Risk management 

Hoist Finance's core business is to acquire and manage loan portfolios, which is why we are actively exposed to credit risk. Being a regulated company under supervision from the Swedish Financial Supervisory Authority (SFSA) puts further emphasis on a solid understanding and management of all the risks facing the company. 

The risk management framework  

Risk management at Hoist Finance aims to:  

  • Increase certainty regarding the achievement of the company’s objectives through identification, analysis, measurement, governance, control and reporting of associated risks.
  • Secure the company’s survival by maintaining adequate capital and liquidity levels. 

This creates and maintains confidence in Hoist Finance among our stakeholders, thereby enabling sustainable shareholder value. 

To fulfil these goals, the Board of Directors has adopted policies and strategies for the management, analysis, control and reporting of risks in day-to-day operations, which together comprises a risk management framework. 

Hoist Finance’s core business and risk strategy is to generate returns through controlled exposure to credit risk in the form of acquired loan portfolios. Therefore, we actively pursue this type of credit risk. Other types of risk, such as operational risk and market risk, are undesirable but sometimes unavoidable. However, these risks are minimised as far as is economically justifiable.  

Risk capacity, which consists of the capital and liquidity buffers in place, is set in order to ensure the survival of the company. Capital risk capacity is the difference between actual capital levels and regulatory minimum levels and demonstrates the capacity to absorb losses before critical levels are reached. Liquidity risk capacity is the scale of the liquidity outflow Hoist Finance can accommodate without breaching regulatory minimum requirements.  

The Board of Directors determines our risk appetite within the available risk capacity. By weighing potential returns against potential risks, the Board decides on an appropriate risk and return level for Hoist Finance. Our risk appetite then provides the basis for business decisions and risk limits, which are applied in day-to-day business activities and in risk monitoring. Continuous monitoring performed by the Group’s Risk Control function ensures we do not assume any risks that exceed the established risk appetite, risk capacity or limits. 

Three lines of defence 

Hoist Finance’s risk management is built around a sound risk culture; an efficient operating structure governed by policies and guidelines and transparent reporting and monitoring. The Board of Directors’ risk management policy stipulates the framework, roles and responsibilities for risk management and the guidelines for ensuring that there is adequate capital and liquidity to withstand economic adversity. 

Hoist Finance’s risk management allocates roles and responsibilities in accordance with three lines of defence, described in the Corporate Governance Report. 

Risk culture 

We have a deep insight and understanding of how a sound risk culture is essential for efficient risk management. Therefore, structured efforts are taken to support and promote a sound risk culture within the company. We define a sound risk culture as: 

  • Transparencywhere information is shared as far as possible and all communication and feedback is clear, concise and constructive. 
  • Teamworkwhere the atmosphere is open and it is easy to share and learn from experience, both from successes and from failures. 
  • Balance between risk/rewardwhere all decisions and considerations take into account both the risk and the reward that the decision entails. We believe that constructive discussions on risk and reward are essential for sophisticated decision-making on business opportunities. 
  • Sound incident managementwhere incidents are reported, analysed and actions taken to mitigate risks as far as economically justifiable; and where a sound and formative risk culture promotes learning from mistakes to continuously improve. 

Promoting a balanced risk culture is a long-term and continuous endeavour that permeates everything that we do. Internal rules, remuneration systems, incentives, ethical guidelines, formal educational initiatives and other governing mechanisms within the company are designed to ensure that the risk culture develops in a positive direction. We have ambitious targets to improve the risk culture further and have initiated work to broaden the risk management to ensure inclusion of emerging risks outside the traditional risk types for a bank. These risks include climate change, social inclusion, and more. The work is carried out in close collaboration with our Sustainability team. These efforts include initiating measurement of additional risk types and active participation in the Business Ethics and Sustainability Committee.  

Security Management 

The main focus in security management at Hoist Finance is to protect our customer data and business sensitive information. This is not only because we are regulated by the SFSA and need to adhere to GDPR, but given our business model we hold a lot of sensitive data that needs to be protected from external cyber-attacks. This means that we need agile processes and tools in place that can protect, detect and react on new upcoming cyber threats. Both regulatory and client based requirements have increased significantly in the past 5 years.  

Our Executive Management Team and the Board of Directors are highly involved in the security management work. The CEO decides on the Security Strategy and the Board of Directors decides on the Security Policy. These policies and strategies are based on the business strategy and outlines the objectives and demands on the security function and other managers. Information Security is managed by the Head of Security. The security work is carried out in all three lines of defence.  

We want to take an active role in safeguarding our business and customers and to contribute to stable and secured financial markets 

Two persons talking in an outside environment

We have started and implemented several security initiatives. Among others, we have created an Information Security Management System (ISMS) which is now fully implemented in our business. An ISMS is an internal set of documentation of security requirements such as; how we classify information, how we technically must protect our data within each classification level, requirements in physical security, encryption rules and more.  

We have also implemented a Security Operations Center that can monitor and react on deviations and incidents in our network. This is an important step towards a better security level in the company and enhances the work around protecting customer data. This team monitors our systems and takes care of any security related reports around the clock.

