Risk Management oversight
The management of risk is fundamental to the successful execution of our Strategic Plan and to the resilience of our operations. During 2019 the Group successfully adapted its systems, processes and controls, in preparation for regulatory changes and to address Brexit contingency plans. The Group continues to support its key markets and deliver stable and resilient services that meet our clients’ needs.
> LSEG's Risk Culture
> Strategic Risk Objectives
> Current Risk Focus
> Group Risk Appetite
> Three Lines of Defence
> Overall Risk Assessment
> Risk Management Cycle
> Stress Testing Capabilities and Viability Statement
> CCP Risk Management and Oversight
> LSEG Risk Governance Structure
The management of risk is fundamental to the successful execution of our Strategic Plan and to the resilience of our operations. Our formal risk framework codifies the objectives that drive consistent risk management across the Group. Our risk culture determines the manner in which we manage risks every day.
Our management culture embeds risk awareness, transparency and accountability. A strong emphasis is placed on the timely identification and reporting of risk exposures and in the strategic analysis of prevailing or anticipated risks. The responsibility for identifying and managing risks rests with management and with the Executive Committee, with independent oversight from our Group Risk Management Team and from the Group Board Risk Committee. Our risk culture is one of our most fundamental tools for effective risk management. Our behaviour framework feeds into the criteria that we use to assess the effectiveness of our risk culture and the communication, escalation and use of risk analysis to make strategic decisions.
LSEG’s Strategic Risk Objectives derive from the strategy of the Group, which is defined annually by the Board. The risk objectives of the Group are as follows:
- Maintaining a strong risk culture throughout the Group: the Risk Management Framework is embedded within divisions and functions
- Maintaining stakeholder confidence: the Group’s stakeholders have confidence in its ability to deliver its strategic objectives with robust and effective governance and operational controls
- Maintaining stable earnings growth: the strategic growth of the business is delivered in a controlled manner with long-term value enhancement and low volatility of underlying profitability through diversification
- Maintaining capital requirements: the Group has sufficient capital resources to meet regulatory requirements, to cover unexpected losses and to meet the Group’s strategic ambitions
- Maintaining liquidity: the Group retains or has adequate access to funding to meet its obligations, taking into account the availability of funds
- Monitoring and managing credit risk exposure in conjunction with prevailing macroeconomic and geopolitical factors to ensure Group Thresholds limits are always adhered to
- Ensuring prudent levels of margin, default funds and liquidity arrangements in the Group’s CCPs
- Maintaining operational resilience by facilitating orderly market operations: the Group’s operations are delivered in a secure and efficient manner without disruption
- Achieving operational excellence consistent with the Group’s aspiration to be operationally “best in class”
- Maintaining physical and IT security to protect the Group’s assets, our people, infrastructure, data and other assets
- Adhering to regulatory requirements: the Group conducts activities at all times in full compliance with its regulatory obligations
Current and emerging risks on which we continue to focus relate to:
- Geopolitical uncertainty: Ongoing political tension and uncertainty to fuel uncertainty in the markets. In addition, global economy underperformance is likely to lead to lower activity across the markets in which we operate
- Climate-related risk: Increased focus on climate-related risks, from regulators, investors and stakeholders, has generated a requirement for enhanced climate-related risk oversight
- Emerging technology: Integrated artificial intelligence (AI) in digital transformation strategies brings with it associated risks such as inherent bias in the historical data and behaviour patterns which feed AI algorithms, which may give rise to automated decisions which are not aligned with current societal expectations or organisational values
- Regulatory change: Regulatory change affects the operations of the Group as well as those of our users and customers and increases regulatory risk through increased regulatory compliance risk
- Transformation and the Refinitiv transaction: The Group’s acquisitions increase the transformation risk, whilst delivering opportunities to compete globally. In particular the success of the Refinitiv transaction will be dependent upon LSEG’s ability to integrate the businesses of LSEG and Refinitiv
- Financial risk: The risk of financial failure, reputational loss, loss of earnings or capital as a result of investment activity, lack of liquidity, funding or capital, or the inappropriate recording, reporting and disclosure of financial results, taxation or regulatory information.
