Sanlam is one of the biggest internationally active insurance groups and is classified as a domestic systemically important financial institution in South Africa. Due to our potential impact on the system and the inter-connected nature of financial services, the ability to effectively manage complex risks needs to be a key capability.
Risks are managed on a preventive basis as far as possible through various risk management activities. Should they materialise, Sanlam’s financial capital is available to absorb the financial impact to ensure we remain solvent to honour the commitments to our clients. Sanlam’s solvency ratio remains fairly stable and at 215% it is well above the 100% minimum regulatory requirement.
We distinguish between strategic and operational risks, which are mitigated through a mature risk management governance structure:
The dominance of internal strategic risks and the upward movement in top risks were a result of the two major transactions for the year and is expected to remain significant in the short to medium term. Please refer to the information below for detailed descriptions of the strategic risks and opportunities with mitigating actions.
Risks to the global economic growth outlook continue to build, including the ongoing shift towards less monetary policy accommodation in developed markets, uncertainty around Brexit, greater US trade protectionism, the pursuit of deleveraging in China and the peaking impact of US fiscal expansion.
Developed economies are characterised by continued lack of material core inflation pressure despite a return to a negative output gap in 2018 and firmer wage increases against low unemployment rates. If upward pressure on wages persists and productivity growth remains constrained, the likely final outcome is higher core inflation and/or lower earnings growth.
In South Africa lax fiscal policy, reflecting excessive government consumption, is crowding out private sector investment activity. President Ramaphosa’s 2018 Investment Summit does hold some promise, given its emphasis on co-operation between the government and private sector. However, the announced projects require ongoing investment and will result in import leakages. GDP expansion is expected to continue, but potential growth remains below 2%. Private sector credit extension is palpably weak, given an increasing real prime overdraft rate.
Read more in the section on operating context.
We can minimise exposure to unrewarded risk in estate portfolios through continuous balance sheet management. Sanlam is participating via ASISA/BASA in engaging with government to find sustainable funding solutions, including for state-owned entities. We are participating in national initiatives to stimulate job creation and economic growth.
There is also significant focus across the Group on managing expense levels.
SPF focuses on optimising distribution capabilities and strategic partnering to exploit growth opportunities and gain access to under-penetrated market segments. The diversification of the SEM portfolio provides some natural mitigation although the economic fortunes of the SEM countries are still correlated and often influenced by similar external factors such as the oil price.
SIG is developing competitive capabilities in the alternative space, where higher yields can still be extracted from asset classes like unlisted credit, infrastructure, unlisted/private equity and other categories.
The ongoing technological revolution is altering the way people live, work and relate. The threat of disruption through a Fourth Industrial Revolution will affect Sanlam’s current and future clients, employees, partners and other stakeholders. This coincides with longer-term changes in demographics and globalisation. Our ability to respond is hampered by slow and unwieldy legacy systems and the associated pressure on costs. New entrants are unfettered by these constraints and have the freedom to probe for openings and disrupt the most attractive parts of the value chain. There is thus a risk that the Group’s competitive position could be compromised should we fail to properly manage and respond, as the nature of the disruption is evolving fast. The disruption also brings opportunities to boost innovation and differentiation.
Businesses across the Group embarked on initiatives to improve digital engagement with clients. This is premised on the new ways in which humans can interact with and through technology. Ownership of the engagement with clients is becoming paramount and highly valuable.
The Group business intelligence (BI) project aims to provide the foundation blocks to respond to Fourth Industrial Revolution trends. The project focuses on value-adding use cases while considering scaling for renewal use cases. The first workloads have been implemented in SPF and SIG, with further workloads investigated in all three South African clusters.
Sanlam Reality has the potential to play a key role in linking technology solutions to financial products. Various experimental initiatives are also pursued through IndieFin and EasyEquities.
The omni-channel coordination project (OMNI) will assist in adapting to changing client engagement expectations. OMNI is looking at BI as an enabler for their retail client-centricity drive.
The planned coordination of IT initiatives across the Group also aims to improve the robustness of the Group’s response to these changes. These include the renewal of existing administration platforms to suit the changing environment in terms of agility and cost.
Ongoing market scanning and research into developments and opportunities for partnerships, acquisitions and investments in start-ups in the InsurTech space continue. Read more about SPF’s initiatives in the case study.
SIG is using new technologies in the investment decision process including artificial intelligence and other advanced analytical techniques. The use of these applications is accelerating as the volume of available data rises exponentially.
