Skip to main content
Menu
Log In

Our risk framework helps us achieve our objectives and protect the interests of our stakeholders. We set clear limits on the degree of risk we’re willing to take, known as our risk appetite.

This helps us continually manage the risks involved in making sure we can pay current and future member's compensation for the rest of their lives.   

Our risk appetite is set by the Board

Our risk appetite is set and reviewed by the Board, then monitored by the risk directorate and formal committee groups.

Each team manages its own risk and has its own processes. Our risk teams then help to ensure that our directors are acting on critical information and that the Board has a clear view of its enterprise risks.

This includes monitoring what claims we may have in future and ensuring we have sufficient funds to cover them. 

You need to allow cookies to view this video. Click the below link to manage your cookie settings and select "Targeting Cookies" on the left hand side.




This video explains how we manage risk. 

We run a long-term risk model

Like many large financial institutions, we also run a long-term risk model – a detailed picture of how our finances might evolve under various scenarios. This helps us take a wide view on the potential risks we face now and in the future.

We also run exercises where we simulate extreme but believable events to see if we can withstand the strain and then make contingency plans.

Protecting data is incredibly important to us 

Our members’, levy payers’ and employees’ data are of paramount importance to us. We invest heavily in data protection and cyber security to eliminate complacency and minimise risks.

We regularly carry out simulation exercises to ensure we can respond effectively to a potential cyber-attack, and we review our policies to remain compliant with the General Data Protection Regulation (GDPR).

We've engaged with an external supplier to complete a full assessment of our cyber security risk governance and management practices against the NIST Cybersecurity Framework.

We’ve also received two independently verified certifications:

  • Cyber Essentials Plus – a UK Government standard that provides an independent technical audit of an organisation’s IT security controls.
  • ISO 27001 – the internationally recognised information security risk management framework

 

Our Whistleblowing Policy

We’re committed to the highest possible standards of openness, integrity and accountability and encourage all colleagues to ‘blow the whistle’ on any wrongdoing without fear of reprisal or victimisation.

Data protection

Our members’, levy payers’ and employees’ data are of paramount importance to us. So we invest heavily in data protection.

Freedom of information

The Freedom of Information Act 2000 (FOIA) gives you the right to request information from any public authority.