Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Risk management


We have adopted and continue to embed a Three Lines of Defence model which enables all our people to understand their roles and responsibilities in the active management of risk .

Risk Management  

Our Risk Management Framework outlines our approach to managing risk across the Group, bringing together systems, structures, policies, processes and people. Effective risk management enables us to:

  • Achieve the Group’s purpose of creating better futures together; 
  • Deliver fair outcomes for our customers and counterparties that support market integrity;
  • Protect Westpac Group’s depositor and investors including by maintaining a balance sheet with sound credit quality and buffers over regulatory minimums; 
  • Manage risk within risk appetite; 
  • Be resilient to operational risks and disruptions, and manage the risks arising from service providers; 
  • Seek appropriate reward for risk we take aligned to our purpose, values and behaviours; and
  • Meet our regulatory and statutory obligations.

The Risk Management Framework is embedded through our Risk Management Strategy, which is supported by risk class frameworks, policies and risk appetite statements. It also helps us manage our material risks.


The Board is responsible for approving the Risk Management Framework, Risk Management Strategy and Board Risk Appetite Statement and for monitoring the effectiveness of risk management by the Group.


The Board Risk Committee assists the Board to consider and approve the Group’s overall risk management framework, oversee risk culture, the risk profile for material risks and risk appetite.


For further information refer to the Annual Report and Corporate Governance Statement (PDF 1MB)

Material Risks

Westpac distinguishes between different types of risk and takes an integrated approach toward identifying, assessing and managing risks. We have identified 11 material risks that impact our business. These material risks represent only the most material risks to the Group and are not exhaustive.


  • Capital Adequacy: The risk that the Group has an inadequate level or composition of capital to support its normal business activities and to meet its regulatory capital requirements under both normal or stressed operating environments.
  • Funding and Liquidity Risk: The risk that the Group cannot meet its payment obligations or that it does not have the appropriate amount, tenor and composition of funding and liquidity to support its assets. 
  • Credit Risk: The risk of financial loss where a customer or counterparty fails to meet their financial obligations to Westpac.
  • Market Risk: The risk of an adverse impact to the Group’s financial position as a result of a change in financial market factors, such as foreign exchange rates, interest rates, commodity prices and equity prices. This includes interest rate in the banking book – the risk to interest income from a mismatch between the duration of assets and liabilities that arises in the normal course of business activities. 
  • Strategic Risk: The risk that the Group makes inappropriate strategic choices, does not implement its strategies successfully, or does not respond effectively to changes in the environment. 
  • Risk Culture: The risk that our culture does not promote and reinforce behavioural expectations or structures to identify, understand, discuss and act on risks. This leads to ineffective risk management, poor risk awareness, risk-taking outside of risk appetite that is tolerated and a culture where key learnings are not integrated into Group-wide and customer outcomes, impeding continuous improvement. 
  • Operational Risk: The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition excludes Strategic Risk. While Legal Risk and Regulatory Risk arise through inadequate or failed processes, people and systems, or from external events, these are reflected primarily in Compliance and Conduct Risk in the Risk Taxonomy. 
  • Compliance and Conduct Risk: The risk of failing to abide by compliance obligations required of us or otherwise failing to have behaviours and practices that deliver suitable, fair and clear outcomes for our customers and that support market integrity. 
  • Financial Crime: The risk that the Group fails to prevent financial crime and comply with applicable global financial crime regulatory obligations. 
  • Cyber Risk: The risk that the Group’s or third parties’ data or technology are inappropriately accessed, manipulated or damaged from cyber threats or vulnerabilities. 
  • Reputational and Sustainability Risk: The risk of failing to recognise or address environmental, social or governance (ESG) issues and the risk that an action, inaction, transaction, investment or event will reduce trust in the Group’s integrity and competence by clients, counterparties, investors, regulators, employees or the public. 


For further information on managing these risks, refer to the Annual Report.

To view PDF files you need Adobe Acrobat Reader. Use Adobe's online PDF conversion tools to convert to another format.