Compliance management

During the year, we have continued to develop and implement our Group-wide compliance management process, which seeks to ensure that key legal and regulatory obligations are identified, that appropriate control frameworks are established to minimise the potential for and impact of non-compliance with these obligations and that a transparent process exists to support this. The principal areas of focus during the year have been to close any outstanding gaps in the process and ensure that it is consistently applied across our businesses. The compliance management procedure is consistent with, and complementary to, our risk management procedure including bottom-up and top-down elements. The process is also used to review compliance with our Group policies and procedures.

Twice a year the Executive Committee, Audit Committee and Risk & Responsibility Committee receive a report setting out the significant obligations across the Group and any material non-compliances with those, together with control opinions and action plans to improve controls where necessary. As with the Group risk management process, the Audit Committee also reviews the compliance management process at least once during each year and reports on this to the Board.

The compliance management process also contributes toward the entity level testing that is performed under the Sarbanes- Oxley Act, as well as some of our other internal assurance activities. Following the progress made in implementing this process during the year we have commenced a series of meetings with other leading companies to benchmark what we have achieved to date.