The Board is ultimately accountable for the risk and opportunities management process and system of internal control within Remgro. The Board has reviewed the comprehensive Risk and Opportunities Management Policy and plan, which has been implemented by management. This plan incorporates continuous risk and opportunity scanning, identification and assessment, and embedding internal control as well as risk reduction and insurance strategies.

Remgro’s Environmental, Social and Governance (ESG) Risk Management Framework which guides responsible investment is also relevant for this purpose as it ensures that the consideration of ESG risks and opportunities, as well as impact and sustainability considerations, are integrated and embedded into the risk and opportunities management practices. Its focus is on realisation of suitable opportunities and the consideration of salient risk aspects in setting sustainable value-generating strategies.

The Audit and Risk Committee is mandated to monitor the effectiveness of the risk and opportunities management process and systems of internal control and is supported in this regard by its subcommittee, the Risk, Opportunities, Technology and Information Governance Operational Subcommittee (ROTIG). The Strategic ESG Committee plays an important role in supporting the Audit and Risk Committee by overseeing and monitoring Remgro’s ESG performance and stewardship through policies, frameworks, standards and guidelines. The Group’s internal and external auditors, along with management and certain external consultants, are tasked to render combined assurance reports to the Audit and Risk Committee.

Ethical leadership and human capital are the cornerstones of Remgro’s risk and opportunities management philosophy as these ensure operational competence, entrepreneurial aptitude, sound corporate reputation and effective governance. The financial, manufactured, intellectual, social and relationship and natural assets furthermore form part of the Six Capitals concept referred to in the King IV Report on Corporate Governance for South Africa (2016) (King IV). These categories of capitals, their interrelations and utilisation, to varying degrees, form an intricate part of the risk and opportunities process within the Company.

The risk and opportunities management process in Remgro comprises the arrangement of resources to ensure the achievement of the Company’s stated objectives along with its purpose, strategy and aligned business plans, including the seizing of available opportunities that meet the risk appetite criteria set by the Board. Risk profiles inherent to existing activities and investments are furthermore maintained within the approved risk tolerance levels, thereby optimising the riskreturn parameters for the creation of sustainable growth and value for shareholders and other stakeholders.

The incorporation of an ESG Investment Framework that intentionally provides for ESG considerations has embedded Remgro’s sustainability ambitions as an integral part of its investment decision-making. Principles and evaluation criteria include ESG risks, impact considerations, value creation opportunities and sustainability for its current and potential investments. To support implementation of this ESG Investment Framework, Remgro has developed Standard Operating Procedures (SOP) to enable the various governance structures and investment teams to apply the Framework consistently and efficiently.

Strategic risk assessment includes the consideration of probable future scenarios taking cognisance of, inter alia, political, environmental, social, technological, economic and legislative developments in both the Remgro environment as well as the global environment and market sectors that it invests in. Given the ongoing escalation in ESG challenges faced locally and globally, the Group is responding with commensurate escalation of ESG structures and initiatives in addition to the sound processes adopted in prior years. The ESG Operational committee will also oversee the continuous enhancement of the ESG risk and opportunities register being designed to underpin purpose driven decision making.

Due to the nature and magnitude of Remgro’s investment portfolio, this report focuses on the activities of the Company and its subsidiaries, save where such entities are separately operated listed subsidiaries with autonomous boards and adequate external reporting, or the materiality of such information is deemed insufficient to warrant detailed disclosure. As a result, this report contains risk and opportunities management information of the Company, Remgro Management Services Limited (Remgro’s service company) and V&R Management Services AG(1). These external reporting parameters are being reviewed to ensure alignment with international developments in this regard.

(1)A wholly owned subsidiary, registered and managed in Switzerland, rendering administrative, accounting and treasury services for Remgro’s foreign subsidiaries and third parties.

The structure below has been implemented and maintained to ensure the effective and efficient management of risk and opportunities within the Company.

