Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Risk management


We adopt a Three Lines of Defence approach to risk management which reflects our culture of 'risk is everyone's business' in which all employees are responsible for identifying and managing risk and operating within the Group's desired risk profile.

Risk Management  

Effective risk management enables us to:

  • Accurately measure our risk profile and balance risk and reward within our risk appetite, optimising financial growth opportunities and mitigating potential loss or damage;
  • Protect Westpac Group's depositors, policyholders and investors by maintaining a balance sheet with sound credit quality and buffers over regulatory minimums
  • Deliver suitable, fair and clear outcomes for our customers that support market integrity;
  • Embed adequate controls to guard against excessive risk or undue risk concentration; and
  • Meet our regulatory and compliance obligations.

The Board is responsible for approving the Westpac Group Risk Management Strategy and Westpac Group Risk Appetite Statement and for monitoring the effectiveness of risk management by the Westpac Group, including satisfying itself through appropriate reporting and oversight that appropriate internal control mechanisms are in place and are being implemented in accordance with regulatory requirements.


The Board has delegated to the Board Risk & Compliance Committee responsibility to review and recommend the Westpac Group Risk Management Strategy and Westpac Group Risk Appetite Statement to the Board for approval; set risk appetite consistent with the Westpac Group Risk Appetite Statement; approve frameworks; policies and processes for managing risk (consistent with the Westpac Group Risk Management Strategy and Westpac Group Risk Appetite Statement); and review and, where appropriate, approve risks beyond the approval discretion provided to management.


For further information refer to the Corporate Governance Statement (PDF 240KB)


Westpac Banking Corporation is an Authorised Deposit-taking Institution (ADI) subject to regulation by APRA. APRA has accredited Westpac to apply advanced models permitted by the Basel III global capital adequacy regime to the measurement of its regulatory capital requirements. Westpac uses the Advanced Internal Ratings-Based approach (Advanced IRB) for credit risk and the Advanced Measurement Approach (AMA) for operational risk. 


Financial institutions that have received this accreditation, such as Westpac, are required to disclose prudential information about their risk management practices on a semi-annual basis. A subset of this information must be disclosed quarterly.


For further information refer to the Regulatory Disclosures.

Material Risks

Westpac distinguishes between different types of risk and takes an integrated approach toward identifying, assessing and managing all material risks including through the annual review of the Westpac Group Risk Management Strategy and the establishment of additional controls through supporting frameworks and policies for the following risk types:

Financial Risks:

  • Credit risk - the risk of financial loss where a customer or counterparty fails to meet their financial obligations to Westpac;
  • Equity risk - the potential for financial loss arising from movements in equity values. Equity risk may be direct, indirect or contingent;
  • Insurance risk - the risk in our licensed regulated insurance entities of claims costs being greater than expected, due to a failure in product design, underwriting, reinsurance arrangements or an increase in severity and frequency of insured events;
  • Liquidity risk - the risk that the Group will be unable to fund assets and meet obligations as they become due; and
  • Market risk - the risk of an adverse impact on earnings resulting from changes in market factors, such as foreign exchange rates, interest rates, commodity prices and equity prices. This includes interest rate risk in the banking book - the risk to interest income from a mismatch between the duration of assets and liabilities that arises in the normal course of business activities.

Non-Financial Risks:

  • Business risk - the risks arising from the strategic objectives and business plans;
  • Operational risk - the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition is aligned to the regulatory (Basel II) definition, including legal and regulatory risk but excluding strategic;
  • Compliance risk - the risk of legal or regulatory sanction, financial or reputational loss, arising from our failure to abide by the compliance obligations required of us;
  • Conduct risk - the risk that our provision of services and products results in unsuitable or unfair outcomes for our stakeholders or undermines market integrity;
  • Related entity (contagion) risk - the risk that problems arising in other Westpac Group members compromise the financial and operational position of the authorised deposit-taking institution in the Westpac Group;
  • Reputation risk - the risk of the loss of reputation, stakeholder confidence, or public trust and standing; and
  • Sustainability risk - the risk of reputational or financial loss due to failure to recognise or address material existing or emerging sustainability related environmental, social or governance issues;


For further information on managing these risks, refer to the Financial Statements and the Corporate Governance Statement (PDF 240KB).

To view PDF files you need Adobe Acrobat Reader. Use Adobe's online PDF conversion tools to convert to another format.