Sun Life 2015 Annual Report Download - page 72

Download and view the complete annual report

Please find page 72 of the 2015 Sun Life annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 180

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180

Our governance practices, corporate values, Code of Conduct and Company-wide approach to managing risk set the foundation for
mitigating operational risks.
Our Code of Conduct sets the tone for a strong ethical culture, and we regularly review and update the Code of Conduct to ensure
that it continues to meet the expectations of regulators and other stakeholders. All our directors and employees must reconfirm
annually their understanding of and commitment to comply with the Code of Conduct.
We have established appropriate internal controls and systems, compensation programs, and seek to hire and retain competent
people throughout the organization and provide ongoing training to our people.
Stress-testing techniques, such as DCAT are used to measure the effects of large and sustained adverse scenarios.
We mitigate a portion of our operational risk exposure through our corporate insurance program by purchasing insurance coverage
that seeks to provide protection against unexpected material losses resulting from events such as criminal activity, property loss or
damage and liability exposures, or that satisfies legal requirements and contractual obligations.
Internal capital targets are established at an enterprise level to cover all risks and are above regulatory supervisory and minimum
targets. Actual capital levels are monitored to ensure they exceed internal targets.
Specific operational risks and our risk management strategies are discussed below in further detail.
Information Security and Privacy Risks
Our business is dependent on maintaining a secure environment for our customers, employees and other parties’ information. This
requires the effective and secure use of information technology systems, including controls around logical access, physical access and
data management. We collect, process and maintain information relating to business transactions and financial reporting, as well as the
personal information of our customers and employees. We also obtain services from a wide range of third-party service providers and
have outsourced certain business and information technology functions to third parties in various jurisdictions.
We continue to make investments in technology, processes and cyber security professionals to position us to be better prepared to
deal with the evolving threat landscape. Our security framework includes policies and procedures that are aligned with recognized
industry standards and are compliant with applicable laws and regulations. We have well-established security controls (including
logical, physical and data management controls) and processes that are intended to protect information and computer systems
including information security risk assessments and privacy impact assessments. The framework also includes technology, process
and behavioural based controls to protect our information systems and the data entrusted to us by our customers and employees. As
part of the overall security program, we provide security awareness training sessions for all new employees and on an annual basis
thereafter.
In particular, privacy breaches could occur and may result in unauthorized access and disclosure or use of personal information. Many
jurisdictions in which we do business are developing and implementing reporting requirements relating to cyber security and more
stringent consumer privacy legislation. Our global privacy program requires adherence to our global privacy commitment, local laws
and local privacy policies. We monitor emerging privacy legislation and we have established a network of privacy officers in the
business segments to monitor and provide guidance on handling personal information and for reporting privacy incidents to appropriate
management for response and resolution. In addition, we conduct privacy impact assessments, training and regular monitoring and
reporting to help mitigate these risks.
Social media risks could also significantly impact our reputation due to the broad reach and real-time interaction of such media. We
monitor social media to enable us to take action to mitigate an event that could potentially have a negative impact on our brand.
Human Resources Risk
The competition for top talent (including executives, employees and distributors) is intense and an inability to recruit, retain and develop
talent can have significant impact on our capacity to meet our business objectives. The loss of our top talent could have a material
adverse effect on our operations given their skills, knowledge of our business, years of industry experience and the potential difficulty
of promptly finding qualified replacements. If we are unable to attract, retain or effectively deploy resources with the in-depth knowledge
and necessary skills required, or design compensation programs that effectively drive employee behaviour, our ability to achieve
business objectives, including operational, financial and growth goals, could be adversely affected.
To mitigate this risk, we have comprehensive Human Resource policies, practices and programs in place. In addition, training,
development and compensation programs are designed to attract, motivate and retain high-performing employees. Our leadership
review program assesses talent and leadership development and is designed to build leadership bench strength and succession
options. Through the monitoring of Company-wide employee engagement surveys we are able to devise strategies geared to address
issues that may arise.
Execution and Integration Risks Relating to Mergers, Acquisitions and Divestitures
We regularly explore opportunities to acquire other financial services businesses or to divest ourselves of all or part of certain
businesses, in support of our growth and strategy goals. We have recently announced acquisitions in various markets and have
increased our stake in certain of our joint ventures in Asia. These transactions introduce the risks related to completing the transactions
as planned including effective separation and integration of the transferred businesses, and effective or efficient integration,
restructuring or reorganization of the businesses after the transactions have closed, and motivating and retaining personnel to
effectively execute the transaction closure. These risks could have an impact on our business relationship with various stakeholders
including future employees, customers, distributors and partners. Anticipated cost synergies or other expected benefits may not
materialize due to a failure to successfully integrate the acquired business with our existing operations.
To mitigate this risk, we have established procedures to oversee the execution and integration of the merger and acquisition
transactions. Regular updates on the execution and integration risks relating to these transactions are provided to the Board of
Directors, Board Committees and senior management committees, as appropriate.
Regulatory Compliance, Legal and Conduct Risk
We are subject to extensive regulatory oversight by insurance and financial services regulators in the jurisdictions in which we conduct
business. In recent years, there has been an increased focus by regulators globally on customer fairness, conduct and anti-money
laundering. Failure to comply with applicable laws or to conduct our business consistent with changing regulatory or public
70 Sun Life Financial Inc. Annual Report 2015 Management’s Discussion and Analysis