Our risk framework helps us achieve our objectives and protect the interests of our stakeholders.
Our risk appetite and approach
We set clear limits on the degree of risk we’re willing to take, known as our risk appetite.
This helps us continually manage the risks involved in meeting our core objectives of paying the right people the right amount at the right time and delivering exceptional service to our members.
How we monitor risk
Our risk appetite is set and reviewed by the Board, then monitored by the risk directorate and formal committee groups.
Each team manages its own risk and has its own processes. Our risk teams then help to ensure that our directors are acting on critical information and that the Board has a clear view of its enterprise risks.
This includes monitoring what claims we may have in future and ensuring we have sufficient funds to cover them.
How we avoid problems
Like many large financial institutions, we also run a long-term risk model – a detailed picture of how our finances might evolve under various scenarios.
This helps us take a wide view on the potential risks we face now and in the future.
We also run exercises where we simulate extreme but believable events to see if we can withstand the strain and then make contingency plans.
We also accept that mistakes happen. When things go wrong our policy is to let our managers know quickly and without fear, so that we can make changes and learn lessons for the future.
Data protection and cyber-security
Our members’, levy payers’ and employees’ data are of paramount importance to us. So we invest heavily in data protection and cyber-security to eliminate complacency and minimise risks.
To help achieve this we gained certification to the ISO27001 Information Security standard in 2009, and have successfully recertified.
We regularly carry out simulation exercises to make sure we could respond to a potential cyber-attack and have reviewed our policies to make sure we are compliant with the new General Data Protection Regulation (GDPR).