Integrated Report 2018

PPS

INTEGRATED REPORT 2018

CORPORATE

GOVERNANCE REPORT

(continued)

Members of the PPS Group boards have access to

independent professional advice, as may be required,

through the office of the Group Company Secretary at

the PPS Group’s expense, in order to discharge their

responsibilities as directors and trustees.

Group Legal

The Group Legal Department is the centralised legal

function, with the main responsibility of identifying and

managing legal risks that may arise during the course

of the PPS Group’s activities, and ensuring that these

risks are appropriately mitigated across all entities. This

is achieved by providing or sourcing appropriate legal

advice, ensuring that legal risks are optimally negotiated,

documented, and monitored, and that the necessary

controls are implemented. The Group Legal Department

regularly reports to the Group Executive Committee and

the Group Risk Committee on the management and status

of all material legal risks. All Group Legal Advisers employed

in such capacity report to the Head of Group Legal and

Compliance.

The Group Legal Department is also responsible for

implementing and maintaining legal policy standards

throughout the PPS Group and ensuring that the standards

are adopted and followed by all subsidiary companies and

their internal legal staff (where applicable).

Group Compliance

The PPS Group boards are ultimately accountable for

compliance with applicable laws and adopted non-binding

rules, codes, and standards. The primary objective of

the compliance function is to assist the boards with this

responsibility. Management is committed to ensuring

that the business is run with integrity, complies with all

regulatory and best practice requirements, and is conducted

in accordance with the highest ethical standards. The

appointed Compliance Officer is responsible for the effective

implementation of the Compliance Risk Management

Framework and for facilitating compliance throughout the

business by creating awareness, independent monitoring,

reporting and the provision of practical solutions or

recommendations. However, the primary responsibility

for complying with any regulatory requirement lies with

all members of staff conducting the particular transaction

or activity to which the requirement applies.

PPS has implemented a combination of a centralised and

a decentralised compliance function. Group Compliance is

the central department, with the main role of developing

the compliance policy (the boards approve such policy) and

related standards to ensure a consolidated compliance risk

management and reporting process throughout the PPS

Group. The decentralised compliance function consists of

business units which have their own compliance functions

that are responsible for implementing the PPS Group

policies, monitoring the activities of the business units and

reporting the status of compliance to Group Compliance.

PPS Investments, PPS Healthcare Administrators, PPS

Short-Term Insurance and Professional Provident Society

Insurance Company (Namibia) Limited (PPS Namibia)

have their own business unit compliance officers with

oversight by Group Compliance for compliance-related

matters. Group Compliance assumes direct responsibility

for compliance risk management in PPS Insurance and

its divisions.

The compliance function performs its activities in

accordance with these five principles:

• All legislative requirements, such as acts, bills, directives,

practice notes, industry codes of conduct, and relevant

discussion documents, which impose obligations on PPS

are identified and interpreted continuously.

• Compliance requirements are addressed in business

processes.

• Management and staff are trained on the compliance

requirements relevant to their roles.

• Compliance monitoring is conducted to provide

assurance on the level of compliance.

• Compliance incidents or suspected incidents are

reported and managed.

Group Risk Management

The taking of risk, in an appropriate manner, is an integral

part of business. Success relies on optimising the trade-

off between risk and reward, following an integrated risk

management process, and by considering all internal

and external risk factors. While conducting its business,

PPS is exposed to, and needs to take on, a variety of

risks. The long-term sustained growth, continued success,

and reputation of PPS are critically dependent on the

quality of risk management. Management is committed

to applying best practice and standards, including the

implementation of the ISO 31000 standard on Risk

Management, Prudential Standards, Risk Management

and Internal Controls for Insurers (GOI 3) and King IV.

The PPS Group Enterprise Risk Management Framework

is aligned to such standards.

PPS’ risk philosophy is underpinned by its objective

of member value creation, meeting member benefit

expectations and achieving sustainable profitable growth,

in a manner that is consistent with members’ expectations

of PPS’ risk appetite. This means the PPS Group must

ensure that a high-quality risk management culture is

instilled throughout its operations, built on the following

main elements:

• Adherence to the value system of PPS.

• Proactive risk management.