Peregrine annual report 2009 » Risk management

Peregrine annual report 2009 » Governance & risks » Risk management

Print this page

The board has overall responsibility for ensuring that the group maintains an effective control environment incorporating risk management, accurate record keeping and a proper system of internal control.

Framework
Due to the diversity of the group’s businesses and in order to most effectively manage the different risk focus of each business, the group has established various risk committees and forums at an operating subsidiary level. Whilst the board is responsible for reviewing the risk management infrastructure, framework and overall risk tolerances, the group’s approach has been to maintain the committees as part of the operations within each business unit. Risk management has always been viewed as an integral part of operations, rather than a function that can be performed by non-executives via an oversight role. The committees are staffed by senior management within the business units and include representation by the group CEO, deputy CEO, financial director and/or appropriate non-executive directors so as to ensure independent review and oversight within the committees. The committees report to the group audit committee, the Holdings board or the subsidiary boards, as appropriate. Depending on the nature of the risk, the board and audit committee ensure that the framework, practices and reporting thereof comply with an aligned risk management strategy across the group.

From a risk perspective, the limited impact of the recent global crisis on the Peregrine group has demonstrated that the risk mitigation and monitoring processes within Peregrine are robust.

Risk committees
In line with the recommendations of King III and as part of the review of the role and charter of the audit and risk committee, the board is currently in process of reviewing the establishment of a risk committee, independent of the audit committee, to assist the board with the implementation of the group’s risk framework and co-ordination of risk oversight activities across the group.

The major committees and forums forming part of the group’s current risk management structures are detailed below.

Balance sheet and capital management: within the strategy approved by the board and so as to facilitate more efficient management of the group’s balance sheet, responsibilities and resources for the management of group capital are split in order to achieve a distinct and clearly defined focus on business opportunities and on investment activities. In addition to meeting growth and return objectives, capital allocation decisions take account of the group’s solvency and liquidity requirements. The Holdings executive is responsible for the management and allocation of capital to business opportunities with a focus on growing the group through new opportunities and through the expansion of existing businesses. Capital allocation for investment activities, including investment into hedge funds and private equity opportunities is managed by a team headed by the CEO.

IT forum: reviews business continuity plans and ongoing business requirements within the area of information technology.

Legal forum: oversees the legal, compliance and regulatory requirements of the group’s asset management, broking and hedge fund businesses. The committee is headed by a group head of legal compliance. The committee operates in accordance with a legal compliance framework which sets out the responsibilities of each of the role players and formalised reporting lines to the subsidiary boards, legal forum and the group audit committee.

Legal risk and compliance as it affects Citadel and the Stenham group is overseen by separate committees operating within those business units. The group head of legal compliance is a member of these committees and is responsible for co-ordinating the implementation of the compliance and legal framework throughout the group and for reporting back on the functioning of these committees to the group audit committee.

Peregrine Securities’ trading and risk committee: The board of directors of Peregrine Securities (Pty) Ltd, the holding company of Peregrine Equities, Peregrine Derivatives and Peregrine Financial Products is responsible for the identification, management and communication of all risk, including market, credit and internal control risks relating to the activities of each of its business units. Within the framework and levels of risk tolerance established by the Holdings board, the board establishes the risk management framework and sets risk limits within which the businesses are required to operate. The board has delegated the responsibility of managing the implementation and oversight of compliance with risk processes and limits to a risk committee, which includes representation of executive members of the Holdings board. The risk committee has formal terms of reference and meets monthly.

As detailed above, Citadel Life and the Stenham group have their own audit committees. In addition, Citadel and Stenham operate the following subcommittees of their respective boards:

Citadel investment committee: oversees the implementation of the company’s investment strategy, reviews investment performance as well as the legal, tax and regulatory environment affecting investment decisions and the implementation of investment solutions.

Citadel risk and compliance committee: responsible for the implementation of the Citadel risk framework, oversees financial and operating controls and the regulatory, legal and compliance functions within Citadel.

Stenham risk and compliance committee: responsible for the implementation of the Stenham risk framework, oversees financial and operating controls and the regulatory, legal and compliance functions within Stenham.

Investment decisions and the implementation thereof within the various funds managed by Stenham are the responsibility of respective investment committees and the boards of the funds, which boards include non-executive directors.

Key risk areas
Financial risks
A detailed discussion of the key financial risks to which the group is exposed, including market, credit, liquidity and solvency risk and the 019 corresponding control mechanisms is incorporated into the financial statements as part of the requirements of IFRS 7. The discussion is set out in note 30. In addition to financial risks, the group is exposed to other key risks as set out below. The board relies on senior management to ensure that risk processes and procedures form part of the day-to-day operations of the group within each business unit. The board recognises that the control processes and structures in place cannot eliminate risks to which the group is exposed. These processes are designed to mitigate risks and are robust enough to dynamically address changes in business risks.

