Enterprise risk management Nexi

Risk Governance

Roles and Responsibilities

In line with the recommendations of the Corporate Governance Code of Italian listed companies, Nexi ERM Governance model requires a broad involvement at all organizational levels. More concretely and based on strategic directions defined by competent corporate bodies, Nexi ERM Governance model enables the proper and complete identification and oversight of the Group risk profile leveraging on the role assumed by the three lines of defence:

  • First level of control – Identify, assess, and manage risks (Risk Owners) 
    Business structures are the primary responsible for the internal control and risk management system. In their day-to-day operations, these structures are called upon to identify, measure or evaluate, monitor, mitigate and report the risks deriving from ordinary activities in accordance with the risk management process and applicable internal procedures.
  • Second level of control – Oversight, control and compliance (Risk Management and Compliance)
    Control functions responsible to provide oversight and monitoring of risks and compliance with rules and regulations through frameworks, tools, processes and control activities, enabling group-wide risk management system.
  • Third level of control – Independent assurance (Internal Audit)
    Controls aimed at identifying violations of procedures and regulations. Group Internal Audit provides also a periodic assessment of the completeness, functionality and adequacy of the internal control and risk management system.