Sie sind auf Seite 1von 7


Risk Category Division(s) Status

All Company-wide Final
Key Risk Category Executive Approval EVP & Link(s) / Related Documents
All Chief Risk Officer Code of Business Conduct & Ethics
Policy Sponsor EVP & Committee Approval Enterprise Risk Policy
Chief Risk Officer Executive Risk Committee
Global Risk Manager Board Risk Committee
N/A _
Original Effective Date Review Cycle Date Last Formally Date Last
December 7, 2005 3 years or less Reviewed Revised
June 2012 June 2012
Except in those instances where Policies (as defined below) are to be shared with third-party vendors or
business partners pursuant to a non-disclosure agreement or confidentiality agreement, Company policy
documents are for internal use only and may not be shared outside the Company, in whole or part, without
prior approval from the Global Compliance Chief who will consult as appropriate with the Policy Sponsor and
legal counsel when deciding whether to approve and the conditions attached to any approval.

Manulife Financials reputation is one of its most valuable assets and, in todays environment of global
media and increased scrutiny by stakeholders, it is vital that it be safeguarded. Reputation risk is the risk
that MFCs corporate image may be eroded by adverse publicity, whether true or not, as a result of
business practices of the Manulife Financial group (Manulife, the Company or MFC) or its
representatives, potentially causing irreparable damage to the Companys franchise value.

A loss of reputation is generally a consequence of some other risk control failure, whether associated with
complex financial transactions or relatively routine operational activities. It may result from business
decisions that may make sense in the short term, but which over time run the risk of undermining an
organizations franchise and the sustainability of its business. Reputation risk can arise in any area of the
Companys operations, even when transactions or practices technically comply with existing legal,
accounting and regulatory requirements. Risk may also arise from business dealings with external
parties such as sales representatives, service providers, customers and suppliers. Reputation risk cannot
be managed in isolation from other risks but as an integral part of MFCs integrated risk management

Reputation damage may often be difficult to predict or quantify but may have far reaching effects
including but not limited to:
direct financial impact to the Company, such as a reduction in income or share price;
an indirect impact, such as customer dissatisfaction, which may result in future financial loss, for
example due to reduced sales or termination of policies;
erosion of trust with a regulator(s);
damage to strategic relationships; and
poor employee morale and staff retention/ hiring issues.


The purpose of the Global Reputation Risk Policy (the Policy) is to outline the Companys prudent and
proactive approach to managing reputation risk. The Policy applies to MFC and all of its subsidiaries.

The management of reputation risk cannot be restricted to compliance with rules and controls, it is

dependent upon a strong ethical culture and values where sound judgment is applied within a risk-
conscious and structured environment. MFCs strong corporate governance; clearly communicated
corporate values emphasizing integrity and ethical conduct in every business decision and activity; and
integrated approach to managing risk set the foundation for minimizing reputation risk.

The Company:

Conducts its business and operations with integrity and in compliance with the spirit and intent of all
applicable laws and regulations in every jurisdiction in which it operates;
Will not engage in or facilitate any business activity the purpose of which is to intentionally evade legal
or regulatory obligations;
Adheres to the principles of confidentiality and privacy in employee and customer relations, following
the guidance set out in the Companys Code of Business Conduct and Ethics (the Code), policies
and legislation that protect personal information;
Maintains strict conflict of interest rules for employees, officers and directors to protect the interest of
MFCs customers and shareholders;
Recognizes that the reputation, integrity and character of persons and organizations with whom we do
business, such as distributors, reinsurers, service providers, counterparties, fund managers, and
vendors, may impact stakeholders views of MFC and is an important consideration in establishing and
maintaining relationships with them;
Provides quality products, services, advice and value to meet customer needs; and
Maintains a diverse workplace where the terms and conditions of employment are equitable and non-
discriminatory for all currently employed and those seeking employment.

Reputation risk will be managed as an integral part of MFCs integrated risk management programs
and practices, key of which are:

o Establishing tone from the top

The Board of Directors and executive management set the tone from the top, creating a culture of
integrity and high ethical standards exemplified in the Code and in the Companys PRIDE values. It
is the responsibility of every Company employee and representative to conduct his/ her business
activities in a manner that protects and enhances the Companys reputation. This responsibility is
clearly detailed and communicated to every executive, officer and employee through the Code.
Sales representatives and third party business associates are also expected to abide by all
applicable provisions of the Code and adhere to its principles and values when representing MFC
to the public or performing services for, or on behalf of, MFC.