Cyber-risk includes various risks related to digitised information, the supporting information technology infrastructure and increasing digitisation of all channels. New threats such as ‘cyber hurricanes’, increasing reputational risk and tougher data regulation mean that the threat from direct cyberattacks is escalating. Protecting against attack demands more timely and effective risk intelligence, understanding the constantly morphing nature of the threats, the ability to detect anomalous behaviour of software on the network and improving understanding of the ‘crown jewels’ (data and systems) most at risk of any weaknesses in the infrastructure. Lasting damage is reputational and could be caused in a wide number of ways, the most prevalent being the theft or ransom of sensitive client data, the corruption of insurers’ databases, fraud or the theft of intellectual property. The insurance industry is still unsure whether an insurer will be able to withstand a massive compromise of personal data. This is a critical dimension of this risk if seen against the fact that insurers’ IT systems are considered to be part of the country’s critical infrastructure.
Group Exco’s IT Steering committee oversees the response to cyber-risk by executing the cyber-resilience strategy through a dedicated subcommittee. A cyber-resilience policy was completed and approved by all clusters. A cybercrisis management process and essential principles were also agreed across clusters.
The Group Cyber Security Centre (GCSC) continues improving core cyber-resilience capabilities such as intelligence, monitoring, detection and response. The GCSC completed the implementation of end-point detection and response solutions to enable advanced attack identification and containment. Recent external assessment of detection and response capabilities showed a significant improvement.
We are working with the Financial Services Information Sharing and Analysis Center (FS-ISAC), as well as the South African Banking Risk Information Centre (SABRIC) and ASISA to improve the level of threat intelligence that is available within the Europe, Middle East and Africa (EMEA) regions. We have a seat on the FS-ISAC EMEA strategic committee that enables us to influence initiative priorities in our region. FS-ISAC started a small workgroup to focus on improving the cyber-intelligence available in Africa.
These measures, combined with a defined strategy and observed changes in threats and the technology landscape inform our additional focus on matters such as cloud computing, compliance with the Protection of Personal Information Act (POPIA), third-party risk management and secure application development.
Employees in key talent segments are stretched due to relentless operational, regulatory and competitive challenges. Sourcing key – and particularly black – talent to address human resource scarcity remains challenging and this adds further strain to existing employees. The war for talent in the financial services industry is more competitive than ever given the significant change projects that need to be implemented. Numerous regulatory proposals are now entering their implementation phases, causing a direct regulatory burden, but also business model changes, for example responding to RDR. Given this mix of circumstances, the risk of losing talent is heightened.
Group Exco decided in principle to manage the top 100 talent pool in the Group centrally, ensuring better rotation and development of employees. We believe that the introduction of the SuccessFactors system will ensure improved talent attraction and management processes. Employee engagement, motivation and retention should be enhanced as the digital platform facilitates and drives better people practices and a significantly improved employee experience.
In the shorter term, we have retention plans for key resources and additional roles added to structures where necessary. We have increased the use of consultants and focus on rigorous identification of essential work as opposed to work that is less urgent. The increased accommodation of flexible work practices is driving motivation and productivity.
Over the long term, an increase in talent pipeline feeder programmes will build capacity. A recent addition to the graduate programmes and alternate investments academy is the development of the Sanlam Data Academy which will offer a two-year advanced and intensive training programme aimed at graduates from computer science, information science, engineering, mathematics and statistics.
There is a continued focus on work practices, the enhanced Employee Value Proposition and improved opportunities for career development and mobility.
We are building the capability of resources internally through development interventions and encourage a sharper focus on the succession planning process. We are also investing in automation and simplification of processes to free up capacity.
Uncertainty and simultaneous regulatory implementation remain a risk, especially in relation to further phases under RDR, National Social Security Savings Scheme (NSSS) and NHI. The release of IFRS 17, with an implementation date of 1 January 2022, will require significant investment in building new valuation models and accounting systems, data management as well as process optimisation across the Group. The South African Reserve Bank (SARB) also announced a Financial Conglomerate Supervision project to develop Financial Conglomerate prudential standards to be introduced by mid-2019.
The move to the Twin Peaks supervisory model under the new Insurance Act formally commenced on 1 July 2018. The PA issued several communications to the industry on matters relating to the implementation of the Insurance Act and Prudential Standards. These include specific transition processes and forms for prescribed notifications and applications to the regulator. The PA also released new templates and timelines for regulatory reporting from 1 July 2018.
In each case the information requires considered and appropriate steps for the relevant entities. This continues to significantly hamper our ability to invest time and resources on other initiatives.
