Enterprise Risk Management (“ERM”) activities tailored to the needs and requirements of our individual businesses are critical to the organisation and its individual businesses and their senior management, Board of Directors and our investors, primarily because it fosters a culture of risk awareness and because it just makes good business sense.
We continue to embed ERM into the running of our business and we have implemented a framework that promotes risk awareness in four areas:
- Strategy – Is at the central core of our business and at a Group level we use our economic capital model (‘BLAST’) to assist us in portfolio optimisation, monitoring of capital headroom and monitoring compliance with our risk tolerances and risk appetite. Cathedral operates within the Lloyd's environment with governance and risk structures of its own and capital model tailored to Lloyd's requirements;
- Culture – Starts with the tone at the top from our Board of Directors and cascades down into each department and operating unit where staff are engaged in the risk management process through our risk registers. While risk learning helps to mitigate risks it also creates opportunities for us;
- Infrastructure – Enables an organisational structure that is built around strong governance and oversight through our Boards of Directors, risk committees and management forums; and
- Process – Where we identify emerging risks, both current and future and we address risk through our risk identification, measurement, and monitoring and mitigation process in order to achieve risk optimisation and maximum risk adjusted returns.
We have also created a set of guiding principles that help to deliver the desired benefits from our ERM framework. These principles are built around a foundation of governance, understanding and accountability to manage risk, realize and maximise opportunities and meet regulatory, rating agency and other stakeholder expectations and demands and the individual risk and risk management needs of the trading units, whether based in Bermuda, London or at Lloyd's.
Our ERM framework clearly defines at a Group level and within the operating units the key roles and responsibilities, governance structure, risk profiles, tolerances, risk registers, good policies and procedures that are all built around strong and effective communications:
- Business units are responsible for risk taking;
- Independent risk and compliance functions responsible for setting standards, providing tools and objectively monitoring risks;
- Internal Audit function that has responsibility for the validation of the accuracy and completeness of risks and controls and an opinion on whether the risk management system is designed appropriately and operating effectively for the business unit concerned; and
- Boards and senior management are responsible for overseeing effective and efficient ERM.