Barclays 2013 Annual Report Download - page 382

Download and view the complete annual report

Please find page 382 of the 2013 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 436

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436

Risk management
Barclays risk management strategy continued
The ERMF includes those risks incurred by Barclays that are
foreseeable, continuous, and material enough to merit establishing
specific bank-wide control frameworks. These are known as Key Risks
and are grouped into six Principal Risks. Conduct and Reputation risks
were reclassified as Principal Risks in 2013. See Principal Risks on
page 384 for more information.
A clear and consistent control framework entails specific
responsibilities. As a result, not only has the definition of the three lines
of defence been clarified (see three lines of defence below) but its
scope has been extended to all businesses and functions. This creates
the proper context for setting standards and establishing the right
practices throughout the bank. See Barclays’ risk culture – enabling the
‘Go-To’ bank on pages 378 and 379 for more information.
Three lines of defence
The three lines of defence operating model enables Barclays to
separate risk management activities between those parties that:
1. Own and take risk, and implement controls (first line);
2. Oversee and challenge the first line, provide second line risk
manactivity and support controls (second line); and
3. Provide assurance that the E-R-M process is fit for purpose, and
that it is being carried out as intended (third line).
The Enterprise Risk Management process is the ‘defence’ and
organising businesses and functions into three ‘lines’ enhances the
E-R-M process by formalising independence and challenge, whilst still
promoting collaboration and the flow of information between all areas:
First Line: Own and take risk, and implement controls
First line activities are characterised by:
Ownership of and direct responsibility for Barclays’ returns or
elements of Barclays’ P&L; or
Ownership of major operations, systems and processes fundamental
to the operation of the bank; or
Direct linkage of objective setting, performance assessment and
reward to P&L performance.
With respect to risk management the first line responsibilities include:
Taking primary accountability for risk identification, ownership,
management and control (including performance of portfolios,
trading positions, operational risks, etc.) within approved mandate,
as documented under the Key Risk Control Frameworks, including
embedding a supportive risk culture;
Collaborating with second line on implementing and improving risk
management processes and controls;
Monitoring the effectiveness of risk controls and the risk profile
compared to the approved risk appetite; and
Maintaining an effective control environment across all risks,
processes and operations arising from the business, including
implementing standards to meet Group policies.
Second Line: Oversee and challenge the first line, provide second line
risk management activity and support controls
Second line activities are characterised by:
Oversight, monitoring and challenge of the first line of defence
activities;
Design, ownership or operation of Key Risk Control Frameworks
impacting the activities of the first line of defence;
Operation of certain second line risk management activities; and
No direct linkage of objective setting, performance assessment and
reward to revenue (measures related to mitigation of losses and
balancing risk and reward are permissible).
With respect to risk management the second line of defence
responsibilities include:
Defining the Enterprise Risk Management Framework;
Establishing the control environments for the Key Risks, including Key
Risk Control Frameworks, policies, and standards;
Defining delegated discretions and set limits within the control
frameworks to empower risk taking by the first line;
Assisting in the direction of the portfolio to achieve performance
against risk appetite;
May define and operate approval processes for certain decisions
within the second line to protect the Bank from material risks;
Communicating, educating and advising the first line on their
understanding of the risk framework and its requirements;
Collaborating with the first line to support business growth and drive
an appropriate balance between risk and reward without diminishing
the independence from the first line; and
Reporting on the effectiveness of the risk and control environment to
executive management and Board committees.
Third line: Provide assurance that the E-R-M process is fit for purpose,
and that it is being carried out as intended
Third line activities are characterised by:
Providing independent and timely assurance to the Board and
Executive Management over the effectiveness of governance, risk
management and control.
With respect to risk management the third line of defence
responsibilities include:
Assessing the effectiveness of risk management and risk mitigation
in the context of the current and expected business environment;
and
Acting independently and objectively, without taking responsibility
for the operations of the bank or the definition of the Enterprise Risk
Management Framework and Group policies.
Governance (audited)
Governance Structure
Risk exists when the outcome of taking a particular decision or course
of action is uncertain and could potentially impact whether, or how
well, we deliver on our objectives.
Barclays faces risks throughout its business, every day, in everything it
does. Some risks we choose to take after appropriate consideration –
like lending money to a customer. Other risks may arise from
unintended consequences of internal actions, for example an IT system
failure or poor sales practices. Finally, some risks are the result of
events outside the Bank but which impact our business – such as major
exposure through trading or lending to a market counterparty which
later fails.
All employees must play their part in the Bank’s risk management,
regardless of position, function or location, and are required to be
familiar with risk management policies that are relevant to their
activities, know how to escalate actual or potential risk issues, and have
a role appropriate level of awareness of the Enterprise Risk
Management Framework, risk management process and governance
arrangements.
barclays.com/annualreport
380 Barclays PLC Annual Report 2013