Our risk approach
Every day AMP monitors and manages risks to deliver sustainable growth, protect our business and our stakeholders’ interests, and meet our legal regulatory obligations.
Risk is inherent in our business and industry. As such, we take measured risks to achieve AMP’s vision of ‘helping people own tomorrow’ and deliver sustainable value to our shareholders. Effective risk management supports informed decision-making and aids in capitalising on business opportunities to ensure strategic objectives are achieved. The board and management value effective risk management as fundamental to AMP’s long-term sustainability and reputation. In addition, the board and management believe that effective risk management requires a risk-aware culture among all employees which in turn promotes risk-informed decision making.
How we manage risk
The enterprise risk management (ERM) framework provides the foundation for how risks are managed across AMP. There are five key elements of the ERM framework as below: governance, strategy and appetite, the risk management process, systems and data, and people and culture.
Board and risk committees
The board is ultimately responsible for the ERM framework and oversight of its operation by AMP’s management. In particular, the board is responsible for setting AMP’s risk appetite, the strategic plan and risk management strategy.
It also monitors policies and business practices to ensure that strategic objectives are achieved within AMP’s risk appetite and to comply with applicable laws and regulations. The Risk Committee and board review the ERM framework at least annually, including for 2016, to satisfy themselves that it continues to be sound.
The board’s oversight, review and monitoring of the effectiveness of risk management at AMP are supported by board committees and management committees. The Risk Committee oversees the implementation and operation of AMP’s ERM framework and the risk culture within AMP. The Audit Committee assists by providing an objective non-executive review of the effectiveness of the ERM framework. From time to time, additional board committees are established to assist the board in its oversight of particular issues.
AMP also has management committees to assist in overseeing risk management. The Group Risk and Compliance Committee guides the implementation of risk management practices, processes and systems, and oversees all material risk exposures and risk decisions facing AMP. The Group Asset and Liability Committee oversees financial risks across AMP in relation to capital and financing, and the risk appetite as it relates to financial risk and shareholder capital.
The board and Risk Committee have been provided with assurance that all of AMP’s material business risks have been effectively managed for the year ended 31 December 2016.
Three lines of defence
We have a ‘three lines of defence’ approach to risk management accountability:
Line 1 – management is responsible for identifying, assessing, monitoring and managing material risks in the business. These teams are responsible for decision making and the execution of the day-to-day business, whilst managing risk and the resulting profit and loss to ensure it is in line with the board’s risk appetite and strategy.
Line 2 – the Enterprise Risk Management team is responsible for designing, implementing and monitoring the practices and processes to identify, assess, monitor and manage material risks and provide advice and oversight on material business decisions. The team also provides objective advice and challenge to the first line’s decisions and provides assurance to the board that the risk profile is aligned with the board’s expectations.
Line 3 – the Internal Audit team provides independent and objective assurance to the board on the operational effectiveness of risk management across the business and the effectiveness of our control processes.
Line 1: Chief Executive Officer (CEO) and Chief Financial Officer (CFO)
The board receives regular reports about the financial condition and operational results of AMP and its subsidiaries. The CEO and the CFO provide the board with an annual declaration of their opinion that financial records have been properly maintained and that the financial statements comply with the appropriate accounting standards. The declaration states the financial statements and notes give a true and fair view of the financial position and performance of AMP and that their opinion has been formed on the basis of a sound system of risk management and internal control which is operating effectively. This declaration is required by s295A of the Corporations Act 2001 and is in accordance with ASX Recommendation 4.2, to assist the board in considering and approving AMP’s financial statements for the period.
The CEO and the CFO provide a certification in similar terms in relation to the half-year financial statements.
Line 2: Chief Risk Officer (CRO)
The Group CRO heads up Enterprise Risk Management, which is independent to the business function, reports to the CEO and has unrestricted access to the committees and boards. The CRO has primary responsibility for the design and establishment of the ERM Framework and oversight of the first line’s implementation and operation of the framework. If there are material breaches or deviations from the ERM framework or the ERM Framework did not adequately address a material risk, the CRO on behalf of the board, will notify APRA and a qualification will be included in the board’s annual Risk Management Declaration to APRA with a description of the cause and circumstances and steps taken, or proposed to be taken, to remedy the problem.
Line 3: Internal and external audit
Our Internal Audit team provides the board and management with an independent and objective evaluation of the adequacy and effectiveness of the control over the risks for AMP and its subsidiaries. The team calls on support and advice from external experts as required.
