Terms

Question 1

What is 1st party insurance

Answer 1

First-party insurance is insurance that covers the losses of the person named on the policy

Question 2

What is risk typology and risk language?

Answer 2

The way that a business describes and categorises the risks it faces and the definitions of risk terms that are used throughout the organisation

Question 3

What is ‘credit risk’?

Answer 3

The borrower (counter-party) may fail to meet it’s obligations (to pay interest, or the credit itself)

The largest risk faced by most banks

Question 4

What are tactical objectives?

Answer 4

The immediate short-term desired result of a given activity, task

Question 5

What is a ‘stress test’?

Answer 5

1. Puts firms through testing to measure:
   
   • Capital and asset values
   • Funding and liquidity
2. Used to explore reactions to small (sensitivity) or drastic (stressed) changes in conditions. Used as a tool for:
   
   • Assessing capital and liquidity requirements
   • Understanding the dynamics of the risk environment (and therefore providing a tool for decision making)
   • Challenging the output of VAR
   • Informing senior management

Question 6

What are the FIRM benchmark tests for risk significance?

Answer 6

FIRM

• Impact
• Financial
• 0.25% impact on balance sheet
• 2.5% impact on profit
• Infrastructure
• ½ day impact on normal operations
• 10% budget increase on operations
• Reputational
• 10% fall on share price
• National TV event
• Marketplace
• 0.5% impact on balance sheet
• 1% annual profit impact loss

Question 7

What is risk likelihood?

Answer 7

Risk likelihood is a measure of the risk occurring

Question 8

What is ICAAP?

Answer 8

The Internal Capital Adequacy Assessment Process (ICAAP) allows firms to assess their capital adequacy and requires them to have appropriate risk management techniques in place.

This process is summarised in the ICAAP document which should be completed by firms on a regular basis

Regulators review and challenge a bank’s own assessment of capital adequacy and will either agree or, if not satisfied apply a capital add-on to if they do not or have concerns

Question 9

What is residual risk?

Answer 9

Residual risk is the level of risk once controls are in place

Question 10

What is risk identification?

Answer 10

Risk identification is a process that involves finding, recognizing, and describing the risks that could influence the achievement of objectives. It is used to identify possible sources of risk in addition to the events and circumstances that could influence the achievement of objectives.

It also includes the identification of possible causes and potential consequences.

Question 11

What is a solvency ratio?

Answer 11

A requirement of Solvency II

Solvency II specifies that the Solvency Ratio of an insurance firm should always be above 100% as follows:

Solvency ratio is the market value of all assets, MINUS the market value of contractual liabilities

Question 12

What is a CRO?

Answer 12

The chief risk officer is a champion of the enterprise risk management process and plays a key part in bringing together disparate risk management processes to ensure that the company’s limited resource is or applied effectively.

The COSO ERM cube Defines the role of the CRO as working with other managers to establish effective risk management monitoring progress and assisting other managers in reporting relevant risk information up down and across the organisation internal auditors should work with the CRO as part of their risk management duties

Question 13

What is the purpose of corporate governance

Answer 13

FRC: The purpose of corporate governance is to facilitate effective, entrepreneurial and prudent management that can deliver the long-term success of the company

Question 14

What is Solvency II?

Answer 14

Solvency II is a Directive in European Union law that codifies and harmonises the EU insurance regulation.

Primarily this concerns the amount of capital that EU insurance companies must hold to reduce the risk of insolvency.

It has 3 pillars:

• Quantatative requirements
• Qualitative requirements and supervision
• Disclosure requirements

Question 15

What is inherent risk?

Answer 15

Inherent risks are raw risks (e.g. risks without controls in place to manage them)

Question 16

What is a captive insurance company?

Answer 16

When a company self-insures by establishing its own insurance company subsidiary, this is a captive insurance company.

Question 17

What are the 4 definitions of ‘risk management’?

Answer 17

1. ISO / BS31100 – the coordination of activities to direct and control and organisation with regard to risk
2. IRM – the process which aims to help organisations to understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure
3. HM Treasury – all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress
4. LSE – selection of those risks a business should take, and those which should be avoided or mitigated, followed by action to avoid or reduce risk

Question 18

What is ‘market risk’?