Regulatory risk is mitigated by taking a proactive approach in investigating and formulating views on regulatory proposals facing the financial services industry. The Group monitors and influences events by participation in direct discussion with regulators and through industry associations. All three South African based clusters are continuously re-evaluating their business models to align with and obtain a competitive advantage in a RDR environment.
We use consultants to assist with regulatory requests where we do not have resources and internal capacity. This is supported by Group-wide coordination of implementation efforts to achieve economies of scale, and a consistent approach.
The Group’s IFRS 17 project is progressing well with works streams established and close cooperation with Santam. Sanlam is also participating via ASISA to influence industry interpretation of the standard.
Several Sanlam volunteers are representing ASISA on the Financial Conglomerate Supervision project structures.
The Group has continuously been engaging with the PA during the transition to the new supervisory model.
PwC has completed the in-country compliance maturity assessment of the SEM subsidiaries. The outcomes confirmed deficits in the current compliance maturity. Given the heightened risk of non-compliance in-country and the increased requirement for group supervision, the shortfalls identified will be urgently addressed in a pragmatic manner. A pilot to address these has been launched in Namibia and a rollout to Botswana and Tanzania is planned for early 2019.
Diversified growth initiatives bring operational complexity and other strategic risks as the Group’s footprint grows. This includes expansion into areas where the Group does not traditionally have expertise. As such, there is a risk that our operational capabilities are not geared or have not expanded enough or at an appropriate rate to provide necessary support to the acquired businesses or our business partners.
The vast array of Group entities across Africa and Southeast Asia makes alignment with Sanlam Group governance standards challenging. The conclusion of the Saham Finances transaction will increase this risk significantly. With stretched resources there may be an increased risk of not realising returns on businesses, acquired at higher multiples than before, leading to impairments.
Other risks related to the Group’s merger and acquisition activities include ill-judged strategic partnerships or acquisitions and poor post-merger or acquisition integration.
The future SEM Target Operating Model (TOM) has been approved and implementation commenced. The establishment of a SEM Asset Management committee to oversee consistent governance and inform strategic investment across the continent will optimise returns for the SEM portfolio and shareholders.
SEM has expanded capacity and breadth of skills in some areas to help cope with the increased support requirements. An example is the SEM business integration function, created to assist with the integration of new acquisitions into Sanlam. SEM also established a business integration methodology improving the handshake between the integration and merger teams. We are also recruiting experienced and skilled employees at senior level in-country. Some of our partners bring expertise that SEM can leverage for other businesses.
SEM rolled out the Sanlam Code of Ethical Conduct during 2017. Acceptance of the code is done on an annual basis and reinforced through the risk appetite process.
The current review of the SEM Approval Framework requires stricter approval triggers for brand and media communications, product development and pricing, as well as IT approvals.
Standardisation of insurance platforms is a key management action. This enables central governance, standardised functionality and sharing of costs.
We have set appropriate hurdle rates for capital invested across emerging markets, to compensate Sanlam for the associated political, economic and business risks. SEM performs balance sheet reviews and analysis across the portfolio to safeguard assets. This includes ensuring that appropriate assets are invested to support capital and identifying mismatching of liabilities.
Implementation of the Group’s Pan-African strategy will be a test for Sanlam and requires a trade-off between risk and opportunity while ensuring effective control. The Saham Finances acquisition introduces significant size and complexity to the Group’s existing Pan-African presence.
The challenges of managing a multi-national financial services group will put significant pressure on the bandwidth of the SEM Group Exco and management team. Failure to properly integrate Saham Finances into Sanlam will be detrimental to stakeholders. The complexity increases the risk of corporate governance failures.
The Saham Finances investment requires a 12% dollar return on investment to achieve the Sanlam hurdle. The high price-earnings multiple sets a high bar for Saham Finances earnings growth. Exceeding hurdle rate on the investment will require significant synergies between SEM, Santam and Saham Finances.
Saham Finance’s actual performance to date has supported the SEM valuation model. In this Integrated Report we provide detailed reporting on Saham Finances to improve market insight into the value drivers of the Saham portfolio.
A formal project has been constituted to manage the on-boarding of Saham Finances in the SEM cluster. The Saham Finances Steering committee includes various work streams covering communication, regulatory approvals, financial and actuarial reporting, health insurance and employee benefits, reinsurance, information technology and operations, human resources and footprint overlap. Additional financial, actuarial, risk and compliance engagements have commenced, and good progress has been made to align reporting and governance matters.
SEM also performed detailed reviews of Saham Finances’ balance sheets.
The Saham Finances management team is committed to the success of the integration. Key management will be incentivised with lock-in periods to ensure the successful integration and business case delivery.
The Saham Finances Steerco will continue to manage key risks and outcomes formally in each of the work streams. Strong governance and ethics have been set as a key guiding principal for the integration.
Transformation and diversity challenges and changing demographics makes it increasingly difficult to remain relevant in the South African context. There are many challenges including amendments to the BBBEE codes in South Africa, which are more strenuous, with higher targets and penalties should certain minimum requirements not be met.
The BBBEE transactions will enhance the Group’s empowerment credentials. New black Group Executive committee members were appointed and the clusters committed to recruitment targets to shift internal leadership demographics. Targeted recruitment strategies and participation in industry and societal initiatives such as the youth employment services (YES) network further support our commitment. Other examples include the implementation of a Group language policy and several diversity and inclusion initiatives across the Group.
We established the Sanlam Data Academy to recruit and train young graduates in data science over a two-year period.
The Sanlam/Santam Enterprise and Supplier Development Programme continues in partnership with ASISA.
Instability has become a staple feature of South Africa’s socio-political and economic environment with the trend increasing on a year-on-year basis. The phenomenon is fuelled by income inequality, unemployment and poor service delivery. South African politics are going through a period of transition. This can give rise to unintended consequences and new sources of risk. With the upcoming 2019 elections, instability is expected to increase.
Sanlam participates on different levels in engagement between business, labour and government. The Sanlam clusters operate in line with the relevant regulations and contributes to initiatives such as the Youth Employment Scheme campaign.
Over the course of the past decade a cluster of environment-related risks – notably extreme weather events, failure of climate change mitigation and adaption, as well as water crises – emerged as a central feature of the global risk landscape. Because of the combined effects of climate change and poor maintenance of infrastructure, risk insurance companies are expected to cover a wider range of risks. Insurance premiums are likely to increase as insurers and reinsurers carry the burden of claims arising from severe weather events.
These trends can lead to some areas being uninsurable. This is driving greater engagement between insurers, policyholders, local authorities and intermediaries to mitigate risk proactively.
Insurers can play a critical role in reducing the socio-economic impact of severe weather events. However, low insurance penetration, especially in developing markets, has seen the protection gap widening over time. This reduces the risk-bearing impact of insurance and increases the burden on governments and taxpayers. Insurers will have to look at ways of addressing penetration proactively, including raising awareness around the role they can play in risk transfer and risk management.
Another area where insurers can play a bigger role is in resilient investing, e.g. infrastructure and green energy. However, this is often hampered by fragmented policy and regulatory frameworks. Stakeholders are also requiring more information from companies around how they are addressing increased weather-related risk.
Santam is partnering with municipalities across South Africa to manage fire and flood risks and to build understanding of the systemic risks inherent to the areas where we do business. Santam was the first African insurer to mobilise the short-term insurance industry in response to increasing climate and weather risk to address this need – a gap that can be termed ‘the risk protection gap’.
Santam and ICLEI Africa (the African secretariat of the world’s leading network of more than 1 000 cities, towns and metropolises committed to building a sustainable future) initiated the so-called CIP AIRR pilot project in Dar-es-Salaam, which typifies a ‘resilience investment’.
Santam is working closely with the UN Environmental Programme Finance Initiative, Principles for Sustainable Insurance and ClimateWise – the global insurance industry’s leadership group that drives action on climate change risk.
The expansion into credit assets means that Sanlam is investing more in longer-term infrastructure projects, such as renewable energy. Sanlam is looking at how to meet the new Task Force on Climate-related Financial Disclosures (TCFD) recommendations released in June 2017 in a pragmatic way.
The risks associated with the clusters’ day-to-day operations inform the bottom-up approach to risk management. The maintenance of risk registers and reports in each area controls this process. Risk registers are aggregated and reviewed by each cluster’s finance and risk committees or forums. Significant and emerging risks are escalated to Group level for consideration. The following are the key bottom-up risks facing the Group’s business units and clusters:
The Board is ultimately responsible for overseeing risk management. The Risk and Compliance committee is mandated by the Board to advise and assist with the design and implementation of Sanlam’s Group risk assurance framework and responsibilities. Therefore, the Risk and Compliance committee takes responsibility for approving the risk appetite and level of risk tolerance for the Group for recommendation to the Board and monitoring the implementation of the Group risk assurance framework and supporting policies.
