Barclays 2003 Annual Report Download - page 72

Download and view the complete annual report

Please find page 72 of the 2003 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 232

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232

70
Risk Management
Management of Other Risks
In addition to the risks discussed so far, Barclays also faces
a number of other risks which it groups and manages
under Non-financial risk. Non-financial risk encompasses
operational risk and business risk:
Operational risk is the risk of direct or indirect impacts resulting from
inadequate or failed internal processes or systems or from external
events. Major sources of operational risk include: implementation of
strategic change, integration of acquisitions, outsourcing of operations,
dependence on key suppliers, fraud, error, customer service quality,
regulatory compliance, payment systems’ reliability, IT security,
recruitment, training and retention of staff, and social and
environmental impacts.
Business risk is the risk of adverse impact resulting from a weak
competitive position or from poor choice of strategy, markets, products,
activities or structures. Major potential sources of business risk include:
revenue volatility due to factors outside our control; inflexible cost
structures; uncompetitive products or pricing; and structural
inefficiencies.
Barclays is expanding its Group-wide commitment to the management
of these risks. Barclays will continue to enhance its non-financial
practices and methodologies where appropriate and will implement
advanced non-financial risk management to enhance shareholder value
and the quality of customer service.
Responsibility and control of non-financial risks
Barclays has a Group-wide non-financial risk framework, which is
approved by the Board and is consistent with and part of the Group Risk
Governance framework described earlier. Board Governance Standards
have been established for all key areas of identified risk. These standards
are high-level articulations of the Board’s risk control requirements.
Non-financial risk is subject to management and oversight throughout
the organisation.
The prime responsibility for the management of non-financial risk
and compliance with Board Standards rests with the businesses and
functional units where the risk arises. Front-line non-financial risk
managers are widely distributed throughout the Group in business
units. They service and support these areas assisting line managers
in managing these risks.
Business Risk Directors in each business are responsible for the
implementation of and compliance with Group policies.
Governance and Control Committees in each business monitor risk
management and control effectiveness.
Board Governance Standard owners have Group-wide responsibility
for setting policy and providing expert advice to improve the
management of non-financial risk by business managers. The standard
owners are generally the Group functional units with the relevant
expertise. For example, Group Human Resources own the people risk
standard, Group Compliance the regulatory compliance standard and
Group Finance the financial reporting standard.
In the corporate centre, the Non-Financial Risk Director exercises
oversight over the portfolio of non-financial risk across the Group
in accordance with the Group Non-Financial Risk Framework.
The Group Internal Audit function provides an assurance process for
non-financial risk control across the organisation to the Board and
senior management.
Measurement and management of non-financial risk
Risk assessment
A consistent approach to the identification and assessment of key risks
and controls is undertaken across all business units. Scenario analysis
and self-assessment techniques are widely used by business
management for risk identification and evaluation of control
effectiveness and monitoring capability. Business management
determine whether particular risks are effectively managed within
business risk appetite or otherwise take remedial action.
Risk event data collection and reporting
A standard process is used Group-wide for the recognition, capture,
assessment, analysis and reporting of risk events. Quantitative
information about both internal and external risk events is used to
analyse scenarios and to validate quantitative risk assessments.
Reporting
Business units are required to report on both a regular and an event-
driven basis. The reports include a profile of the key risks to their
business objectives, control issues of Group-level significance, and
operational risk events (losses or incidents). Specific reports are
prepared on a regular basis for the Group Risk Oversight Committee,
the Board Risk Committee and the Board Audit Committee.
Economic capital
As for other risks, economic capital methodologies have been developed
to allocate capital to business units for both operational and business
risks. This risk-based capital provides businesses with incentives to
demonstrate implementation of risk reduction practices or policies.
The operational risk economic capital methodology includes the
modelling of dominant unexpected risks and adjustments to reflect the
business control environment. Continued enhancement of this
methodology will support Barclays objective of qualifying for the
Advanced Measurement Approach’ under the proposed Basel II Accord.
Regulatory compliance risk management
Regulatory compliance risk arises from a failure or inability to comply
with the laws, regulations or codes applicable specifically to the financial
services industry. Non-compliance can lead to fines, public reprimands,
damage to reputation, enforced suspension of operations or, in extreme
cases, withdrawal of authorisation to operate.
The Group is subject to extensive supervisory and regulatory regimes
in the UK, elsewhere in Europe, the US, the Asia-Pacific region and
in the other countries around the world in which it operates. Effective
management of regulatory compliance risk is a key business line
management accountability. It is the primary responsibility of business
management to conduct business in accordance with applicable
regulations and with an awareness of compliance risk. The Group
Compliance Director is responsible for formulating and communicating
a risk control framework for the management of compliance risk and
for monitoring a reporting framework to assist business management
in discharging its responsibility.