Risk is defined as the possibility of a negative deviation from an expected financial result. Through its operations, Northmill is exposed to a number of different types of risks that must be managed; primarily credit risk, market risk (currency risk and interest rate risk), operational risks, liquidity and financing risk and business risks.

The purpose of risk management is to ensure Northmill’s long-term survival through stability in its operations and quality in customer offerings, manage profit volatility and increase the value for the owners by ensuring efficient capital management.

Well-functioning risk management

Northmill's ability to assess, manage and control risk is central to achieving a good, risk-adjusted return. The overall risk policy adopted by the board of directors regarding risk management and risk appetite framework, with limits for specific risk areas, aims to create a well-functioning risk management with a strong and transparent risk culture.

To ensure good risk management, Northmill has designed an operational structure based on three lines of defense. The purpose of such an organization is to clarify the roles and division of responsibilities regarding risk and regulatory compliance.

The model distinguishes between functions that own and manage risk and compliance (first line of defense), monitor and review the same (second line of defense) and functions that stand for independent review and supervision (third line of defense).

The board of directors and the CEO adopt policies and instructions for the control and management of all risks the operations are exposed to, and these are supplemented by detailed procedures and guidelines within the organization. The risk and audit committee (RRK) supports the board in this work by discussing, directing and monitoring these issues and preparing decisions for the board.

The CEO has overall responsibility for managing all the group's risks in accordance with the board's guidelines and instructions. The CEO must ensure that Northmill's organization and administration are appropriate and that the group's operations are in accordance with external and internal rules. In particular, the CEO must ensure that the board has all the necessary information to make risk-related decisions.

Risk control function

The risk control function is independent of the business operations and the functions responsibilities and duties is specified through the policy for the risk control function adopted by the board. The risk control function is responsible for monitoring, controlling, analyzing and reporting the risks in Northmill's operations.

This includes risk assessment and testing of internal controls that have been introduced to reduce Northmill's operational risk and an assessment of the appropriateness of controls. Furthermore, the function is responsible for analyzing the various risk measures used, and for proposing changes to these if deemed necessary. Chief Risk Officer, who is appointed by the CEO after an approval from the board, continuously reports on the risks to the CEO, management team, RKK and the board.

Compliance function

The compliance function is independent of the business operations. The function's responsibilities and duties are specified through the policy for the compliance function adopted by the board.

The compliance function is responsible for supporting the business operations and management in compliance issues, and for helping to identify, follow up and report compliance risks, i.e. the risk that operations does not comply with external and internal rules.

Responsible for the compliance function, which is appointed by the CEO, reports on an ongoing basis to the CEO, the management group, the RKK and the board on compliance risks and issues.

Internal audit function

The internal audit function is independent of the business operations. The function's responsibilities and duties are specified through the policy for the internal audit function adopted by the board. The function reports directly to the board.

Internal audit function is primarily responsible for providing the board of directors and the CEO with reliable and objective evaluation of risk management as well as governance and control processes, in order to reduce the occurrence of risks and ensure an efficient control structure.

Internal audit function shall conduct independent recurring audits of the management structure and system for internal control. The board has decided to outsource the function to an external party and has appointed Deloitte Sweden as the internal auditor. The risk control function is the internal coordinator for the internal audit activities.

Internal audit function reports regularly to the board and RKK on the results of its audits, including identified risks and suggestions for improvement. Internal audit also informs the CEO, the management team and the relevant departments about issues regarding internal audits. The board annually establishes a plan for internal audit work.

Risk reporting

n the risk policy, the board has determined how and when it should receive information about Northmill's risks and risk management. The periodic risk reporting is designed to provide reliable, up-to-date and complete information for different stakeholders reflecting the nature of various risk types and market developments. The board, RRK, the CEO, the management team, as well as other functions that need such information, receive regular reports on the status of risks and risk management.

The risk control function provides a quarterly risk report, which includes, among other things, a comprehensive and objective presentation of the risk profile to which Northmill is exposed. The report also includes a follow-up of the risk appetite and status of risk management to enable the board to ensure that there is an effective framework for risk management and control in place.

The compliance function also submit a quarterly report every to the board, including among other things, a risk profile regarding compliance risks. Any breach of the limits that requires immediate escalation under the risk or credit policy shall be reported directly to the CEO, RKK and the chairman of the board, or the CEO and the board, depending on the defined escalation process.

Read the reports

Anti money laundering

Northmill is operated in a few European countries and committed to comply with national anti-money laundering and counter-terrorist financing (AML/CFT) acts under the directive (EU) 2015/849. AML/CFT is referring to set of laws, regulations and procedures that intend to prevent criminal actions.

In order to prevent criminality, financial institutions are required to perform customer due diligence measures and monitor customers' transactions. Our procedures are intended to prevent individuals engaged in money laundering and other financial crimes from using Northmill's products and services.

Page last updated: 2024-01-17