Operational risks

Operational risks are inherent globally in all activities and processes we perform within the Group. To manage and mitigate these risks, the second line of defence provides oversight and challenge to the business through an operational risk framework. Tools to manage this include RCAs, risk event management processes and new product approval processes. We manage risk events through identification, reporting and resolution in order to prevent risk events from recurring.

Key risk

 

Description

 

How we manage risk

14. Conduct and regulatory risk

 

The risks of client detriment arising from inappropriate conduct, conflicts, management, practice or behaviour or failing to meet client needs, interests or expected outcomes.

The risks of money laundering, bribery or market abuse shortcomings on the part of fund investors, clients or our employees.

 

We promote a strong compliance culture and we promote good relationships with our regulators. Our Compliance function supports management in identifying our regulatory obligations and enabling these to be met through relevant training and procedures. Compliance with relevant regulatory requirements is monitored in accordance with a risk-based programme.

 

 

Our approach to encouraging appropriate conduct and minimising the risk of client detriment is set out in our conduct risk framework, and is built on our culture and values, supported by appropriate governance and reporting.

 

The risk that new regulations or changes to existing interpretations of them, can have a material effect on the Group’s operations, risk profile or cost base and be complex to implement and difficult to manage.

 

Risk based client take-on and review processes are among our key controls to address the risks of money laundering. Trading is subject to clear policies and to transaction surveillance processes, which are being enhanced. Financial crime oversight is provided by the Financial Crime Committee.

 

 

Regulatory and legal change is monitored by the Compliance, Legal and Public Policy teams. We engage with our regulators where appropriate in relation to potential and planned changes.

15. Legal risk

 

The risk that Schroders or its counterparties, clients or suppliers with whom we contract fail to meet their legal obligations, that Schroders takes on obligations that it did not intend to assume and the risk of legal claims and loss.

The risk that client expectations and obligations with respect to our own and third-party responsibilities under investment management and other agreements will not be met, with a revenue or contingent liability impact.

 

We rely on our employees, with support from our Legal function, to consider the obligations we assume across the Group and our compliance with them. Our policies and procedures across the Group are developed having regard to recognised legal risks.

Confirmations are obtained from representatives around the Group that actual or potential disputes or claims have been brought promptly to the attention of the General Counsel.

We have an escalation process for areas of identified material risk.

16. Tax risk

 

The Group and its managed funds are exposed to:

  • compliance and reporting risks, which would include the submission of late or inaccurate tax returns
  • transactional risks, which would include actions being taken without appropriate consideration of the potential tax consequences
  • reputational risks, which cover the wider impact that our conduct in relation to our tax affairs can have on our relationships with our stakeholders.

 

Our approach to managing our tax affairs and tax risk is set out in our tax strategy. This is reviewed by the Audit and Risk Committee annually. It is supported by a tax governance framework, which aligns to the Group’s wider risk and control framework. Independent monitoring and reporting of tax risks and controls is supported by Group Risk and key risks and issues related to tax are escalated to, and considered by, the Group Risk Committee and the Audit and Risk Committee, on at least an annual basis.

 

 

In accordance with the tax governance framework, the Tax function works with management and advisers to monitor the tax position of the Group. Local management, with oversight from our Tax function, is generally responsible for identifying and managing the tax position of our managed funds, with the assistance of third party service providers. Developments in taxation are monitored by the Tax function and local management. We engage with representative industry organisations and advisers to ensure we are kept abreast of relevant tax changes impacting the Group and its clients.

17. Process and change risk

 

The risk of failure of significant business processes, such as mandate compliance, client suitability checks and asset pricing.

Poor execution of acquisitions or management of strategic relationships which fail to deliver intended benefits in terms of revenue or costs.

 

Our key business processes have been identified and the risks assessed by first line of defence owners through the RCA process.

