Risk management policy

Similar documents
RISK MANAGEMENT FRAMEWORK OVERVIEW

RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Risk Management at ANZ

Relevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority

RISK MANAGEMENT FRAMEWORK

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Enterprise Risk Management Policy Adopted by the AMP Limited Board on 2 February 2017

Pillar 3 Disclosure November 2016

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

RISK MANAGEMENT FRAMEWORK

Risk Management Policy and Procedures.

OPERATING POLICIES AND PROCEDURES Chapter 12 Due Diligence Policy and Procedures. Effective from 28 November 2016

Goodman Group. Risk Management Policy. Risk Management Policy

Anti-money laundering Annual report 2017/18

University Risk Management Policy

Rynda Property Investors LLP (the Firm )

Risk Committee Charter. Bank of Queensland

Integrated Risk Management Framework

Code of Responsible Investing March 2017

Pillar 3 Disclosure ICAP Europe Limited

ED&F MAN CAPITAL MARKETS LIMITED. Pillar 3 Disclosures Year ended 30 September 2016

Ingenious Capital Management Limited: Pillar III Disclosure

RISK MANAGEMENT POLICY

Pillar 3 Regulatory Disclosure (UK)

Pillar 3 Disclosures. Invesco UK Limited

THE CO-OPERATIVE BANK PLC RISK COMMITTEE. Terms of Reference

Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Ashmore Group plc Pillar 3 Disclosures as at 30 June 2018

CDC Remuneration Framework July 2017

Anti-Bribery Policy. 1. Introduction and purpose

Tilman Brewin Dolphin Limited Pillar 3 Disclosures

RISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION

Merrill Lynch Kingdom of Saudi Arabia Company. Pillar 3 Disclosure. As at 31 December 2017

Scouting Ireland Risk Management Framework

Old Mutual International Singapore Branch MAS Notice 124 Disclosures

Practical aspects of determining and applying a risk appetite for SMEs

Risk Management Policy and Framework

RSMR Portfolio Services Limited RSMR-PS Pillar 3 Disclosure

Risk management culture focused on integrity and good conduct

Pillar 3 Disclosures. GAIN Capital UK Limited

AUSTRAC Guidance Note. Risk management and AML/CTF programs

APT Wealth Management Limited. Internal Capital Adequacy Assessment Process. ICAAP Pillar 3

Tax Strategy. March 2018

GZC Investment Management Limited. Disclosure under Pillar 3 of Capital Requirements Directive. Date: March 2015

Perpetual s Risk Management Framework

Enterprise Risk Management process at Dragon Oil

CDC GROUP PLC (THE COMPANY ) TERMS OF REFERENCE OF THE RISK COMMITTEE OF THE BOARD

RISK MANAGEMENT POLICY October 2015

Insurance Bulletin. New OSFI Guideline on Operational Risk Management. September 2015

Pillar 3 Disclosure and Policy. Stenham Asset Management (UK) Plc. ( The Firm )

SEI Investments (Europe) Limited Pillar 3 Disclosure

RISK MANAGEMENT STRATEGY Version 3

Ashmore Group plc Pillar 3 Disclosures as at 30 June 2015

Crown Agents Investment Management Limited. Pillar 3 Disclosures. December 2014

AIA Group Limited. Terms of Reference for the Board Risk Committee

Risk Management at the Deutsche Bundesbank March 2011

Approved by: Diocesan Council 17 December 2015

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Pillar 3 Risk Disclosure Statement AS OF DECEMBER 2016

Bournemouth Primary MAT Risk Management Policy

Key risks and mitigations

Risk Management Policy Adopted by:

New Risk Management Techniques The Way Forward EDUARDO DUERI JLT Aerospace Latam MAY 2017

Merrill Lynch Kingdom of Saudi Arabia Company. Pillar 3 Disclosure. As at 31 December 2016

Pillar 3 Disclosures. 31 December 2013

Fraud risk management. Oil and gas sector

Risk Management Policy

Nucleus Financial Group plc. Nucleus 2018 Pillar 3 disclosure

M&G Group Pillar 3 Disclosures

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Senior Director, Fire Life Safety & Risk Management

RISK MANAGEMENT FRAMEWORK

Enterprise Risk Management Integrated Framework

Forsikringsselskabet Privatsikring A/S. Solvency and Financial Condition Report

Risk Management Policy (v7.0)

Black Pearl Securities Limited Black Pearl Governance Arrangement and Management of Risk Framework

Risk Management Policy

Risks and uncertainties facing the business

Capital Requirements Directive Pillar 3 Disclosure. June 2017

University of the Sunshine Coast (USC) Risk Appetite Statement

CAF BANK LTD PILLAR 3 DISCLOSURE

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Capital & Risk Management Pillar 3 Disclosures

NUMIS SECURITIES LIMITED

RISK MANAGEMENT POLICY

Ashmore Group plc Pillar 3 Disclosures as at 30 June 2016

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

RISK MANAGEMENT FRAMEWORK

Pillar 3 Disclosures. Sterling ISA Managers Limited Year Ending 31 st December 2017

PIMCO Europe Ltd Pillar 3 Disclosure. As at 31 December 2015

Risk Management Framework

PILLAR 3 DISCLOSURES. As at December avivainvestors.com

Risk Appetite. What is risk appetite?

