Skip to main content Skip to main navigation Skip to accessibility page Skip to search input


We adopt a Three Lines of Defence approach to risk management which reflects our culture of 'risk is everyone's business' and that all employees are responsible for identifying and managing risk and operating within the Group's desired risk profile.

Risk Management Strategy and Risk Appetite

The Board-approved Risk Management Strategy identifies a sound risk culture of 'risk is everyone's business' and awareness of risk management supported by regular communication as an essential element of sound risk management. Effective risk management enables us to:

  • Accurately measure our risk profile and balance risk and reward within our risk appetite, increasing financial growth opportunities and mitigating potential loss or damage;
  • Protect Westpac's depositors, policyholders and investors by maintaining a strong balance sheet;
  • Embed adequate controls to guard against excessive risk or undue risk concentration; and
  • Meet our regulatory and compliance obligations.

The Board is responsible for approving the Westpac Group Risk Management Strategy and Westpac Group Risk Appetite Statement and monitoring the effectiveness of risk management by the Westpac Group, including satisfying itself through appropriate reporting and oversight that appropriate internal control mechanisms are in place and are being implemented in accordance with regulatory requirements.


The Board has delegated to the Board Risk & Compliance Committee the responsibility to review and recommend the Risk Management Strategy and Group Risk Appetite Statement to the Board for approval; set risk appetite consistent with the Group Risk Appetite Statement; approve frameworks; policies and processes for managing risk (consistent with the Risk Management Strategy and Group Risk Appetite Statement); and review and where appropriate approve risks beyond the approval discretion provided to management.


For further information refer to the Corporate Governance Statement (PDF 766KB)


Westpac Banking Corporation is an Authorised Deposit-taking Institution (ADI) subject to regulation by APRA. APRA has accredited Westpac to apply advanced models permitted by the Basel III global capital adequacy regime to the measurement of its regulatory capital requirements. Westpac uses the Advanced Internal Ratings-Based approach (Advanced IRB) for credit risk and the Advanced Measurement Approach (AMA) for operational risk. 


Financial institutions that have received this accreditation, such as Westpac, are required to disclose prudential information about their risk management practices on a semi-annual basis. A subset of this information must be disclosed quarterly.


For further information refer to the Regulatory Disclosures

Material Risks

Westpac distinguishes between different types of risk and takes an integrated approach toward identifying, assessing and managing all material risks including through the annual review of the Risk Management Strategy and additional controls through supporting frameworks and policies for the following risk types:

  • Credit risk - the risk of financial loss where a customer or counterparty fails to meet their financial obligations to Westpac;
  • Liquidity risk - the risk that the Group will be unable to fund assets and meet obligations as they become due;
  • Market risk - the risk of an adverse impact on earnings resulting from changes in market factors, such as foreign exchange rates, interest rates, commodity prices and equity prices. This includes interest rate risk in the banking book - the risk to interest income from a mismatch between the duration of assets and liabilities that arises in the normal course of business activities;
  • Conduct risk - the risk arising from unfair or inappropriate behaviour or practices of the Westpac Group or its staff;
  • Operational risk - the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition is aligned to the regulatory (Basel II) definition, including legal and regulatory risk but excluding strategic and reputation risk; and
  • Compliance risk - the risk of legal or regulatory sanction, financial or reputational loss, arising from our failure to abide by the compliance obligations required of us.
  • Business risk - the risk associated with the vulnerability of a line of business to changes in the business environment;
  • Sustainability risk - the risk of reputational or financial loss due to failure to recognise or address material existing or emerging sustainability related environmental, social or governance issues;
  • Equity risk - the potential for financial loss arising from movements in equity values. Equity risk may be direct, indirect or contingent;
  • Insurance risk - the risk of mis-estimation of the expected cost of insured events, volatility in the number or severity of insured events, and mis-estimation of the cost of incurred claims;
  • Related entity (contagion) risk - the risk that problems arising in other Westpac Group members compromise the financial and operational position of the authorised deposit-taking institution in the Westpac Group; and
  • Reputation risk - the risk to earnings or capital from negative public opinion resulting from the loss of reputation or public trust and standing.

For further information on managing these risks, refer to the Financial Statements and the Corporate Governance Statement (PDF 766KB).

To view PDF files you need Adobe Acrobat Reader. Use Adobe's online PDF conversion tools to convert to another format.