The Code also addresses the available avenues for reporting breaches of the Code, as well as the
potential consequences of violating the Code. The confidential global ethics hotline is available for
employees and sales representatives to report any breach of the Code.

o Employing an enterprise risk management framework

The Companys risk management framework seeks to support shareholder value growth while
ensuring that commitments to customers are met and capital and reputation are protected. The
prevention-oriented framework is codified in the Enterprise Risk Policy that governs all risk taking
activities, and is built around the following key elements:

1. Risk governance An established risk appetite defines the amount and type of risks the
Company targets to assume. Structured Board of Directors and Management accountabilities
are designed to foster a strong and well-informed risk culture across the organization and to
facilitate sound business decisions. Each business unit ensures that their processes comply
with all Company global risk policies and standards. Examples of global risk policies relied
upon to mitigate reputation risk are included in Appendix A.
2. Risk identification, measurement and assessment, and monitoring and reporting
Formal processes facilitate the identification and reporting of risks by business units and
functional groups. The process includes the quantitative measurement of various financial
risks and qualitative assessment of strategic and operational risks. Risk positions are formally
reported to Management and the Board of Directors. Potential for reputation damage is a key
consideration in the assessment of risk exposure.

3. Risk control and mitigation Controls include risk target management based on the risk
appetite approved by the Board of Directors and executive management Risk mitigation
actions are defined individually for key risks and can include full or partial risk offset, full risk
elimination or risk reduction to within established tolerances.

While risk management activities are performed across the Company, a number of Corporate areas
perform a critical governance function in establishing and monitoring standards within the enterprise risk
management framework which help mitigate reputation risk. These include, but are not limited to,
Corporate Risk Management, Corporate Actuarial, Global Compliance, Human Resources and Global
Information Services and Sourcing.

Reputation risk is a key consideration in assessing any business relationship/transaction/activity.

Reputation risk assessments should be considered for all business arrangements with material
reputation risk and reassessed throughout the life of the relationship/ transaction. Materiality should
consider more than direct financial impact, and take into account arrangements where MFC may be
perceived to have significant influence or be lending its reputation through endorsement of a product,
distributor or supplier, or through lending or investing activities.
Business arrangements requiring such assessments include, but are not limited to, distribution
arrangements; third party referral or management arrangements; reinsurance arrangements, both third
party or related party; outsourcing arrangements; product offerings; investment and lending activities;
sales practices; executive compensation practices; employee relations; financial disclosures; and
acquisitions or divestitures.
Divisions and/or business units with material reputation risk exposures should develop reputation risk
policies, compliant with the global policy but tailored to the nature of their business operations, as
activities that give rise to reputation risk vary with the nature of each business.
These policies should be supported by more specific procedures and processes related to interfaces
with key business partners and other stakeholders to minimize reputation risk exposure. Business
partners include distribution relationships, service providers, reinsurers; while other stakeholders may
include customers, suppliers, borrowers, regulators, rating agencies and shareholders.
Of particular significance are distribution arrangements where the Manulife or John Hancock brand is
dominant and the Company could be assumed to be directly associated with any dealings of the
The Company will disseminate and reinforce the importance of the Companys reputation through
varied practices and programs both Corporate-wide and within the business units. At a minimum these
should include:
o Periodic re-distribution of the Code for review and sign off, as well as disclosure of conflicts of
interest by employees and directors;
o Inclusion of the Code and explicit discussion of corporate reputation as a valued asset, within the
new employee/ director/ sales representative welcome package(s) and orientation; and
o Use of employee communications and training opportunities to promote ethics; risk management;
compliance and other programs.
All Manulife employees play an important role in protecting and enhancing the Companys reputation.
As such, employees must take care to conduct all affairs in a manner reflecting the spirit of this Policy.

Many areas of the Company play a role in the administration of the Global Reputation Risk policy. Key
areas and their respective roles and responsibilities are outlined below.

Board of Directors (Board) and Executive Management

The Board and executive management are responsible for fostering an environment that
protects and enhances the Companys reputation. This includes:
Creating a culture of integrity throughout the Company through the actions of management and of the
Board and its interaction with and expectations of management;
Monitoring appropriate procedures for identifying the principal risks of the Companys business,
implementing appropriate systems to address these risks, and receiving regular updates on the status
of risk management activities and initiatives;
Overseeing the development of the Companys approach to corporate governance; and
Taking timely action to mitigate the impact of incidents that threaten the Companys reputation.

Executive Risk Committee (ERC)

Provides an executive forum for discussing and reviewing the Companys risk appetite, risk targets,
risk exposures and opportunities for optimizing risk taking;
Provides oversight related to the execution of the enterprise risk management program which
encompasses all aspects of the Companys risk-taking activities including risk management
responsibilities, risk identification, risk measurement and assessment, risk monitoring and reporting
and risk control and mitigation activities;
Responsible for overseeing the management of all risk exposures against approved policies and
targets, including those related to reputation risk; and
Reviews and approves global risk policies and standards of practice to ensure they remain appropriate
to effectively identify, assess and manage the Companys key risks and reputation in light of changing
circumstances and in light of how the policies and practices have performed.

