Risk management
and internal control

Corporate governance statement

Risk management
and internal control

Our Risk Management Framework is a collection of tools, processes and methodologies that support the British Business Bank in identifying, assessing, monitoring and controlling the risks it faces.

The Board has overall accountability and responsibility for the management of risk within the British Business Bank.

Risk governance

The British Business Bank Risk and Compliance function is based upon a ‘three lines of defence’ model as outlined in our Risk Management Framework, where the:

  • first line of defence is responsible for the day to day identification, reporting and management of their own risks
  • second line of defence is responsible for designing risk policies and methodologies, monitoring performance and compliance, identifying and reporting risks and providing independent and appropriate challenge to the first line of defence 
  • third line of defence provides independent assurance of the overall system of internal control including assessment of the risk governance framework. 

The British Business Bank encourages a strong culture of risk awareness and transparency which is supported through regular intranet updates and in-house training.

The key principles of this model, as demonstrated by the diagram below, are:

  • The Board has overall accountability and responsibility for the management of risk within the British Business Bank.
  • The Board delegates specific risk management roles and responsibilities to the Board Risk Committee, the Audit Committee and CEO and the CRO. 
  • The CEO is supported in delivery of these responsibilities through direct reports from the senior team. 
  • The CRO is a member of the senior team and is also supported by the Risk and Compliance function in the delivery of their responsibilities.

Previous: Our people
Next: Corporate governance