Key employee risk
Management and staff of each of its business units continue to play a key role in contributing to the growth and success of the Peregrine group. The ability to retain intellectual capital is a key factor in ensuring that the group maintains its existing market positioning.

Whilst the approach to managing key employee risk may differ across the business units, the major factor in mitigating this risk is the creation of an environment whereby staff are involved in the decisions affecting their business units and are direct participants in the financial success arising as a result thereof. The group has been built on an inclusive management style and is cognisant of maintaining the correct balance between an entrepreneurial and a corporate environment. Group and staff financial performance is aligned through performance bonuses linked directly to the profit performance of each division and through share incentive schemes. In addition, succession planning is an ongoing area of focus.

Technology risk
Technology risk is the risk of loss due to deficiencies in the information technology infrastructure or disruption in operations caused by an unforeseen disaster. Operational efficiency and business continuity are ensured through the IT forum, up to date software and hardware linked to an ongoing maintenance plan and continual revision and testing of the disaster recovery plan.

Compliance and legal risk
Compliance risk is the risk of loss in the event of non-compliance with statute, including regulations imposed by the South African Reserve Bank, the Financial Services Board and various other financial regulators and exchanges. The group has employed and allocated skilled staff to specific compliance functions as part of its risk management framework. The group legal committee manages the implementation of and compliance with the ever increasing regulatory requirements affecting the various financial sectors in which the group operates. The monitoring and management of legal and compliance risk is reported on to the audit committee.

With the growth in the hedge fund industry locally, changes in the regulatory environment are inevitable. As a leading participant in the South African market, Peregrine will continue to manage its businesses in line with changes in the industry and in the best interests of the group and its clients.

Operational risk
Operational risk is the risk of direct or indirect loss as a result of a breakdown in systems, communication or internal processes. Key risk areas include those related to transaction processing, information technology and legal.

Operational risk is managed through a comprehensive system of internal controls as well as sound practices in the areas of human resources and information technology. The group’s internal auditors play a role in reviewing the effectiveness of the control systems in place and in ensuring that procedures are adapted to address control weaknesses. In addition, appropriate professional indemnity and related insurance cover extends to all areas in the group.

Reputational risk
As a manager of substantial third party assets, the group is highly cognisant of the importance of its reputation to both existing and potential clients. The sustainability and growth of the business relies on the group’s ability to maintain a reputation of integrity and professionalism. Consideration is thus given, at all levels, to the mitigation of risks which may cause reputational damage. In this regard, a comprehensive process is followed prior to entering into any new arrangement with an outside party for the purpose of managing third party assets.

Internal audit
The audit committee has adopted an internal audit charter which defines the purpose, authority and responsibility of the internal audit function, which function is performed by Deloitte for most business units within the group. The internal audit function reports directly to the chairman of the audit committee and has full and unrestricted access to the CEO and chairman of the board.

Deloitte act as internal auditors for all of the group’s business units, other than Citadel and Stenham. Citadel operates its own internal audit function and Stenham utilise the services of specialist internal auditors, Jefferson Wells. The Citadel frameworks and reporting process has been aligned with that of Deloitte and a similar project is underway in respect of the Stenham internal audit function. The Citadel internal audit function reports to the Citadel risk committee and ultimately to the group audit committee. Similarly, Jefferson Wells report to the Stenham audit committee and ultimately to the group audit committee. It is intended that Deloitte undertake a quality control review of the work undertaken by the Citadel internal audit division and that, over the course of the ensuing financial year, the Stenham process be streamlined with that of the group.

The internal audit function is risk based rather than compliance based. Deloitte maintain a formal risk assessment of each business and operating unit, based on inherent risk, the perceived effectiveness of existing control structures and management’s assessment of residual risk. Based on this assessment, with particular focus on areas of high inherent risk, a comprehensive annual and three year audit plan commencing in the 2007 financial year was developed and approved by the audit committee. The audit plan for each year is updated annually to take account of any changes within the business and/or the operating environment with changes approved by the audit committee.

The audit committee places reliance on the work of the internal auditors in discharging its responsibilities in the areas of risk and internal control. With the appointment of Deloitte the committee believes that it has a truly independent partner with the appropriate access to skills necessary to meet the complex and unique requirements of each of its business units. The work performed by the internal auditors is subject to review by the audit committee. Reports issued by the internal auditors are presented to the audit committee.