Business Unit and Corporate Management

Create a risk-conscious and ethical culture in their operations, ensuring compliance with Company
policies including the enterprise risk management policy;
Establish processes to ensure reputation risk assessments are performed and documented for
significant new business transactions/ relationships/ activities and that reputation risk is considered as
part of regular management activity;
Establish processes to ensure timely escalation of potential reputation risk emerging situations to
appropriate management;
Take timely action to mitigate the impact of incidents that threaten the Companys reputation;
Monitor, influence where practical, and implement procedures to ensure compliance with relevant laws

and regulatory requirements; and
Develop business specific reputation risk policies and procedures, where reputation risk exposures are
potentially material.

Corporate Risk Management

Establishes and maintains the Enterprise Risk Management framework, which includes risk exposure
identification, assessment and measurement, monitoring and reporting, and control and mitigation;
Sponsors this Policy and ensures that reputation risk requirements are appropriately addressed in
relevant global risk policies and risk management processes;
Contributes to adoption and compliance with divisional/business unit reputation risk policies;
Assists business unit and functional areas in identifying, assessing and developing procedures/
actions to mitigate exposures; and
Develops Corporate-wide communication and training applications regarding risk management and
reputation risk in particular, in conjunction with Global Compliance and Human Resources.

Corporate Legal and Global Compliance

Promotes procedures and processes so that the Company is knowledgeable of, and compliant with,
legal and regulatory requirements in all jurisdictions in which it operates;
Champions key policies such as the Code, Privacy Policy and Insider Trading and Reporting Policy
where the potential for reputation risk is high; and
Provides advice and counsel, as well as manages litigation, from a point of view that includes
reputation risk management.

Branding & Communications

Oversees management of the Companys overall external image including media, community relations
as well as brand management; and
Develops and coordinates crisis communications and notification plans and processes.

Audit Services
Audit Services is responsible for reviewing the effectiveness of each Divisions compliance with the
global risk policies and relevant risk management programs, on a periodic basis as per the audit
review cycle. If Audit Services identifies noncompliance with global risk policies or determines there
are risk taking activities that do not appear to be governed by an appropriate global risk policy, Audit
Services will advise Corporate Risk Management so any issues can be addressed.


Each business unit is responsible for establishing processes to monitor and escalate, as appropriate,
existing or emerging risk exposures, including reputation risk concerns. Reputation risk incidents are high
priority and should involve appropriate senior levels of management. Such incidents must be responded
to with a sense of urgency, addressing the concerns of all stakeholders, including employees.

o Any issues that could potentially affect the Companys reputation must be reported immediately at
a minimum to the General Manager (GM) of the source division, the accountable Corporate
executive and to the EVP & Chief Risk Officer. The GM should determine the potential exposure
and the need for further escalation.
o The business unit will notify Branding & Communications of specific emerging situations that could
affect the Company's reputation.

As part of the annual Code of Business Conduct and Ethics certification process, all employees attest to
uphold the companys reputation. This certification is presented to the Board at least annually.


The Policy must be reviewed and approved by the EVP and CRO, Executive Risk Committee and Board
Risk Officer at least once every 3 years. The CRO has the authority to make changes to the Policy as
needed to maintain its administrative effectiveness, provided such changes do not materially change the


This policy must be effectively communicated to all MFC employees. This is achieved is through the
annual Code of Business Conduct and Ethics certification process completed by all employees. Risk
Officers and general managers are accountable to ensure adequate processes are in place to comply
with this policy.


Date Description of change Approved by

December 7, 2005 Original Issue/Effective date ARMC
December 2, 2009 Formal review and update ARMC
June 13, 2012 Formal review and update ERC, BRC


Examples of global risk policies, standards and guidelines relied on to mitigate reputation risk
include those noted below:

Sponsor: Corporate Risk Management

Enterprise Risk Policy
Product Design and Pricing Policy
Corporate Pricing Standards
Selection and Monitoring Guidelines for Third Party Manufactured Products
Underwriting and Claims Management Policy

Sponsor: Global Compliance / Legal

Code of Business Conduct and Ethics
Conflict of Interest Rules for Directors and Officers
Global Privacy Risk Management Policy
Insider Trading and Reporting Policy
Regulatory Risk Management Policy
Records Management Policy, Standards and Guidelines
Anti-Fraud Policy
Anti-Money Laundering and Anti-Terrorist Financing Policy

Other Global Risk Policies

Disclosure Policy and Disclosure Standards
Related Party Reinsurance Policy
Third-party Reinsurance Ceded Policy
Information Security Policy
Global Business Continuity and Disaster Recovery Policy
Outsourcing Policy
Procurement Policy