Sun Life 2012 Annual Report Download - page 70

Download and view the complete annual report

Please find page 70 of the 2012 Sun Life annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 176

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176

Human Resources Risk
We compete with other insurance companies and financial institutions for qualified executives, employees and agents. Competition for
the best people is intense and an inability to recruit, develop and retain qualified individuals may impede our ability to execute our
business strategies or to conduct our operations. To manage these risks, we have established and implemented comprehensive
human resource policies, practices and programs throughout the organization. These include: employee training and development
programs; compensation programs designed to attract, motivate and retain high-performing employees, and to encourage sound risk
management practices by all employees; leadership review processes to assess talent and leadership development programs to build
leadership bench strength and depth to succession options; and monitoring employee engagement through enterprise-wide
engagement surveys and implementing strategies to address any issues.
Model Risk
We use highly complex models to support many business functions including pricing, valuation, asset liability management and risk
management. To manage model risk, we have established an enterprise-wide model risk management program including policies and
operating guidelines, which outline risk-based requirements for maintaining inventories of significant models, model risk assessment,
controls, documentation, change management, testing and periodic independent reviews.
Technology Risk
We use technology to support virtually all aspects of our business and operations. To manage the risks associated with our technology
infrastructure, we have implemented a number of policies, standards and controls through our technology approval and governance
model to ensure ongoing operational integrity, systems availability, data integrity and information security. A system development
methodology and process has been designed and implemented. Our global technology infrastructure is overseen by the Chief
Information Officer.
Business Interruption Risk
Disruption to operations or systems from man-made or natural disasters may occur. To manage this risk, we have implemented an
enterprise-wide Business Continuity program to facilitate the recoverability of critical business operations. Our Chief Information Officer
is responsible for oversight of the enterprise business continuity program, which includes business continuity planning, crisis
management and disaster recovery.
Our policies, standards and operating guidelines establish consistent processes and procedures. These policies and programs are
designed to ensure that, to the extent practically possible, key business functions can continue and normal operations can resume
effectively and efficiently should a major disruption occur. These programs are updated and tested on a regular basis, and each
business segment maintains its own business continuity plan under the oversight of the global business continuity program. We also
have off-site backup facilities and failover capability designed to minimize downtime and accelerate recovery time.
Information Security and Privacy Risks
Security governance is the foundation for establishing and maintaining a secure environment. Information security breaches could
occur and may result in inappropriate use or release of personal and confidential information. To mitigate this risk, we have
implemented an enterprise-wide security program which is overseen by the Chief Information Officer. This program encompasses the
governance framework for security in the Company through policies, standards and controls to protect information and computer
systems that are aligned to recognized industry standards and are compliant with applicable laws and regulations. In addition, we
conduct mandatory security awareness training for all employees annually. An incident management process is established for
monitoring and managing security events.
Privacy breaches could occur and may result in unauthorized disclosure or use of personal information. Many jurisdictions in which we
do business are developing and implementing more stringent privacy legislation. In order to mitigate this risk, we have implemented a
global privacy program which includes a global privacy commitment, policies and standards, ongoing monitoring of emerging privacy
legislation and a network of privacy officers. Processes have been established to provide guidance on handling personal information
and for reporting privacy incidents and issues to appropriate management for response and resolution. Enterprise-wide oversight is
provided by the Chief Privacy Officer.
Outsourcing Risk
We choose to outsource some services to external third parties, including information technology, operations and investment
management. There is a risk that these third parties may be unable to meet their ongoing service commitments, which could jeopardize
our business. To manage this risk, we have established an enterprise-wide outsourcing policy which is consistent with OSFI
requirements. Our outsourcing program includes specific requirements for risk management programs to manage each significant
outsourcing arrangement, and also includes annual reporting to the Board of Directors.
Environmental Risk
An environmental issue on a property owned by us or on any property with which we are affiliated could result in financial or
reputational loss. As an organization we are committed to conducting our business activities in a manner that recognizes the need to
preserve the quality of the environment. An environmental risk management program is maintained to help protect investment assets
(primarily real estate, mortgage and structured finance portfolios where such assets are central to the underlying credit) from losses
due to environmental issues and to help ensure compliance with applicable laws. We have programs in place across our real estate
portfolio to identify and mitigate environmental risks, to conserve energy and to reduce waste. In providing credit to borrowers or
making equity investments in private firms, we take reasonable steps to assess that counterparties are environmentally responsible.
Our operations have an impact on the environment, which also carry a measure of risk of financial and reputational loss. These
practices and impacts include, but are not limited to, operating footprint, carbon disclosure and contribution to climate change,
response to emerging environmental regulatory and public policy developments, and supplier and corporate client environmental
impacts and practices. External factors such as corporate client expectations around environmental performance, resource constraints,
impact of climate change and costs associated with adaptation are also potential sources of environmental risk.
Our cross-functional North American Investments Environmental Committee works to identify and act on environmental risks and
opportunities. We report on environmental management annually in the Public Accountability Statement and Sustainability Report.
68 Sun Life Financial Inc. Annual Report 2012 Management’s Discussion and Analysis