Risk management

Risk management is a key element in shaping our business model and delivering the Group’s strategy to enable sustainable growth. A strong risk management culture is crucial to keep the Group, our colleagues and our customers safe and secure from existing and emerging risks.

Our enterprise risk management framework

1. Role of the Board and senior management
The Board delegates executive authorities to ensure there is effective oversight of risk management. 

2. Risk culture and the customer
The appropriate culture ensures performance, risk and reward are aligned.

3. Risk appetite 
The framework ensures our risks are managed in line with our risk appetite. 

4. Risk and control self assessment
The identification, measurement and control of our risks form an integral part of our risk and control self assessment. 

5. Risk governance
The governance framework supports a consistent approach to enterprise-wide behaviour and decsion making.

6. Three lines of defence
The robust approach to monitoring oversight and assurance ensures effective risk management across the Group.

Our enterprise risk management framework

The enterprise risk management framework (ERMF) is the foundation for the delivery of effective and consistent risk control across the whole Group. It enables proactive identification, active management and monitoring of the Group’s risks, which is supported by our risk and control self-assessment approach.

The ERMF is regularly updated to ensure it remains in line with regulation, law, corporate governance and industry good practice.

Role of the Board and senior management

The Board and senior management are responsible for the approval of the ERMF, together with Group-wide risk principles and policies. The effectiveness of the ERMF is assessed annually with the results reported directly to the Board.

Risk culture and the customer

The Board and senior management set and embed a positive culture of diversity, equity and inclusion. The Group’s Code of Ethics and Responsibility and our established values, reinforce colleagues’ accountability for the risks they take, their responsibility to explore customers’ needs and consistently deliver good customer outcomes.

Risk appetite

Risk appetite is defined within the Group as the amount and type of risk that the Group is prepared to seek, accept or tolerate in delivering its strategy. The Board is responsible for approving the Group’s Board risk appetite statement annually. Board level risk appetite metrics are augmented further by executive-level metrics and cascaded into detailed business metrics and limits.

Risk and control self assessment

The Group adopts a continuous risk management approach, from identifying the risks through risk and control self-assessment, and managing the risks through to producing appropriate, accurate and focused risk reporting. The Group ensures that the appropriate risk resources and capabilities are in place, with colleagues provided with the necessary training to give them the skills they need.

Risk governance

Governance is maintained through delegation of authority from the Board down to individuals. Senior executives are supported by a committee-based structure which is designed to ensure open challenge and enable effective Board engagement and decision making.

Three lines of defence

The three lines of defence model defines the responsibilities and accountabilities for risk management, with effective independent oversight and assurance. Business lines have primary responsibility for the identification and management of risks, Risk division provides oversight and challenge, and Group Internal Audit provide independent assurance to the Board and Audit Committee.

Risk profile and performance

The Group has remained committed to maintaining support for its customers despite challenges with the rising cost of living and economic uncertainties in the global and domestic markets.

The Group’s loans and advances continue to be well positioned and heightened monitoring is in place to identify signs of affordability stress. The mortgage book remains resilient with arrears below 2019, with the new Mortgage Charter providing additional enhanced support to customers during 2023.

Unsecured and Commercial Banking portfolios continue to exhibit stable new to arrears and default trends broadly at, or below, pre-pandemic levels. Commercial Real Estate is demonstrating resilience and is well diversified with no speculative commercial development lending.

As part of the Group’s strategy, there will be continuing investments in technology and infrastructure. The Group’s operational resilience risks remain a key area of focus, particularly relating to cyber risk and supply chain management.

The Group has overseen the embedding of its operational risk and control framework during 2023 and its oversight of management of financial crime risks and consumer fraud.

Climate risk remains a key priority for the Group, with positive progress in 2023 and a commitment to continued focus in 2024.

Download the 2023 annual report and accounts to see our principal, emerging and strategic risks.

2023 annual report