Effective risk management is fundamental to being able to generate profits consistently and sustainably, and is thus a central part of the financial and operational management of the Group.
Through our risk management framework we manage enterprise-wide risks, with the objective of maximising risk-adjusted returns while remaining within our risk appetite.
As part of this framework, we use a set of principles that describe the risk management culture we wish to sustain:
Ultimate responsibility for setting our risk appetite and for the effective management of risk rests with the Board.
Acting within an authority delegated by the Board, the Board Risk Committee (BRC), whose membership is comprised exclusively of non-executive directors of the Group, has responsibility for oversight and review of prudential risks including credit, market, capital and liquidity and operational. It reviews the Group’s overall risk appetite and makes recommendations thereon to the Board. Its responsibilities also include reviewing the appropriateness and effectiveness of the Group’s risk management systems and controls, considering the implications of material regulatory change proposals, ensuring effective due diligence on material acquisitions and disposals, and monitoring the activities of the Group Risk Committee (GRC) and Group Asset and Liability Committee (GALCO).
The BRC receives regular reports on risk management, including our portfolio trends, policies and standards, stress testing, liquidity and capital adequacy, and is authorised to investigate or seek any information relating to an activity within its terms of reference.
Overall accountability for risk management is held by the Standard Chartered Bank Court (the Court), which comprises the Group executive directors and other directors of Standard Chartered Bank.
The Court delegates authority for the management of risk to several committees.
The GRC is responsible for the management of all risks other than those delegated by the GALCO and the Group Pensions Executive Committee (PEC). The GRC is responsible for the establishment of, and compliance with, policies relating to credit risk, country cross-border risk, market risk, operational risk, and reputational risk. The GRC also defines our overall risk management framework.
The GALCO is responsible for the management of capital ratios and the establishment of, and compliance with, policies relating to balance sheet management, including management of our liquidity, capital adequacy and structural foreign exchange and interest rate risk.
The Group PEC is responsible for the management of pension risk.
Members of the Court are also members of both the GRC and GALCO. The GRC is chaired by the GCRO. The GALCO is chaired by the Group Finance Director.
Risk limits and risk exposure approval authority frameworks are set by the GRC in respect of credit risk, country cross-border risk and market risk. The GALCO sets the approval authority framework in respect of liquidity risk. Risk approval authorities may be exercised by risk committees or authorised individuals.
The committee governance structure ensures that risk-taking authority and risk management policies are cascaded down from the Board through to the appropriate functional, divisional and country-level committees. Information regarding material risk issues and compliance with policies and standards is communicated to the country, business, functional committees and Group-level committees.
Roles and responsibilities for risk management are defined under a Three Lines of Defence model. Each line of defence describes a specific set of responsibilities for risk management and control.
The first line of defence is that all employees are required to ensure the effective management of risks within the scope of their direct organisational responsibilities. Business, function and geographic governance heads are accountable for risk management in their respective businesses and functions and for countries where they have governance responsibilities.
The second line of defence comprises Risk Control Owners, supported by their respective control functions. Risk Control Owners are responsible for ensuring that the risks within the scope of their responsibilities remain within appetite. The scope of a Risk Control Owner’s responsibilities is defined by a given Risk Type and the risk management processes that relate to that Risk Type. These responsibilities cut across the Group and are not constrained by functional, business and geographic boundaries.
The third line of defence is the independent assurance provided by the Group Internal Audit (GIA) function. Their role is defined and overseen by the Audit Committee.
The findings from GIA’s audits are reported to all relevant management and governance bodies, accountable line managers, relevant oversight functions or committees and committees of the Board.
GIA provides independent assurance of the effectiveness of management’s control of its own business activities (the first line) and of the processes maintained by the Risk Control Functions (the second line). As a result, GIA provides assurance that the overall system of control effectiveness is working as required within the Risk Management Framework.