Risk management

Risk management is at the heart of the Group's purpose of Helping Britain Prosper. A strong risk management culture is crucial for sustainable growth, supporting the transition to a low carbon economy and building an inclusive society. A prudent approach to risk is fundamental to the Group’s business model and drives our participation choices, whilst protecting customers, colleagues and the Group.

Our enterprise risk management framework


The Group’s comprehensive enterprise risk management framework, that applies to all legal entities across the Group, is the foundation for the delivery of effective and consistent risk control. It enables proactive identification, active management and monitoring of the Group’s risks, which is supported by our One Risk and Control Self-Assessment approach.

The Group’s risk appetite, principles, policies, procedures, controls and reporting are regularly reviewed and updated to ensure they remain fully in line with regulation, law, corporate governance and industry good practice.

Risk appetite is defined within the Group as the amount and type of risk that the Group is prepared to seek, accept or tolerate in delivering its strategy.

The Board is responsible for approving the Group’s Board risk appetite statement annually. Board-level risk appetite metrics are augmented further by sub-Board level metrics and cascaded into more detailed business metrics and limits.

Regular close monitoring and comprehensive reporting to all levels of management and the Board ensure appetite limits are maintained and subject to stress analysis at a risk type and portfolio level, as appropriate.

Governance is maintained through delegation of authority from the Board down to individuals. Senior executives are supported by a committee-based structure which is designed to ensure open challenge and enable effective Board engagement and decision making.

Risk culture and the customer

The Board and senior management play a vital role in shaping and embedding a healthy corporate culture.

Our responsible, inclusive and diverse culture supports colleagues to consistently do the right thing for customers. The Group’s Code of Responsibility and refreshed values reinforce colleagues’ accountability for the risks they take and their responsibility to prioritise customers’ needs.

As a Group, we are open, honest and transparent with colleagues working in collaboration with business units to:

  • Support effective risk management and provide constructive challenge
  • Share lessons learned and understand root causes when things go wrong
  • Consider horizon risks and opportunities

The Group aims to maintain a strong focus on building and sustaining long-term relationships with customers through the economic cycle.

Risk profile and performance

The Group has continued to maintain support for its customers amid the backdrop of supply chain pressures, cost of living increases and global and domestic economic uncertainty.

Observed credit performance remains strong, with very modest evidence of deterioration. The Group’s loan portfolio continues to be well positioned and heightened monitoring is in place to identify signs of affordability stress.

The Group’s strategy will see ongoing investment in technology, driving the evolution of processes and further strengthening of the Group’s operational resilience, amid continuously evolving threats, such as cyber risk.

Climate change remains a key consideration for the Group, with positive progress in 2022 and a commitment to continued focus in 2023.

Overall, key risks continue to be managed effectively and the Group is well positioned to safely progress its strategic ambitions.

Download the 2022 annual report and accounts to see our principal, emerging and strategic risks.

2022 annual report