Group risk policies, standards and guidelines

 
The main policies, standards and guidelines are:
 
> The Sanlam Group Enterprise Risk Management (ERM) policy and plan;
> Sanlam Group Risk Escalation policy;
> Sanlam Group Business Continuity Management policy;
> Definitions of Risk categories standard;
> Risk Appetite guidance note;
> Sanlam Group Risk Appetite Statement;
> Sanlam Risk Management Maturity Model;
> Sanlam Risk and Compliance committee charter; and
> Group Risk forum terms of reference.
 
[Key:
  A policy sets out mandatory minimum standards for all businesses.
  A standard endeavours to ensure consistent use of terminology.
  A guidance note is aimed at providing information.]
 
The following also cover aspects with linkage to risk management:
 
> Sanlam Group Information and Information Technology (I and IT) Risk Management policy;
> Representations from Group businesses to the Sanlam and Sanlam Life Audit, Actuarial and Finance committees;
> Sanlam Corporate Credit Risk strategy and policy;
> Sanlam Financial Crime Combating policy;
> Sanlam Human Resources policies;
> Sanlam Group governance structures;
> Sanlam Life Insurance Audit, Actuarial and Finance committee charter.
 
Sanlam Group Enterprise Risk Management policy
The Group ERM policy includes the following main components:
 
> The broad objectives and philosophy of risk management in the Group;
> The roles and responsibilities of the various functionaries in the Group tasked with risk management; and
> The Group's minimum standards for implementation of risk management in the businesses.
 
Sanlam Group Risk Escalation policy
The Risk Escalation policy defines the circumstances in which risk events and emerging risks should be escalated to the Sanlam Group level. This includes quantifiable and unquantifiable measures.
 
Summary of Sanlam Group Risk Appetite
> The Sanlam Group consists of a number of decentralised businesses. These businesses have different risk profiles and appetites. They are capitalised appropriately based on these risk profiles.
> The Group determines the hurdle rates required from these businesses. These hurdle rates are set out for each business in accordance with its risk profile. On average the Sanlam Group aims to yield a return on GEV equal to at least 1% above its cost of capital, being equal to the return on 10-year government bonds plus 4%.
> Each decentralised business needs to operate within the restrictions of its allocated capital. For businesses using Value at Risk (VAR) as measurement, a 99,5% confidence level is required over a one-year time horizon. For businesses using capital adequacy (risk-based capital) techniques, a 95% confidence over a 10-year time horizon is required.
> Each business needs to manage their risks within the Group ERM policy parameters.
 
Risk Process and Status
The risk management process in the individual businesses comprises three distinct phases:
 
> Detailed identification of risk factors.
> Performance measurement by means of Key Risk Indicators and Key Performance Indicators. These can be measured in terms of financial and non-financial indicators.
> Stress testing and scenario analysis as a forward-looking methodology.
The appropriate Boards or committees thereof have approved all the policies at Group and individual business level.

Furthermore, the individual businesses have fully adopted and implemented the ERM policy, the Group Risk Escalation policy and Business Continuity Management policy as part of the individual governance structures.

The other policies are adopted by businesses where appropriate, although in the vast majority of cases this implies full adoption (as determined by business size/Group governance principles and the tight/loose principles).

Risk management has formally been incorporated into the charters of the various Risk and/or Finance committees. 
 
Independent Assurance reviews
During 2009, the Group developed, with an external assurance provider, a Risk Management Maturity Model to assess the risk management processes across the Group. Annually, all businesses conduct self-assessments against the Maturity Model. Larger businesses were assessed by an external assurance provider against the Maturity Model. Internal audit conducts assessments on a rolling annual basis and the overall results are presented to the Sanlam Life Risk and Compliance committee. 
 
Restatement of comparatives
Comparative information for 2009 was restated for all items affected by the restatements identified in note 38