As a financial services group, effective risk management and control are essential for sustainable and profitable growth
We face risks across all facets of our business every day. Risks exist when a decision or action has an uncertain outcome that could impact our performance. They arise for a variety of reasons, including external events (electricity shortages, economic shifts and regulatory change) and internal events (technology system failure or poor sales practices). We take select risks, such as lending money to a customer or client, after appropriate consideration.
We use a risk management framework to set a balanced risk appetite that takes into account the operating environment and strategic intentions of the Group. The framework sets out activities, tools, techniques and practices to (i) comply with regulatory frameworks and (ii) identify and manage material risks. It also ensures appropriate responses that protect Barclays Africa and our stakeholders. It is essential that business plans are supported by an effective risk management framework to allow us to grow sustainably and responsibly.
We have maintained our active approach towards managing both current and emerging risks through the continued operating effectiveness of our Board-approved enterprise risk management framework. This approach is underpinned by:
- a robust and aligned governance structure at a Group, country and business level;
- well-defined material risk categories known as principal risks;
- a ‘three lines of defence’ model, with clear accountability for managing, overseeing and independently assuring risks;
- comprehensive processes to evaluate, respond to, and monitor risks; and
- a sound architecture that sets out the appropriate risk practices, tools, techniques and organisational arrangements.
This framework defines credit, market, treasury and capital, insurance, operational, model, conduct, reputation and legal risks as principal risks in recognition of their significance to the Group’s strategic ambitions.
Three lines of defence
We govern risk through a Group-wide ‘three lines of defence’ model. Our enterprise risk management framework assigns specific responsibilities to each line of defence.
Process and control owners in customer-facing segments and select Group functions, who are responsible for managing end-to-end risks and controls in their daily processes.
Independent risk, compliance, legal and control functions and management control groups, who formulate risk and control policies and standards, and review the first line’s adherence to these.
Internal and external audit functions who test and review controls to determine whether the first and second lines execute their responsibilities effectively and consistently.
All our employees have a role in risk management. They are required to familiarise themselves with relevant risk management policies; are assisted by tailored training; must know how to escalate actual or potential risk issues; and have a role-appropriate level of awareness of the framework, the risk management process and governance arrangements.
Evaluate, respond and monitor
This is a structured, practical and easy-to-understand risk management approach to identify and assess the risk, determine the appropriate response, and then monitor the effectiveness of the response and the changes to the risk profile.
Individuals, teams and departments, including those responsible for delivering the objective under review, identify and assess the potential risks.
The appropriate risk response ensures that risks are managed within our risk appetite. We can respond in three ways:
- Accept the risk, but take necessary mitigating actions such as using risk controls
- Stop an existing activity, or do not start a proposed activity
- Continue, but transfer risks to another party, e.g. insurance
This is ongoing, proactive and more than ‘reporting’. It includes ensuring risks are maintained within risk appetite and verifying that controls are functioning as intended, and remain fit for purpose. It can challenge and prompt re-evaluation of the risks and/or changes in responses.
Risk appetite and strategy
Our risk strategy is developed alongside the Group’s strategy, and is essential to integrated planning. Our risk appetite defines the nature and amount of risk that we are willing to take to meet our strategic objectives. At the outset of strategic planning, we set our risk appetite to define parameters for the business strategy, and to ensure that we consider risk information in our decision-making and planning.
We define our risk appetite using qualitative statements and quantitative measures at principal risk, legal entity and business unit level, specifying the risks we seek, accept, or avoid. The maximum amount of risk we are prepared to accept is defined using quantitative metrics relating to capital adequacy, earnings volatility, liquidity, and leverage.
|Quantitative risk appetite metrics||Definition|
|Total regulatory capital coverage||The extent to which the Group is adequately capitalised on a regulatory basis for both our banking and insurance businesses|
|Common equity tier 1 ratio (%)||The extent to which the Group is adequately capitalised within common equity tier 1 capital definition|
|Economic capital coverage||The extent to which the Group is adequately capitalised on an economic basis|
|Accounting earnings-at-risk (%)||Percentage of profit before tax potentially lost over a 12-month period|
|Loan loss rate (basis points)||Level of actual credit losses in the Group’s credit portfolios|
|Liquidity coverage ratio (%)1||The sufficiency of high-quality liquid assets relative to total net cash outflows over a 30‑day period|
|Leverage ratio (%)1||Level of leverage in the Group per unit of qualifying Tier 1 regulatory capital (statutory)|
|1||Based on Basel III guidelines.|
Stress testing and scenario analysis
Stress testing and scenario analysis are integral to integrated planning and risk management. They let us assess the performance of the Group’s business in the expected economic environment, and they evaluate the potential impact of adverse economic conditions by applying the information in the process of setting risk appetite.
Overview of 2017
|1||On a normalised basis.|
|2||Includes unappropriated profits.|
|3||Board target range: 10.0 – 11.5%.|
|4||The Group’s liquidity ratio represents the simple average of the three month-end data points in December 2017. For Rest of Africa Banking entities, surplus high-quality liquid asset holdings in excess of the minimum requirement of 80% have been excluded from the aggregate figure.|
|5||Includes trading book and banking book net exposure.|
1. Credit risk
- Growth in loans and advances to customers was low at 3.9% (4.8% in constant currency), largely due to tough economic conditions, political and policy uncertainty and low confidence in South Africa. We had solid growth in Wholesale banking across our operations due to our strategic focus in the real estate sector, including high-quality mid-tier corporates. This partly offset the muted growth in our Retail portfolio and our flat Home Loans portfolio.
