Risk Management Framework

British Land operates a Group-wide risk management and internal control framework to identify, assess and manage principal and emerging risks. The framework is supported by a clear risk appetite, defined accountabilities and embedded controls.

The framework, shown in the diagram below, combines top‑down Board-driven strategic oversight with bottom‑up business-led risk identification and control activities. This integrated approach enables us to manage key financial and non‑financial risks within appetite, adapt to change and support the delivery of our strategy.

Governance

The Board has overall responsibility for the risk management and internal control framework. It sets risk appetite, oversees principal risks and reviews the effectiveness of the framework. The Audit Committee supports the Board by reviewing the effectiveness of the risk management and internal control environment as well as related assurance processes.

The Risk Committee – comprising members of the Executive Committee and senior leaders from across the business, and chaired by the Chief Financial Officer – oversees the monitoring and management of principal risks. This ensures a consolidated view of key risks and supports effective escalation, prioritisation and decision making across the Group.

At the operational level, risk management is embedded across business units and core activities. This bottom-up approach facilitates early identification, monitoring and management of operational risks, as well as timely escalation. Each business unit has designated risk representatives and risk owners responsible for managing risks at source and implementing appropriate mitigations, including internal controls. They maintain detailed risk registers, which are regularly reviewed by the internal risk team.

The internal risk team plays a central role in coordinating risk management activities across the Group, embedding the framework into operations, culture and decision-making processes. Internal Audit provides independent assurance over risk management and internal controls.

Learn more here

risk management approach

The framework operates through three lines of defence:

  1. First line: operational management owns day-to-day risk identification, control operation and remediation.
  2. Second line: the Risk Committee and internal risk team oversee the framework, provide challenge to the first line and monitor control effectiveness.
  3. Third line: Internal Audit provides independent assurance on the effectiveness of the risk management and internal control processes.

Integrated Internal Control Framework

Internal controls are embedded within our wider risk management framework and support effective governance, reporting and decision making. They include policies, procedures and day-to-day controls across financial, operational, reporting and compliance activities. During the year, we have further strengthened our internal control framework in preparation for the requirements of Provision 29 of the UK Corporate Governance Code.

Risk Appetite

Our risk appetite underpins our entire risk management approach, guiding planning, decision making and strategy execution. It is reviewed annually by the Board and supported by KRIs and tolerances for each principal risk and embedded across our policies, procedures and controls.

While our appetite may adjust through the property cycle, our overall appetite is balanced: low for financial and compliance risks, and balanced for property and operational risks. This supports our value-add strategy and target of income-focused total accounting returns of 8-10% through the cycle.

Learn more here

principal risks

Our risk management framework identifies the principal risks facing British Land. Using a risk-scoring matrix, we assess each risk based on likelihood, potential financial impact and reputational effect to identify those most likely to have a material effect on the business.

We categorise our 11 principal risks into two groups:

  • External risks – four risks shaped mainly by market factors such as macroeconomic conditions, political developments and property markets.
  • Internal risks – seven risks linked to how we manage the business, including capital allocation, operations, people and compliance.

Learn more here

Our priorities for 2026/27

  • Provision 29 Compliance: Fully embed material controls and assurance into business-as-usual. Enhance governance and reporting to support full Provision 29 compliance.
  • ERP Transformation Delivery & AI Automation: Oversee the successful delivery of the ERP finance transformation, scheduled for implementation in 2027, with a focus on robust control design, automation and data integrity. Ensure strong programme governance and change control for a smooth transition. Identify opportunities to use AI and automation to streamline processes, enhance controls and strengthen risk management within a responsible well-governed framework.
  • Operational Efficiency & Control Optimisation: Continue the simplification and standardisation of key business processes, using digital tools, including AI, to enhance efficiency and reinforce the control and risk management environment.
  • Embed Risk-Aware Culture: Continue strengthening clear risk ownership across the business and enhance the quality and consistency of risk reporting. Foster a culture where risk awareness is embedded in day‑to‑day decision making. Consider leveraging the global risk tool within the new ERP system to improve risk visibility and enable automated control testing.
  • Enhancing Cyber Resilience: With significant progress already achieved across corporate technology, continued efforts will prioritise property technology, focused on security controls, threat detection and response capabilities in response to the evolving threat landscape.


Full details on our approach to risk are outlined in our Annual Report.