Skip to main content Skip to footer

Risk Management

Overview

The effective management of risk is a key part of the Group’s strategy and is underpinned by its Risk Aware value. This helps to protect the Group’s customers and generate sustainable returns for shareholders. The Group is focused on maintaining sufficient levels of capital, liquidity and operational control, and acting in a responsible way. 

The Group’s Chief Risk Officer is responsible for leading the Group’s Risk function, which is independent from the Group’s operational and commercial teams. The Risk function is responsible for designing and overseeing the embedding of appropriate risk management frameworks, processes and controls, to enable key risks to be identified, assessed, monitored and accepted or mitigated in line with the Group’s risk appetite. The Group’s risk management practices are regularly reviewed and enhanced to reflect changes in its operating environment. The Chief Risk Officer is responsible for reporting to the Board on the Group’s principal risks and how they are being managed against agreed risk appetite.

Group Risk Appetite Statement

The Group has identified the risk drivers and major risk categories relevant to the business, which has enabled it to agree a suite of risk appetite statements and metrics to underpin the strategy of the Group. The Board approves the Group’s risk appetite statements annually and these define the level and type of risk that the Group is prepared to accept in the achievement of its strategic objectives.

Liquidity

STB Group’s liquidity risk appetite is to ensure that adequate liquid resources are held to meet its Overall Liquidity Adequacy Requirement and to meet the minimum Liquidity Coverage Ratio requirement (100% + Pillar 2)  at all times such that there is no significant risk that its liabilities cannot be met as they fall due, whether in business as usual or in a stress.

Funding

STB Group’s funding risk appetite is to ensure that the Bank has access to stable funding markets and is not reliant on any single source of funding. The Bank’s primary source of funding is retail deposits from individuals.

Capital

STB Group’s Capital risk appetite is to maintain capital levels above minimum regulatory requirements. The Group’s capital management policy is focused on optimising shareholder value, in a safe and sustainable manner, ensuring capital resources are sufficient to meet levels of growth over the strategic planning horizon.

Market

STB Groups market risk appetite is to ensure that under a severe change in rates the impact on earnings and overall value of the Bank remain within agreed thresholds.

Operational

STB Group acknowledges that operational risks are inherent to the business and seeks to minimise the impact of these through well defined, scalable and controlled processes, resilient systems, effective people management practices and the ability to effectively respond to external events.

Credit

STB Group has minimal appetite for unsecured credit exposure outside of Retail Finance and unmitigated concentration risk across sectors, product and single entity risk. The Group sets lending parameters to maintain the high quality of its lending portfolio.

Compliance & Conduct

STB Group has no appetite for known systems or control gaps which would lead to non-compliance with regulatory requirements. As a result of the way STB Group conducts our business, we act to deliver good outcomes for consumers. Our aim is to help consumers and businesses fulfil their ambitions.

Risk Governance

The Group’s approach to managing risk is defined within its Enterprise-Wide Risk Management Framework. This provides a clear risk taxonomy and provides an overarching framework for risk management supported by frameworks and policies for individual risk disciplines. These frameworks set the standards for risk identification, assessment, mitigation, monitoring and reporting.

The Group’s risk management frameworks, policies and procedures are regularly reviewed and updated to reflect the evolving risks that the Group faces in its business activities. They support decision-making across the Group and are designed to ensure that risks are appropriately managed and reported via risk-specific committees.

Established risk committees are in place at Board, Group levels to enable clear oversight of risk management, including robust risk identification and mitigation.

An Executive Risk Committee, chaired by the Chief Risk Officer, reviews key risk management information from across all risk disciplines, with material issues escalated to the Executive Committee and/or the Risk Committee of the Board, as required.

The Group operates a ‘Three Lines of Defence’ model for the management of its risks. The Three Lines of Defence, when taken together, control and manage risks in line with the Group’s risk appetite.

The three lines are:

  • First line: all employees within the business units and associated support functions, including Operations, Finance, Treasury, Human Resources and Legal. The first line has ownership of and primary responsibility for their risks.
  • Second line: specialist risk management and compliance teams reporting directly into the Chief Risk Officer, covering Credit risk, Operational risk, Information Security, Prudential risk, Compliance and Conduct risk and Financial Crime risk. The second line are responsible for developing frameworks to assist the first line in the management of their risks and providing oversight and challenge designed to ensure they are managed within appetite; and
  • Third line: is the Internal Audit function that provides independent assurance on the effectiveness of risk management across the Group

The monitoring and control of risk is a fundamental part of the management process within the Group. The responsibilities of the Board, Board Risk Committee and Audit Committee in this respect are described in the Corporate Governance Report within the Annual Report and Accounts. The following committees also form a key part of the Group's risk management governance structure:

Executive Risk Committee ('ERC')

The Committee is responsible for executive oversight of risk, overseeing the Group’s risk profile, its adherence to regulatory compliance and monitoring these against the risk appetite set by the Board.

Assets and Liabilities Committee ('ALCO')

The Committee is responsible for implementing and controlling the liquidity and asset and liability management risk appetite of the Group, ensuring high level control over the Group's balance sheet and associated risks. The committee sets and controls capital deployment, treasury strategy guidelines and limits and focuses on the effects of future plans and strategy on the Group's assets and liabilities.

Strategic Change and Investment Committee

The Committee is responsible for the review and approval of project and programme business cases ensuring alignment to strategic priorities. The committee governs the strategic change plan and investment strategies set by Board and the Group Executive Committee.

Credit Risk Committee

The committee reviews the credit risk profile of the Group, supporting the CRO and ERC members in overseeing adherence to the credit risk management framework and Board approved risk appetite.

Non-Financial Risk Committee (NFRC)

The committee supports the Chief Risk Officer (CRO) and ERC members in overseeing Non-Financial Risk management. The committee covers all non-financial risks; including, Financial Crime, Operational, Conduct and Compliance, Climate Change, Information Security, IT and Change risk  

Assumptions Committee

This committee is responsible for reviewing and challenging assumptions used in a number of areas including the Group's forecasting, ICAAP and ILAAP, ECL calculations, Funds Transfer Pricing, Liquidity Risk Management and Interest Rate Risk Management.

Model Governance Committee

This committee is responsible for understanding, challenging and assessing risks, weakness and appropriateness of statistical and financial models.