The function of the Chief Risk Officer is shared amongst the following individuals:

  • The CEO reports directly to the Board on an ongoing basis with regards to the risks that may impact the effective and efficient execution of its strategy and opportunities submitted to the Investment Committee.
  • The CFO, as Chairman of the ROTIG Committee, is responsible for the induction of risk and opportunities management into the daily activities of the Company, including the drafting, review and maintenance of the Company risk register and Risk and Opportunities Management Policy and plan.
  • The Chief Audit Executive (CAE) attends meetings of the Management Board, the Operational ESG Committee and ROTIG Committee and renders value-adding considerations and independent assurance regarding the effectiveness of these committees’ activities as well as the risk management process and system of internal control.

Board and Governance Structure

The Risk and Opportunities Management Policy is based on the principles of the international COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management – Integrated Framework and complies with the recommendations of King IV. This policy defines the objectives, methodology, processes and responsibilities of Board and Governance Structure the various risk and opportunities management role players in the Company. The Risk and Opportunities Management Policy is subject to annual review and any proposed amendments are submitted to the Audit and Risk Committee for consideration and recommendation to the Board for approval.

Remgro is an investment holding company and as such, the risk and opportunities management process takes cognisance of risks and opportunities within the Company as well as the risks and opportunities inherent to its investment portfolio.

Material external risks include ongoing and escalated uncertainty on the government’s ability to deliver on its mandate and the sustained global economic downturn intensified by the impacts of the Russia-Ukraine War impacting on market confidence and global, regional and local stability.

Remgro, being a responsible investor, ensures that proper corporate governance is implemented and maintained in all entities it invests in via the above processes.

Remgro deploys dedicated processes to timely identify and effectively mitigate disruption risk and realises opportunities associated with future developments.

Emerging risk and opportunities, integrated with a sound corporate and entrepreneurial culture, inform strategy and investment mandate considerations.

The table below summarises the salient operational objectives and related risk mitigation processes included in the Remgro risk register:

Key control objectives

Key controls

The appointment and retention of suitably skilled and experienced directors and officers possessing the required values and drive.

Effective functioning of the Remuneration and Nomination Committee.

Performance assessments and evaluations.

Strong ethical leadership.

Continuous skills and attribute development aligned with business developments and corporate values.

“Staying Future Fit” project and initiatives supporting the Management Board.

Effective functioning of the Talent and Remuneration Management Committee.

Ethical and visible leadership via governance structures and related processes maintaining Remgro’s reputation as a good corporate citizen and a socially and environmentally responsible investor.

Anti-corruption and fraud prevention and detection procedures.

Embedded system of values and ethics and maintenance thereof via visible leadership and ethical competence refresher training.

Formalised ethics management and anti-corruption policies and codes of conduct.

Formalised tax, environmental and social policies.

Corporate culture focused on excellence in execution, fairness in dealing and transparency in reporting.

Comprehensive and King IV-compliant corporate governance structures and systems.

Effective and credible investor and stakeholder communications.

Effective functioning of the Social and Ethics Committee.

Effective oversight of ESG policies and performance by the Strategic ESG Committee.

Business strategies aligned with corporate mission based on stakeholder-inclusive principles.

Effective functioning of the Audit and Risk Committee.

Effective internal control, combined assurance, risk management and reporting processes.

Development and implementation of an ESG and sustainability strategy to ensure consistency of standards across Remgro and its investee companies.

Alignment with international and local best practice.

ESG charter and governance structures that provide strategic direction and oversight in support of Remgro’s sustainability goals.

Stewardship of investee companies in relation to ESG and sustainability issues to influence and drive sustainable behaviour through ESG principles to achieve common and collective sustainability goals.

Board oversight in conjunction with the Strategic ESG Committee.

Board guidelines to the Corporate Social Investment function.

Commissioning of regular baseline ESG footprint reporting across selected investee companies.

Safety, health and environmental management included under the ambit of the ROTIG Committee with formalised policies.

Preparation of disclosures aligned to Task Force on Climate-Related Financial Disclosures (TCFD) framework recommendations.

Successful participation in CDP (formerly Carbon Disclosure Project) and inclusion in FTSE/JSE Responsible Investment Index.

Adoption and implementation of appropriate long-term strategy and business plans within approved risk appetite duly communicated and delegated to the executive.

Effective Management Board supported by executive management and an experienced investment division.

