Our risk management activities apply to the entire company. The Risk Management team defines areas of responsibility, methods, processes and reporting for risks at SIX. At the same time the team acts as the second line of defense in a "three lines of defense" model, which has become standard practice in the financial sector.
The organization of risk management at SIX is optimized on an ongoing basis. SIX thus actively ensures that its risk management is fully in keeping with its own business model and also complies entirely with external requirements, particularly regulatory measures
- First line of defense
The first line of defense is to be found in the business areas. It is at this level that employees need to recognize risks and weigh them up appropriately in their day-to-day work.
- Second line of defense
The uniform Group-wide risk organization forms the second line of defense. The central Risk Management team, led by the Chief Risk Officer (CRO), handles the reporting of financial and non-financial risks, risk analyses and the central insurance portfolio. Additional risk management teams in the business areas deal with business-specific risks..
- Third line of defense
The Board of Directors and the internal and external auditors constitute the third line of defense. They are responsible for independently monitoring and controlling the risks faced by SIX. At the same time they monitor the internal organization of risk management.
Financial risks at SIX include financial market risks such as defaults, liquidity shortages or market price and exchange rate fluctuations. Non-financial risks cover strategic and operational risks including IT and security risks, project risks and legal and compliance risks. The latter are monitored at SIX by the Legal & Compliance department and integrated into an overall picture of the risk situation at SIX in close collaboration with Risk Management.
The framework for risk management at SIX clearly and uniformly defines the risk appetite of SIX and its business areas. Risk Management proposes limits for risk appetite and risk tolerance at SIX, monitors compliance with the defined thresholds and shows how the company’s risk profile changes over time. Ensuring compliance with the defined risk appetite and fostering an open dialog on risk-related issues at all levels are intrinsic elements of the risk culture at SIX.