- Our impairment charges reduced to R7 022m (2016: R8 751m) due to lower defaults in the South Africa Wholesale portfolio, improved credit performance in the Rest of Africa, and proactive risk mitigation strategies initiated previously in South Africa Retail Banking. As a result of the lower impairment charges, our credit loss ratio improved to 87 basis points (2016: 108 basis points).
- Our non-performing loans as a percentage of gross loans and advances improved to 3.7% (2016: 3.9%) due to the recovery of a large single-name exposure write-offs and payment received on non-performing loans in the Rest of Africa Wholesale portfolio.
- The extent to which performing loans are covered by provisions decreased to 70 basis points (2016: 79 basis points) due to a 26% decrease in model-driven impairments and macroeconomic overlays increasing 2% to R1.4bn.
- Market movements increased counterparty credit risk and the credit value adjustment, increasing total risk-weighted assets.
2. Market risk
- Our trading exposures were managed within overall risk appetite, and hedging enabled us to remain positively exposed to increases in interest rates.
- Pension plans and benefits are provided in all countries. The overall funding level of the schemes improved, and is considered adequate.
3. Treasury and capital risk
- Our liquidity position remains healthy and within risk appetite and minimum regulatory requirements. We consistently maintained a liquidity coverage ratio in excess of the regulatory minimum requirement of 80%. The three-month average high-quality liquid assets increased to R157.1bn (2016: R142.1bn). We have a committed liquidity facility from the South African Reserve Bank which reflects in our high-quality liquid assets from 1 January 2016.
- We increased our long-term funding which is managed at an Absa Bank level, to match the growth in long-term assets, and it remains within the target range of 24% to 27%.
- Our loan-to-deposit and debt securities ratio increased to 90.6% (2016: 88.4%) primarily due to growth in loans and advances to customers. We have diversified sources of funding, which are managed in order to maintain a wide range of depositors, products and tenors.
- We maintained a strong capital adequacy position above the minimum regulatory requirements and above the Board-approved capital target ranges, with capital buffers sufficient to withstand stressed conditions.
4. Insurance risk
- The new business margin increased, due to change towards higher-margin risk business while short-term insurance premium income decreased following the sale of the unprofitable businesses in South Africa, as well as pricing interventions across our operations.
- The increase in severity and frequency of catastrophe events in South Africa increased costs and negatively affected underwriting margins and net profit before tax.
5. Operational risk
- Our operational losses were lower, due to a decrease in fraud, transaction processing related losses, and a significant recovery on a prior-year payment-related loss.
- There was an improvement in operational resilience as migration to our best-in-class data centre gained traction, and there was ongoing improvement in payment stability and processing.
- We made significant progress in remediating customer records to meet financial crime control requirements.
- Our converged security strategy is being implemented, improving fraud management capability and controls.
6. Model risk
- We finalised several important models in 2017, including the new IFRS 9 credit impairment models and several regulatory model suites. The combined assurance assessments over the period confirmed the operating effectiveness of the model risk framework and the Group model risk policy.
- We have made significant progress in the design and implementation of the strategic model implementation platform. We are migrating to this platform.
7. Conduct risk
- We began implementing an enhanced control framework in collaboration with the South Africa Banking Risk Information Centre. This will help protect confidential data and customer interests.
- In terms of our overall conduct index rating, risks relating to cybercrime and the protection of customer information remain a key focus alongside the proactive management of customer queries and complaints.
8. Reputation risk
- We made good progress toward defining and implementing the reputation risk framework, following the elevation of reputation risk to a principal risk.
- Africa YouGov measures various external stakeholders’ (including customers and regulators) perception of our brand. The metric continues to improve, particularly in the perception of the quality of products and services, and value for money.
9. Legal risk
- We received ongoing support and strategic advice regarding the Protection of Personal Information Act, Financial Markets Act and the Separation.
- Following the Public Protector’s report in respect of the Bankorp investigation in 2017, the court ruled in Absa’s favour and set the remedial action aside, with a punitive costs order against the Public Protector’s office.
Our operating environment is expected to remain difficult and risk management will remain a priority, including:
- tight control and management of the Separation and associated execution risks by delivering a structured programme of work via an integrated governance structure which is supported by the ongoing monitoring of idiosyncratic risks as well as independent quality assurance;
- continuing to manage the capital position of the Group, allowing for the continuing economic uncertainty, regulatory and accounting developments, and actions taken by ratings agencies;
- managing our funding and liquidity position in line with risk appetite and regulatory requirements, maintaining appropriate buffers while optimising the associated cost;
- continued monitoring of the resilience of our credit, treasury and market risk infrastructures to market volatility;
- continuing to improve control, efficiency and operational resilience across critical processes including collections, cyber security and fraud, data management, data centres (including disaster recovery) and financial crime; and
- strengthening the employee value proposition to ensure the continued availability of the right talent pool.