These risks, however, also create opportunities for innovation and differentiation. We distinguish between strategic and operational risks, which are mitigated through a mature risk management governance structure.
Risks are managed on a preventive basis as far as possible through various risk management activities. Should risks materialise, Sanlam’s financial capital is available to absorb the financial impact to ensure we remain solvent to honour our commitments to clients.
Sanlam has a comprehensive enterprise risk management framework in place, with appropriate risk escalation processes from a business unit to Group level. Sanlam’s risk appetite statement is the key mechanism through which limits are set for the material risk categories applicable to our operations. In the 2017 financial year there were no material breaches of our risk appetite statement.
Material risk categories:
The bottom-up approach embeds risk management into Sanlam’s day-to-day operations. Maintenance of risk registers and reports in each area control this process. Risk registers are aggregated and reviewed by each cluster’s finance and risk committees or forums, with significant and emerging risks escalated to Group level for consideration as appropriate. The following are the key bottom-up risks facing the Group’s business units and clusters (in decreasing order of relative significance):
Developed markets are showing increased economic growth and lower levels of unemployment, however possible exchange and interest rate volatility might persist in emerging markets. Improved global economic conditions have led to an increase in commodity pricing and improvement in terms of trade for economies with commodity exposure, including South Africa. South African gross domestic product (GDP) growth expectations, however, remain muted, and the sovereign rating status precarious, despite increasing investor confidence and growing political commitment to address issues of governance, inclusive growth and economic transformation.
Diversifying the business portfolio (geographic, product type, market segment and distribution platform) is a key mitigating factor, combined with a significant reduction of risky asset classes in the shareholder capital portfolio.
We adapted our investment strategy to reduce GEV exposure to interest rate risk and increased the offshore allocation in our ALCO funds.
Threats to Sanlam’s relevance (the Fourth Industrial Revolution and digital disruption) include fundamentally altering ways in which Sanlam’s current and future clients, employees, partners and other stakeholders live, work and relate.
This coincides with longer-term changes in demographics and globalisation, and disruptive innovation from new entrants.
There is a risk that Sanlam’s competitive position could be compromised if we fail to properly manage and respond to disruption.
Our ability to respond is hampered by slow and unwieldy legacy systems and associated pressure on costs. A group-wide business intelligence project is identifying foundational blocks to enable us to respond to these trends and add value to the business.
Sanlam Reality can link technology solutions to financial products, and the business clusters are pursuing various experimental initiatives. Sanlam Investments further acquired a stake in EasyEquities, a fintech business that can disrupt the investments sector with low barriers to entry through its low-cost platform.
Although still in its infancy, our omni-channel approach will help us to adapt our business in line with changing client expectations.
Cyber-risk emanates from digitised information, aging information technology infrastructure, and increasing use of digital channels. The threat of direct cyberattacks is escalating, and could result in reputational damage, business disruption, and theft, fraud or corruption of data and intellectual property.
Protecting against cyberattacks demands timely and effective risk intelligence, which includes a better understanding of the changing nature of threats and the assets most at risk. We respond to cyber-risk on multiple levels. This includes addressing control gaps, formulating cybercrises management processes and principles, and improving infrastructure security. Given the volume and rapid evolution of cyberattacks, prioritisation is critical. We are also focused on improving our core cyber-resilience capabilities – namely intelligence, monitoring, detection and response.
Human resource scarcity and stretched resources are evident from the great demand and strain on our human resource capabilities. In addition to operational challenges, we might lose our key employees, if they seek alternative work environments in South Africa and elsewhere with more manageable workloads.
In the shorter term, retention plans are in place for key resources. We are also making additional resources available and are implementing change management processes for current projects.
Over the long-term, mitigating actions include an increase in talent pipeline feeder programmes, continued focus on compelling workplace practices, building internal resource capability, and a sharper focus on succession planning processes and pipelines.
Simultaneous regulatory implementation and uncertainty impact our business model, competitive position, and operational efficiencies. While the recent publication of multiple pieces of regulation boosted certainty in South Africa, considerable uncertainty remains relating to further phases under the Retail Distribution Review (RDR), the National Social Security Savings Scheme (NSSS) and National Health Insurance (NHI).
We proactively investigate and formulate views on all regulatory proposals facing the financial services industry. We participate in discussions with regulators, directly and through industry associations. Our South Africa-based clusters continuously re-evaluate their business models to align with and obtain a competitive advantage in an RDR environment. We are also investigating initiatives to improve compliance monitoring and coordination with local management in the Rest of Africa through SEM’s compliance team.
The simultaneous implementation of other regulatory changes further hinders our ability to invest time and resources on other initiatives. IFRS 17 requires significant investment in new valuation models and accounting systems, as well as data management and process optimisation across the Group. In response, we have initiated an IFRS 17 project to facilitate and support implementation across the Group.
Diversified growth initiatives lead to greater operational complexity and other strategic risks. Our footprint has grown rapidly over the past few years. This includes areas where we do not traditionally have expertise. This poses the risk that our operational capabilities are not well geared, or have not expanded adequately to provide the necessary support to acquired businesses or business partners.
The vast number of Group entities across Africa, India and Malaysia makes alignment with our Group governance standards challenging.
SEM has expanded its capacity and breadth of skills to help cope with the increased support requirements, while leveraging existing skills from other clusters. SEM has placed increased focus on managing risks from consumer credit and retail banking, and avoids expansion into high risk countries. This includes exercising caution with regard to further expansion into Malaysia.
Transformational challenges and changing demographics make it increasingly difficult to remain relevant in South Africa. This includes more strenuous BBBEE targets, and higher penalties if certain minimum requirements are not met.
The clusters are focused on shifting our internal leadership demographics. This is supported by targeted recruitment strategies, diversity and inclusion initiatives (with a focus on gender), and participation in industry and societal initiatives, for example the CEO Initiative. We further support product and service transformation efforts at cluster level.
South Africa’s socio-political and economic environment is stabilising following a period of uncertainty. Income inequality, unemployment and poor service delivery remain issues of concern. Government’s resolve to confront corruption and service delivery are some of the factors contributing to a more positive outlook for the period leading up to the 2019 elections.
Sanlam’s Board and executive team engage with businesses, labour and government. We continuously ensure that Sanlam businesses are in line with the relevant regulations.
The Sanlam Board adopted the three lines of defence model for managing risks. This model defines the roles, responsibilities and accountabilities for managing, reporting and escalating risks. The model incorporates the oversight, management and assurance of risk management, essentially giving three independent views of risk. This approach ensures that risk management is embedded in the culture and daily activities of business units and provides assurance to the Board and Executive committee that risks are managed effectively.