The first line of defense is to be found in the business areas. It is at this level that employees need to recognize and weigh up risks appropriately in their day-to-day work. They are responsible for ensuring that risk evaluations remain within the prescribed limits.
The second line of defense is a Group-wide unified risk organization consisting of a central Risk Management function headed up by the Chief Risk Officer (CRO), together with dedicated risk management teams in the business areas. The functionally structured central Risk Management team deals with financial and non-financial risks, Group-wide risk reporting, risk analysis and the central insurance portfolio. In addition, the risk management teams in the business areas address the business-specific risks in each area.
The Board of Directors and the internal and external auditors constitute the third line of defense. They are responsible for independently monitoring and controlling this risk management organization and the risks faced by SIX.