Our enterprise risk frameworkShow more
The enterprise risk management (ERM) framework provides the foundation for how risks are managed across AMP. There are five key elements of the ERM framework as below: governance, strategy and appetite, the risk management process, systems and data, and people and culture.
The board is ultimately responsible for the ERM framework and oversight of its operation by AMP’s management. In particular, the board is responsible for setting AMP’s risk appetite, the strategic plan and risk management strategy.
It also monitors policies and business practices to ensure that strategic objectives are achieved within AMP’s risk appetite and to comply with applicable laws and regulations. The Risk Committee and board review the ERM framework at least annually, including for 2016, to satisfy themselves that it continues to be sound.
The board’s oversight, review and monitoring of the effectiveness of risk management at AMP are supported by board committees and management committees. The Risk Committee oversees the implementation and operation of AMP’s ERM framework and the risk culture within AMP. The Audit Committee assists by providing an objective non-executive review of the effectiveness of the ERM framework. From time to time, additional board committees are established to assist the board in its oversight of particular issues.
AMP also has management committees to assist in overseeing risk management. The Group Risk and Compliance Committee guides the implementation of risk management practices, processes and systems, and oversees all material risk exposures and risk decisions facing AMP. The Group Asset and Liability Committee oversees financial risks across AMP in relation to capital and financing, and the risk appetite as it relates to financial risk and shareholder capital.
The board and Risk Committee have been provided with assurance that all of AMP’s material business risks have been effectively managed for the year ended 31 December 2016.
Strategy and appetiteShow more
The risk appetite statement articulates the board’s expectations of the amount and nature of risk AMP is willing to accept in the pursuit of its strategic objectives.
AMP’s risk management strategy provides an overview of how the ERM framework addresses material risks at AMP. The risk appetite statement and risk management strategy support the development of AMP’s corporate strategy and ensure the impacts of the strategic objectives on the risk profile are within the board’s risk appetite and will be effectively managed. The risks arising from setting the corporate strategy and risks to achieving the strategy are also identified and considered in relation to the board’s appetite.
Risk management processShow more
AMP’s risk management process articulates how AMP identifies, measures, monitors and optimises risks. Risk identification is the process of determining which risks could potentially prevent the achievement of AMP’s objectives. Risk assessments are conducted to measure the ‘likelihood’ of the risk occurring and the ‘impact’ it will have on AMP’s business should it occur, taking account of the controls and structures in place to manage risk. Risks are monitored and reported to ensure any change in AMP’s risk exposures is identified and managed. Depending on whether the risk is within the risk appetite, actions are taken to either optimise or mitigate the risk.
In an environment where the operating landscape is rapidly shifting, AMP has developed an emerging risk process to proactively identify and assess emerging risks and opportunities. Emerging risks and opportunities are defined as possible events which may occur but are not yet fully understood and have the potential to significantly impact AMP in the future. Selected emerging risks are chosen for deeper analysis and stress testing to assess the potential likelihood and impact, and to determine appropriate actions if necessary.
The risk management process and emerging risk process assist AMP in achieving its strategic objectives and reduce the impact of unexpected outcomes.
AMP also aims to integrate effective risk management into the remuneration framework throughout the organisation. Risk management is a key feature of our reward elements and a risk culture measure made up 10% of the 2016 short term incentive scorecard for executives. Further information on the board’s approach to STI in 2016 is set out in the remuneration report in the AMP 2016 annual report.
Systems and dataShow more
Access to robust systems and appropriate data is fundamental for supporting an effective ERM framework. Risk systems capture elements of the risk management process and measure the effectiveness of controls in managing risks. Our systems and databases monitor changes in the potential impact or likelihood of current or emerging risks, enabling risks to be responded to and reported at all levels of the organisation.
People and cultureShow more
AMP’s risk culture framework defines risk culture as AMP’s attitudes, values and behaviours towards risk management. Simply put, it is how we operate on a day-to-day basis. The board oversees and assesses AMP’s risk culture through a combination of qualitative and quantitative metrics which include risk management practices, people and customer measures and engagement surveys. AMP recognises that a sound risk culture drives the right behaviour and conduct within an organisation and is committed to improving risk culture to keep pace with regulatory, customer and social expectations. As such, AMP focuses on embedding risk awareness into AMP’s broader culture to ensure risk is effectively integrated into decision making.
In addition to a risk-aware culture, AMP is committed to maintaining an appropriately skilled and staffed ERM function to ensure there is a sufficient line of sight, access and input into key risk decisions. The ERM function also supports AMP by developing the ERM framework, policies and procedure to facilitate a consistent approach to the identification, assessment and management of risks.
Material risksShow more
AMP has identified seven material risks types that are managed to support the achievement of strategic objectives:
- strategic risk – the risk of loss or foregone value associated with strategic decisions and the competitive positioning of the business and ability to respond in a timely manner to changes in the regulatory, customer or competitive landscape
- credit risk – the risk of loss or foregone value due to default on a contractually required payment
- market risk – the risk of loss or foregone value due to adverse movements in market prices
- insurance risk – the risk of loss or foregone value due to mortality, morbidity, longevity, expense and changes to policyholder behaviour
- liquidity risk – the risk of loss or foregone value due to an inability to meet payment obligations or the need to sell assets at an undesirable price
- concentration risk − the risk of loss or foregone value due to multiple risks eventuating concurrently. Concentrations can arise from multiple or single debtors, market correlation, cross risk types or pandemics thatimpact many insured policyholders at the same time.