Conducted a comprehensive Remgro 2030 workshop to consider emerging risk and opportunity trends across the full strategic and operational spectrum of the Group, including, inter alia, international developments in technology, consumerism, market and business model disruptions, investor, et al to inform medium- to long-term strategic development and investment focus.

Developing, implementing and monitoring various strategic initiatives to effectively respond to salient current aspects, including a comprehensive and timely alignment with future developments.

Investing in the enhancement of human and intellectual capital deployed in the Group.

Dedicated focus on risks and opportunities associated with global and local political, socio-economic, legislative and technological developments.

Adequate design and implementation of appropriate risk responses; the establishment and implementation of business resilience and continuity arrangements that allow Remgro to operate under conditions of volatility, and to withstand and recover from acute shocks and enhance enterprise resilience. Focus areas include, inter alia, concerning trends in infrastructure failing, inconsistent and deteriorating electricity supply, increasing crime, societal grievances associated with service delivery failures and the continuing economic decline.

Effective assessment of risks and opportunities emanating from the triple context in which Remgro operates (i.e. the economy, society and environment) and the capitals that Remgro uses and effects (i.e. financial, manufactured, intellectual, human, social and relationship and natural) to optimise performance and resource deployment.

Workgroups focused at future scanning and key investment strategy objectives reporting to the Management Board.

Maintaining the significance of Remgro’s corporate presence in the investment holding environment as this enables it to acquire meaningful stakes in selected investment opportunities thereby striving vigorously to meet Remgro’s investment philosophy of investing in businesses that can deliver superior earnings, cash flow generation and dividend growth over the long term.

A conservative business approach with long-term investment criteria focused on growth, sustainability and liquidity.

Corporate actions are aligned with the long-term strategy and responsible investment criteria.

Comprehensive networks and robust processes focused on investment opportunity identification, and risk-based due diligence reviews, guided by responsible investment considerations.

Clear guidelines imbedded in the Investment Framework to ensure investment decisions, reviews and capital allocations are in line with ESG and sustainability goals.

Effective functioning of the Investment Committee is supported by ensuring that consideration of ESG risks are integrated into investment and management practices.

Investment Managers’ Workshop series to engage on ESG.

Introduction of a Standard Operating Procedure for investment managers to integrate ESG into their investment decisions, i.e., to operationalise the Responsible ESG Investment Framework.

Effective investor relations and corporate communications.

CEO forum with investee leadership participation to align and aggregate the impact of key initiatives, including CSI and ESG activities.

Ensuring that opportunity risks are managed to avoid lost investment opportunities that meet Remgro’s stringent investment criteria.

Skilled and experienced investment division with efficient operational processes and controls.

Effective support structures and negotiation processes incorporating proven due diligence processes.

Robust deal implementation and secretarial and legal support and compliance processes.

Ensuring that the corporate culture of Remgro does not inhibit responsible risk and opportunities taking.

Board oversight and executive monitoring of performance against investment plans and strategies.

Review of processes to ensure enhanced agility in decisionmaking and execution.

Available liquidity to fund new investments and further support successful investments.

Effective functioning of the Treasury and Investment Committees.

Conservative cash administration and well-managed and secure treasury environment whilst seeking return maximisation within risk appetite of cash at the centre.

Maintaining appropriate borrowing facilities.

Maintaining a strong balance sheet.

Effective Group structuring to house existing and new investments. Appropriate control structures supported by skilled and experienced legal and corporate tax specialists.
Effective management of underlying investments and ensuring that Remgro’s investment criteria are maintained and the Group’s rights are protected.(1)

Comprehensive shareholder agreements are concluded at time of investment. This facilitates effective control or significant influence over the executive management teams in the underlying investee companies and ensures that strategies, goals and deliverables, including ESG standards and expectations are met and that salient risks are duly managed. Enhanced focus on human capital development and deployment coupled with detailed attention to investee companies.

Detailed reporting, review and management structures are implemented to ensure timely, accurate and reliable information used in the decision-making processes.

The early identification of abnormal investee risk profiles through internal processes.

