2019 Integrated Report

CORPORATE GOVERNANCE REPORT CONTINUED 60 | PPS INTEGRATED REPORT 2019 ~ ~ Compliance monitoring is conducted to provide assurance on the level of compliance. ~ ~ Compliance incidents or suspected incidents are reported and managed. GROUP RISK MANAGEMENT The taking of risk, in an appropriate manner, is an integral part of business. Success relies on optimising the trade- off between risk and reward, following an integrated risk management process, and by considering all internal and external risk factors. While conducting its business, PPS is exposed to, and needs to take on, a variety of risks. The long-term sustained growth, continued success, and reputation of PPS are critically dependent on the quality of risk management. Management is committed to applying best practice and standards, including the implementation of the ISO 31000 standard on Risk Management, Prudential Standards, Risk Management and Internal Controls for Insurers (GOI 3) and King IV. The PPS Group Enterprise Risk Management Framework is aligned to such standards. PPS’ risk philosophy is underpinned by its objective of member value creation, meeting member benefit expectations and achieving sustainable profitable growth, in a manner that is consistent with members’ expectations of PPS’ risk appetite. This means the PPS Group must ensure that a high-quality risk management culture is instilled throughout its operations, built on the following main elements: ~ ~ Adherence to the value system of PPS. ~ ~ Proactive risk management. ~ ~ A risk awareness culture via management of the business units. ~ ~ Disciplined and effective risk management processes and controls, and adherence to risk management standards and limits. ~ ~ Compliance with the relevant statutory, regulatory, and supervisory requirements by way of a robust compliance risk management process. ~ ~ Regular monitoring by Compliance. ~ ~ Review of control measures by Internal Audit. ~ ~ Oversight of the risk management process by the Group Risk Committee. The PPS Group boards ensure that PPS has implemented an effective ongoing process to identify risk, measure its potential outcome and then implement what is necessary to proactively manage these risks. This responsibility includes setting the risk appetite and tolerance of the PPS Group, measuring the relevant risks against it, and ensuring that the necessary controls and service level agreements are in place, are effective and are adhered to at all times. Assurance of good corporate governance is achieved through the regular measurement, reporting, and communication of risk management performance, which includes progress with risk management plans and improvements to risk management maturity. Management and employees are responsible for the management of risk in accordance with the Enterprise Risk Management Framework, and incorporating risk management into the day-to-day operations of the PPS Group. Management is assisted by the risk management control function in performing annual risk assessments and updating these quarterly, and agreed mitigating actions are managed utilising CURA software. Risk registers are produced from CURA and reviewed monthly by the Group Executive Committee and quarterly by the Group Risk Committee for strategic and major operational risks. A Risk Report containing the findings and conclusions of the risk environment of the PPS Group is prepared on a quarterly basis and is reviewed by the Group Risk Committee and the respective Boards. Other operational risk registers are continuously managed by the relevant business areas. An opportunity assessment methodology has been implemented by PPS. The purpose of using this methodology is to identify opportunities and the material risks associated with new opportunities to enhance the quality and depth of the risk management process. This methodology also enables an assessment of current strategic objectives against those derived, based on opportunities and the prioritisation of the efforts to get maximum return based on readily accessible resources. The PPS Holdings Trust Audit Committee, the PPS Group Risk, Audit, Actuarial, Remuneration, Social and Ethics and Technology Steering Committees, as well as the Risk and Audit Committees of subsidiaries, make reports and recommendations to the PPS Group boards, enabling them to discharge their responsibilities in regard to risk management. MANAGEMENT OF FRAUD AND CORRUPTION RISK AND CONFIDENTIAL REPORTING The PPS Group maintains a Fraud and Corruption Policy and Response Plan, and a Confidential Reporting Policy to manage fraud and corruption risk in the PPS Group, and to ensure that employees are able to report suspicious activities without fear of retribution. An anonymous reporting hotline, operated independently from the PPS Group by Deloitte, provides a facility to enable employees to report suspicious activities and unethical behaviour in a safe environment. All financial crime-related suspicious transactions and reports are managed by the Fraud Committee and other unethical behaviour is managed by the Human Resources Department.