Answer 18

Market risk is the risk of losses to the bank arising from movements in rates and prices, including:

• Interest rate risk; loss due to movements in interest rates rising (lowering the value of longer term assets, and/or forcing the bank to pay more interest on it’s own liabilities)
• Equity risk; loss due to an adverse change in the price of stock
• Foreign exchange risk; loss of value in the bank’s assets or liabilities due to currency rate fluctuations
• Commodity risk; loss due to an adverse change in the price of commodities (e.g., agricultural, energy or industrial)

Question 19

What is a fit and proper person

Answer 19

The fit-and-proper-person test or director’s test is a test aiming to prevent corrupt or untrustworthy people from serving on the board of certain organisations

Question 20

What is FinTech?

Answer 20

Fintech refers to any business that uses technology to enhance or automate financial services and processes

Question 21

What is the historical method?

Answer 21

The historical method is a means of calculating VAR by plotting risk projection against previous performance and assuming risks will repeat themselves

Question 22

What is risk maturity?

Answer 22

Risk maturity is the value created from risk management initiatives

• Level 1 (‘naïve’) organisations are unaware of the need for enterprise risk management (ERM) and the benefits that can arise from it.
• Level 2 (‘novice’) are aware of the benefits of an ERM approach but have only just started to implement it.
• Level 3 (‘normalised’) organisations have embedded ERM into business processes but still require management effort to maintain ERM.
• Level 4 (‘natural’) organisations have a risk-aware culture and a proactive approach to ERM.

Question 23

What is a risk management process

Answer 23

Risk management process is a set of activities that deliver management and control of risks

(8Rs)

Question 24

What is reputational risk?

Answer 24

Reputational risk is the potential loss to financial capital, social capital and/or market share resulting from damage to a firm’s reputation

Question 25

What is risk transfer?

Answer 25

Risk transfer is a risk management and control strategy that involves the contractual shifting of a risk from one party to another

Question 26

What are control activities?

Answer 26

Policies and procedures that have been established and implemented

Question 27

What is bottom up risk assessment?

Answer 27

Bottom up risk assessment is a means of identifying operational risks from the bottom and working up Goes down from Business Unit, Business Line to Portfolio. Business units are individually analysed for their risks and this is aggregated upwards to build a risk profile

Question 28

What is risk architecture?

Answer 28

Risk architecture is a set of defined roles, responsibilities, communication and structure for risk management

Question 29

What are the 4 definitions of risk appetite?

Answer 29

1. IRM : The amount of risk that an organisation is willing to seek or accept in the pursuit of long term objectives 2. ISO Guide 73: the amount and type of risk that an organisation is willing to pursue or retain 3. Orange Book: the amount of risk that an organisation is prepared to accept tolerate or be exposed to at any point in time 4. CIIA: the level of risk that is acceptable to the board or management

Question 30

What is cyber risk?

Answer 30

Cyber risk is an operational risk Cyber risks include: 1. Hacking 2. DDOS 3. Viruses 4. Information theft 5. Identity theft 6. Industrial espionage 7. Email fraud 8. ATM fraud 9. Cyber money laundering 10. Theft

Question 31

What is conduct risk?

Answer 31

Conduct risk is the risk that through our behaviours, strategies, decisions and actions the business, or individuals within the business, do not do the right thing and/or do not behave in a manner which: * pays due regard to treating our customers and clients fairly * is consistent with our disclosures and setting of customer and client expectations * supports the integrity of financial markets

Question 32

What is internal context?

Answer 32

1. The organisation itself, the activities it undertakes, the range of skills and capabilities that exist internally, and how it is structured. 2. Internal stakeholders and their expectations are included 3. Includes the strengths and weaknesses of the organisation

Question 33

What is a risk classification system?

Answer 33

A structure for the identification and classification of risks

Question 34

What is RTS?

Answer 34

Pillar 3 of Solvency II also sets out the reporting and disclosure requirements, including the reporting to the regulator through the Solvency and Financial Condition Report (SFCR) and the Report to Supervisors (RTS).

Question 35

What is 'expected shortfall'?

