Neste Board of Directors has the ultimate responsibility for risk oversight and is in this role responsible e.g. for setting the Group’s risk appetite and for approving the Risk Management Policy.
Practical implementation, development and monitoring of the risk management process is based on the three lines of defense model. The model distinguishes between:
1st Line of Defense
As a part of the first line of defense, Neste's President & CEO and Neste Executive Board have the overall responsibility for proper risk management.
In practice, business areas and common functions are owning and managing risks with the help from a dedicated network of risk champions. Role of the risk champions is to represent different risk disciplines and to ensure that risk discussions are embedded into everyday management routines.
2nd Line of Defense
Role of the actors in the 2nd line of defense is to provide risk management support, facilitation, and consultation.
Compliance Committee, headed by the CFO, aims at increasing management oversight on compliance related issues within the Group. The Committee also ascertains adequacy of mitigation actions in higher risk compliance areas.
Risk coordination team, supporting the CRO, acts as a working group that aims to ascertain effective and efficient risk management practices within Neste. The team steers the development of risk management principles, tools, and processes.
Corporate risk management team is responsible for confirming that risk management activities are carried out consistently. Corporate risk management also drives overall development of risk management practices and tools.
3rd Line of Defense
Internal Audit evaluates the effectiveness and efficiency of the corporate level risk governance model and related risk management processes, including the effectiveness of internal controls and other risk treatment actions in the scope of each audit. Internal Audit also provides recommendations for improvement areas.