GAPP Principle 22
The SWF should have a framework that identifies, assesses, and manages the risks of its operations.
- GAPP 22.1 Subprinciple The risk management framework should include reliable information and timely reporting systems, which should enable the adequate monitoring and management of relevant risks within acceptable parameters and levels, control and incentive mechanisms, codes of conduct, business continuity planning, and an independent audit function.
- GAPP 22.2 Subprinciple The general approach to the SWF’s risk management framework should be publicly disclosed.
Status: Implemented
See also response to principle 18.
The Ministry of Finance is supervised by the Office of the Auditor General, which shall ensure that the Ministry’s efforts in the management of the GPFG are in accordance with the decisions and intentions established by the Norwegian Parliament.
The governing bodies of Norges Bank are responsible for monitoring the effectiveness of the risk management framework. The Bank’s Internal Audit shall on behalf of the Executive Board ensure the adequacy of risk management and internal control at Norges Bank. The Executive Board of Norges Bank is supervised by the parliamentary appointed Supervisory Council which also appoints the external auditor.
The management mandate issued by the Ministry of Finance sets the benchmark indices and permitted deviations from such indices, and further requires the Executive Board of Norges Bank to set supplementary risk limits. The Board has established principles for such risk management for the separate asset management unit, NBIM. NBIM has further published policies on the management of enterprise risk, strategic risk, operational risk, and investment risk. Investment risk includes market risk, climate risk, credit risk, and counterparty credit risk. Responsibility for effective processes related to risk management within NBIM is delegated to the Risk unit and the Governance and Compliance unit.
Sources: GPFG mandate, Ministry ofFinance’s and Norges Bank’s websites.