Old Mutual corporate governance - supporting management

Corporate governance has both an internal and an external focus:

Internally, corporate governance relies on:

• The organisation's values and ethics being lived and practised daily.
• The appropriate structures being in place (including the Board and the relevant committee together with Group Internal Audit, Compliance, Enterprise Risk Management, Corporate Secretariat and Forensic Services).
• The establishment of approriate controls and processes that are monitored and managed.

Externally, corporate governance means:

• That the rights of the various stakeholders are guarded.
• That the organisation contributes to sustainable economic development.
• The company invests in socially responsible business activities.
• Management and staff are able to work well together, and interact with their community.

An accountability framework in an organisation is not sufficient. That cannot guarantee a company's success. There must be balance between conformance and performance. For performance to occur in corporate governance, policies and their strong communication to the organisation must be in place. Management must "own" and support these policies enthusiastically. When this occurs corporate governance is able to serve the organisation in its entirety.

The following governance functions work together with management to help them make strategic decisions, manage risk, manage performance and identify the critical points at which they need to make decisions:

• Risk Management;
• Compliance;
• Group Internal Audit;
• Corporate Secretariat; and
• Group Forensic Services.

In tandem with management these functions are able to promote a culture that complies with legislation and best practice but also enhances overall management performance.

Risk Management

Businesses have to take risks to thrive. Some risks can be avoided, others cannot. It is nevertheless important to have strategies in place that help to manage all risks. Old Mutual's response has been to develop an Enterprise Risk Management framework and risk management processes at both strategic and business unit levels. Management is responsible for the identification, evaluation and management of the risks applicable to their areas of business. These risks are assessed on a regular basis and may be associated with a variety of internal and external sources.

Compliance

Our business has to abide by laws and regulations that govern the way we do business. Failure to comply with the laws of the land could lead to penalties, severe reputational damage and even a loss of the licence to operate. In South Africa, the promulgation of new laws has meant dramatic changes to the financial services environment, and has made compliance increasingly complex and difficult.

All business units must consider the impact of legislation and regulations on their businesses and must develop compliant risk management and monitoring plans to ensure that processes and procedures are in place to ensure compliance. In addition a standardised compliance framework for the group is in place and key compliance best practices and processes have been developed and implemented across the organisation.

The two most relevant pieces of legislation that affected the organisation in 2004 were:
The Financial Intelligence Centre Act (FICA) and the Financial Advisory and Intermediary Services Act (FAIS).

FICA is aimed at combating money laundering in South Africa. Through the Compliance function we have developed processes and procedures across the business to ensure that we:

• Identify clients.
• Report suspicious transactions.
• Keep adequate records.
• Train our staff on FICA.

FAIS aims to regulate a wide range of financial advisory and intermediary services to clients. Principally, a financial services provider (FSP) such as Old Mutual may not operate without a licence issued by the Registrar of Financial Services. The providers are responsible for the actions of their representatives, and should ensure that they are "fit and proper" and suitably qualified.

We have developed processes and procedures across affected business units to ensure that
Old Mutual is compliant and we were the first large provider in the country to be properly licensed and equipped to operate in terms of the FAIS requirements.

Group Internal Audit

At Old Mutual an independent Internal Audit function, reporting to the Audit Committee, focuses on risks that could affect the achievement of business objectives. This focus helps managers achieve their objectives, through looking for and suggesting operational improvements in the control environment.

Corporate Secretariat

The Secretariat team is responsible for advising Old Mutual's Board of Directors on statutory requirements and responsibilities and their fiduciary duties.

Group Forensic Services

A concerted effort is made by management and staff alike to combat fraud, theft, corruption and associated internal irregularities in Old Mutual. This effort is largely driven through education and activities aimed at increasing awareness. The ongoing investigation and detection of fraudulent activity is undertaken by Group Forensic Services.

Comprehensive "whistle-blowing" channels exist within the organisation to combat fraud and various white collar crimes. Staff members are able to anonymously report criminal behaviour to Group Forensic Services via the Tip Offs Anonymous Hotline, dedicated e-mail or in person.

These five areas work closely together to achieve the same objective - helping Old Mutual to grow through a strong control environment. While the functions of governance are present within Old Mutual, they rely on interaction with management and their commitment to governance to ensure its sustainability.