Risk management
Role of the Board
The CEFC Board approves CEFC strategies and policies to ensure the proper, efficient and effective performance of the organisation. The Board provides oversight of performance, risk management and culture, all of which contribute to the organisation’s ability to sustainably achieve its objectives. The Board is supported by the Audit and Risk Committee in its oversight of risk management and the implementation of the CEFC Risk Management Framework.
Role of the Executive Team
Each member of the Executive Team is responsible for the implementation of the risk management framework within their teams. Each quarter, senior staff attest that key risks in their area have been identified and adequately managed, through appropriate controls and mitigants. The CEO has established an Executive Risk Committee, chaired by the Chief Risk Officer, to provide executive oversight of risk management and compliance activities.
Role of Investment Committees
Due diligence is a key feature of CEFC risk assessment with respect to investment decisions:
- Transaction teams are required to review, screen and develop structures to mitigate potential financial and reputational risks that may be associated with proposed investments
- The credit team, led by the Chief Risk Officer, independently reviews and challenges this risk assessment and considers whether the proposed investment is consistent with the Risk Appetite Statement, Investment Policies and risk limits and guidelines
- Investment Committees then make a case-by-case assessment of the merits of proposed investments, their assessed risk and anticipated returns.
Risk Appetite Statement
The CEFC Risk Appetite Statement establishes the risk boundaries within which the business operates, and goes to the heart of how the CEFC pursues its strategic objectives and the types of investments it considers. The Risk Appetite Statement includes limits and tolerances for both financial and non-financial risk consequences.
The CEFC must take risks to achieve policy outcomes and financials returns. For the CEFC, a heightened level of risk, beyond what may be deemed acceptable by a commercial financier, may be appropriate in specific circumstances in pursuit of broader public policy objectives. In contrast to some other investors, the CEFC has limited opportunities to diversify its portfolio by sector, particularly given the requirement to have at least 50 per cent of the portfolio invested in renewable energy technologies from 1 July 2018, thereby concentrating exposure in the clean energy sector.
Risk culture and conduct
Our approach to risk recognises the fundamental link between strategic objectives and the impact uncertainty (or risk) may have on the achievement of those objectives and the performance of the CEFC. The Risk Management Framework promotes a holistic approach to managing risk, starting with strong governance structures that promote transparent decision-making, guided by a well-developed and well-executed strategy that remains cognisant of and informed about the risks embedded in that strategy. The core elements of our approach to risk management include sound risk governance, the interaction and alignment of strategy and risk appetite, timely risk analysis, the implementation of cost-effective controls, a sound risk culture and regular assurance activities.
Risk Management Framework
Consistent with section 68 of the CEFC Act, the Board has established a Risk Management Framework, encompassing the systems, structures, policies, processes and roles within the organisation that identify, assess, monitor and mitigate both internal and external sources of risk. The Risk Management Framework helps the organisation to monitor and manage strategic, investment, financial, reputational, operational and regulatory risks. The framework includes the application of a “three lines of defence” risk management model which establishes risk ownership responsibilities within business teams, independent from risk oversight and risk assurance activities.
Three lines of defence
1. Investment and Clean Futures teams
The CEFC Investment, Clean Futures and Portfolio Management teams form the first line of defence. These teams are responsible for identifying, assessing and mitigating the risks arising out of CEFC investment activities.
2. Risk, Compliance and Credit
The CEFC Risk, Compliance and Credit team, under the direction of the Chief Risk Officer, forms the second line of the risk management function. This team is an independent function that is responsible for reviewing and challenging risk assessments and controls throughout the organisation. New transactions must be reviewed by a credit team member before being submitted for approval. In addition, this team is responsible for providing oversight, monitoring and reporting of key risks across all areas of the organisation. This team provides regular reports to both the Executive Risk Committee and the Board Audit and Risk Committee.
3. Internal audit
The key function of the internal audit is to review and consider the design effectiveness and operational effectiveness of key internal controls implemented by management. The internal audit is delivered by PwC through an outsourced model. PwC provides independent and objective risk-based assurance to the Board, Board Committees and the Executive. These assurance activities address the effectiveness of financial and non-financial risk management activities and include reviews of governance arrangements, systems, structures, policies and procedures.