Enterprise risk management and Compliance

Repower identifies and manages risks on the basis of a group-wide risk management approach. A number of different components are used to put this approach into practice: the Enterprise Risk Management and Compliance functions, the concept of three lines of defence against risk, an integrated risk management process, and a specific risk culture fostered throughout the business.

The Enterprise Risk Management function

Repower’s Enterprise Risk Management (ERM) function is part of the three lines of defence used by the company to manage corporate risks. Our risk managers support the divisions with capturing and evaluating risks and controls. The head of Legal and Risk reports direct to the CEO.

Integrated risk management and compliance approach

ERM and Compliance performs its function within the framework of our integrated risk management process. At Repower, risks are allotted to four main categories: business and strategic risks, market and credit risks, compliance risks, and financial reporting risks. 

There is a risk manager assigned to each of these risk categories. Thanks to their risk management expertise and detailed knowledge of our business processes, these risk managers are able to identify and effectively control the risks. They also help foster Repower’s risk culture.

Identifying and evaluating risks and controls

Repower assesses business risks for each division on an ongoing basis. The ERM and Controlling functions support this process by providing independent assessments. Controls for managing risks are identified, evaluated and improved as part of the risk assessment, or in separate processes.

Repower has a modern, time-tested system in place that is robust and fit-for-purpose.

Other risk management processes

The market and credit risk manager monitors Repower’s trading activities in accordance with a dedicated market and credit risk management process. The risk manager analyses market and credit risks on an ongoing basis, reporting on and discussing these risks in meetings with the people responsible for energy trading and members of the risk management committee.

The Internal Control System (ICS) is applied to financial reporting risks. One of the aims of this system of internal controls is accurate, full and reliable reporting. The persons at Repower responsible for internal controls regularly review and update the system.

The group compliance officer helps Repower manage compliance risks. This is the person responsible for propagating Repower’s code of conduct and developing additional measures in line with the requirements of the Board of Directors. The group compliance officer has a direct reporting line to the CEO and the chairman of the Board of Directors.

In addition, local risk managers and compliance officers in the respective business units help control risks and propagate the company’s risk culture.


The ERM function draws up an annual risk management report for the Executive Board and Board of Directors.

Additional reports are drawn up for compliance, internal controls, and market and credit risk management.


 > to the overview 

Your contact

Manuela Bolch
Head of Legal & Risk
Secretary General

T +41 81 423 7822