Neptune Investment Management Limited ( Neptune or the Company ) Pillar 3 Disclosures 2013

RISK MANAGEMENT POLICY AND STRATEGY

DEPOSIT INSURANCE CORPORATION OF ONTARIO BY-LAW NO. 5 STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES

PILLAR 3 Disclosures

Transcription:

Risk management policy November 2017 Risk management policy Page 0 of 8

Contents 1. Policy objectives and background 2 1.1 Policy background 2 1.2 Policy objective 2 1.3 Policy sponsor and maintenance 2 2. Risk types 2 2.1 Financial risk 2 2.2 Development impact risk 3 2.3 Environmental and social risk 3 2.4 Business integrity risk 3 2.5 Operational risk 3 2.6 Strategic and external risk 4 3. Risk appetite 4 4. Behaviours and culture 5 5. Governance and roles and responsibilities 5 6. CDC s risk management framework 6 Risk management policy Page 1 of 8

1. Policy objectives and background 1.1 Policy background CDC s mission is to support the building of businesses throughout Africa and South Asia, to create jobs and to make a lasting difference to people s lives in some of the world s poorest places. Risk is an inherent component of CDC s activities. The ability to effectively identify, assess, measure, respond, monitor and report on risk in activities is critical to the achievement of CDC s mission and objectives. 1.2 Policy objective The objective of this policy is to set out the principal risk types that may face CDC group, CDC s appetite for these risks, and how CDC will manage these risks. 1.3 Policy sponsor and maintenance The CFO is the sponsor of this policy and is responsible to review and maintain this policy and submit it to the Board Risk Committee for review and recommendation to the Board for approval at a minimum once every two years. 2. Risk types CDC has identified six main categories of risk that it may face: Financial Risk Development Impact Risk Environmental and Social (E&S) Risk Business Integrity (BI) Risk Operational Risk Strategic and External Risk In addition to these risk types, CDC has identified reputational risk as a risk that it faces, which could be a consequence of any of the six main risk categories. These risks are further defined and sub-categorised in a separate document, the CDC Risk Taxonomy, which sets out the risk likelihood scale and risk impact definitions for each risk category. CDC assesses individual risks based on their impact and likelihood and compares these to the risk appetite set by the Board of Directors and summarised in section 3 of this policy. 2.1 Financial risk The financial risks at CDC are the risks of underperformance or unacceptable volatility of the investment portfolio return, as well as liquidity risks. Financial risk includes: Risk management policy Page 2 of 8

Portfolio return risk Individual investment risk Liquidity risk 2.2 Development impact risk Development impact risk is the risk that CDC will fail to achieve its development objective to create jobs and make a lasting difference to people s lives in some of the world s poorest places. Development impact risk includes: Portfolio development impact risk Investment development impact risk Credibility of CDC s methodologies risk Additionality risk 2.3 Environmental and social risk E&S risk is the risk that a business in which CDC has invested materially damages the environment, causes death or serious injury, fails to deliver appropriate working terms and conditions, or causes social harm. E&S risk includes: E&S implementation risk E&S residual risk 2.4 Business integrity risk BI risk is the risk that CDC, or a fund manager or portfolio company in which CDC has invested is involved in fraud, corruption, money laundering, terrorist financing, breaches of international sanctions regimes or breaches of other regulatory requirements. BI risk includes: BI implementation risk BI residual risk Regulatory risk 2.5 Operational risk Operational risk is the risk of loss or other damage to CDC resulting from inadequate or failed processes, people and systems at CDC. This includes legal risks other than those directly associated with compliance with the requirements of regulatory bodies such as the FCA. Operational risk includes: Operational risk Legal risk Risk management policy Page 3 of 8

