Effective risk assessment underpins the successful delivery of our strategy. Integrity and responsibility are central to our values at 3i and are embedded in our approach to risk management.
Approach to risk governance
The Board seeks to achieve an appropriate balance between taking risk and generating returns for shareholders and is responsible for risk assessment, the risk management process and for the protection of the Group’s reputation and brand integrity.
Non-executive oversight of the risk management process is exercised through the Audit and Compliance Committee with respect to standards of integrity, financial reporting, risk management, going concern and internal control.
The Board has delegated the responsibility for risk oversight to the Chief Executive. He is assisted by the Group Risk Committee (“GRC”) in managing this responsibility, guided by the Board’s appetite for risk and any specific limits set. The GRC maintains the Group risk review, which summarises the Group’s principal risks, associated mitigating actions and key risk indicators, and identifies any changes to the Group’s risk profile.
Following the implementation of AIFMD in July 2014, we further augmented risk governance with a separate Risk Management Function. This group meets ahead of the GRC meetings to consider separate risk reports for each AIF managed by the Group, including areas such as portfolio composition, operational updates and team changes, which are then also considered by the GRC.
In addition to the above, a number of other committees contribute to the Group’s overall risk governance structure, as set out in the diagram below.
Risk management framework
The Group’s risk management framework is designed to support the delivery of the Group’s strategic objectives. The key principles that underpin risk management in the Group are:
- The Board and Group Executive Committee promote a culture in which risks are identified, assessed and reported in an open, transparent and objective manner; and
- The over-riding priority is to protect the Group’s long-term viability and reputation and produce sustainable, medium to long-term cash-to cash returns.
Managing the Group’s Environmental, Social and Governance risks is central to how we do business and is integral to our risk management framework.
Risk management is embedded within all areas of the business. Members of the Executive Committee have responsibility for their own business areas and the Group expects individual behaviours to mirror the culture and core values of the Group.
In practice, the Group operates a “three lines of defence” framework for managing and identifying risk. The first line of defence against undesirable outcomes is the business function and the respective Managing Partners across Private Equity, Infrastructure and Debt Management. Line management is supported by oversight and control functions such as Compliance, Finance and Legal which constitute the second line of defence. The Compliance monitoring programme reviews the effective operation of our processes in meeting regulatory requirements.
Internal Audit provides retrospective, independent assurance over the operation of controls and is the third line of defence. The internal audit programme includes the review of risk management processes and recommendations to improve the control environment.