Fortis’ Risk Management organisation is designed to enable the implementation of Fortis’ risk strategy and to ensure:

7.3.1 Risk management and monitoring

Risk management and monitoring are performed throughout Fortis Group by delegated authorities ranging from the local risk management organisation in geographical areas, to the business risk management and to Central Risk Management in close cooperation with Asset & Liability Management.

7.3.1.1 Central Risk Management (CRM)

The Central Risk Management (CRM) department is headed by the Chief Risk Officer. Its primary role is to ensure that the group pursues consistently high standards of risk management, to raise executive management’s awareness and understanding of the risks being taken, to encourage optimisation of the risk/return ratio, to measure group-wide economic capital and to validate risk models.

CRM provides support to the businesses regarding risk issues and supports the work of the various risk committees. It also coordinates the implementation of risk initiatives and risk communication.

The presence of an integrated risk management framework across the Banking and Insurance activities is perceived as one of Fortis’ strengths by internal parties (Fortis Audit Services, Investor Relations) and external parties (rating agencies, investment analysts and regulators). CRM is also responsible for coordinating communication with these parties.

7.3.1.2 Asset & Liability Management (ALM)

Asset & Liability Management (ALM) is charged with closely monitoring all ALM risks related to the balance sheet of Fortis Group and its Banking and Insurance entities. ALM performs its duties in accordance with the decisions made by the Group ALCO and with due observance of the conditions set by Fortis Bank, Fortis Insurance and the Supervisors. ALM defines Fortis’ risk appetite and manages its risks by setting up risk guidelines and risk levels. It aims to apply the best practices in risk management that have been defined by the regulators and rating agencies.

7.3.1.3 Businesses Risk Management

• Each business:
  is responsible for managing its inherent risks within the limits, policies and guidelines set by regulators and Central Risk Management
• has a Business Risk Committee, which supports its management team in ensuring that key risks are well understood and that appropriate risk management procedures are in place
• is responsible for managing its inherent risks and ensuring that it has comprehensive risk management systems in place which cover the full risk taxonomy.

The double reporting lines between the Business Chief Risk Officer (and the Business Chief Executive Officer) and the Group Chief Risk Officer are designed to reinforce the principles of full transparency on risk-related information (risk quantification, profitability, reserves, limits, capital, methodologies, assumptions, risk management organisation, etc.) between the businesses and CRM, compliance with group policies, guidelines and limits, and independence of the risk function in the risk decision and monitoring process.

7.3.1.4 Fortis Audit Services (FAS)

Fortis Audit Services supports the achievement of Fortis’ objectives by providing professional and independent assurance. FAS evaluates the effectiveness of governance, risk and control processes and recommends solutions for optimising them.

Fortis Audit Services regularly audits the risk management functions of Fortis at group, business and local levels.

7.3.2 Fortis Risk Committee Structure

A comprehensive risk committee structure ensures that risk decisions are taken at the appropriate level.

The overall responsibility for the risks taken by Fortis rests with the Fortis Board. In order to fulfil its risk mission, the Fortis Board has the support of both the Fortis Risk and Capital Committee and the Fortis Audit Committee (AC). The Fortis Board has delegated the day-to-day management to the Executive Committee (ExCo) under the leadership of the Chief Executive Officer (CEO).

7.3.2.1 Board Risk Committees

Risk and Capital Committee (RCC)
Composed of non-executive Board members, the RCC meets at least three times a year and assists the Board in understanding the risks run by Fortis that are typically inherent to Banking and Insurance activities, overseeing the proper management of these risks, and ensuring the adequacy of Fortis’ capital relative to these risks and to those inherent to its overall operations.

The main responsibilities of the RCC are to approve the risk governance framework and to make recommendations to the Board on the target risk profile and the related relevant policies.

Fortis Audit Committee (AC)
Not being a risk committee, the role of the AC is to assist the Board in fulfilling its supervision and monitoring responsibilities in respect of internal control in the broadest sense within Fortis, including internal control over financial reporting.

At least once a year the AC, on behalf of the Board of Directors, reviews the quality and effectiveness of procedures and structures under which risks at Fortis are managed, risk-related accounting policies, capital assessment procedures and the performance of the internal control system.

7.3.2.2 Fortis Executive Risk Committees

The CEO reports to the Fortis Board on Fortis’ risk profile and capital adequacy and presents proposals to the Fortis Board on risk policies and rules and on financing Fortis Group transactions. The ExCo is supported in its tasks by the Executive Risk Committees.

7.3.2.3 Fortis Risk Committee (FRC)

The Fortis Risk Committee, chaired by the Fortis Chief Risk Officer, supports the CEO and the Executive Committee in ensuring that the Group has an adequate understanding of its key risks and that it has a sound risk management in place. A key role of the Fortis Risk Committee is to guarantee the consistency of risk management approaches across the Group (Bank and Insurance) and to make sure that risk-related topics at group level have been taken into account.

7.3.2.4 Group Asset and Liability Committee (Group ALCO)

The Group ALCO approves the group strategic asset allocation and monitors overall Group-ALM exposure. Its responsibilities are asset and liability management, monitoring and control.

7.3.2.5 Corporate Risk Committees

The Fortis Board is supported in its tasks by the following Corporate Risk Committees:

• The Central Asset & Liability Management and Market Policy Committee (ALM & MPC) defines the bank’s balance sheet management policies and limits, monitors the balance sheet structure, approves ALM risk management structures, agrees on significant transactions affecting the balance sheet and signs off on new products launched by the business lines. These tasks also include monitoring of trading risk limits.
• The Central Operational risk Policy Committee (OPC) establishes norms, policies and measurement standards in relation to operational risk-linked exposure.
• The Central Credit Policy Committee (CPC) approves credit risk policies and processes, decides on concentration limits, signs off on new credit products and monitors credit portfolio quality and credit delegation limits.
• The Central Credit Committee (CCC) decides on individual obligor risks, including country and bank limits, and approves transactions above a certain level affecting the balance sheet, within the lending limit of the bank.
• The Fortis Group Committee on Impairments and Provisions (FGCIP) supervises worldwide Value Adjustments (VA) on a consolidated basis.
• The Insurance Asset and Liability Committee (Insurance ALCO) makes proposals to the Insurance Risk Committee, which steers the strategic asset allocation at Fortis Insurance level and monitors and manages the overall Insurance ALM risk exposure.

7.3.2.6 Technical Risk Committees & Platforms

The Technical Risk Committees & Platforms consist of the following:

• The Capital Platform acts as a discussion forum for group capital related topics. The main purpose of the Capital Platform is information and know-how-sharing on capital related matters as well as ensuring alignment on capital related topics.
• The Model Acceptance Group (MAG) takes decisions about technical/methodological issues, assessing regulatory compliance and consistency pertaining to credit risk assessment methodologies and model application.
• The Operational ALCO Committee is an implementation committee that takes the appropriate measures required to implement decisions taken by the Group ALCO.
• The Liquidity & Funding Competence Centre (LFCC) is responsible for:
  - steering and prioritisation of Fortis’ liquidity
  - the exchange of cross-sector (Banking-Insurance) knowledge of liquidity issues and advice on solutions for funding liquidity problems.