Risk governance


Main elements in our risk governance model:

  • the Board of Directors, assisted by the Risk & Compliance Committee, which decides on the risk appetite – also defining the risk strategy – each year and supervises the risk exposure in relation to the risk appetite;
  • the Executive Committee – supported by activity-based risk committees – which is the senior management level committee responsible for integrating risk management with risk appetite, strategy and performance goal setting;
  • the CRO Services Management Committee and activity-based risk committees mandated by the Executive Committee;
  • risk-aware business people who act as the first line of defence for conducting sound risk management;
  • a single, independent risk function that comprises the Group Chief Risk Officer, local CROs, local risk functions and the group risk functions. The risk function acts as (part of) the second line of defence. The internal audit acts as third line of defence.

Risk management information

The business of bancassurance is exposed to a number of typical risks, such as credit risk, market risk , liquidity risk , technical insurance risk, operational risk and other non-financial risks. Controlling all these risks is one of the most crucial tasks of management.

More information on risk management can be found in:


Most material sector-specific risks

Sector-specific risks How are we addressing them? Reference in the 2023 annual report (available April 2, 2024)

Credit risk

  • Existence of a robust management framework
  • Recording impairment charges, taking risk-mitigating measures, optimising the overall credit risk profile, reporting, stress testing, etc.
  • Limit systems to manage concentration risk in the loan portfolio, etc.
p. 98-108
Market risk in non-trading activities
  • Existence of a robust management framework
  • Basis Point Value (BPV), sensitivity of net interest income, sensitivity per risk type, stress tests, limit tracking for crucial indicators, etc.
p. 109-116
Non-financial risk (operational risk, compliance risk, reputational risk, business risk, strategic risk)
  • Existence of a robust management framework
  • Group key controls, risk scans, Key Risk Indicators (KRIs), etc.
  • Risk scans and monitoring of risk signals
  • Strict acceptance policy, stress tests, monitoring, etc.


p. 117-121
Market risk in trading activities
  • Existence of a robust management framework
  • Historical VaR method, BPV and basis risk limits, ‘greeks’ and scenario limits for products with options, stress tests, etc.
p. 122-124

Liquidity risk

  • Existence of a robust management framework
  • Drawing up and testing emergency plans for managing a liquidity crisis
  • Liquidity stress tests, management of funding structure, etc
p. 124-126
Technical insurance risks
  • Existence of a robust management framework
  • Underwriting, pricing, claims reserving, reinsurance and claims handling policies, etc.
p. 127-131

Last update: 18-03-2024