The Group believes that risk management is a fundamental part of robust corporate governance and good management practice. Good risk management does not mean avoiding risks at any cost but rather making informed and coherent choices regarding the risks the Group and the funds it manages want to take in pursuit of their strategies and objectives, having regard to the methods used to manage and mitigate those risks. Accordingly, risk management is embedded within all areas of the business, both at a Group and strategy level and across geographies, including in culture, decision-making processes, practices, business planning and reporting activities.
The Group manages a variety of risks in connection with its business activities, and the Board is ultimately responsible for oversight of the Group’s risk management and internal control systems. This includes determining the nature and extent of the key risks that the Board is willing to take in order to achieve the Group’s strategic objectives, and reviewing management’s implementation of effective systems of risk identification, assessment and management.
The Board is assisted in its risk management role by the Audit and Risk Committee, which monitors and reviews the Group’s internal controls and risk management framework. During 2023, the Audit and Risk Committee considered an updated risk management framework. It also reviewed a paper which explained the work undertaken to support the disclosures within the circular provided to shareholders in connection with the ECP transaction and discussed the integration of ECP into the enterprise risk management process.
To manage risk, the Group operates on a three lines model:
− First line
Business units have the primary responsibility for managing risks in their respective areas.
− Second line
Bridgepoint’s Legal and Compliance team assists with risk management, monitoring the operation of first line controls.
− Third line
Deloitte, as the Group’s outsourced internal auditor, provides risk assurance on the effectiveness of governance, risk management and internal controls, including first and second line controls.
Completing its first full year of engagement, the Group’s internal audit function focused in particular on credit investment governance, data management and governance and a review of the Group’s compliance monitoring programme. The results of their audits and any associated recommendations were reported to the Audit and Risk Committee.
Prudent risk management within business units is underpinned by a strong control culture with clear oversight of responsibilities, and there is ongoing thematic compliance monitoring. The Group maintains comprehensive insurance cover with a broad range of policies covering a number of insurable events.