An effective Risk management approach requires a broad involvement at all company levels. Nexi has adopted an internal ERM policy describing in detail internal roles and responsibilities referring to its Risk Management process. In particular, Nexi’s Board of Directors, its Risk Control and Sustainability Committee, the Risk Management function, the Management (risk owners) and Internal Audit, play a key role in the ERM process.
Board of directors
Consistent with its role of direction and coordination, the Board of Directors is responsible for the strategic address and the supervision of the Risk Management system. In detail:
- It defines the nature and level of risk according to the strategic goals of the Group, including in its evaluations all the risks that could be relevant with respect to the business sustainability in the medium-long term;
- It defines the guidelines for the Risk Management system, in order to assure that relevant risks are correctly identified and properly measured, managed and monitored;
- It periodically evaluates the adequacy and the effectiveness of the Risk Management system in relation to the assumed risk profile.
Risk Control and sustainability Committee
The Committee supports in the evaluations and decisions related to Risk Management system. In detail:
- Supports the Board of Directors in the review and approval of risk management activities
- It reports to the whole Board of Directors on the activities carried out and on the adequacy of Risk Management system.
Risk Management function
The Risk Management function role is to facilitate, coordinate and monitor on the implementation of the ERM model. In particular:
- It coordinates the analysis and management of all the relevant risks for the Group;
- It monitors the Group exposure to main risks;
- It periodically oversees/monitors the implementation and efficacy of strategies and mitigation plans;
- It participates in the discussion of the main Group strategic projects, supporting risk analysis, with the aim of facilitating risk-informed decisions;
- It prepares a periodic risk reporting, providing Management and Top Management a comprehensive view of the risk profile of the Company, allowing to compare different types of risks, including those already addressed with dedicated Risk Management systems;
- It reviews the risk-related information included in the Group official documents;
- It ensures the definition, evolution and update of the methodology to support risk management processes, providing methodologic support to the functions involved;
- It receives adequate information from risk owners.
Management (risk owners)
Managers are the main responsible for the identification, evaluation and management of risks related to each own area of competence. In particular to:
- identify risk events and evaluate the significance;
- ensure that risks are in line with the Group risk appetite, suggesting, implementing and monitoring the deployment of risk-mitigation action plans;
- promptly report to the Risk Management Function relevant evolutions of risk exposures, where responsible.
In carrying out the activities of risk identification, assessment and management, managers are actively supported by Risk Management Function.
In the context of its assurance responsibility, it is in charge of independently verifying the operation and adequacy of the risk management system.