Answer 35

Expected shortfall is the average loss that could occur in excess of the loss calculated by VaR over the same time period and using the same confidence level. Also known as Conditional VAR (CVAR)

Question 36

What is target risk?

Answer 36

Target risk is the level of risk an organisation seeks to achieve, once controls are in place

Question 37

What is insurance risk?

Answer 37

The likelihood that an insured event will occur, requiring the insurer to pay a claim

Question 38

What is SCR?

Answer 38

The Solvency Capital Requirement Solvency II states that the Solvency Capital Requirement (SCR) must be equivalent to the Value at Risk of basic own funds of an insurance or reinsurance firm subject to a confidence level of 99.5% over a one-year period.

Question 39

What is a key control indicator?

Answer 39

Key Control Indicators, also referred to as Control Effectiveness Indicators, are metrics that provide information on the extent to which a given control is meeting its intended objectives in terms of loss prevention, reduction

Question 40

What is Value at Risk (VAR)?

Answer 40

A measure of the potential loss in a portfolio over a given time horizon within a given confidence interval, assuming normal markets and no trading 1. Provides a qualified answer to the question: “how much could we lose in the next day” 2. VAR is not a worse case view, but is a view of confidence 3. Involves calculating the current position as well as possible return values, over a given period 4. VaR can be calculated using the historical method, the variance-covariance method and the Monte Carlo simulation.

Question 41

What is a riskiness index?

Answer 41

The Riskiness index is a semi-quantatative approach that presents a snapshot of overall level of risk in the organisation, including strategy, projects and operations. Riskiness indexes can be used instead of a risk register (that is likely to be qualitative).

Question 42

What is top down risk assessment?

Answer 42

Top down risk assessment is a means of identifying operational risks down from the top. Goes down from Portfolio, Business Line to Business Unit It establishes a general assessment of risk and then refines down risks into individual components.

Question 43

What are operational objectives?

Answer 43

Short-term goals whose achievement brings an organization closer to its long-term goals

Question 44

What does 'control environment' mean?

Answer 44

Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organisation. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct.

Question 45

What are 'core processes'?

Answer 45

Core processes are fundamental to organisational success because they are the means of delivering products to customers and ensuring continuity of operations. A core process can be defined as ‘the collection of activities that deliver a specific stakeholder expectation’. In the FS context this might include underwriting an insurance policy or approving a loan.

Question 46

What is risk probability?

Answer 46

Risk probability can be expressed as a value between 0 and 1 (or 0 and 100)

Question 47

What is insurtech?

Answer 47

Insurtech refers to the use of technology innovations designed to squeeze out savings and efficiency from the current insurance industry model.

Question 48

What is risk context?

Answer 48

Risk context is what drives the risk business, including: * The internal environment * The external environment * The risk management context

Question 49

What is Basel III?

Answer 49

Basel III is a global, voluntary regulatory framework on bank capital adequacy, stress testing, and market liquidity risk. It has 3 pillars: * Quantatative requirements * Qualitative requirements and supervision * Disclosure requirements

Question 50

What is risk criteria?

Answer 50

Risk criteria are terms of reference and are used to evaluate the significance or importance of the organisation’s risks. They are used to determine whether a specified level of risk is acceptable or tolerable. Risk criteria should reflect the organisation’s values, policies, and objectives, should be based on its external and internal context, should consider the views of stakeholders, and should be derived from standards, laws, policies, and other requirements.

Question 51

What is 3rd party insurance?

Answer 51

Third-party insurance typically covers damage to another person's property

Question 52

What is 'current risk'?

Answer 52

Current risks are risks that are being controlled

Question 53

What is 'compliance risk'?

Answer 53

Compliance risk is an organisation's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Compliance risk is also known as integrity risk.

Question 54

What is an internal model?

Answer 54

An internal model is used to calculate the capital requirement for banks and insurance companies. An organisation can use its own Internal Model to calculate its regulatory capital requirement if it gets agreement from the regulator

Question 55

What is SFCR?

