Risk governance

Principles and objectives

Risk is defined as the uncertainty that Prudential faces in successfully implementing its strategies and objectives. This includes all internal or external events, acts or omissions that have the potential to threaten the success and survival of Prudential.

The control procedures and systems established within the Group are designed to manage rather than eliminate the risk of failure to meet business objectives. They can only provide reasonable and not absolute assurance against material misstatement or loss and focus on aligning the levels of risk-taking with the achievement of business objectives.

Material risks will only be retained where this is consistent with Prudential’s risk appetite framework and its philosophy towards risk-taking. The Group’s current approach is to retain such risks where doing so contributes to value creation and the Group is able to withstand the impact of an adverse outcome, and has the necessary capabilities, expertise, processes and controls to appropriately manage the risk.

In keeping with this philosophy, the Group has five objectives for risk and capital management which are as follows:

Framework: to design, implement and maintain a capital management and risk oversight framework, which is consistent with the Group’s risk appetite and philosophy towards risk taking;

Monitoring: to establish a ‘no surprises’ risk management culture by identifying the risk landscape, assessing and monitoring risk exposures and understanding change drivers;

Control: to implement suitable risk mitigation strategies and remedial actions where exposures are deemed inappropriate, and to manage the response to potentially extreme events;

Communication: to effectively communicate the Group risk, capital and profitability position to both internal and external stakeholders; and

Culture: to foster a risk management culture, providing quality assurance and facilitating the sharing of best practice.

Diagram 1: Group level framework

Group-level framework graphic

Prudential’s risk governance framework requires that all of the Group’s businesses and functions establish processes for identifying, evaluating and managing the key risks faced by the Group. The framework is based on the concept of ‘three lines of defence’ comprising risk taking and management, risk control and oversight and independent assurance.

The diagram above outlines the Group-level framework.

Primary responsibility for strategy, performance management and risk control lies with the Board, which has established the Risk Committee to assist in providing leadership, direction and oversight in respect of the Group’s significant risks, and with the Group Chief Executive and the chief executives of each of the Group’s business units.

Risk management

Risk taking and the management thereof forms the first line of defence and is facilitated through both the Group Executive Committee (GEC) and the Balance Sheet and Capital Management Committee (BSCMC).

The GEC is comprised of the chief executives of each of the Group’s major business units, as well as a number of functional specialists, and supports the Group Chief Executive in the executive management of the Group.

The BSCMC is comprised of functional specialists and supports the Chief Financial Officer in the management of the Group’s balance sheet, as well as providing oversight to the activities of Prudential Capital, which undertakes the treasury function for the Group.

Risk oversight

Risk control and oversight constitutes the second line of defence, and is achieved through the operation of a number of Group-level risk committees, chaired by either the Chief Financial Officer or the Group Chief Risk Officer, which monitor and keep risk exposures under regular review. These committees are as follows:

Group Executive Risk Committee: the committee meets monthly to oversee the Group’s risk exposures, including market, credit, liquidity, insurance and operational risks, and also monitors the Group’s capital position;

Group Credit Risk Committee: the committee reports directly to the Group Executive Risk Committee and meets monthly to review the Group’s investment and counterparty credit risk positions;

Group Operational Risk Committee: the committee meets quarterly to oversee the Group’s operational risk exposures. The committee reports directly to the Group Executive Risk Committee;

Solvency II Technical Oversight Committee: the committee normally meets ten times per year to provide ongoing technical oversight and advice to the Board and executive in respect of their duties with regard to the Group’s Internal Model. The committee reports to the Group Executive Risk Committee;

Technical Actuarial Committee: the committee reports to the Group Executive Risk Committee and usually meets monthly to set the methodology for valuing Prudential’s assets, liabilities and capital requirements under Solvency II and the Group’s internal economic capital basis; and

Group Compliance Committee: the committee reports to the Group Executive Risk Committee and meets every two months to oversee the effectiveness of risk and capital management for all financial and non-financial risks faced by the Group and has responsibility to consider Group-wide regulatory compliance risks and controls.

The Group-level risk committees are supported by the Group Chief Risk Officer, with functional oversight provided by Group Security, Group Compliance and Group Risk. Group Security is responsible for developing and delivering appropriate security measures with a view to protecting the Group’s staff, physical assets and intellectual property. Group Compliance provides verification of compliance with regulatory standards and informs the Board, as well as the Group’s management, on key regulatory issues affecting the Group. Group Risk has responsibility for establishing and embedding a capital management and risk oversight framework and culture consistent with Prudential’s risk appetite that protects and enhances the Group’s embedded and franchise value.

Independent assurance

The third line of defence comprises the Group-wide Internal Audit function, which provides independent and objective assurance to the Board, GEC, Audit and Risk Committees on the overall effectiveness of risk management, control and governance processes across the Group.


The Risk Committee is provided with regular reports on the activities of the risk function and, where it affects the results of the assurances under the Turnbull compliance statement, the Audit Committee also receives appropriate reporting from the same function. Reports to the Risk Committee include information on the activities of the Group Executive Risk Committee, the Group Operational Risk Committee, the Group Credit Risk Committee, the Solvency II Technical Oversight Committee, the Technical Actuarial Committee and the Group Compliance Committee, as well as reports from Group-wide Internal Audit.

The Group’s capital position and overall position against risk limits are reviewed regularly by the Group Executive Risk Committee, the Group Risk Committee and the Board. Key economic capital metrics, as well as risk-adjusted profitability information, are included in the business plans which are reviewed by the Group Executive Risk Committee, the Group Risk Committee and the Board.

Routine internal reporting by the business units vary according to the nature of the business, with each business unit responsible for ensuring that its risk reporting framework meets both the needs of the respective business unit and the standards set by the Group Risk function. Clear escalation criteria and processes are in place for the timely reporting of risks and incidents by business units to the various Group-level risk committees and, where appropriate, the Board.

Each business unit reviews the risks inherent in their business operations as part of the annual preparation of their business plan, and subsequently, these opportunities and risks are regularly reviewed against business objectives with Group Risk. The impact of large transactions or divergences from the agreed business plan are also reviewed and reported by Group Risk.


The report on the responsibilities and activities of the Remuneration Committee can be found in the Directors' remuneration report.


Reporting tools

Save pages of the report
to download, print or email

View your pages


Your comments and ideas help us
to shape future reports to suit your needs

Tell us your views