Governance / Risk management
Risk management at Oakley
Oakley is committed to maintaining best-in-class risk management practices that empower the Board to make informed decisions and effectively manage both known and emerging risks. This commitment is integral to achieving strategic objectives, particularly as the firm operates across multiple jurisdictions in a dynamic and highly regulated economic landscape.
A clear governance structure is in place, with accountability assigned at every level. The Board holds ultimate responsibility for managing the business’s risk exposure, supported by the Group Risk Committee (GRC), an executive-level body tasked with designing and implementing the risk management framework across the Group. Effective risk oversight is critical, and regular communication between the Board and the GRC ensures that risk management is embedded in decision-making processes. Oakley operates with three layers of control: operational management, which is responsible for the day-to-day ownership and management of risks and controls; internal monitoring and oversight functions, including risk management and compliance; and periodic external reviews, which provide independent assurance and evaluation of Oakley’s risk management framework.
The implementation of a cloud-based Enterprise Risk Management System has established a centralised approach to managing operational risk across the enterprise. In 2024, the system was enhanced through the integration of data from multiple quarterly risk assessments. The scope of risks tracked was also expanded to enhance the reporting of sustainability risks, including both physical and transition climate risks. These enhancements have been embedded into formalised processes, providing the Board with improved visibility into emerging risks and greater oversight of control effectiveness.
Oakley’s risk management framework is designed to identify, assess and measure risks while developing practical strategies to mitigate them and maximise potential opportunities. It is underpinned by a robust risk appetite statement, policies, procedures, and a regularly updated risk register which is reviewed and approved by the GRC. A dedicated team of highly qualified risk management professionals continually enhances the framework, leveraging tools such as stress testing, scenario analysis, resilience programmes, key risk indicators, horizon scanning and risk-event analysis over the portfolio companies. The GRC assesses factors affecting each principal risk, liaising with executive committees and functions before summarising risk profiles in regular reports for Board review.