Effective internal operations, including secretarial, financial, human resources, compliance and all other departmental activities in the service company and wholly owned subsidiaries under the control of the management of the service company.

Skilled and experienced managers regularly review policies and practices governing internal controls designed to ensure the consistent achievement of relevant objectives.

Focus areas include, inter alia, cyber and fraud risk mitigation, enhanced effectiveness and efficiency through adoption of technological developments.

Given the significance of treasury, the following salient objectives are integrated into the Treasury Committee’s (a management committee chaired by the Chief Financial Officer (CFO), also comprising the Chief Executive Officer (CEO) and other senior managers) mandate:

  • Liquidity requirements and risk appetite are formalised and linked to realised returns on treasury funds
  • Terms of trade with banks are reviewed to ensure appropriate risk sharing
  • Payment systems are secured and cyber risk mitigated
  • Information is secured and retained per policies
  • FAIS (Financial Advisory and Intermediary Services Act, (No. 37 of 2002)) and FICA (Financial Intelligence Centre Act, (No. 38 of 2001)) legislation is complied with
  • The following treasury risks are specifically managed:
    • Liquidity risk
    • Instrument risk (derivatives and component criteria)
    • Investment credit risk (credit limits and spread of cash between approved institutions)
    • Foreign currency risk (spread and composition of approved currency exposures)
    • Interest rate risk, and
    • Derivative instrument risk

A formalised Treasury Policy is maintained and reviewed by the Treasury Committee and amendments are submitted to the Board for approval.

Skilled staff is employed in the treasury department and comprehensive internal controls are deployed and complied with.

The treasury department is subject to quarterly FAIS and FICA reviews from the Financial Sector Conduct Authority (FSCA)-approved external compliance officer. In addition, the treasury department (back and front office) is subject to regular internal audit reviews and a year-end review by the external auditor.

Continuous evaluation of suitable investment products within the ambit of the approved Treasury Policy.

Accurate, transparent and reliable reporting and interaction with stakeholders.

Formalised stakeholder and communication policies.

Effective internal financial controls.

Comprehensive combined assurance plans and processes, including non-financial and ESG information.

Structured and considered integrated reporting, including consideration of international developments on external reporting frameworks on non-financial information.

Adequate and transparent risk and opportunities disclosure and reporting.

Reviewing the effective alignment of external reporting frameworks against international developments and frameworks.

Effective functioning of the Audit and Risk Committee.

Full compliance with taxation and other relevant legislation and industry practices.

Employment of tax specialists and consultation with independent tax and legal professionals.

Tax policy.

Legal Compliance Policy linked to expert legal advice.

Effective Compliance Policy and procedures.

Reliable and secure information and technology systems to support business objectives and requirements.

Effective outsource agreement with a credible vendor and service levels supporting cost-efficient, secure and available systems and networks.

Technology and Information Governance Policy supported by procedures over key activities such as business continuity, information and cyber security, document retention and user acceptable usage policies, including POPIA requirements.

 

(1)As stated in the “Group Profile“ section of this report, Remgro is not involved in the day-to-day management of investee activities but does have non-executive representation on these autonomous boards via shareholder agreements. These bodies are responsible for risk management at investee level.

The Remgro Board has formalised and approved the risk tolerance levels to define the Board’s risk appetite and to ensure that all risks within the Group are managed within the limits so defined.

Remgro, due to the nature of its core activities, deals with risk tolerance levels in the following three risk categories using dedicated and bespoke methodologies:

Investments

Risk tolerance levels are set in accordance with the cost of funding the investments (WACC) as adjusted with a risk weighting (Beta) to ensure a sustainable and positive risk-return environment, taking cognisance of the investment portfolio.

Treasury

Given the liquidity requirements to support performing investments and to seize new investment opportunities, the risk tolerance levels and linked returns for cash held in South Africa and internationally are measured in terms of lending rates achieved by major banks in the money market, including but not limited to STeFI (Short Term Fixed Interest) or LIBOR (London Interbank Offered Rate), as well as compliance with required credit ratings set for approved counterparties. This is continuously monitored and reassessed given prevailing market volatilities, risk and, at times, negative returns on cash in certain international money markets. Given the prevailing low interest rate environment during the first quarter of the reporting period, the Treasury Committee was furthermore tasked to recommend suitable investment instruments for cash at the centre to the Investment Committee or Board for consideration. Given the continuing trend in interest rate increases during the remainder of the reporting period consideration was also given to the cost of funding and adjusting the debt at the centre.