Answer 55

Pillar 3 of Solvency II also sets out the reporting and disclosure requirements, including the reporting to the regulator through the Solvency and Financial Condition Report (SFCR) and the Report to Supervisors (RTS). Many of the disclosures deal with the risk management practices within an organisation and are substantial and comprehensive. The SFCR is publicly available and must provide profit and loss and balance sheet detail in the prescribed Solvency II format, for example in terms of the lines of business written and the valuation of liabilities. It must also make significant disclosure about business and performance, risk appetite, risk policy and process, governance arrangements, remuneration policies, capital required, the basis of capital calculation (e.g. Internal Model or Standard Formula) and any regulatory loadings given.

Question 56

What is risk policy?

Answer 56

Risk policy is the set of policies that the business uses to demonstrate the approach and procedures in place for the management of risk. Lower level policies must be aligned to the high level statement of the organisation's philosophy on risk, risk appetite and its risk strategy.

Question 57

What is 'liquidity risk'?

Answer 57

Liquidity risk is the risk that a bank may not be able to meet it’s own obligations to repay deposits or other funding, or to continue financing it’s assets

Question 58

What are 'key dependancies'?

Answer 58

Key dependencies are the key things that the organisation needs to be successful; they might be internal or external things but in short, they are what the business depends upon for its future success. For a financial services company a dependency is retaining a licence to operate in a particular territory or maintaining a credit rating.

Question 59

What are the 3 definitions of 'risk'?

Answer 59

1. **A&D:** The likelihood an undesirable event may occur. The magnitude of loss from an unexpected event. The probability that ‘things won’t go well’ The effects of an adverse outcome 2. ISO: The effect of uncertainty on objectives 3. IRM: The combination of a probability of an undesirable event and it’s consequences (either positive or negative)

Question 60

What is the Monte Carlo simulation?

Answer 60

The Monte Carlo simulation is a method for calculating VAR and randomly generates trials based on a selected probability distribution, and acts as a black box generator

Question 61

What is a risk matrix?

Answer 61

A risk matrix plots likelihood vs. impact It is used during risk assessment to define the level of risk by considering the category of probability or likelihood against the category of consequence severity. This is a simple mechanism to increase visibility of risks and assist management decision making

Question 62

What is a risk evaluation?

Answer 62

Risk evaluation is the decision whether to respond, not to respond to, or accept the risk.

Question 63

What are the 3 main risk management standards?

Answer 63

* IRM Model * COSO ERM Cube * ISO 31000 Model

Question 64

What is risk perception?

Answer 64

Risk perception is the subjective judgement that people make about the characteristics and severity of a risk

Question 65

What are risk control processes?

Answer 65

Risk control processes are a range of controls for the major risks faced by the business

Question 66

What is risk analysis?

Answer 66

Risk analysis is a process that is used to understand the nature, sources,and causes of the risks that you have identified and to estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that currently exist.

Question 67

What are the 4 definitions of Enterprise Risk Management (ERM)?

Answer 67

1. RIMS: a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of it’s risks and managing the combined impact of those risks as an interrelated risk portfolio 2. COSO: a process, effected by a board, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential risks that may effect the entity, manage risks to be within it’s risk appetite, and to provide reasonable assurance regarding the achievement of entity objectives 3. IIA: A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organisation’s strategic and financial objectives 4. HMT: all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate, or anticipate, and monitoring and reviewing progress

Question 68

What is a Risk Management Information System (RMIS)

Answer 68

A RMIS is a formal, structured IT system that stores, analyses and reports risk information to senior managers.

Question 69

What is the 'FIRM' scorecard?

Answer 69

The FIRM scorecard is a risk classification system, incl. * Financial * Infrastructure * Reputational * Markeplace

Question 70

What is BCP?

Answer 70

Business continuity planning (BCP) is the process involved in creating a system of prevention and recovery from potential threats to a company

Question 71

What is meant by tone from top?

Answer 71

Senior managers must ‘set the tone from the top’ and not operate on ‘do as I say rather than do as I do’ basis

Question 72

What is a business impact analysis (BIA)?

Answer 72

Business impact analysis (BIA) is an analysis stage in the BCP cycle that analyses the effect of an interruption on our key dependencies and core processes

Question 73

What is risk significance?

