Risk management

Sun Life's Risk Management Framework (RMF) sets out the components of our risk programs and explains how they operate together in conducting our business activities. It promotes the application of a consistent approach to managing risk exposures across Sun Life. Exposures include but aren’t limited to environmental (including climate impacts) and social risks. Our Internal Audit team provides a quarterly opinion on the effectiveness of internal controls, risk management and governance processes to the Audit Committee of the Board. Additionally, our risk management process is included in an annual external audit of Sun Life's internal control over financial reporting. 

Our Risk Appetite Policy is integral to our approach. It outlines specific constraints that define the type and amount of risk that Sun Life is willing to accept.

The purpose of the risk management process is to identify, measure, manage, monitor, and report on the key and emerging risks impacting or likely to impact the Business Plan (1-year time horizon), Strategic Plan (3 to 5-year time horizon) and for certain relevant risks, the Long Term time horizon (beyond 5 years, up to and beyond the year 2050).  On a quarterly and annual basis, a formal risk identification process is initiated and our risk exposure is reviewed using a variety of methods and measures. To learn more, refer to our Risk Management Framework.

We have built a strong corporate culture reflected in our core values of being Caring, Authentic, Bold, Inspiring and Impactful. These values set the tone and guide our high business standards, integrity and ethical behaviour, respect, and commitment to doing the right thing for our Clients. A key premise of our culture management framework is that everyone has an important role to play in preserving and enhancing our culture, which includes managing the Company’s risks. 

Risk management as a subset of our overall culture focuses on: 

• values
• tone from the top
• transparency
• effective challenge
• effective communication  
• incentives
• accountability  
• organizational resilience

We encourage discussions on risk decisions and urge employees to speak up about potential concerns. We have a structured employee feedback process that helps improve risk management practices. Our Ethics Hotline empowers employees to play an active role in reporting all known and suspected breaches of our Code of Conduct.

Everyone at Sun Life is responsible for recognizing and managing risks when making business decisions. Our mandatory training program helps employees spot, minimize and report risks that could affect our business. This training covers topics such as:  

• Code of Conduct  
• Safety and Emergency Preparedness    
• Business Continuity 
• Financial Crime Awareness 
• Data Privacy and Information Security 
• Workplace Awareness and Respect

Our three lines of defence model outlines specific duties related to risks, oversight and reporting.

Risk identification and measurement

One of the ways we assess risk and the effectiveness of our internal controls is through stress testing. Stress testing is a risk management technique that includes integrated scenario testing, reverse scenario testing and key assumption sensitivity testing. These exercises help us analyze Sun Life’s resilience under extreme circumstances. Those may include a severe economic shock, health pandemic, cyber breach, extreme weather event and more. Our business continuity plans consider various situations under which a disruption may occur. Every year, we update our business continuity plans to integrate evolving risks and our scenario analysis findings.

Effective climate risk management starts with identifying and assessing the climate-related risks that are most relevant to Sun Life’s business. To strengthen this approach, we have begun implementing enterprise-wide processes to perform climate risk assessments. These assessments evaluate Sun Life’s exposure to both physical and transition risks across short-, medium-, and long-term time horizons.

Refer to Climate Resilience and our OSFI B-15 Climate Risk Management Report for more details.