To maintain independence, the Internal Audit team does not have responsibility for any of our business or risk management processes or practices. The director of Internal Audit has a reporting line to the chairman of the Audit Committee and regularly meets with the committee without management present. In line with the audit charter, an independent assessment of the Internal Audit team should be undertaken every four years to assess the effectiveness of the team and its compliance with international internal audit standards. This review was last performed in 2013 and showed the team was functioning well and effectively fulfilling its duties. The next independent review is expected to be completed in 2017.
AMP has appointed Ernst & Young (EY) as the company’s external auditors with Tony Johnson currently leading the EY team responsible for AMP’s audit. Tony took on the role of lead auditor in 2013. The lead auditor is required to rotate every five years unless special circumstances require this to be extended for additional years. Our Audit Committee has adopted a charter of audit independence, which sets out a framework to assist in maintaining the independence of EY as a result of its business dealings with AMP.
At each AGM, shareholders are given the opportunity to ask the lead auditor questions relevant to the conduct of the audit, the preparation and content of the auditor’s report, the accounting policies adopted by AMP in relation to the preparation of the financial statements, and the independence of the auditor in relation to the conduct of the audit.
The risk appetite statement articulates the board’s expectations of the amount and nature of risk AMP is willing to accept in the pursuit of its strategic objectives.
AMP’s risk management strategy provides an overview of how the ERM framework addresses material risks at AMP. The risk appetite statement and risk management strategy support the development of AMP’s corporate strategy and ensure the impacts of the strategic objectives on the risk profile are within the board’s risk appetite and will be effectively managed. The risks arising from setting the corporate strategy and risks to achieving the strategy are also identified and considered in relation to the board’s appetite.
AMP’s risk management process articulates how AMP identifies, measures, monitors and optimises risks. Risk identification is the process of determining which risks could potentially prevent the achievement of AMP’s objectives. Risk assessments are conducted to measure the ‘likelihood’ of the risk occurring and the ‘impact’ it will have on AMP’s business should it occur, taking account of the controls and structures in place to manage risk. Risks are monitored and reported to ensure any change in AMP’s risk exposures is identified and managed. Depending on whether the risk is within the risk appetite, actions are taken to either optimise or mitigate the risk.
In an environment where the operating landscape is rapidly shifting, AMP has developed an emerging risk process to proactively identify and assess emerging risks and opportunities. Emerging risks and opportunities are defined as possible events which may occur but are not yet fully understood and have the potential to significantly impact AMP in the future. Selected emerging risks are chosen for deeper analysis and stress testing to assess the potential likelihood and impact, and to determine appropriate actions if necessary.
The risk management process and emerging risk process assist AMP in achieving its strategic objectives and reduce the impact of unexpected outcomes.
AMP also aims to integrate effective risk management into the remuneration framework throughout the organisation. Risk management is a key feature of our reward elements and a risk culture measure made up 10% of the 2016 short term incentive scorecard for executives. Further information on the board’s approach to STI in 2016 is set out in the remuneration report in the AMP 2016 annual report.
Access to robust systems and appropriate data is fundamental for supporting an effective ERM framework. Risk systems capture elements of the risk management process and measure the effectiveness of controls in managing risks. Our systems and databases monitor changes in the potential impact or likelihood of current or emerging risks, enabling risks to be responded to and reported at all levels of the organisation.
AMP’s risk culture framework defines risk culture as AMP’s attitudes, values and behaviours towards risk management. Simply put, it is how we operate on a day-to-day basis. The board oversees and assesses AMP’s risk culture through a combination of qualitative and quantitative metrics which include risk management practices, people and customer measures and engagement surveys. AMP recognises that a sound risk culture drives the right behaviour and conduct within an organisation and is committed to improving risk culture to keep pace with regulatory, customer and social expectations. As such, AMP focuses on embedding risk awareness into AMP’s broader culture to ensure risk is effectively integrated into decision making.
In addition to a risk-aware culture, AMP is committed to maintaining an appropriately skilled and staffed ERM function to ensure there is a sufficient line of sight, access and input into key risk decisions. The ERM function also supports AMP by developing the ERM framework, policies and procedure to facilitate a consistent approach to the identification, assessment and management of risks.
