Risk management policy


Risk is an integral part of doing business and can be defined as any uncertain event that could threaten the achievement of business objectives and strategies or the Group’s tangible and intangible assets.

For this reason the integrated risk management process (“Enterprise Risk Management” or “ERM”) is designed to:

  • Protect value
  • Increase opportunities
  • Create a  “risk and rewards” framework for strategies and business decisions.

Within this context, the Group’s Risk Management department’s mission is to support the organization to:

  • Manage risks in terms of prevention and mitigation
  • Proactively seize opportunities
  • Disseminate a “culture” of risk evaluation across Group decision making processes, in particular, in the strategic planning process and significant business decisions
  • Ensure that Group Risk Exposure is consistent with the Group Board of Director’s risk appetite and does not exceed Group Risk Capacity, in order to achieve long-term sustainable performance
  • Assure transparency of Luxottica’s risk profile and risk management strategies with a focus on top managers and the Board of Directors along with adequate information provided to the shareholders and other relevant stakeholders.

In order to achieve these objectives, the Risk Management department is committed to promoting a proactive, structured and coordinated approach to identify, prioritize, manage and monitor relevant risks that could have an impact on the Group’s future business growth and the value of tangible and intangible Group assets.

Identification of risks during the ERM process does not mean the identified risk will definitively occur, but only that such risk is a possibility. Risk Management activities are based, because of their nature, on future and uncertain events.

Luxottica’s objective is to be risk aware, in conducting its business and allowing for informed decision making when actively managing events that could potentially have a negative effect on:

  • Current and future cash flow and profitability
  • Strategic business objectives
  • Tangible and intangible assets.

Luxottica is risk adverse towards events that could:

  • Negatively affect the safety or well-being of employees, consumers and other stakeholders
  • Lead to breaches of local laws or regulations
  • Endanger the environment
  • Negatively affect the Group’s reputation.

In line with the Group’s corporate governance practices, the Board of Directors has a key role in the “governance” of the risk management process.

The Board, acting upon the recommendation of the Control and Risk Committee, is responsible for the definition of risk management system guidelines in order to identify, measure, manage and monitor the principal risks impacting the Company and its subsidiaries and defining risk levels that are compatible with the strategic objectives of the Company. 

Role & responsibilities

  1. The Risk Management department works as a facilitator and coordinator of the activities described above. In particular, it:
  • Periodically reviews the ERM framework
  • Leads annual Risk Assessment activities
  • Organizes, prepares and shares the Group’s risk reporting with appropriate stakeholders             
  • Participates in non-recurring and/or significant projects that require specific risk analysis (including strategic planning and M&A)
  • Advocates in cases where the Risk Owner requires RM department intervention or if the CEO / Risk Owners assign a specific project to the RM department
  • Prepares risk policies and procedures to assist stakeholders in managing risks, when necessary
  • Requests / receives ad hoc or periodic information  from the various Risk owners on risks. 


  1. Risk owners  are the parties ultimately responsible for risk identification and management. Risk owners obtain the benefits and are responsible for the consequences of their respective decisions and are best positioned to understand the inherent risks of their day-to-day activities. Risk owners must be aware of the risk / reward balance of decisions, seeking guidance from the RM department when necessary to make an informed decision. In particular Risk owners:
  • Participate in risk assessment interviews and report significant risk even if “outside” the risk assessment process to the RM department
  • Provide additional information when needed to better understand risks
  • Manage risks and complete agreed upon action plans
  • Provide periodic / ad hoc information flows on risks to RM Department when needed.
  1. Luxottica’s legal department:
    • Advises the Risk owners on legally-relevant matters
    • Upon request, provides the RM department with information on (either new or emerging) significant risks.
  1. Internal Audit department / Compliance office:
    • Partners with the RM department sharing relevant information on any new or existing risks and mitigation plans and processes
    • Promotes appropriate ethics and values within the organization, supervising business process compliance with both internal and external regulations.

Luxottica’s ERM Process is composed of five phases and represents a reference model for all business decisions.

Luxottica’s ERM

The universe of risks potentially applicable to Luxottica has been split into three risk categories listed below.

External factors, which are completely beyond the control of the Group, have a negative effect on Group business and assests. Characteristic of the eyewear industry and/or strictly driven by Luxottica strategic decisions; could lead to being a competitive advantage or, alternatively, the basis of a failure to achieve strategic targets. Generated by ineffective organizational structure, internal processes and systems, and assuming these risks do not produce any competitive advantages.
«Inevitables» «Strategic objectives» driven «Company genetic profile»
Measure Group resilience
Balance risk-return profile
No competitive advantage

External risks are completely beyond the control of the Group and have a negative effect on the Group’s business and assets (e.g., risks deriving from macroeconomic factors, competitors, customer requirements, future laws and regulations etc.). The risk management objective is to monitor these risks, measure the Group’s resilience (stress test) and strive to mitigate the impact in case the risk occurs.

Strategic risks are characteristic of the eyewear industry and/or strictly driven by Luxottica’s strategic decisions (e.g. risks related to Image & Branding, license agreements, mergers & acquisitions etc.). In this case the objective is to create awareness during the decision-making process.

Finally, operational and compliance risks include risks generated by an ineffective organizational structure, internal processes and systems (e.g. risks related to Information Technology, Asset Protection, Business Interruption, Legal and Compliance etc. )

The risk management objective is to strive to mitigate such risks through the continuous improvement of the Group’s internal control system.

  1. Monitor
  2. Measure Group resilience
  3. Mitigate the impact in case the risk occurs
  1. Create awareness  during the decision making process
  2. Have a risk-reward analysis
  3. Consider the cost for risk mitigation and the impact of risk on economic/financial target

Reduce risks impact/probability through:

  • Continuous improvement of internal control systems
  • Adequate allocation of resources in strategic plan / budget

Adoption of (i) internal/external tools  to promptly identify and monitor these risks; (ii) stress test/ business case/ scenario analysis to assess the robustness of the plans/strategies and/or the Group’s capacity to face these risks.

Decision making process/reporting tools that facilitate risk identification and discussion and, if possible :

  • The quantification of impact on expected results/target
  • The «cost» of risk mitigation

The control model is  based on the development of ad hoc methods to identify processes/systems and organizational vulnerabilities in order to set detailed mitigation plans.


RM Dept role is (i) to complement strategy/business development team in running stress tests /what if analyses on alternative scenarios and (ii) to prepare Contingency plan to react in case the risk occurs.

RM Dept role is  to complement strategy/ business development team to facilitate the risk identification, evaluation and monitoring.

RM Dept act as an independent overseer on risk assessment and mitigation plans monitoring.

Last updated: Aug 05 2021