The lines of defense
The Board of Directors bears ultimate responsibility for monitoring and limiting Nordiska's risk exposure. Nordiska applies the Three Lines of Defence model to ensure effective governance, risk management, and internal control throughout the organisation.
First Line of Defence
The first line of defence consists of the Board of Directors, the CEO, and the operational business units.
They are responsible for ensuring that operations are conducted within the established risk appetite and internal control framework, and in compliance with applicable external and internal regulations.
The first line of defence maintains an effective governance framework and robust processes for identifying, measuring, assessing, monitoring, mitigating, and reporting risks.
Second Line of Defence
The second line of defence consists of the Risk Control Function and the Compliance Function.
The independence of these functions is safeguarded by ensuring that they do not participate in the business activities they are responsible for reviewing and monitoring.
The Risk Control Function is responsible for ensuring that all material risks to which Nordiska is exposed, or may reasonably be expected to become exposed, are identified and managed by the relevant business functions.
The function also reviews the adequacy and effectiveness of Nordiska's internal regulatory framework and proposes amendments where necessary. It supports and monitors the implementation of regulatory requirements and promotes a strong risk awareness culture throughout the organisation.
Furthermore, the Risk Control Function provides independent analyses, advice, and expert opinions regarding Nordiska's risk profile. It continuously evaluates and develops Nordiska's risk management framework to ensure that it remains appropriate and effective.
The function is also responsible for identifying risks arising from deficiencies in risk management processes and for ensuring that each business unit effectively monitors its material risks. Overall, the Risk Control Function oversees and monitors Nordiska's risk management activities.
The Compliance Function supports the Board of Directors, the CEO, and the operational business in ensuring compliance with applicable regulatory requirements.
As part of the second line of defence, the Compliance Function reports directly to the CEO and the Board of Directors and operates independently from Nordiska's business activities.
The function is responsible for identifying compliance risks arising from potential failures to meet obligations under applicable internal and external regulations. It monitors and assesses how these risks are managed by the relevant functions and oversees compliance with the applicable regulatory framework.
Third Line of Defence
The third line of defence consists of the Internal Audit Function.
The Internal Audit Function serves as the Board of Directors' independent assurance function for evaluating the effectiveness of governance, risk management, and internal control processes. To maintain its independence, the function is organisationally separated from Nordiska's operational activities and other functions.
The Internal Audit Function is responsible for reviewing and regularly evaluating whether Nordiska's internal control framework is effective and appropriate. This includes reviewing and assessing the Company's risk management processes, regulatory compliance, financial reporting, and the effectiveness of the second line of defence.
The Internal Audit Function is responsible for conducting independent reviews and oversight of activities performed within both the first and second lines of defence.