- operational risk – the risk of loss or foregone value resulting from inadequate or failed internal processes, people and systems or from external events. This includes adherence to internal policies and industry standards.
Within these risk types, the specific risks that AMP is exposed to are identified, measured, monitored and managed. Stress and scenario testing is performed periodically to assess the potential impacts and resilience to risk in stressed periods, such as the Global Financial Crisis. You can see a more detailed outline of AMP’s key risks in the AMP 2016 annual report.
Political and regulatory environmentShow more
AMP operates in several jurisdictions across the globe. Each one of these jurisdictions has particular legislative and regulatory requirements that AMP is committed to meeting.
AMP has established internal policies, frameworks and procedures that seek to ensure our mandatory obligations under the regulatory requirements in each jurisdiction are met. A key part of AMP’s Risk Management Framework is ensuring that we effectively manage regulatory change.
Processes are in place that seek to ensure that we not only comply with regulatory changes, but also effectively manage the implications of regulatory change on our business performance.
Seeking to ensure that AMP complies with regulatory standards is the responsibility of everyone at every level of AMP. While some businesses and individual managers have primary roles in compliance management, AMP has developed a curriculum of mandatory compliance training that all employees must undertake to ensure awareness of their general compliance obligations.
Regulatory and compliance risks, breaches, consultations, and general interactions are reported as part of our internal risk and compliance reporting process, and to the relevant regulators as and when required. At any point in time, a number of investigations, consultations and general interactions may be in progress with our key regulators. We actively participate in these interactions, and fully cooperate with regulators on such matters.
If we are unable to foresee, advocate for, plan for, and adapt to regulatory change or if the regulator increases the level of investigation and consultation, this could negatively impact our ability to serve customers, and/or our earnings.
How we manage risksShow more
We have a ‘three lines of defence’ approach to risk management accountability:
Line 1 – management is responsible for identifying, assessing, monitoring and managing material risks in the business. These teams are responsible for decision making and the execution of the day-to-day business, whilst managing risk and the resulting profit and loss to ensure it is in line with the board’s risk appetite and strategy.
Line 2 – the Enterprise Risk Management team is responsible for designing, implementing and monitoring the practices and processes to identify, assess, monitor and manage material risks and provide advice and oversight on material business decisions. The team also provides objective advice and challenge to the first line’s decisions and provides assurance to the board that the risk profile is aligned with the board’s expectations.
Line 3 – the Internal Audit team provides independent and objective assurance to the board on the operational effectiveness of risk management across the business and the effectiveness of our control processes.
CEO and CFO assuranceShow more
The board receives regular reports about the financial condition and operational results of AMP and its subsidiaries. The CEO and the CFO provide the board with an annual declaration of their opinion that financial records have been properly maintained and that the financial statements comply with the appropriate accounting standards. The declaration states the financial statements and notes give a true and fair view of the financial position and performance of the AMP and that their opinion has been formed on the basis of a sound system of risk management and internal control which is operating effectively. This declaration is required by s295A of the Corporations Act 2001 and is in accordance with ASX Recommendation 4.2, to assist the board in considering and approving AMP’s financial statements for the period.
The CEO and the CFO provide a certification in similar terms in relation to the half-year financial statements.
Internal auditShow more
Our Internal Audit team provides the board and management with an independent and objective evaluation of the adequacy and effectiveness of the control over the risks for AMP and its subsidiaries. The team calls on support and advice from external experts as required.
To maintain independence, the Internal Audit team does not have responsibility for any of our business or risk management processes or practices. The director of Internal Audit has a reporting line to the chairman of the Audit Committee and regularly meets with the committee without management present. In line with the audit charter, an independent assessment of the Internal Audit team should be undertaken every four years to assess the effectiveness of the team and its compliance with international internal audit standards. This review was last performed in 2013 and showed the team was functioning well and effectively fulfilling its duties. The next independent review is expected to be completed in 2017.
External auditorShow more
AMP has appointed Ernst & Young (EY) as the company’s external auditors with Tony Johnson currently leading the EY team responsible for AMP’s audit. Tony took on the role of lead auditor in 2013. The lead auditor is required to rotate every five years unless special circumstances require this to be extended for additional years. Our Audit Committee has adopted a charter of audit independence, which sets out a framework to assist in maintaining the independence of EY as a result of its business dealings with AMP.
At each AGM, shareholders are given the opportunity to ask the lead auditor questions relevant to the conduct of the audit, the preparation and content of the auditor’s report, the accounting policies adopted by AMP in relation to the preparation of the financial statements, and the independence of the auditor in relation to the conduct of the audit.
Important informationShow more
All information on this website is subject to change without notice.