Risk management
and internal control

Corporate governance statement

Risk management
and internal control

The British Business Bank plc is committed to ensuring the best standards of Corporate Governance and is supported in this by the Board of Directors and Board Committees.

The Board has overall accountability and responsibility for the management of risk within the British Business Bank. Our Risk Management Framework has been designed to align to the size, scale and complexity of the British Business Bank and has been benchmarked against other financial services institutions. The British Business Bank is not an FCA/PRA regulated entity, although one of its subsidiaries representing approximately 1% of the portfolio, Capital for Enterprise Fund Management, is regulated by the FCA for controlling but not holding client money. The rest of the British Business Bank is not subject to regulatory supervision and the British Business Bank does not hold regulatory capital. The Bank is however subject to other applicable laws and regulations and aspires to meet standards of good practice. We have policies and procedures in place to ensure compliance with applicable laws and regulations, including Anti Money Laundering, Data Protection and Freedom of Information, and aspire to follow best practice where appropriate and applicable.

Risk Governance

The British Business Bank risk governance is based upon a ‘three lines of defence’ model as outlined in the Risk Management Framework, where the:

  • First line of defence is responsible for the day to day identification, reporting and management of their own risks.
  • Second line of defence is responsible for designing risk and control policies and methodologies monitoring performance and compliance, identifying and reporting risks and providing independent and appropriate challenge to the first line of defence.
  • Third line of defence provides independent assurance of the overall system of internal control including assessment of the risk governance framework.

The key principles of this model, as demonstrated by the diagram below, are:

  • The Board has overall accountability and responsibility for the management of risk within the Bank.
  • The Board delegates specific risk management roles and responsibilities to the Board Risk Committee, the Audit Committee, CEO, CFO and the CRO.
  • The CEO and CFO are supported in delivery of these responsibilities through direct reports from the senior team.
  • The CRO is a member of the senior team and is also supported by the Risk and Compliance function in the delivery of their responsibilities.

The British Business Bank encourages a strong culture of risk awareness and transparency through robust risk governance, clear accountabilities, regular intranet updates and in-house live and computer based training.

Policies form an integral part of managing risk within the British Business Bank. We have in place an enterprise wide set of policies, frameworks and procedures covering the major parts of our business. They outline how we intend to function, taking account of regulatory or legal requirements and industry best practice. Policies are approved by the appropriate committees and communicated to staff. Colleagues are also subject to the British Business Bank Code of Conduct and annual compliance declarations.

Approved by the Board of Directors,

Keith Morgan
Chief Executive Officer
13 July 2017


Previous: Our people
Next: Corporate governance