- Operational resilience including security: The security and resilience of systems and processes represent a key emerging risk across the whole global financial services industry, attracting significant regulatory scrutiny
LSEG’s Risk Appetite is defined as the level of risk that the Group will accept in pursuit of its strategic objectives. The Group Risk Appetite Statement, proposed by the Executive Committee, is approved by the Board at least annually and is determined in conjunction with the Group’s strategy and aligned to the Strategic Risk Objectives. The components of Risk Appetite that relate to Central Counterparty Clearing Houses (CCPs) and Central Securities Depositories (CSDs) are also approved by the respective Boards within the Group, in compliance with EMIR, CSDR and other applicable regulations.
The Group Risk Appetite is cascaded down to each business unit. Regular reporting at both Group and Business Unit levels uses Risk Appetite as a benchmark that can then be incorporated into the Group Risk Policy Framework.
Risks that are outside Risk Appetite are escalated to Executive Committee members and to the appropriate Risk Committee. The Risk Appetite status is also reported
to the Board Risk Committee and to the Board for all aggregated Group risks.
LSEG’s risk control structure is based on the ‘3 lines of defence’ model:
- The First line (Management) is responsible and accountable for identifying, assessing and managing risk
- The Second line (Risk Management and Compliance) is responsible for defining the Risk Management process and policy framework, providing challenge to the first line on Risk Management activities, assessing risks and reporting to the Group Board Committees on risk exposure
- The Third line (Internal Audit) provides independent assurance to the Board and other key stakeholders over the effectiveness of the systems of controls and the ERMF
Key risk categories include strategic, operational and financial risks. Operational risk includes IT risk as well as risk associated with operational processes. Financial risk includes credit, clearing and market risks. We recognise that each of these risks, if not properly managed and/or mitigated, could have an impact on the performance and reputation of the Group and its subsidiaries. Indications of the relative sizes of these risk types are shown overleaf.
Risk Management Approach
Our approach to managing risks includes a bottom up and a top down approach. Key external and internal factors are stress tested across our Group operations to assess the potential impact on the financial results, strategic plans and operational resilience.
The risk function is centralised at the Group level with the exception of the CCPs where each clearing house has its own risk team in compliance with the EMIR requirements and CSDs which have their own risk teams under the provisions of CSDR. The function’s main role is to maintain a fit for purpose Group ERMF and recommend to the Risk Committee and to the Board statements. It also reviews, analyses, monitors and challenges the risk profile of the Group and of its subsidiaries and ensures it remains within Risk Appetite. The function supports the Risk Committee members by providing reports on the Group’s risk profile and timely escalation of exceptions. It also monitors compliance with rules and regulations and develops and maintains frameworks to facilitate the identification, assessment, reporting and monitoring of all the principal risks that could materially impact the reputation, financial position or operations of the Group.
The key to the Risk Management Cycle is that it begins with, and feeds back to, the Business Strategy – which is ultimately driven by both internal and external drivers. This ensures that the management and assessment of risk remains a fundamental component of the Group’s strategic decision-making process.
Enterprise Value-at-Risk (EVaR)
The primary purpose of EVaR is to serve as a fungible barometer of risk within the organisation:
- Providing a dynamic measure of the riskiness of our activities and the external environment; comparing relative risks across the various activities and divisions of the Group (fungibility).
- Reflecting the effectiveness of our controls around the Group, both direct and indirect (e.g: Risk Culture).
- Incentivising the business to improve risk management and reduce loss incidents.
- Providing a holistic view of all risks across LSEG’s Risk Appetite categories.
LSEG’s EVaR model consists of four risk components (credit, market, operational and business), and enables the Group to consistently quantify its risk-taking activities. The relative contribution of each component to the Group’s total economic capital is shown in the chart below. Operational risk represents the largest component of the Group’s economic capital.
The Group’s viability statement is underpinned by the Group’s stress testing process. Under this process, a set of severe but plausible scenarios appropriate to the business of the Group and reflecting our principal risks are defined by Management, and the financial impact of each on the Group is quantified.
The stress test scenarios are re-assessed annually and may be updated either during this review process or at other times during the year where the external environment changes.
A 3-year horizon is used for LSEG’s financial viability statement, consistent with the Group’s strategic planning cycle. The scenario impacts are evaluated
on the Group’s key financial metrics: liquidity headroom; leverage; interest cover; and regulatory capital headroom.
In addition, a set of compounded stresses was evaluated to provide further confidence on the ongoing financial viability of the Group even under very highly stressed environments. The process and final output of the stress tests was reviewed by management and by the Board, the Risk and the Audit Committees. They also reviewed and discussed ‘reverse’ stress testing, which was performed to assess what would be required to breach the Group’s covenants.
