Risk management organisation
The Audit and Risk Committee is responsible for risk oversight within the Group. Corporate Risk Management is an independent function headed by the Chief Risk Officer (CRO), who reports to the CFO, and is responsible for assessing and reporting the Group's consolidated risk exposure to the Board of Directors and Group Management. Corporate Risk Management also monitors and reports risk in relation to
mandates approved by the CEO. The main principle is that risks are managed at the source, unless otherwise agreed. In order to maintain a strict segregation of duties, risk control functions in the divisions and corporate units, like Treasury, are responsible for reporting risks to Corporate Risk Management.