Risk management

Effective risk management underpins the successful delivery of our strategy. Integrity, rigour and accountability are central to our values and culture at 3i and are embedded in our approach to risk management.

Understanding our risk appetite and culture

As both an investor and asset manager, 3i is in the business of taking risk in order to seek to achieve its targeted returns for investors and shareholders. The Board approves the strategic objectives that determine the level and types of risk that 3i is prepared to accept. The Board reviews 3i’s strategic objectives and risk appetite at least annually.

3i’s risk appetite policy, which is consistent with previous years, is built on rigorous and comprehensive investment procedures and conservative capital management.


Integrity, rigour and accountability are central to our values and culture and are embedded in our approach to risk management. Our Investment Committee which has oversight of the investment pipeline development and approves new investments, significant portfolio changes and divestments, is integral to embedding our institutional approach across the business. It ensures consistency and compliance with 3i’s financial and strategic requirements, cultural values and appropriate investment behaviours. Members of the Executive Committee have responsibility for their own business or functional areas and the Group expects individual behaviours to meet the Group’s high standards of conduct. All employees share the responsibility for upholding 3i’s strong control culture and supporting effective risk management. Senior managers, typically those who report to Executive Committee members, are required to confirm their individual and business area compliance annually. In addition, all staff are assessed on how they have demonstrated 3i’s values as part of their annual appraisal.

The following sections explain how we control and manage the risks in our business. They outline the key risks, our assessment of their potential impact on our business in the context of the current environment and how we seek to mitigate them.

Risk appetite

Our risk appetite is defined by our strategic objectives. We invest capital in investment opportunities that will deliver capital returns and portfolio and fund management cash income to cover our costs, and increase returns to investors.

Investment risk

The substantial majority of the Group’s capital is invested in Private Equity. Before the Group commits to an investment, we assess the opportunity using the following criteria:

  • Return objective: individually assessed and subject to a minimum target of 2x money multiple over three to five years
  • Geographic focus: core markets of northern Europe and North America
  • Sector expertise: focus on Business Services, Consumer and Industrials, and,
  • Vintage: invest up to £750 million per annum in four to seven new investments in companies with an enterprise value range of €100 million to €500 million at investment

Investments made by 3iN need to be consistent with 3iN’s overall return target of 8% to 10% over the medium term and generate a mix of capital and income returns. Other infrastructure investments made by the Group should be capable of delivering capital growth and fund management fees which together generate mid-teen returns.

Capital management

3i adopts a conservative approach to managing its capital resources as follows:

  • There is no appetite for structural gearing at the Group level, but short-term tactical gearing will be used.
  • The Group does note hedge its currency exposure but it does match currency realisations with investments where possible and takes out short-term hedges occasionally to hedge investments and realisations between signing and completion.
  • We have limited appetite for the dilution of capital returns as a result of operating and interest expenses. Both Private Equity and Infrastructure generate cash income to mitigate this risk.

Approach to risk governance

The Board is responsible for risk assessment, the risk management process and for the protection of the Group’s reputation and brand integrity. It considers the most significant risks facing the Group and uses quantitative analyses, such as the vintage control which considers the portfolio concentration by revenue, geography and sector, and liquidity reporting, where appropriate.

Non-executive oversight is also exercised through the Audit and Compliance Committee which focuses on upholding standards of integrity, financial reporting, risk management, going concern and internal control.

The Board has delegated the responsibility for risk oversight to the Chief Executive. He is assisted by the Group Risk Committee (“GRC”) in managing this responsibility, and guided by the Board’s appetite for risk and any specific limits set. The GRC maintains the Group risk review, which summarises the Group’s principal risks, associated mitigating actions and key risk indicators, and identifies any changes to the Group’s risk profile. The risk review is updated quarterly and the Chief Executive provides quarterly updates to each Audit and Compliance Committee meeting where the Committee members contribute views and raise questions. The last risk review was completed in May 2017.

The risk framework is augmented by a separate Risk Management Function which has specific responsibilities under the FCA’s Investment Funds Sourcebook. It meets ahead of the GRC meetings to consider the key risks impacting the Group, and any changes in the relevant period where appropriate. It also considers the separate risk reports for each Alternative Investment Fund (“AIF”) managed by the Group, including areas such as portfolio composition, portfolio valuation, operational updates and team changes, which are then considered by the GRC.

Assurance over the robustness and effectiveness of the Group’s overarching risk management processes and compliance with relevant policies is provided to the Audit and Compliance Committee through the independent assessment by Internal Audit and the work of Group Compliance on regulatory risks.

Assurance over the robustness of the Group’s valuation policy is provided by the Valuations Committee.

