Risk Management

Business units and support functions represent the first line of defense. The first line of defense ensures that clear processes and routines are in place in order to identify, assess, control and report risks.

The Risk Control function and the Compliance function form the second line of defense and are independent from the first line of defense. The primary responsibilities of the second line of defense are oversight and review of risk management and compliance issues. The functions develop and maintain risk management policies and methodologies, identify and monitor new and emerging risks and enforce the enterprise risk management framework. The second line of defense reports to the CEO, the Management Team and the Board of Directors.

The Internal Audit function is the third line of defense and provides fully independent assurance through reviews and controls of both the first and second line. The third line of defense ensures effective Enterprise Risk Management practices and reports to the Board of Directors.