Answer 73

Risk significance is the process of deciding the severity and significance of risks

Question 74

What are 'stakeholders'?

Answer 74

Stakeholders are the parties who have an interest in a business, or are affected by what it does – such as investors, suppliers, customers, the wider society and government. FS stakeholders also include regulators and rating agencies.

Question 75

What are strategic objectives?

Answer 75

Strategic objectives describe what the company will do to try to fulfill its mission.

Question 76

What are risk protocols?

Answer 76

Risk protocols are rules, procedures, standards, methodologies, tools and techniques for risk management Defined in the risk guidelines and describes the range of activities undertaken in the name of risk management

Question 77

What is regulatory capital?

Answer 77

Regulatory capital is the minimum capital that regulators require a bank to hold against the risks it is running

Question 78

What is Tier 2 Capital?

Answer 78

A type of bank regulatory capital under Basel II * Can include subordinated term debt and reserves (eg debt issued by the bank that ranks lower on the repayment scale than depositor's in the event of a bank default) * reserves may include revaluation reserves (e.g. potential profit from revaluation)

Question 79

What is a reverse stress test?

Answer 79

Reverse stress testing is a stress test where firms start from the point at which the business plan becomes unviable. The process is intended to drive an understanding of what might bring a business down.

Question 80

What is risk culture?

Answer 80

The IRM Risk Culture Report (IRM, 2012: 7) defines risk culture as ‘Risk culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation.’

Question 81

What does “comply or explain” mean?

Answer 81

An approach for the enforcement of corporate governance standards Comply or explain involves organisations complying with the requirements or explaining why it was not appropriate, necessary or feasible to comply

Question 82

What is a risk management framework?

Answer 82

According to ISO 31000, a risk management framework is a set of components that support and sustain risk management throughout an organization. There are two types of components: foundations and arrangements. * Foundations include your risk management policy, objectives, mandate, and commitment. * And arrangements include the plans, relationships, accountabilities, resources, processes, and activities you use to manage your organization’s risk.

Question 83

What is risk assessment?

Answer 83

Risk assessment is the process of analysing risks for likelihood and impact, and using as a basis for determining how they should be managed

Question 84

What is upside of risk?

Answer 84

Upside risk is opportunities that can be seized with a desirable outcome. In FS organisations risk management is all about managing upside risk as the business model of banks and insurance companies is based on accepting and managing risk to generate revenue but in a controlled manner.

Question 85

What is a black swan event?

Answer 85

A black swan is an unpredictable event that is beyond what is normally expected of a situation and has potentially severe consequences. Black swan events are characterized by their extreme rarity, severe impact, and the widespread insistence they were obvious in hindsight.

Question 86

What is MCR?

Answer 86

The Minimum Capital Requirement Absolute minimum capital level before regulatory intervention (minimum capital requirement; MCR)

Question 87

What is risk treatment?

Answer 87

Risk Treatment is the process of selecting and implementing of measures to modify risk. Risk treatment measures can include avoiding, optimising, transferring or retaining risk.

Question 88

What is the bow-tie tool?

Answer 88

The bow-tie method is a risk evaluation method that can be used to analyse and demonstrate causal relationships in high risk scenarios. The bow tie tools enables a firm to: * Take risk causes and consequences not just to one level but to two levels. * Plot several contributory causes for one risk and show one risk as having several consequences

Question 89

What is 'scenario analysis'?

Answer 89

Scenario analysis provides a forward looking view of operational risk that complements historical internal and external data. Such exercises allow better preparation to identify and manage the risk exposures through business decisions, risk mitigation efforts, and capital planning.

Question 90

What is 'control risk'?

Answer 90

Control risks are unknown or unexpected events, difficult to quantify, approach is based on managing uncertainty of events. Cause doubt about the ability to achieve the organisation’s mission. Most difficult to describe. Usually dependant on the successful management of people and thee effective implementation of processes, to be managed

Question 91

What is 'hazard risk'?

Answer 91

Hazard risks only have negative outcomes, linked to insurance, can only inhibit the mission, can be mitigated

Question 92

What is 'opportunity risk'?