Each of the Group’s CCPs complies with the appropriate regulatory requirements. Consequently, they each manage their risk under the governance of their Board of Directors and of their internal risk management structure. The Group monitors the CCP’s aggregated risks positions by using tools that measure the overall exposure to counterparty risk, credit risk (including latent market risk where a default can result in a CCP having the market risk inherent in the defaulter’s portfolio) and liquidity risk. It uses a bottom-up approach for the monitoring of operational risks.
The Group’s CCPs are managed in accordance with our ERMF, which includes a CCP Financial Risk Policy specifying minimum risk standards for margin confidence level, default fund cover, liquidity, counterparty concentrations, new member assessment, reporting and collateral. This promotes consistency in the oversight of our clearing risks while protecting the independence of the CCPs’ risk management processes as required by relevant regulation.
CCP Risk Management and Operations
The Group’s CCPs interpose themselves between 3 counterparties in a trade and assume the legal counterparty risk for eligible transactions that are cleared. If either party defaults on the trade, the CCP becomes accountable for the defaulter’s risk and associated liabilities.
Fundamental to a CCP’s risk process is its collection of high quality and highly liquid collateral from clearing members and clients as security for potential defaulter risk. The CCPs have in place a variety of margin models, across asset classes, to calculate the collateral requirements appropriate to each member’s risk position. Clearing members are also required to pledge collateral to the default fund(s), the overall size of which, for each clearing service, is computed to at least the ‘Cover 2’ level – large enough to cover the 2 members that would create the largest liability given a simultaneous default under extreme but plausible market conditions – and allocated across the members of the clearing service.
The adequacy of the CCP’s Financial Resources (Margins and Default Fund contributions collected from its members) is assessed on at least a daily basis and reported regularly in accordance with the Financial Risk Policy using Group Risk Appetite as a benchmark. The Principles for Financial Market Infrastructures (PFMI) produced by CPMI-IOSCO and EMIR provide the minimum Risk Management standards that a CCP should apply; however, LSEG CCPs apply more stringent margin confidence levels in most cases.
If a clearing member fails, the collateral collected is used by a CCP to complete the trades and fulfil the failed organisation’s obligations. This ensures that the party on the other side of the trade is not negatively impacted by the default. The margin is calculated to cover market moves up to a certain confidence level.
If losses exceed the defaulter’s financial resources, then under EMIR Regulation the CCP is required to utilise a specified proportion of its own capital ‘skin-in-the- game’ before it can utilise the assets of non-defaulters. The skin-in-the-game represents a proportion of the CCP’s own capital that is sufficient to act as an incentive for CCPs to minimise the operational risk related to default management and to adopt robust risk management processes. Once the skin-in-the-game has been exhausted, further losses are allocated to the non-defaulting members via funded member contributions to a mutualised default fund for each asset class or group thereof followed by further cash calls known as assessments and then a loss distribution waterfall set out in the CCP rulebook. CCP operational risk is managed using a bottom-up approach and is aligned with the Group’s operational risk management approach.
The Risk Governance of the Group is as follows and presented diagrammatically below:
- The Board is responsible for determining the Group Risk Appetite. The Board’s Risk Committee receives regular reports presenting the aggregate risks of the whole Group measured against the Appetite
- The ERMF defines roles and responsibilities for risk management oversight and activities, including for the Board, the Executive Committee and sub- Committees thereof
- The Executive Financial and Operational Risk Committees monitor and report on the risk profile of the Group; review and challenge the application of the Group risk framework; recommend Risk Appetite Statements to the Executive Committee and monitor compliance with the relevant risk policies
- The Group has a Business Continuity Management framework in place which is managed and maintained through a fully established Business Continuity Programme. The Business Continuity Programme is overseen by the Business Continuity Board, a sub-committee of the Operational Risk Committee
- The New Product/Market Committee reviews and recommends business cases to the Executive Committee ensuring product innovation and new market risks are appropriately identified and assessed
Each Group-level risk is owned by a member of the Executive Committee who is responsible for managing or mitigating the risk in order to remain within Risk Appetite. The Board and the Risk Committee receive presentations on material risks and related mitigants as appropriate.
The Reports of the Audit and of the Risk Committees, on pages 65–71, provide details on the work carried out to assist the Board in fulfilling its oversight responsibilities for risk management and systems of internal control.