Risk management

From climate risks to cyber threats – we’re risk ready 

Proactively identifying, measuring, managing, monitoring and reporting risk is key to making our business more resilient. A risk management mindset helps us meet our financial commitments to Clients. At the same time, it protects our competitiveness and long-term sustainability.

Our approach

Our Annual Report provides more details on our approach to risk management. The information below focuses on environmental, social and governance (ESG) risks.

Sun Life's Risk Management Framework (RMF) is a comprehensive set of protocols and programs for conducting our business activities. It helps us ensure we apply a consistent approach to managing risk exposures across Sun Life. Exposures include but aren’t limited to environmental (including climate change) and social risks. Internal Audit provides a quarterly opinion on the effectiveness of internal controls, risk management and governance processes to the Audit Committee of the Board. 

Our Risk Appetite Policy is integral to our approach. It outlines specific constraints that define the total level of risk that Sun Life is willing to accept.

Our risk culture is more than the requirements we set as an organization. It’s also about the way we behave and respond to risks. We need to consider risk in everything we do. 

We have a Risk Culture Statement supported by seven principles designed to embed a strong, unified culture throughout Sun Life. These principles are: 

  • tone from the top
  • transparency
  • effective challenge
  • communication  
  • incentives
  • accountability  
  • resilience 

We encourage discussions on risk decisions and urge employees to speak up about potential concerns. We have a structured employee feedback process that helps improve risk management practices. Our Ethics Hotline empowers employees to play an active role in reporting all known and suspected breaches of our Code of Conduct. Additionally, a formal risk identification process is initiated on a quarterly basis. The purpose is to identify, measure, manage, monitor, and report on the key and emerging risks impacting or likely to impact the Strategic Plan (3 to 5-year time horizon) and Business Plan (1-year time horizon).

Everyone at Sun Life is responsible for recognizing and managing risks when making business decisions. Our mandatory training program helps employees spot, minimize and report risks that could affect our business. This training covers topics such as:  

  • Code of Conduct  
  • Safety and Emergency Preparedness    
  • Business Continuity 
  • Financial Crime Awareness 
  • Data Privacy and Information Protection 
  • Workplace Awareness and Respect

Our three lines of defence model outlines specific duties related to risks, oversight and reporting.  

One of the ways we assess risk and the effectiveness of our internal controls is through stress testing. Stress testing is a risk management technique that includes integrated scenario testing, reverse scenario testing and key assumption sensitivity testing. These exercises help us analyze Sun Life’s resilience under extreme circumstances. Those may include a severe economic shock, health pandemic, cyber breach, extreme weather event and more. Our business continuity plans consider various situations under which a disruption may occur. Every year, we update our business continuity plans to integrate evolving risks and our scenario analysis findings.  

Climate change is one of the most significant and complex risks facing society today. It is one of the risks Sun Life manages within our overall RMF.

We continue working to better understand potential climate-related risks and to improve our resilience against them. There are two major categories of climate-related risks:  

  • Physical risk: risks related to physical impacts of climate change, including event-driven acute physical risks, for example more severe weather events and chronic physical risks from longer-term shifts in climate patterns. Indirectly, these risks can also create additional impacts on public health (e.g., increased morbidity and mortality). 
  • Transition risk: risks related to the transition to a lower-carbon economy. This includes policy, legal, technology and market changes to address the need to reduce and adapt to climate change, and related reputation risk.  

Our definition of climate risk includes impacts in both of these categories. These impacts can include, but are not limited to, damage to owned and operated real assets including real estate and infrastructure, reductions in the values of investments in public and private fixed income and non-fixed income assets tied to fossil fuels and carbon intensive industries, litigation risk to a company or sector in which we invest, health impacts to affected populations, and socio-economic, geopolitical and regulatory changes. 

Our approach to addressing climate change risk also involves strengthening our ability to evaluate and report on related impacts. We provide climate disclosures guided by the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). These disclosures help investors and other stakeholders assess how Sun Life is tackling potential climate-related impacts on our business. We also conduct an assessment of climate change risk as part of our broader assessment of the risks associated with operating in various markets.

Learn more:

Climate change is one of many environmental and social risks we’re monitoring and responding to across our business. Others include cyber threats, issues of inequality and public health issues

We also consider material ESG risk factors in mergers and acquisitions transactions. Our approach, informed by best practice, supports Sun Life in its consideration of ESG factors during the investment process. 

2023 highlights

  • 98% of employees completed risk-related training1 
  • Further built our capabilities to identify, track and mitigate evolving sustainability risks 
  • Enhanced climate-related reporting in our 2023 Annual Report by updating our disclosures guided by the TCFD framework and disclosing newly integrated governance processes

Learn more about our progress and performance in our 2023 Sustainability Report and ESG Performance Tables.

Commitments and memberships

PSI Logo

Training completion rates are as at January 15 since annual training assigned during the reporting year may be completed after year-end. Refer to Sustainability Data Scope - Note 5.

Refer to Sustainability Data Scope.