Risk Management

Our approach to risk

As a Group, managing risk effectively is fundamental to our strategy and future success. We are a simple, low risk, UK-focused financial services provider with a culture founded on strong risk management and a prudent through the cycle risk appetite. These are at the heart of everything we do, and ensure constructive challenge takes place across the business and underpins sustainable growth. Our approach to risk is founded on an effective control framework, which guides how our colleagues work, behave and the decisions they make. As part of this framework, risk appetite – the amount and type of risk that the Group is prepared to seek, accept or tolerate in delivering our Group Strategy – is embedded in policies, authorities and limits across the Group. Our prudent risk culture and appetite, along with close collaboration between Risk division and the business, supports decision‑making and has enabled us to continue to deliver against our strategic priorities in 2018. Our approach to risk plays a key role in the Group’s strategy of becoming the best bank for customers, colleagues and shareholders.

Risk as a strategic differentiator 

Risks are identified, managed and mitigated using our comprehensive Risk Management Framework, and our well-articulated risk appetite provides a clear framework for decision-making. We believe effective risk management can be a strategic differentiator, in particular:

Prudent approach to risk
Being low risk is fundamental to our business model and drives our participation choices. Strategy and risk appetite are developed in tandem and together outline the parameters within which the Group operates. 

Strong control framework
The Group’s Risk Management Framework is the foundation for the delivery of effective risk control and ensures that the Group risk appetite is continually developed and controlled.

Business focus and accountability
Risk management is an integral feature of how we measure and manage performance – for individuals, businesses and the Group. In the first line of defence, business units are accountable for managing risk with oversight from a strong and independent second line of defence Risk division.

Effective risk analysis, management and reporting
Regular close monitoring and comprehensive reporting to all levels of management and the Board ensures appetite limits are maintained and subject to stressed analysis at a risk type and portfolio level, as appropriate.


2018 themes 

Our priorities for risk management have continued to evolve, alongside progression of the Group’s strategy and development of external factors. Our principal risks are outlined over the next few pages but a number of themes have been particularly prevalent in 2018.

EU exit
Given the vast majority of our business is in the UK, the direct impact on the Group from leaving the EU is relatively small and we are well prepared to ensure continuity of our limited EU business activities. Given our UK focus, our performance is inextricably linked to the health of the UK economy. Economic performance has remained resilient in recent years and whilst the near term outlook for the UK economy remains unclear given the ongoing EU withdrawal negotiations, we have contingency plans in place. We have also taken a prudent approach to our balance sheet, increasing the amount of liquidity held and pre funding some issuance. Irrespective of the outcome, our customer focused strategy remains the right one. We will continue to support our personal and business customers and have already announced that we will lend up to £18 billion to UK businesses in 2019, reaffirming our support for the UK economy. Guided by the overriding principle of Helping Britain Prosper, we will seek to minimise the impact on our customers. We have also been working hard to ensure we are well prepared to provide customers with effective and timely support.

Our Group is trusted with large volumes of data, which must be protected, whilst providing customers with ease of access through our multi-channel model. Data is our most valuable asset and so we must ensure that the information we hold is accurate, secure and managed appropriately. We meet the requirements of the General Data Protection Regulation (GDPR) that came into force in May 2018. The Group has taken this opportunity to implement new governance structures and demonstrate increased levels of accountability and transparency, as establishing trust is critical to our vision of being the best bank for customers. We have created a Group Data Protection Office (GDPO) to independently oversee compliance, reporting on this to Group and Board Risk Committees. The Group drives a culture of compliance through its Data Privacy policy and control framework and has implemented robust governance to oversee compliance with GDPR, as well as enhanced staff training. During 2019 the Group will continue to drive enhancements to the maturity of our data control environment.

Cyber threats are increasingly complex and like all financial services providers, attempts are made on a regular basis to attack our systems and services, and to steal customer and bank data. Given the significant threat we continue to strengthen the resilience of our IT systems and invest in our cyber control framework. We are simplifying and modernising our IT architecture, alongside deploying technologies such as cloud computing which offer greater levels of resilience, capacity management and speed of processing. We are a member of the UK’s Cyber Defence Alliance, where a number of UK-based banks and law enforcement agencies collaborate in the fight against cyber-attacks, sharing expertise, intelligence and knowledge. Within Lloyds Banking Group, our Chief Security Office engenders a culture whereby colleagues are considered to be our first line of defence. Vigilance and training are key to preventing cyber-attacks. 

The Group has been developing its sustainability strategy, to address more broadly the opportunities and threats related to climate change, and the need for the UK to transition to a sustainable, lower carbon economy. This is in line with our commitment to implement the Task Force for Climate-related Financial Disclosures’ recommendations. For risk management, addressing the potential impacts of climate change plays a key role in our approach to sustainability, and this year we have identified climate change as a top emerging risk.