The risk and security organization of SIX helps employees to identify internal and external threats, evaluate them correctly and react to them appropriately. The aim is to ensure the long-term stability and security of the company and of the Swiss financial center, and to continue to provide the usual efficient, high-quality services.
Our risk and security organization applies to the entire company. The teams Risk, Security and Compliance, led by the Chief Risk Officer (CRO), define responsibilities, methods, processes and reporting for risks at SIX. At the same time the teams act as the second line of defense in a “three lines of defense” model, which has become standard practice in the financial sector.
The risk and security organization at SIX is optimized on an ongoing basis. SIX actively ensures that its risk management is fully in keeping with its own business model and also complies entirely with external requirements, particularly regulatory measures. In 2018, SIX embedded its risk management organization even deeper within the company to manage SIX relevant risks efficiently.
Legal supports the first line of defense in the observance and monitoring of legal, regulatory and internal provisions, advises on all legal issues, regulates legal disputes and is the central coordinator for authority contacts. Public & Regulatory Affairs identifies and classifies relevant legislative and regulatory developments at an early stage in order to ensure the company is informed about external changes. It also represents the interests of SIX in the political arena. Both areas form part of the first line of defense.
- First line of defense
The first line of defense is to be found in the business units and corporate functions. It is at this level that employees need to recognize risks and weigh them up appropriately in their day-to-day work.
- Second line of defense
The uniform corporate-wide risk and security organization forms the second line of defense. It assists and supports the first line with the monitoring and controlling of critical topics. The team handles the reporting of financial and non-financial risks, risk analyses and the central insurance portfolio.
- Third line of defense
The Board of Directors and the internal and external auditors constitute the third line of defense. They are responsible for independently monitoring and controlling the risks faced by SIX. At the same time they monitor the internal organization of risk management.
Financial risks at SIX include financial market risks such as defaults, liquidity shortages or market price and exchange rate fluctuations. Non-financial risks cover strategic, project and operational risks including IT and security risks as well as legal and compliance risks. The latter are monitored at SIX by the Legal and Compliance and integrated into an overall picture of the risk situation at SIX in close collaboration with risk management.
The framework for risk management at SIX clearly and uniformly defines the risk appetite of the business units and corporate functions. The Risk team proposes limits for risk appetite and risk tolerance at SIX, monitors compliance with the defined thresholds and shows how the company’s risk profile changes over time. Ensuring compliance with the defined risk appetite and fostering an open dialog on risk-related issues at all levels are intrinsic elements of the risk culture at SIX.