Foreign currency risk and capital preservation risk in an adverse economic climate are mitigated by means of conservative policies regarding hedging strategies and counterparty vetting.

The treasury funds are invested as per a Board-approved Treasury Policy which deals with counterparty (credit) risk, liquidity risk, interest rate risk, currency risk, instrument risk and commercial risk (terms of trade), as well as the policies deployed to safeguard cash and liquid assets.

Other

This category includes risks associated with unplanned losses to assets, exposure to liabilities, fidelity, business interruption and other operational risk.

In these instances the Board has, in addition to stringent internal controls, adopted a conservative approach by taking sufficient insurance cover to mitigate the anticipated maximum loss should risk realise in these categories.

Risk appetite is defined as the risk that the Company is prepared or willing to accept without further mitigating action being put in place or the amount and nature of risk the Company is willing to accept in pursuit of objectives. This is also defined as the risk propensity of the Board in pursuing the creation of sustainable wealth.

The following qualitative and quantitative factors are considered by the Board in evaluating risk appetite:

  • risk-return profile of the current investment portfolio;
  • availability of cash resources and other liquid assets that could easily be converted into cash;
  • available funding opportunities;
  • risk-return profile of prospective opportunities;
  • ESG profile of the current portfolio and investment sectors;
  • financial metrics relevant to measuring performance, including:
    • intrinsic net asset value (INAV);
    • return on INAV relative to comparable risk investments;
    • dividend policy;
    • free cash flow; and
    • gearing ratios;
  • international and local economic cycles and trends;
  • foreign currency rates and trends;
  • materiality of risks with reference to the INAV of the Group;
  • risk management capability and maturity;
  • resource allocation and strategy; and
  • risk scenarios on black-swan and future scanning methodologies.

Risk-bearing capacity is defined as a monetary value which is used as a yardstick, measuring the maximum loss the Company can endure without exposing it to the point where its existence and going concern status is under threat, given an equivalent loss.

Given the nature of Remgro’s INAV composition, i.e. equity investments, net excess cash and the conservative size of debt at holding company level, there are no known current exposures that could jeopardise the going concern status of the Group.

The risk and opportunities management process is furthermore also externally focused to ensure the timely identification of new emerging risks and opportunities and the assessment of the effectiveness of timely responses thereto. Scenarios are furthermore used to assess the adequacy of the Company’s business resilience.

The Company reviews its technology policies annually. The Technology and Information Governance Policy defines the scope, roles and responsibilities of technology and information governance to ensure technology and information supports and enables the achievement of Remgro’s business objectives and articulates and gives effect to Remgro’s direction on the employment of technology and information. This policy is further supplemented by governance-based policies such as the Technology and Information Acceptable Use Policy, the Information Security Policy and information confidentiality policies that are defined in alignment with POPIA.

The technology and information risk management process is fully integrated with the combined assurance process of the Company and aligned to COBIT (Control Objectives for Information and Related Technologies).

Preventative technologies and practices are in place across the respective layers of technology and information security, including physical intrusion prevention, infrastructure intrusion prevention and monitoring, platform controls, applicationlayer security, and process controls. The Security Operations Centre (SOC) service provider monitors and alerts against cyber activity and patterns. Weekly vulnerability assessments are included in the Standard Operating Procedures on top of which independent vulnerability scanning and penetration tests are conducted periodically. Security controls are also extensively scrutinised during the annual NIST-based (National Institute of Standards and Technology) cyber insurance reviews and our cyber security strategy is extended through the cyber insurance support processes.

There were no incidents of information security or cyber protocol breaches recorded during the year under review and continuous strengthening of the cyber security posture remains a high priority.

A business continuity plan has been formalised and successful tests performed on the back-up and disaster recovery process.

All technology-related incidents, including potential security incidents, are reported through the service desk from where the appropriate escalation process is triggered.

