The Board retains overall responsibility for risk management and for ensuring that the Group’s risks are managed appropriately.  To ensure sufficient focus on this important area, the Board formed a dedicated Board Risk Committee in 2016, mandated to oversee the effective management of the most significant risks to the Group.
 
A dedicated Group Management Risk Committee (“GMRC”) was also established to ensure key risks to the Group are appropriately owned, assessed, resourced and managed within appetite at the executive management level and that risk culture and awareness is embedded in the business. The GMRC is chaired by the Group Chief Executive Officer with membership comprised of regional operational heads and functional heads. The GMRC is supported by a Group Risk Manager while the Group’s Internal Audit function reviews the effectiveness of the Group's risk management processes and other internal controls. The GMRC also updates the Board on any new or emerging risks affecting the Group and on any action plans being put in place to manage them. The GMRC meets at least three times a year.