Issued 6 June 2018
Last updated 10 January 2019
The purpose of this policy is to outline the Norges Bank Investment Management (NBIM) requirements for Enterprise Risk Management (ERM).
NBIM shall apply an effective framework for enterprise risk management where enterprise risk is defined as all risks affecting NBIM’s organisation and business. Enterprise risk management includes the culture, capabilities, and practices, integrated with strategy-setting and its execution, that the organisation relies on to manage risk in creating, preserving, and realising value.
Enterprise risk management
- Enterprise risk management shall be integrated in strategy and action planning, and day- to-day operations.
- The framework for enterprise risk management shall include strategic risk, investment risk and operational risk as the main risk classes.
- Reputational impact shall be considered as a consequence applied across all risk classes.
- Detailed requirements for the management of each risk class are covered in separate policies.
Strategic risk management
- Strategic risk is defined as the risk of not achieving strategic objectives as set out in the strategy plan.
- NBIM shall evaluate both risks and opportunities related to the strategic objectives. The strategy shall support NBIM’s mission to safeguard and build financial wealth for the future generations of Norway.
- Strategic risks shall be identified and the implications of the strategy for the overall risk profile shall be considered. Strategic risks shall be assessed and updated through the ongoing monitoring of the strategy plan.
Investment risk management
- Investment risk is defined as the risk of events affecting the return of our investments. Investment risk includes market risk, credit risk and counterparty credit risk.
- Investment risk management shall ensure that the fund’s combined assets are managed within the relevant constraints laid down by the fund’s owners and the Executive Board of Norges Bank, and are aligned with the strategic objectives.
- Investment risk shall be managed through the establishment of specified limits allocated to investment strategies through the issuance of investment mandates.
- Assessment of Environmental, Social and Corporate Governance (ESG) risks shall be integrated into the investment management process and managed in accordance with the Principles for responsible investment management in NBIM.
Operational risk management
- Operational risk is defined as the risk of an unwanted operational event with financial or reputational impact. The unwanted event may arise from breakdown of internal processes, human error, system failure or other events caused by third parties or other external factors.
- Operational risk management shall be structured, systematic and integrated in the decision-making processes in NBIM with the aim to create value and support continuous improvement of NBIM’s processes.
- Operational risks shall be identified and assessed. Risk mitigating measures and controls shall be prioritized and implemented based on risk appetite.
- NBIM shall establish an effective internal control environment to provide reasonable assurance that objectives will be achieved.