Third-party risk assessments are aligned with industry-related exposures and developments. Opportunity assessment forms part of the annual technology and information strategy review. Emerging technologies and innovations are monitored, selected and deployed as appropriate to improve performance of the organisation through information, communication, and digital technologies.

The Board, as part of its ethical leadership commitment, approved a Legal Compliance Policy and confirmed that there are sufficient management capacity and controls in place to ensure compliance with all relevant laws and salient industry practices.

The administration of the Legal Compliance System is vested in an official with the appropriate legal qualifications. Members of senior management of the Company are informed on a regular basis of all relevant new legislation and amendments.

Compliance controls also vest with senior management who are required to report to the Social and Ethics Committee on a regular basis regarding their compliance using a control self-assessment methodology. This process is incorporated into the annual combined assurance plan. The outcomes of compliance assessments are reported to the Board, via the ROTIG Committee and no incidents of non-compliance or fines incurred due to non-compliance were recorded.

The Group has implemented and maintained a sound control environment, including a comprehensive system of internal controls to mitigate the risks in the enterprise and to ensure that the Group’s objectives are consistently achieved. Internal controls are based on the principle of acceptable risk being inherent to the design and implementation of a cost-effective system of internal control. The system includes monitoring mechanisms and mitigation processes to timely augment deficiencies when they are detected. This system is benchmarked against the COSO Internal Control – Integrated Framework.

The internal audit function is employed by Remgro Management Services Limited and the CAE, Mr Deon Annandale, reports to the chairman of the Audit and Risk Committee and functionally to the CFO. The department complies with the requirements of King IV and the International Standards for the Professional Practice of Internal Auditing. The department maintains a three-tier Quality Assurance and Improvement Programme as prescribed by the Institute of Internal Auditors. This comprises a continuous self-assessment process with Independent External Assessments being performed by an international external audit firm, other than the Group’s external auditors, every three years.

The internal audit plans, as approved by the Audit and Risk Committee, are designed following a risk-based assurance approach and are focused on adding value to the control environment while rendering independent assurance to the Audit and Risk Committee and to the Board on, inter alia: the effectiveness of internal financial control; the effectiveness of internal control over operational and compliance activities; the adequacy of governance systems, including the “tone at the top“; the effectiveness of the combined assurance process and risk and opportunities management process.

The function is furthermore strategically aligned to the creation and preservation of value and rendering insight into emerging risk.

The internal audit department also renders independent internal audit and risk and opportunities management services to certain Group companies who elect to outsource the function. In these instances dedicated processes are maintained to ensure the independent functioning of the department, including its fiduciary duty to the respective Group companies and the safeguarding of their proprietary information.

When required, specialist skills are insourced to assist with information technology and forensic services.

The Board, via the Audit and Risk Committee, has considered the documented policies, procedures and independent assurance reports and is satisfied that the control environment along with the internal control and risk and opportunities management processes implemented in the Group are effective.

The Board is not aware of any exposure or position that could culminate in the residual risk profile of the Group exceeding the risk-bearing capacity limits set by the Board.

The following comprised focus areas during the year under review:

  • The Russia-Ukraine War, and related implications, including business resilience;
  • Emerging risks including global and local political and socio-economic developments and trends including crime, corruption and infrastructure and electricity stability;
  • Robustness of fraud prevention and detection processes given the magnitude and prevalence of non-Remgro reported irregularities in the press;
  • Developments in international financial reporting standards and ESG reporting frameworks;
  • Auditor rotation developments and reputation damage suffered by certain audit firms;
  • Material transactions in the financial year;
  • Effectiveness of the risk and opportunities and combined assurance processes;
  • Opinions on the effectiveness of the control environment and internal financial control;
  • External benchmarking of the Treasury Policy against international best practice;
  • Terms and assurance plans of both internal and external audit;
  • External reporting, both financial and non-financial;
  • Assessment of the CFO, finance department and CAE;
  • Technology and information governance, including Cyber risk; and
  • ESG and sustainability-related factors.

The above aspects will be repeated in the agenda as regards focus areas given the Group’s Governance Standards and aligned committee mandate.