Strategic Report
Governance Report
Financial Statements
Other Information
Risk management
We have a robust approach to risk management to support positive client outcomes. We continue to enhance our risk management processes across the Group as we look to continue to embed risk management and deliver positive risk outcomes. This work is enhancing efficiencies across the risk management framework through the greater use of data-driven evidence-based risk analysis and reporting. We remain mindful of the current geopolitical and macroeconomic uncertainties and continue to monitor these closely both as an Executive and a Risk and Compliance Committee (“RCC”). Risk management framework The Group’s risk management framework consists of the following components: Risk culture. We promote a risk culture that encourages ownership of and management of risk. Risk management is the responsibility of everyone.
Risk governance. The Board is ultimately responsible for the Group’s risk management framework but has delegated certain responsibilities to the Risk and Compliance Committee (“RCC”), a sub-committee of the Board. The Group operates a ‘three lines of defence’ approach to managing risks across the Group. Risk appetite. The objective of the Group’s risk appetite framework is to ensure that the Board and senior management are properly engaged in agreeing and monitoring the Group’s appetite for risk and setting acceptable boundaries for business activities and behaviours. The risk appetite categories are reviewed by the Executive Risk Management Committee (“ERMC”), RCC and approved by the Board on an annual basis. Key Risk Indicators (“KRIs”) are mapped to the risk appetite categories, with KRI tolerances aligned to risk appetite. The KRIs and tolerances are subject to an annual approval process by the ERMC, RCC and Board. Risk reporting. Risk reporting is presented to ERMC and RCC. This includes details of underlying KRIs mapped to the risk appetite categories, breaches, risk events and emerging risks.
Risk identification. The Group adopts a top-down and a bottom-up approach to the identification of risks. The ERMC and the RCC have identified the principal risks that could impact the ability of the Group to meet its strategic objectives. In addition, the Group maintains a bottom-up operational Group risk register, mapped to the Group’s risk appetite categories. Risk assessment and management. All of the risks included in the Group risk register are scored according to probability and impact and assessed on an inherent basis (before the impact of controls) and on a residual basis (after the impact of controls). Where risks are classed as outside the Group’s risk appetite, actions must be taken to bring the risk back within appetite. Risk and control self-assessment (“RCSA”). The Group’s bottom-up assessment of risk is managed through the RCSA process which supports a comprehensive understanding of risks and controls in place at the operational and business process level. The RCSA process enables the risk and control owners to identify any omissions in the risk environment and to close any control gaps or weaknesses as necessary.
Policy governance framework. The policy governance framework provides minimum standards for managing the key risks that the Group faces. Each Group policy has an Executive Committee-level owner who is ultimately accountable for the design, implementation and maintenance of the policy. Internal Capital Adequacy and Risk Assessment (“ICARA”). The Group conducts an ICARA process to ensure that it has appropriate systems and controls in place to identify, monitor and, where proportionate, reduce all potential material harms that may result from the ongoing operation of its business. The Group holds financial resources
(capital and liquidity) in excess of our minimum regulatory requirements.
Brooks Macdonald Group plc Annual Report and Accounts 2024
39
Made with FlippingBook - professional solution for displaying marketing and sales documents online