Risk and Internal Controls
The Board has overall responsibility for the Company’s system of internal controls, the ongoing monitoring of risk and internal control systems and for reporting on any significant failings or weaknesses.
The system of control is designed to manage rather than eliminate the risk of failure to achieve our strategic objectives and can only provide reasonable assurance against material misstatement or loss. The Board has delegated to the Committee responsibility for reviewing the effectiveness and monitoring of the risk and internal controls framework.
On behalf of the Board, the Committee carried out the annual assessment of the effectiveness of internal controls during 2016, including those related to the financial reporting process. The Committee also considered the adequacy of the Group’s risk management arrangements in the context of the Group’s business and strategy. In carrying out its assessment, the Committee considered reports from the Group Financial Controller and the heads of Compliance, Risk and Internal Audit and also from PwC. This enabled an evaluation of the effectiveness of the Group’s internal controls. No significant failings or weaknesses were identified. The Committee keeps under review the Group’s risk management arrangements and internal controls through quarterly reports from representatives of each line of defence. The Group’s three lines of defence model provides an ongoing process for identifying, evaluating and mitigating risks faced by the Group. This model together with the most significant developments in the risk profile of the business and a description of how we control and manage risks are set out in chapter Key risks and mitigations.
As part of the Group’s Efficiency and Effectiveness review, a series of projects were initiated in order to better manage client onboarding and end-to-end life cycle processes across the Group. Initial focus was given to the take-on elements of Institutional clients, in order to form a solid basis for future work across the life cycle more broadly.
The Committee spent time considering the Institutional client take-on process and the interconnections with key finance processes, notably in relation to billing and rebates. The project aims to improve efficiency and through increased collaboration across the business to expedite the take-on process thereby improving clients’ experience of doing business with Schroders. Direct commercial benefits will arise from the reduction in overall time taken to fund client mandates. Improved data collection and work flow management will also enhance controls around billing and provide a single-source of information for the Group’s finance systems, thereby allowing better control of key terms that could impact our revenue and rebate processes.
The work is ongoing and the Committee will be kept up to date with progress during 2017.
Risk reports set out changes in the level or nature of the risks faced by the Group, developments in risk management and operational events, including significant errors and omissions. Separate reports allowed the Committee to consider a range of factors when determining the key risks and uncertainties faced by the Group. These included assessments of risk tolerance and stress testing of the Group’s capital position, as well as the production of the Group’s ICAAP, ILAAP and the Group’s Recovery and Resolution Plan.
The Committee considers emerging and thematic risks that may have a material impact on the Group. During the year, the Committee reviewed the Group’s arrangements in the areas of business continuity, information security, the management of technology change risk and our Infrastructure Finance business. Set out below are examples of the Committee’s activity where members of the first line of defence attended and presented to the Committee in relation to emerging and thematic risks.
During 2016 the Committee conducted its annual review of the Group’s material outsource providers. None of our key relationships had needed to be changed during 2016. However, action plans were implemented to improve performance and service quality in some instances including with respect to a third party provider engaged to provide transfer agency and other services for the Group’s UK-domiciled mutual fund ranges.
Notwithstanding the Group’s outsourcing of transfer agency and other services, the Group remains responsible for the services provided and is required to establish assurance over its compliance with the FCA’s Client Assets Sourcebook (CASS). The Group looks to the provider to develop and implement appropriate systems, processes and controls to enable compliance and therefore an independent review was commissioned to assess the provider’s controls and our own oversight arrangements. There were a number of findings many of which were common to other clients of the provider. None of the findings gave the Committee reason to believe that there had been any client detriment.
The Committee continues to provide oversight of the Group’s and the provider’s programme to deliver CASS compliant operations and management continues to work with the industry to resolve the issues faced. Within Schroders, processes have been reviewed and strengthened, employees retrained, with new employees added to work exclusively on CASS monitoring. Management reporting has also been enhanced.
Ongoing oversight of the Group’s outsource arrangements will be a priority for the Committee during 2017.
Compliance reports describe the status of our relationships and dealings with our principal global regulators and material changes in the regulatory environment in which the Group operates. The reports also outline key compliance issues, and the planning and execution of the compliance monitoring programme. The Committee also received reports on the operation of the Group’s whistleblowing arrangements, anti-money laundering processes and client asset controls.