Answer 92

Opportunity risks; relate to risk vs. return, approach based on investment. Usually deliberately sourced or embraced. Most important risk for future success.

Question 93

What is a key risk indicator?

Answer 93

A key risk indicator is a measure used in management to indicate how risky an activity is. Key risk indicators are metrics used by organisations to provide an early signal of increasing risk exposures in various areas of the enterprise

Question 94

What is risk frequency?

Answer 94

Risk frequency is expressed as a frequency measurement

Question 95

What is a standard formula?

Answer 95

The Standardised Approach (banks) or Standard Formula (insurance) prescribes a set of stress tests and calculations

Question 96

What is 'operational risk'?

Answer 96

Operational risk is the risk of loss resulting from inadequate or failed internal controls, people, processes, systems, or legal risk It is the least understood risk and the most challenging to measure, monitor and manage

Question 97

What is Tier 1 Capital?

Answer 97

A type of bank regulatory capital under Basel II * Considered a core measure of a banks financial strength * The primary element of tier one capital is shareholders equity (eg the amount of capital left over after subtracting the banks liabilities from its assets) * Can also include innovative capital such as complex financial instruments that have both equity and debt features – subject to strict rules by supervisors

Question 98

What is external context?

Answer 98

1. The environment within which the organisation exists 2. Includes the business sector and external stakeholders (incl. customers) 3. The external financial environment 4. Opportunities and threats facing the organisation 5. Plus: * Public perception * CSR * Governance standards, and level of regulation * Quality of products or services * The marketplace

Question 99

What is a risk quantification approach?

Answer 99

Banks or insurers use a variety of tools and techniques to quantify risks both at local and group-wide levels. In many cases models, such as those that generate credit grades, application scores or Value at Risk numbers are used but care is needed with such outputs due as they are vulnerable to model risk.

Question 100

What is ORSA?

Answer 100

An ORSA is an internal process undertaken by an insurer or insurance group to assess the adequacy of its risk management and current and prospective solvency positions under normal and severe stress scenarios. An ORSA will require insurers to analyse all reasonably foreseeable and relevant material risks (i.e., underwriting, credit, market, operational, liquidity risks, etc.) that could have an impact on an insurer's ability to meet its policyholder obligations.

Question 101

What are emerging risks?

Answer 101

Emerging risks’ is the term given to new threats or opportunities for an organisation, which are either currently unknown or are known but unquantifiable or not regarded as currently relevant. They include: * Security risks such as recent hacking attacks against financial services firms. * Health risks such as the Ebola outbreak * Weather and climate risks such as tidal floods * Natural catastrophes such as earthquakes * Political instability – for instance the Middle East * Risks of terrorism

Question 102

What is a risk appetite and tolerance statement?

Answer 102

A business articulates how much risk it is willing to accept . For organisations that are groups, there may be a group statement and divisional statements. May be part of the risk management strategy

Question 103

Who are external stakeholders?

Answer 103

External stakeholders include: * Customers (actual and potential) * Suppliers * Governments * Regulators * Analysts * Credit Rating Agencies * NGOs * The Press / Social Media * Clearing Houses / Exchanges

Question 104

What is economic capital?

Answer 104

Whereas regulatory capital is the capital a bank or insurer needs to meet the minimum requirements of its risk-based operations, economic capital is the capital a bank or insurer needs to run its business safely on a day-to-day basis Economic capital calculations take greater account of the extreme losses that a bank or insurer might face but can result in a value which is higher or lower than regulatory capital. Boards tend to hold capital levels which comfortably exceed the higher of economic and regulatory capital where possible

Question 105

What is risk tolerance?

Answer 105

Risk tolerance is what you can allow the organisation to deal with

Question 106

What is the variance-covariance method?

Answer 106

The variance-covariance method is a method of calculating VAR. It uses a simple bell curve to distribute historical results.

Question 107

What is outsourcing?

Answer 107

Outsourcing is the business practice of hiring a party outside a company to perform services and create goods that traditionally were performed in-house by the company Outsourcing is a form of risk transfer

Question 108

Who are internal stakeholders?

Answer 108

Internal stakeholders include: * Shareholders * Directors * Owners * Employees * Parent or Group companies