AMP has identified seven material risks types that are managed to support the achievement of strategic objectives:
- strategic risk – the risk of loss or foregone value associated with strategic decisions and the competitive positioning of the business and ability to respond in a timely manner to changes in the regulatory, customer or competitive landscape
- credit risk – the risk of loss or foregone value due to default on a contractually required payment
- market risk – the risk of loss or foregone value due to adverse movements in market prices
- insurance risk – the risk of loss or foregone value due to mortality, morbidity, longevity, expense and changes to policyholder behaviour
- liquidity risk – the risk of loss or foregone value due to an inability to meet payment obligations or the need to sell assets at an undesirable price
- concentration risk − the risk of loss or foregone value due to multiple risks eventuating concurrently. Concentrations can arise from multiple or single debtors, market correlation, cross risk types or pandemics that impact many insured policyholders at the same time.
- operational risk – the risk of loss or foregone value resulting from inadequate or failed internal processes, people and systems or from external events. This includes adherence to internal policies and industry standards.
Within these risk types, the specific risks that AMP is exposed to are identified, measured, monitored and managed. Stress and scenario testing is performed periodically to assess the potential impacts and resilience to risk in stressed periods, such as the Global Financial Crisis. You can see a more detailed outline of AMP’s key risks in the AMP 2016 annual report.
AMP operates in several jurisdictions across the globe. Each one of these jurisdictions has particular legislative and regulatory requirements that AMP is committed to meeting.
AMP has established internal policies, frameworks and procedures that seek to ensure our mandatory obligations under the regulatory requirements are met in each jurisdiction. A key part of AMP’s Risk Management Framework is ensuring that we effectively manage regulatory change.
Processes are in place that seek to ensure that we not only comply with regulatory changes, but also effectively manage the implications of regulatory change on our business performance.
Seeking to ensure that AMP complies with regulatory standards is the responsibility of everyone at every level of AMP. While some businesses and individual managers have primary roles in compliance management, AMP has developed a curriculum of mandatory compliance training that all employees must undertake to ensure awareness of their general compliance obligations.
Regulatory and compliance risks, breaches, consultations, and general interactions are reported as part of our internal risk and compliance reporting process, and to the relevant regulators as and when required. At any point in time, a number of investigations, consultations and general interactions may be in progress with our key regulators. We actively participate in these interactions, and fully cooperate with regulators on such matters.
If we are unable to foresee, advocate for, plan for, and adapt to regulatory change or if the regulator increases the level of investigation and consultation, this could negatively impact our ability to serve customers, and/or our earnings.
Failure to identify or address existing or emerging economic, environmental and social sustainability issues could result in reputational or financial loss. AMP continuously considers and improves on the ways in which economic, environmental and social sustainability is incorporated into our business operations, and this work is supported by a range of policies and processes:
we have a duty to our community to minimise our impact on the environment, so we pursue a range of waste, energy and emission-reduction initiatives. These include energy efficiency measures through lighting updates and more flexible and efficient use of office space at AMP sites, working with contractors, landlords and service providers to increase waste recycling, reducing non-essential air travel and paper consumption, encouraging employee work practices that reduce environmental impacts, and encouraging suppliers to reduce the impacts of their products and services.
AMP Capital, AMP’s asset management arm, has an in-house environmental, social and governance (ESG) investment research team which implements its commitment to the United Nations Principles for Responsible Investment by producing proprietary and thought-leading research that is integrated into AMP Capital’s investment decision-making and active ownership practices across all asset classes. The team’s ESG insights and company ratings influence investment guidelines and policies, research and analysis, proxy voting activities and engagement with company boards and management teams. It is important that companies that are selected for clients’ portfolios are well-governed. This is why AMP Capital actively engages with the boards and management teams of companies and uses its voting power to encourage corporate behaviour that is responsible and in the best interest of shareholders. Through this engagement AMP Capital encourages sound decision-making and risk management, appropriate capital allocation, good board composition, fair remuneration and open and honest disclosure.
The AMP Foundation, AMP’s philanthropic arm, has a goal to create a better tomorrow for everyone, especially people who face challenges in accessing education and employment opportunities. The AMP Foundation supports non-profit organisations that give disadvantaged Australians life-changing learning and work opportunities. It also supports AMP employees and financial advisers to share their time, skills and resources with people in need, and backs Australians who are doing great things in the community through its AMP Tomorrow Fund grants. As noted on page one of this report, in 2016 the AMP Foundation distributed $5.2 million to the community, including more than $1 million in grants through AMP’s Tomorrow Fund to help 53 Australians achieve their goals.