2.6 Strategic and external risk The strategic and external risks at CDC are those risks which arise from the context in which CDC is operating and the strategic decisions that CDC has made. They are often long term in nature and frequently outside CDC s direct control. Strategic and external risk includes: Stakeholder risk Country risk External event risk 3. Risk appetite Fulfilling CDC s mission requires us to take risks some of which we actively seek out and some which arise as a result of our activities. CDC s risk appetite statement describes the types of risk that we face, the level of risk we are willing to take to achieve our mission and how we will respond to these risks. When developing our risk appetite statement, we have taken account of the following principles: CDC actively seeks our equity and credit risks resulting from investments in companies in developing countries in order to achieve both the targets set by its shareholder achieving both a financial return on investment and development impact. Doing this business exposes us to environmental and social, business integrity and operational risks. We take active steps to understand and where appropriate mitigate or manage these risks so they do not damage our licence to operate. CDC s mission exposes us to high contextual risks, in particular related to investment returns, environmental and social damage and business integrity risk, which can never be fully mitigated. CDC s reputation is an important part of our licence to operate. We seek to manage and mitigate reputational risk by addressing the underlying causes of reputational risk and by engaging with stakeholders. CDC s current risk appetite is summarised in the table below. Risk management policy Page 4 of 8

4. Behaviours and culture The culture and behaviours of staff at CDC are critical to ensuring effective risk management. CDC encourages a culture of openness, willingness to learn and taking pride from fixing problems when they occur. CDC s policies and procedures set out expected behaviours, in particular the Business Integrity Manual and the Staff Handbook. Regarding risk management, the key requirements are: Risks and their management are considered in business decision making CDC management and staff are expected to disclose and take appropriate action to mitigate known risks 5. Governance and roles and responsibilities 5.1 Key roles and responsibilities CDC s Board and Management are responsible for developing and implementing a risk framework which supports the identification and mitigation of risks to CDC s operations. Individual roles and responsibilities are set out below. Board The Board is responsible for setting overall risk appetite and approving risk management policies. Risk management policy Page 5 of 8

Board Risk Committee The Board Risk Committee is established to oversee risk management and make recommendations to the board on risk management policy and risk appetite. The Board Risk Committee is also responsible for reviewing the principal risks facing CDC and escalating risk matters to the Board. Management Management is responsible for implementation of the risk management policy and framework within their respective areas of responsibility. Management is responsible for monitoring levels of risk and developing action plans to reduce risks to within appetite if appropriate and escalating risk matters to the Board Risk Committee for their consideration. Management may assign responsibility for the management of specific risks to individuals within the firm, referred to as Risk Owners. Management is also responsible for setting tone at the top in respect of risk management culture. 5.2 Three lines of defence Within the company, CDC generally adopts a three lines of defence model to managing risk. However, the size of the organisation means that in some cases there is overlap between the first and second lines of defence. This risk is mitigated by ensuring independent oversight from the Internal Audit function. 1st line the functions that own and manage risk (Investment, Transaction Support and Corporate Functions) 2nd line the functions that oversee risk (Investment Committees, Finance, OCIO, Risk Management and Compliance) 3rd line functions that provide independent assurance (Internal Audit) CDC s Risk Management and Internal Audit functions seek to work collaboratively to ensure that risk identification and assurance work covers the full suite of risks facing CDC, while respecting the independence of the Internal Audit function. The CEO, CFO and COO, as members of senior management with responsibility for risk management are viewed as above the three lines of defence. 6. CDC s risk management framework CDC s management is responsible for developing and implementing a framework to identify, assess, measure, respond, monitor and report on risk within CDC s activities. CDC s risk framework consists of the following key components: Establishing the context for risk management Strategy and objectives CDC s corporate objectives and individual / team objectives are defined each year. They provide the basis for determining CDC s risk appetite. Risk management policy Page 6 of 8

Policies and procedures policies set the rules under which CDC will operate and procedures describe how these policies need to be implemented, including setting out the key controls in place to mitigate risk. Risk assessment and risk treatment Risk registers risk registers document the risks facing CDC, the controls in place to mitigate those risks and assess the impact and likelihood of the risk occurring. If risks are assessed as being outside appetite, mitigation plans are developed to reduce the level of risk. Investment decision making and portfolio monitoring identification and assessment of the key risks associated with investments at the point of investment approval and during the life of CDC s investment Key risk indicators key risk indicators are metrics used to provide an early signal of increasing risk exposures. They allow CDC to identify risk trends and take action before events occur. Incident management incident management and analysis allows CDC to ensure appropriate action is taken when incidents occur (when risks crystallise), validate the contents of the risk registers and determine whether action is required to avoid reoccurrence of similar incidents in future. Monitoring, review and communication Risk reporting reporting on identified risks to management and the board, including emerging risks and those that require action. Internal Audit monitoring independent monitoring of the implementation of the risk framework to ensure it is adequately designed and operating effectively. Risk management policy Page 7 of 8

CDC Group plc 123 Victoria Street London SW1E 6DE United Kingdom +44 (0)20 7963 4700 cdcgroup.com linkedin.com/company/cdc-group-plc @CDCgroup CDC Group plc is regulated by the Financial Conduct Authority. Registered address as above. Registered in England No. 3877777 Risk management policy Page 8 of 8

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback