How we manage risk

Our risk framework helps us achieve our objectives and protect the interests of our stakeholders. We set clear limits on the degree of risk we’re willing to take, known as our risk appetite.

This helps us continually manage the risks involved in making sure we can pay current and future member's compensation for the rest of their lives.   

Our risk appetite is set by the Board

Managing risk on a day-to-day basis is embedded in all that we do, whether it is considering financial risk, investment risk, credit risk or operational risk.

Understanding and managing our opportunities, challenges and risks is critical to protecting our members and achieving our objectives.

We run a long-term risk model

Like many large financial institutions, we also run a long-term risk model – a detailed picture of how our finances might evolve under various scenarios. This helps us take a wide view on the potential risks we face now and in the future.

We also run exercises where we simulate extreme but believable events to see if we can withstand the strain and then make contingency plans.

Protecting data is incredibly important to us 

Our members’, levy payers’ and employees’ data are of paramount importance to us. We invest heavily in data protection and cyber security to eliminate complacency and minimise risks.

We regularly carry out simulation exercises to ensure we can respond effectively to a potential cyber-attack, and we review our policies to remain compliant with the General Data Protection Regulation (GDPR).

We've engaged with an external supplier to complete a full assessment of our cyber security risk governance and management practices against the NIST Cybersecurity Framework.

We’ve also received two independently verified certifications:

• Cyber Essentials Plus – a UK Government standard that provides an independent technical audit of an organisation’s IT security controls.

• ISO 27001 – the internationally recognised information security risk management framework