This is used to determine the adequacy and effectiveness of key controls; with second line providing oversight and challenge. Associated controls are assessed with regard to their design and performance. Output from the RCA process is presented to the GRC.

As part of our due diligence process when we consider an acquisition or strategic partnership we identify areas that will need to be remediated after a transaction is completed. Subject matter experts will be involved throughout the transition.

18. Fraud risk

 

Fraud could arise from either internal or external parties who attempt to defraud the firm or our clients by circumventing either our processes and controls, or the controls operated by our third party providers (e.g. within our outsourced transfer agency activities).

 

Policies and procedures are in place to manage fraud risk. Controls in place to manage fraud risk are assessed as part of the RCA process. Attempted or successful frauds are investigated by the Financial Crime team, with oversight from Group Risk.

The Financial Crime Committee provides oversight of the management of Fraud risk and is a sub-committee of the Group Risk Committee.

19. Technology risk and information security

 

Technology and information security risk relates to the risk that:

  • our technology systems and support are inadequate or fail to adapt to changing requirements
  • our systems are penetrated by third parties
  • data is held insecurely.

 

Formal governance over information risks has been established across the three lines of defence through the Information Security Risk Oversight committee. The Group holds insurance to cover cyber risks.

A number of policies and technical standards, including security awareness training, have been deployed across the Group.

Robust project management of a new front office technology platform and assessment of business requirements, implementation risks and scalability.

20. People and employment practices risk

 

Talented employees may be targeted by competitors seeking to build their businesses. This is particularly important for key revenue generators in Investment given the potential impact their departure could have on the Group’s financial position.

The risk that we are unable to retain key employees across the firm in a situation where revenue and profitability are deteriorating and variable compensation is reduced.

 

We have competitive remuneration and retention plans, with appropriate deferred benefits targeted at key employees. We keep our remuneration structures under review to ensure that they are appropriate as the firm develops new business areas. The Remuneration Committee has oversight of compensation arrangements that deviate from our existing compensation approach to ensure that they are appropriate and in line with the firm’s strategic priorities.

We seek to build strength and depth through sustainable succession and development plans. This includes identifying new skills that the business will require in the future, for which we can recruit selectively either through our entry-level or experienced hire programmes.

 

 

 

We operate a global model, which reduces our reliance on single pools of talent. Clear objectives are set for employees and success is measured in an annual review process, allowing us to manage under performance, identify motivational development initiatives and take disciplinary action if required.

We have policies and procedures in place to encourage diversity, provide for the safety and wellbeing of staff and to manage employment issues appropriately, handling them consistently, fairly and in compliance with local legislation.

We continue to monitor Brexit developments closely and their implications for employment practices.

 

The need to attract new employees for new business activities or strategic initiatives that require different skills to those that currently exist within the business.

People and employment practices risk incorporates the risk that our employment practices do not comply with local legislation, such as equal opportunities, human rights or the safety and wellbeing of employees when at work.

The risk that employees do not adequately fulfil their role.

The impact on staff mobility in and out of the EU as a result of Brexit.

 

21. Third-party service provider risk

 

Third-party service provider risk relates to the risk that suppliers may not be able to meet their agreed service level terms.

We have a number of outsourced supplier relationships as part of our business model, particularly in respect of; information technology, fund administration, custody and transfer agency services.

 

The Audit and Risk Committee reviews all material outsourced relationships, focusing on significant aspects such as service quality and risk management.

Policies are in place that govern our approach to appointing, managing and performing relevant due diligence of third-party service providers including regular reviews of performance against agreed service levels. In addition, for service providers not covered under the outsourcing policy, minimum requirements are established for overseeing service provider risk and performance, as well as the requirement to perform risk assessments on service providers deemed critical to business operations.

Exit plans are considered prior to appointment and provide a framework for transitioning business from one service provider to another should the quality fall below the agreed service level.

The Strategic report was approved by the Board on 1 March 2017 and signed on its behalf by:

Peter Harrison
Group Chief Executive