Effective risk and compliance management is essential to the Group’s operations and strategy. The accurate and timely identification, assessment and management of risks are key to achieving the Group’s operating and financial targets.

The Risk and Compliance Management Department:

  • Provides guidelines, standards and best-practice examples of risk and compliance management at the corporate and business unit levels
  • Takes responsibility for the risk and compliance management systems
  • Maintains the Group’s risk register
  • Organises and promotes risk and compliance workshops
  • Supervises the operations’ risk management
  • Reviews the effectiveness of mitigating actions
  • Supports internal stakeholders in key strategic decisions
  • Ensures there are policies, guidelines and procedures in place to support the effectiveness of the Group’s internal controls

Areas of focus and development during 2016


The focus was on the continued consolidation of risk, compliance and internal control management processes, which included the following:

  • Working to improve from maturity level four to maturity level five, the top level of the Risk Maturity Model¹
  • Expanding risk analysis to incorporate new business areas and widen coverage 
  • Improving key risk controls and taking action to reduce the impact and/or probability of identified risks, particularly through the use of preventive action plans 
  • Updating, improving and testing the Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP)
  • Verifying the effectiveness and design of key controls through the On Site Review of operations
  • Following up agreed actions for materialised risks and action plans regarding the On Site Review of operations 
  • Establishing risk management training programmes for key users


  • Including the Modern Slavery Act in the Compliance Model. All of the Group’s suppliers were reviewed to ensure that modern slavery is not occurring in the business or its supply chains
  • Reviewing more than 4,000 employees’ conflict of interest statements
  • Implementing guidelines concerning business relationships with companies employing politically exposed persons (PEP)
  • Strengthening compliance processes through conflict of interest assessment and due diligence of all business partners
  • Updating key guidelines of the Compliance Model to comply with amendments to Chilean Law No. 20,393 (Criminal Liability for Legal Entities)


  • Ensuring SAP transactions are in full compliance with delegated authority structures
  • Ensuring that key in-built SAP automatic controls are appropriate and effective