In addition to the above, a number of other committees contribute to the Group’s overall risk governance structure.

Risk governance structure

Overview of risk management framework and governance structure
Treasury Transactions Committee


Audit and Compliance Committee
  • Considers risk implications of specific treasury transactions as required.
  • A quorum of members meet as required.
  • Determines the Group’s risk appetite as part of strategy setting.
  • Overall responsibility for maintaining a system of internal controls that ensures an effective risk management and oversight process operates across the Group.
  • Considers risks to the Group’s brand, values and reputation as required.
  • Meets at least six times a year.
  • Receives reports from the Head of Internal Audit on the Group’s risk management processes and system of internal controls.
  • Receives reports from the Head of Group Compliance on regulatory and compliance matters.
  • Receives reports from the Head of Tax on Group tax management.
  • Updated at each meeting on the outputs of the latest Group Risk Committee meeting with the opportunity to contribute views or raise questions.
  • Meets at least four times a year.

Chief Executive

Investment Committee
Executive Committee
Group Risk Committee
  • Considers risk in the context of individual investments, portfolio management decisions and divestments.
  • Meets as required.

Conflicts Committee
  • Deals with potential conflict issues.
  • Meets as required.
  • Principal decision-making body in respect of managing the business.
  • Meets monthly.
  • Delegated responsibility for risk management and oversight across the Group, reflecting the Board’s appetite for risk and any specific limits set.
  • Maintains the Group risk review, which summarises the Group’s risk exposure and associated mitigation or response plan based on risks identified.
  • Meets four times a year to consider the Group risk review, including adequacy of risk mitigation and controls.
  • Chairman provides update at each meeting of the Audit and Compliance Committee.
  • Committees of the Board
  • Committees of the Chief Executive
  • Independent review of potential conflict issues
  • Risk reporting to Audit and Compliance Committee

Risk management framework

The Group’s risk management framework is designed to support the delivery of the Group’s strategic objectives.

The key principles that underpin risk management in the Group are:

  • the Board and the Executive Committee promote a culture in which risks are identified, assessed and reported in an open, transparent and objective manner;
  • the Investment Committee ensures a centralised process-led approach to investment; and
  • the over-riding priority is to protect the Group’s long-term viability and reputation and produce sustainable, medium to long-term cash-to-cash returns.

Managing the Group’s Environmental, Social and Governance (“ESG”) risks is central to how we do business and a key part of our risk management framework. It also forms part of our half-yearly portfolio company reviews as described in the Valuations Committee report in our Annual report.

In practice, the Group operates a “three lines of defence” framework for managing and identifying risk. The first line of defence against outcomes outside our risk appetite is the business function and the respective Managing Partners across Private Equity, Infrastructure and Debt Management (until 3 March 2017).

Line management is supported by oversight and control functions such as finance, human resources and legal which constitute the second line of defence. The compliance function is also in the second line of defence; its duties include reviewing the effective operation of our processes in meeting regulatory requirements.

Internal audit provides independent assurance over the operation of controls and is the third line of defence. The internal audit programme includes the review of risk management processes and recommendations to improve the internal control environment.

Risk review process

The Group risk review process includes the monitoring of key strategic and financial metrics considered to be indicators of potential changes in the Group’s risk profile. The review includes, but is not limited to, the following reference data:

  • Group and business lines KPIs;
  • portfolio analysis;
  • risk reports for managed AIFs;
  • quarterly Group risk log.

In addition to the above, the GRC considers the impact of any changes and developments to its risk profile, strategic delivery and reputation quarterly.

The GRC uses the above to identify its principal risks. It then evaluates the impact and likelihood of each risk, with reference to associated measure and key performance indicators. The adequacy of the mitigation plans is then assessed and, if necessary, additional actions are agreed and then reviewed at the subsequent meeting.  

 A number of focus topics are also agreed in advance of each meeting. In FY2017, the GRC covered the following:

  • a preliminary analysis of the potential impact of the UK’s decision to leave the EU on the Group;
  • a refresh of the Group’s risk review process and reporting;
  • an update on ESG issues and themes, especially with respect to its portfolio companies;
  • a review of the Group’s stress tests to support its Internal Capital Adequacy Assessment Process (“ICAAP”) and Viability Statement;
  • a review of the Group’s IT framework including cyber security;
  • the proposed risk disclosures in the 2017 Annual report and accounts; and
  • an overview of the main risk management aspects of the Group’s remuneration and performance management structures.

There were no significant changes to the Group’s approach to risk governance or its operation in FY2017 but we have continued to refine our framework for risk management where appropriate, including further steps to monitor our investment in Action.