Nordea Eiendomskreditt AS
Annual Report 2023
56
The objective of Reputational Risk Management is to
protect the Nordea Group’s and Nordea Eiendomskreditt’s
reputation. Reputational risk is defined as the risk of
damage to the trust in the Nordea brand from our
customers, employees, authorities, investors, partners and
the general public with the potential for adverse financial
impact. Reputational risk is often an impact from, or a
cause of, other types of risks, e.g. credit, liquidity, market,
operational, compliance and legal risks inherent in the
business. A reputational risk framework with guiding
principles for managing reputational risk has been
developed. The framework is strongly linked with the risk
management framework and related processes for
identifying, assessing and mitigating risk. It includes
considering stakeholders’ perceptions in the decision-
making processes.
6.14 Minimum own funds requirement for operational
risk
Nordea Eiendomskreditt’s own funds requirements for
operational risk are calculated according to the
standardised approach. In this approach, the institution’s
activities are divided into eight standardised business lines
and the gross income-based indicator for each business
line is multiplied by a predefined beta coefficient. The
consolidated own funds requirement for operational risk is
calculated as the average of the last three years’ own funds
requirement.
Nordea defines compliance risk as the risk of failure to
comply with applicable regulations and related internal
rules. Management of compliance risk is governed by
Nordea’s Compliance Risk Appetite Statement which also
sets out the requirements for the mitigation of compliance
risk. Employees throughout Nordea are accountable for the
compliance risks related to their mandate and for managing
these risks in accordance with the Compliance Risk
Management Framework. The key governance principle for
management of risks at Nordea is the three Lines of
Defence (“LoD”) model.
1LoD is represented by the staff in Nordea Eiendomskreditt
performing business activities as well as staff in the Nordea
Group operating under intra-group agreement on account
of Nordea Eiendomskreditt. All employees in the 1LoD
have a role of understanding and adhering to prudent risk
management and are accountable for managing
compliance risks as part of performing their tasks. All
managers are fully responsible for the risks they assume
and are accountable for ensuring compliance with
applicable regulations within their respective area of
responsibility. Hence, they are responsible for ensuring that
the appropriate organisation, governance, controls,
procedures and support systems are implemented to
ensure a sufficient system of internal controls.
Group Risk (GR) and Group Compliance (GC) represent
Nordea’s independent second line of defence (2nd LoD)
control function. GR & GC oversee the implementation of
the financial and the non-financial risk policies and
according to a risk-based approach, monitor and control
the Risk Management Framework including the
Compliance Risk Management Framework and oversee
that all risks that Nordea is or could be exposed to, are
identified, assessed, monitored, managed and reported on.
GR is organized in divisions with individual risk type
responsibility. The following divisions are part of GR; Group
Credit Risk Control, Model Risk & Validation, Group
Financial Risk Management & Control, Group Operational
Risk, Risk Models, Chief Security Office, Enterprise-wide
Risk Management and Recovery & Resolution Planning,
CRO Office and Country CROs.
Group Compliance (GC) constitutes the compliance
function for Nordea Eiendomskreditt according to intra-
group agreement and is responsible for developing and
maintaining the risk management framework for managing
compliance risks in cooperation with other functions in GR
and for guiding the business in their implementation of the
framework to ensure continuous adherence to the
framework. GC is responsible for regular reporting on
annual compliance plan to NE Board and NE CEO at least
quarterly. GC reports on the status and development of
Nordea Eiendomskreditt’s compliance risks including
information on major deficiencies along with consequence
analyses and emerging risks and trends; status and key
observations from monitoring activities and investigations;
general updates on Financial Supervisory Authority
interactions and impact; and preparations on regulatory
changes. The reports shall also contain recommendations
on actions to be undertaken to mitigate compliance risk.
Group Internal Audit (GIA) represents the 3LoD according
to intra-group agreement. GIA conducts risk based and
general audits and shall assess whether the internal control
framework is both effective and efficient, including
assessing whether existing policies and procedures and
Group internal Rules remain adequate and comply with
legal and regulatory requirements, and with the risk
appetite and strategy of Nordea. GIA is also in charge of
the independent review of 1LoD and 2LoD including
ensuring that the segregation of duties is defined and
established between risk management (1LoD) and risk
control (2LoD).
7.1 Customer Protection
The aim of Customer Protection is to ensure fair treatment
of customers and fair customer outcomes. Treating
customers fairly include open and transparent
communication, meeting the customer needs (outcome
focused), employee awareness, honest and open approach
in customer complaints and communication as well as
timely, accurate and relevant management information.
The key areas covered in Customer Protection are financial
advice (including mortgage credit offering), product
governance arrangements, employee knowledge and
competence, and customer complaints handling. Customer
Protection related to advisory activities seeks to ensure that
advice given to the customers meets customers' needs and
circumstances; the advice given on suitable products; and
that lending is responsible. Customer Protection related to
products and services consists of delivering high quality,
good, and valuable products and services which meet
customer needs. This means defining and meeting target
market, delivering value for money and provision of fair
product materials and customer communications. It is also
important to manage conflicts of interest in relation to
products and services. Customer complaints are an
important tool for monitoring customer protection. The
complaints handling framework has in the recent years
been developed and the process is renewed with clear and
regular reporting, a strong feedback culture, root cause
analysis and mitigating activities.
7.2 Conduct Risk Management