A comprehensive and mature enterprise risk management framework is in place, with appropriate risk escalation processes from a business unit to Group level. Sanlam’s risk appetite statement is the key mechanism through which limits are set for material risk categories such as:
Safe to say that the work that has gone into the revised Group ORSA as well as the establishment of cluster ORSAs will have a noticeable impact on the quality of the risk reporting to management and the Board. This initiative is a leading practice.
- Sanlam Risk Management Effectiveness Review Follow Up, PwC, November 2018
The Insurance Act of 2017 and related Prudential Standards that became effective on 1 July 2018 require that we must conduct a forward-looking, risk-based Own Risk and Solvency Assessment (ORSA). This is an ongoing process of identifying, assessing, controlling, monitoring and reporting the risks to which the Group is exposed. We also assess the capital necessary to ensure that the Group’s solvency needs are met at all times.
There is also a regulatory requirement to produce documentary evidence of the process in the form of an ORSA report. The Group ORSA report combines the analysis performed by a number of risk and capital management processes, which are embedded across the Group, and provides quantitative and qualitative assessments of the Group’s risk profile, risk management and solvency needs on a forward-looking basis. The scope of the report covers the full known risk universe of the Group.
The ORSA process comprises static elements and dynamic parts. The former relates to policies, frameworks, procedures and methodologies which by their nature are unlikely to change much over the course of the year. The dynamic parts relate to information that requires regular monitoring as it is likely to change during the year, for example risk exposures and solvency position.
The dynamic parts are reported to executive management and the Board on a quarterly basis as part of the business-as-usual activities. The annual ORSA report is submitted to the Board and the regulator and contains a holistic view.
Sanlam prepared ORSA reports for 2015, 2016 and 2017. We expanded the Group ORSA process in 2018 to include a similar process per cluster. All clusters are now reporting top-down and bottom-up risks, their risk appetite and emerging issues as well as solvency, stress and scenario testing with forward-looking projections.
The Sanlam Board adopted the three lines of defence model for managing risks. This model defines the roles, responsibilities and accountabilities for managing, reporting and escalating risks and other matters throughout the Group. The model incorporates the oversight, management and assurance of risk management, essentially giving three independent views of risk. This approach ensures that risk management is embedded in the culture and daily activities of business units and provides assurance to the Board and Group Exco that risks are managed effectively.
First line of defence:
Roles and responsibilities:
Doing and recording
Delegated board authority to:
Second line of defence:
Objective oversight of risks.
Key activities include:
risk and legal based
Third line of defence:
The Sanlam Board’s mandated committees:
Independent and objective assurance over the effectiveness of corporate standards and compliance:
Risk categorisation and classification ensures that we have an effective and comprehensive risk management system.
The taxonomy is summarised as follows:
Business and sub-business level risk management:
identifies and manages risks faced by the business
Business level management committees:
Additional committees that may be established by a business to assist their executive committees in certain areas of risk management
Business level Risk and/or Audit committee/ forum:
assists the business level board in fulfilling its responsibilities to the Sanlam Life Board
Sanlam Group Exco: as the Sanlam Board’s overseer, responsible for ensuring that the businesses achieve optimal risk-adjusted returns
Group risk management: develops Group risk management framework, policy and guidelines for approval by the Sanlam Life Board, coordinates reporting responsibilities and improves risk management across the Group
Sanlam Life Risk and Compliance committee: assists the Sanlam Life Board in fulfilling its responsibilities
Sanlam Life Board: responsible for the Group’s risk management framework and policy, as well as monitoring the effectiveness and disclosure thereof, in accordance with best practice
There were no material breaches of our risk appetite statement. Read more about the role and focus areas of the Risk and Compliance committee in the Governance Report.
The Group Risk Management Function initiated a review of their current risk operating model in response to current and anticipated regulatory changes. The intent was also to ensure closer alignment to Sanlam’s vision and strategy while positioning risk management to be future-fit and resilient.
Risk management is a ‘tight’ principle defined by the Sanlam Business Philosophy, which means that there are specific structures, roles and responsibilities allocated to the clusters, with a strong central control of risk management.
The critical success factor of the new target operating model is the formal agreement and contracting of independent second-line specialist risk centres of excellence. In turn, these require specialised risk skills and experience such as financial risk, actuarial, information technology, cyber, data and regulation expertise.
The operating model further relies on the roll-out of the Sanlam bWise system to standardise risk categories and processes and improve risk management discipline throughout the Group. The system also allows for the aggregation, consolidation and cascading of risk types across the Group to provide insights for decision-making and enabling Group supervision.