Fund liquidity – Brexit
Following the UK referendum vote to leave the EU, the Committee received an update on liquidity and controls within the three areas of the business most likely to be impacted by reduced liquidity, Fixed Income, Real Estate and Equities.
Some third party daily-priced real estate funds held by retail investors had been closed to redemptions caused by reaction to the result of the vote. As Schroders chooses not to offer these types of products and Schroders’ Real Estate funds had little leverage and strong performance the principal risk for our Real Estate business had been one of market contagion. This did not occur.
Overall the Group’s liquidity response to Brexit had been well planned and executed, and the Committee agreed the business is well positioned to take advantage of any opportunities which may arise.
The Committee has authority to appoint or remove the Group Head of Internal Audit, who reports directly to the Chairman of the Committee. The Chairman of the Committee is accountable for setting the objectives of the Group Head of Internal Audit, appraising his performance against those objectives and for recommending his remuneration to the Remuneration Committee, with advice from the Group Chief Executive.
The Committee also has responsibility for approving the Internal Audit budget and being satisfied that the Internal Audit function has appropriate resources and continues to be effective. The Committee satisfies itself as to the quality, experience and expertise of the function through regular interaction with the Group Head of Internal Audit, both when the Committee meets and also through other meetings outside the formal meeting schedule. In 2016 an independent review of the function’s methodology was undertaken. Feedback was broadly positive with some process enhancements adopted. In accordance with the recommended practice of the Institute of Internal Auditors, the Committee will during 2017 approve the appointment of an independent third party to conduct a detailed ‘Effectiveness Review’ of the Internal Audit function. The appointed third party will be required to report its findings to the Committee during the second half of the year.
Internal Audit reports to the Committee set out progress against a rolling plan of audits approved by the Committee on an annual basis. These reports include significant findings from audits and their subsequent remediation, and recommendations to improve the control environment. During the year the Committee flexed the internal audit plan to meet the evolving risks faced by the business.
Both the annual compliance monitoring and Internal Audit plans are developed on a risk weighted basis to provide proportionate reassurance over the Group’s controls for the key risks set out in chapter Key risks and mitigations.
In 2015 the Committee had focused on the Group’s approach to conduct and culture in the business and agreed that a conduct risk framework should be developed. The four key components were: integration into culture and people management; accountability and governance; the relevant policy framework; and management information.
During 2016 the Committee received an update on key activities since the framework had been introduced. This included presentations from the Equities business in Investment and the Institutional channel in Distribution on the development of management information; the approach to integrating people and culture metrics into conduct oversight processes; and the development of a single firm-wide view of conduct risk.
The firm’s conduct programme looks to encourage forward-looking indicators in order to identify emerging trends or heightened risk issues before an adverse event occurs. Each stage of the employee life cycle has also been reviewed to consider culture and conduct with conduct more formally included in appraisals for 2016 onwards, while feedback on behaviours in line with Schroders values had already been added to the annual appraisal process. More information is included in the Remuneration report in chapter Annual report on remuneration.
The Committee will continue to monitor progress of the global roll out of the programme which is planned to commence in 2017.
Evaluating the performance of the Committee
The annual evaluation of the Committee’s effectiveness was undertaken as part of the overall Board evaluation process. The findings relating to the Committee were discussed with the Committee Chairman. Overall, the Committee is considered to be thorough and effective.
Priorities for 2017
As well as considering the standing items of business, the Committee will also focus on the following areas during 2017:
- Review of the Group’s risk appetite
- Client take-on
- Information security
- Outsource providers
- MiFID II readiness
- Conduct risk
- Statutory auditor transition.
Committee’s assessment of internal control and risk management arrangements
In light of its work, the Committee was content with the effectiveness of the Group’s processes governing financial and regulatory reporting and controls, its culture, ethical standards and its relationships with regulators. The Committee was also satisfied with the appropriateness and adequacy of the Group’s risk management arrangements as well as supporting risk management systems including the risk monitoring processes, internal controls framework and three lines of defence model.
Chairman of the Audit and Risk Committee
1 March 2017
* See glossary.