RMB logo

Risk management


Managing our risk and opportunities

Risks are monitored by the board and other governance structures in line with the board-approved risk appetite and risk management strategy.

Our three major risk categories are strategic risks, financial risks and operational risks.

Risk Category Specific Risk Its context and possible impact What we do in mitigation
Strategic Risk Structure of the company Diminishing shareholder value due to inefficient structure Regular review of the company structure to ensure that it is the optimal structure of shareholder and not diminish shareholder value
Ownership structure Concentrated shareholding could cause illiquidity Regular review of top 20 shareholding and tracking of free flow of RMH shares
Reputational risk The risk that an action, event or transaction may compromise the brand We operate with a philosophy that seeks to protect and enhance the brand, our reputation and our ability to conduct business with the highest ethical standards. We recognise the importance of its reputation and devote considerable effort to managing all aspects of that reputation.
Independence and conflict of interest The possibility that a decision of the board could be seen as prejudiced and conflicted. We have a well-defined delegation of authority in place and all decisions are made within those parameters. Declarations of interests are up to date and directors recuse themselves from all potentially conflicted decisions.
Regulatory risk Our goal is to comply with all relevant laws and regulations. Management attends continuous training. A database of industry experts has been established to assist RMH in identifying regulatory changes. Our governance process is proactive in identifying and acting on legislative changes.
Investment strategy The risk that the value of our portfolio will be adversely affected by movements in equity and interest rate markets, currency exchange rates and commodity prices, resulting in poor investment performance relative to benchmarks. The successful management of our investment is dependent upon a proper understanding of the businesses of the investee company and also on identifying the appropriate RMH executives that will represent it on the board of the investee company.

We manage market risk through a structured investment process.
Compliance, regulatory and legal risk The risk of non-adherence to regulation and legislation We have to ensure that we are aware of and take reasonable steps to comply with the relevant laws and regulations. Our governance processes are proactive in identifying and acting on legislative changes.

We may, where required, make use of external experts, particularly on international regulations.
Financial Risk Portfolio risk The loss of value or opportunity to create value due to inefficient or ineffective identification or acquisition of new investments or the disinvestment from existing investments.

The composition of the portfolio, determined by the investment decisions, may involve a particular exposure to certain industrial sectors, certain geographic areas or certain regulations.
The portfolio investments (also in FirstRand) are chosen with a view to creating value for our shareholders. We seek to mitigate this risk by diversifying the portfolio and analysing and monitoring the current investment. Timing remains vital.

The investment is monitored through a systematic portfolio review at every meeting of the board of directors.

The chief executive and senior management regularly meet the management of FirstRand and directors sit on their committees and boards of directors.
Tax risk We must foresee the tax implications of all our strategic decisions and anticipate potential changes in the current tax legislation that could have adverse impacts. Our tax philosophy is to prudently manage tax affairs in a manner that will protect our reputation with all stakeholders. Independent tax specialists are employed in an advisory capacity (as required) to perform reviews of tax risks, risk mitigation and monitoring.
Liquidity risk The risk that we will not be able to meet our payment obligations as they fall due, or that we may be forced to liquidate our positions under adverse conditions to meet that obligation

We must at all times have sufficient financial resources to meet our obligations in terms of investments or debt service.
We have controls and processes in place to ensure that future liquidity requirements are met. Forecasting and management accounts are conducted on a monthly basis to determine liquidity requirements.
Operational Risk Human resource risk This refers to the company’s ability to find and retain the human resources required to ensure that it operates effectively and achieves its objectives.

The risk of key staff departures.
The remuneration policy is designed to attract and retain skills and talent.
Disaster recovery and business continuity The risk of the business being unable to operate due to an unforeseen event or disaster A comprehensive business continuity plan has been developed and tested. The plan provides guidance to staff for the complete restoration of the core business functions and IT facilities at head office.

In the event of a disaster, we have alternative facilities where key management and staff are able to resume our most critical business functions.
Treasury risk Any loss of control over cash inflows, outflows and investments in money market instruments may have significant financial consequences. Treasury transactions are subject to documented limits and rules, formal delegations of authority, a segregation of duties at the payment level and with regards to the reconciliation of treasury data with the accounts.
Information technology risk The risk of IT disruption caused by an unforeseen event or disaster There are various risks linked to information technology, our networks and our business operating systems. Information security and cyber-attacks are main risks as well as the possible disruption of operating systems. We have numerous policies and processes in place to ensure the continuity and stability of our information technology systems, recovery in a possible disaster situation, the security of data and that of our operating systems are aligned with business objectives and strategy.
Risk related to financial reporting The risk that financial information is not prepared in a timely manner, is incomplete or is not understandable to the reader. Complete, reliable and relevant information is a key element of management and governance and is also central to our communication. Competent teams in charge of producing that information and appropriate information systems must enable to control this risk. We publish consolidated financial results twice a year. These are reviewed internally and then by the audit and risk committee before being submitted to the board of directors. The external auditor carries out its audit procedures, comments on the way its assignment is proceeding and presents its conclusions to the audit and risk committee.

We continue to evaluate and improve our management techniques and processes to build our reputation as a trusted and reliable holding company.

Risk management and internal control

We recognise that managing risk and compliance is an integral part of generating sustainable shareholder value and enhancing stakeholder interests.

The board and the board of FirstRand are accountable for establishing, maintaining and monitoring the effectiveness of the processes of risk management and systems of internal control applied throughout the group.

Our risk management and control framework covers the following key aspects:

  • identifying key performance indicators;
  • identifying significant business risks, both financial and other;
  • maintaining proper accounting records;
  • ensuring the reliability of financial information used within the business for decision-making or for publication;
  • eensuring compliance with applicable laws, regulations and codes of conduct;
  • ensuring that the group is not unnecessarily exposed to avoidable financial risks such as the risks associated with fraud, potential liability and loss, including the safeguarding of assets;
  • managing potential conflicts of interest of management, board members and shareholders, including misuse of corporate assets and abuse in related party transactions;
  • ensuring the effectiveness and efficiency of operations;
  • monitoring the progress of group companies in complying with the Financial Sector Charter;
  • ensuring that the group and any projects in which it is involved are subject to sound environmental practices; and
  • ensuring that the appropriate balance is struck between entrepreneurial endeavour and sound business practice.

Overall effectiveness of control environment

As with most systems of internal control, the effectiveness of internal control systems in RMH is subject to inherit limitations, including:

  • the possibility of human error and/or poor decision-making,
  • the deliberate circumventing of controls by employees or others,
  • management overriding controls, and
  • the occurrence of unforeseeable circumstances.

Controls systems are therefore designed to manage, rather than eliminate, the risk of failure. Accordingly, it is recognised that a sound system of internal control can provide only reasonable and not absolute assurance against risks impacting the achievement of business objectives or any misstatement or loss.

Management reports regularly to the board on the effectiveness of its risk and compliance management and control framework. The effectiveness of this framework is subject to continuous review.