mobiIcon
Menu
Search

The primary governance principle is adherence to the Three Lines of Defence model, with a clear division of roles and responsibilities with respect to internal control and risk management. A proper Three Lines of Defence governance ensures that the segregation of duties is defined and established between risk management and risk control.

In the second line of defence, Risk & Compliance provides expertise in risk assessment and risk management, and acts as a control function that is responsible for developing and maintaining the Risk Management Framework and Internal Control Framework as well as for continuously monitoring the implementation of the policies, rules, procedures and key controls within the frameworks. Risk & Compliance has a reporting line to the Audit Committee of the Board of Directors.

Outside the scope of the Risk & Compliance function is Finnair’s statutory Safety Management System, which is required by Finnair’s Air Operator’s Certificate and applicable Aviation Regulation and is subject to specific responsibility matrix and supervision prescribed by the supervisory authorities. Safety & Compliance acts as a control function with respect to the Safety Management System.

Last updated: February 20, 2023