Risk management at SIX

Dramatic market events, increasing complexity and heavier regulation are putting the entire financial industry under considerable pressure to change. At the same time, increasing pressure on costs and margins means that sustained growth is needed. These developments are forcing financial institutions to adapt and evolve, not least in the area of risk management. SIX's risk management – which is integrated holistically across all business areas – is ideally equipped to deal with this challenge.

The Group-wide standardized framework combined with the integrated risk management organization regulates the positioning of the Risk Management function at SIX as the "second line of defense" and systematically defines responsibilities, methods, processes and reporting for the risks faced by SIX.

Risk management at SIX follows the so-called three lines of defense model that has largely established itself as the standard for the financial sector.

The first line of defense is to be found in the business areas. It is at this level that employees need to recognize and weigh up risks appropriately in their day-to-day work. They are responsible for ensuring that risk evaluations remain within the prescribed limits.

The second line of defense is a Group-wide unified risk organization consisting of a central Risk Management function headed up by the Chief Risk Officer (CRO), together with dedicated risk management teams in the business areas. The functionally structured central Risk Management team deals with financial and non-financial risks, Group-wide risk reporting, risk analysis and the central insurance portfolio. In addition, the risk management teams in the business areas address the business-specific risks in each area.

The Board of Directors and the internal and external auditors constitute the third line of defense. They are responsible for independently monitoring and controlling this risk management organization and the risks faced by SIX.

Risk types

The financial risks SIX is exposed to include financial market risks such as defaults, liquidity shortages or market price and exchange rate fluctuations. Non-financial risks cover strategic and operational risks including IT and security risks, project risks, and legal and compliance risks. At SIX the latter are monitored by the Legal & Compliance department and integrated into an overall picture of the organization's risk situation in close cooperation with Risk Management.

Risk appetite

The Group-wide framework for risk management at SIX clearly and uniformly defines the risk appetite of SIX and its business areas. The risk management concept sets limits for risk appetite and risk tolerance within the organization, monitors compliance with the defined thresholds and shows how the company's risk profile changes over time. Ensuring compliance with the defined risk appetite and fostering an open dialogue on risk-related issues at all levels of the organization are intrinsic elements of SIX's risk culture.

The newly created Risk Management organization will continuously develop risk management at SIX. SIX thus actively ensures that its risk management fully complies not only with the requirements of its own business model but also with external requirements, particularly regulatory measures.