Risk management & control

Risk management and control principles

Five pillars support our efforts to achieve an appropriate balance between risk and return:

  1. Protecting the financial strength of UBS by controlling our risk exposures and avoiding potential risk concentrations at individual exposure levels, at specific portfolio levels and at an aggregate firm-wide level across all risk types.
  2. Protecting our reputation through a sound risk culture characterized by a holistic and integrated view of risk, performance and reward, and through full compliance with our standards and principles, particularly our Code of Business Conduct and Ethics.
  3. Ensuring management accountability, whereby business management, as opposed to Risk Control, owns all risks assumed throughout the firm and is responsible for the continuous and active management of all risk exposures to ensure that risk and return are balanced.
  4. Independent control functions which monitor the effectiveness of the business’s risk management and oversee risk-taking activities.
  5. Disclosure of risks to senior management, the Board of Directors (BoD), shareholders, regulators, rating agencies and other stakeholders with an appropriate level of comprehensiveness and transparency.

Our risk management and control principles are implemented through a risk management and control framework. This framework comprises qualitative elements such as policies, procedures and authorities, and quantitative components including risk measurement methodologies and risk limits.

The framework is dynamic and continuously adapted to our evolving businesses and the market environment. It includes clearly defined processes to deal with new business initiatives as well as large and complex transactions.

Risk management and control responsibilities

The key roles and responsibilities for risk management and control are as follows:

  • The BoD is responsible for determining the firm’s risk principles, risk appetite and major portfolio limits, including their allocation to the business divisions. The risk assessment and oversight of management performed by the BoD considers evolving best practices and is intended to conform to statutory requirements, as is the related disclosure in this section. The BoD is supported by the BoD Risk Committee, which monitors and oversees the firm’s risk profile and the implementation of the risk framework as approved by the BoD. The BoD Risk Committee also assesses and approves the firm’s key risk measurement methodologies.
  • The Group Executive Board (GEB) implements the risk framework, controls the firm’s risk profile and approves all major risk policies.
  • The Group Chief Executive Officer (Group CEO) is responsible for the results of the firm, has risk authority over transactions, positions and exposures, and also allocates portfolio limits approved by the BoD within the business divisions.
  • The divisional Chief Executive Officers, as well as the head of our Non-core and Legacy Portfolio, are accountable for the results of their business divisions. This includes actively managing their risk exposures, and ensuring that risks and returns are balanced.
  • The Group Chief Risk Officer reports directly to the Group CEO and has functional and management authority over Risk Control throughout the firm. Risk Control provides independent oversight of risk and is responsible for implementing the risk control processes for credit, country, market, investment, treasury and operational risk. This includes establishing methodologies to measure and assess risk, setting risk limits, and developing and operating an appropriate risk control infrastructure. The risk control process is supported by a framework of policies and authorities, which are delegated to Risk Control Officers according to their expertise, experience and responsibilities.
  • The Group Chief Financial Officer (Group CFO) is responsible for ensuring that disclosure of our financial performance is clear and transparent and meets regulatory requirements and corporate governance standards. The Group CFO is also responsible for the management and control of UBS’s tax affairs and for treasury and capital management, including management and control of funding and liquidity risk and UBS’s regulatory capital ratios. Responsibility for implementation of the control framework for tax resides with the Group CFO whereas responsibility for implementation of the control framework for treasury activities is with Risk Control.
  • The Group General Counsel is responsible for implementing the firm’s risk management and control principles for legal and compliance matters.