priority risks. The Risk Assessment Framework is used to identify the risks to be considered in the Internal Capital Adequacy Assessment Process (‘ICAAP’) and to determine the scope of the internal audit plan, as well as determining the frequency and content of the ongoing risk reporting provided by the Group Risk Control function.
Group Risk Management Principles and Policies The Group Risk Management Principles and Policies document sets out the principles and policies adopted by the Board to manage the various risks to which the Group is exposed, as identiﬁed in the Risk Assessment Framework, and allocates the responsibility for implementing each policy to speciﬁc members of senior management. ICAAP The Board is responsible for approving the Group’s ICAAP, as required by the FSA. The Group is required to ensure that it maintains overall ﬁnancial resources, including both capital resources and liquidity resources, which are adequate, both as to amount and quality, to ensure that there is no signiﬁcant risk that its liabilities cannot be met as they fall due. The ICAAP formally documents the assessment as to whether the Group’s capital and liquidity resources are sufﬁcient to cover the risks identiﬁed in the Risk Assessment Framework, and incorporates the results of the liquidity and capital resources stress tests undertaken in accordance with FSA requirements. The ICAAP documentation is regularly updated and formally approved by the Board at least annually. Executive management Risk management and the operation of the internal control systems within the Group are primarily the responsibility of the executive directors and senior management. These individuals are permitted commercial independence and ﬂexibility within parameters agreed by the Board to ensure that risks are clearly owned and managed on a day to day basis and that systems of control operate effectively. Under the overall supervision of the Board and the Chief Executive, the management team continues to implement their business development plans and monitor operational projects. The executive directors monitor activities on a daily basis and ensure that appropriate controls are exercised over the Group’s operations. The Board considers the monthly management accounts, budgets and plans and discusses any issues arising. Group Risk Control The Group Risk Control function is responsible for developing policies and monitoring mechanisms which ensure that the Group operates in accordance with the Board’s risk appetite and for maintaining the Group Risk Management Policies and Procedures document. The Group Risk Control function also provides daily and monthly reports to senior management which are reviewed by the Group Treasury and Risk Committee. The Group Treasurer and Head of Risk Control reports to the Finance Director, and has direct access to and dialogue with, the Chairman of the Audit Committee.