Copyright © 2024 Swire Pacific Limited. All rights reserved.
Risk Management

Extracted from Swire Pacific Limited 2022 Annual Report

Effective risk management is key to ensuring that the Group achieves its strategic objectives and protects its reputation, market position and financial strength. The Company itself and its operating companies follow the Group’s Enterprise Risk Management (ERM) policy. The ERM policy requires identification, assessment, management, monitoring and reporting of current and emerging risks.

The operating companies have a common approach to ERM. It involves:

• Identification: Risks are identified by senior executives and categorised by reference to a common risk classification.
• Assessment: The identified risks are regularly assessed by senior executives based on their potential financial and non-financial impacts, and on the vulnerabilities associated with them. The assessment has regard to effectiveness of internal controls, readiness to respond, and the extent to which the risks can be mitigated.
• Mitigation: Designated risk owners are responsible for mitigating the risks and implementing agreed action plans.

 

Risks considered to have a Group dimension will be discussed by the GRMC, and potentially by the Audit Committee and the Board. Operating companies mitigate and monitor these risks in their own businesses.

The risk forums oversee the risks within their remit that are considered material to the Group. They advise the GRMC on emerging risks which may affect the Group, analyse risk events that have materialised and develop best practices for managing risks.

The GRMC reviews Group and divisional risk registers and considers how effectively risks are being managed. It issues policies to the operating companies and promotes risk culture in the Group. The Board may itself identify risks. Risks so identified are passed to the GRMC and to the operating companies for incorporation into their risk registers.

The ERM process is top down and bottom up. The Board gives guidance on its risk priorities and the operating companies assess their own risks. All of this is reported to the GRMC and consolidated into a Group risk register, which is presented to the Audit Committee and the Board.

Risk management is an integral part of business management:

Strategic planning is informed by the risk identification.

Improving the risk profile is part of budgeting and planning.

Action plans are included in performance management.

Changes in risk profile are included in management reporting.

A risk assessment is included in due diligence on major investments.

The Group is exposed to a broad range of risks. The following table deals with the current key areas of focus. Significant risks specific to the operating companies are included in their risk registers.

The Board has ultimate responsibility for risk management, overseeing its design and implementation. The Board is supported by the Audit Committee.

The Board has adopted the three lines of defence model of risk governance. The model is designed to minimise conflicts of interest and ensure independent oversight of risk management.

In the first line, the management of each operating company identifies, analyses and reports on the risks for which it is responsible. Risks are mitigated and, where practicable and economic, eliminated. Where risks cannot be eliminated, the related economic returns are required to reflect the risk.

The first line is supported by the Group Finance Committee. The Finance Committee determines the parameters within which financial risk is managed and oversees the management by the operating companies of financial risk within those parameters. Senior group and divisional financial managers are members of the Finance Committee.

The second line supports the first line and provides assurance to the Board that risk is being managed effectively. There are two Group second line risk management committees. They are the Group Risk Management Committee (GRMC) and the Swire Pacific Risk Management Committee (SPACRMC).

The GRMC oversees the management of non-financial risks at Group and operating company levels. It reports to the Audit Committee. The GRMC comprises the Finance Director, an Executive Director (also acting in the capacity of head of operating business), the Staff Director, the Group General Counsel, the Chief Risk Officer and four heads of operating businesses. The GRMC (i) regularly reviews the Group’s risk profile, (ii) oversees the management of major risks at Group and operating company levels, (iii) identifies emerging risks and potential sources of future risk and (iv) analyses risk events which materialise, with a view to their resolution and to learning from them.

In relation to risks having a Group dimension, the GRMC is supported by risk forums dealing with human resources and health and safety risks, IT, data and technology risks, government, regulatory and legal risks and environment and sustainability risks. In relation to risks not having a Group dimension, the GRMC is supported by second line bodies in the operating companies.

The SPACRMC oversees risks specific to the Company itself, identifies risks which have a Group dimension and proposes approaches to the management of such risks to the GRMC.

The Finance Committee, the GRMC and the SPACRMC are chaired by the Finance Director, who is supported by the Chief Risk Officer.

The boards and management of operating companies are responsible for the management of risk at those companies. Risk management governance varies between operating companies with some having dedicated board and executive risk committees and others managing risk through their audit or executive management committees.