Even in these times not everything can be protected by technical means, therefore we have documented and implemented a training & awareness plan in the company. This regulates what a new employee needs to know about security at Hoist Finance as well as what needs to be done on a continuous basis. For certain key functions we have also introduced demands on security related certifications.  

Regulatory changes 

The European Parliament has introduced new capital regulations for non-performing exposures (NPE's). The new regulation is applicable for exposures originating after 26th April 2019, and meet the criteria’s for NPE. The regulation will change how European credit institutions manage NPEs and will increase the capital requirements and monitoring of NPE's.  

The NPL prudential backstop requires a deduction from own funds where NPE's are not sufficiently covered by provisions or other adjustments. The applicable amount of own funds deductions depends mainly on the size of the exposure, the numbers of years the exposure has been classified as NPE, the type and value of collateral and the amount of provisions.  

This affects Hoist Finance as a large part of our claims are unsecured NPL's. We set up a plan to mitigate these changes in the beginning of 2019, and have during the year executed this plan in several areas, inclusing securitisation where portfolios of unsecured claims are moved off the balance sheet. During the year we finalized two such transactions with external counterparties. 


The conditions for cross-border trade in financial services to and from the UK as a consequence of Brexit are still uncertain. During the year Hoist Finance has investigated and evaluated the effects this will have on the Group and the direct and indirect impact of these effects on our operations. The areas that were analysed include legal structure, operational consequences, risk exposure, personal data management, funding, existing third-party agreements, and IT systems. The Brexit issue has been taken into account in the Group’s strategy work and our preparation of business plans and decisions. The UK is an important part of Hoist Finance’s operations. A sharp economic downturn as a result of Brexit would most likely impact the Group’s collections on current portfolios.

Climate change risk assessment 

As our level of investments in portfolios secured by real estate increases, Hoist Finance is placing greater focus on monitoring our collateral, including respect to environmental/climate change risks. An updated real estate database is currently under construction and pilot reports have been produced, which will permit us to monitor flooding and earthquake risk, across our secured book on an ongoing basis. This serves both to protect Hoist Finance against unforeseen deterioration in collateral asset quality and to ensure we are able to assess whether environmental factors pose any risk to our customers. 

Risk exposure

The risks to which Hoist Finance is exposed can be divided into two groups: strategic risks relating to Hoist Finance in the context of its macro environment, and business-related risks which are more linked to Hoist Finance’s financial and operational activities. 

Strategic Risks

Risk type Risk profile Risk management 
The risk of increased competition in purchasing  loan portfolios or in offering savings accounts to the public could result in lower earnings for Hoist Finance.   
As regards the purchasing of loan portfolios, Hoist Finance operates in ten countries within Europe and offers savings accounts in Sweden and Germany.  Hoist Finance strives to be competitive through cost-efficient borrowing and  credit operations.   
Regulatory framework  
The risk of new regulations negatively impacting Hoist Finance’s business model or otherwise adversely affecting earnings.   

As a credit market company, Hoist Finance is regulated by the Swedish FSA and, accordingly, is subject to the majority of Sweden and where applicable European banking regulations.

Hoist Finance has a compliance  function  that works internationally across the jurisdictions in which the company operates. Forthcoming regulations are continuously   monitored and subjected to risk analysis. Hoist Finance actively participates in dialogue with the regulator and makes statements on proposed regulatory frameworks.  
The risk that new or substantially altered products have not been properly assessed from a VAT or income tax perspective. The risk that appropriate processes are not in place, resulting in improper management of income tax and VAT. The risk that Hoist Finance will take over unknown tax liabilities in acquired companies.  
Given that Hoist Finance operates in a large number of jurisdictions in Europe, tax issues are relatively  complex.  A high degree of complexity entails a risk that misinterpretations may have arisen.   There is ongoing work to ensure a sustainable structure includes analysing new tax rules and their i mpact on Hoist Finance's corporate structure.  Hoist Finance also works continuously to ensure that the Group has the necessary  processes in place and the expertise required to identify tax risks and clarify roles and responsibilities regarding income tax and VAT. 

Business-related financial risks 

Risk type Risk profile Risk management
Credit risk
The risk of loss arising from a customer’s failure to repay principal or interest or otherwise meet a contractual obligation.
Credit risk refers mainly to acquired NPL portfolios and the risk that collection on these will be lower than forecasted. Credit risk also includes the risk of credit losses on acquired performing loans. Other credit risk exposures are: (i) cash deposits with banks; (ii) investments in interest bearing instruments; and (iii) counterparty risk related to hedging FX and interest-rate risk.Credit risk in acquired loan portfolios is monitored, analysed and managed by the management in each country, and by the Group’s Business Control unit. Other credit risks are analysed and managed by the Group’s Treasury function. The Risk Control function analyses and monitors all credit risk exposures.
Market risk
The risk arising from adverse movements in foreign exchange rates and interest rates.
The main FX risks arise from the fact t hat the loan portfolios (the assets) are denominated in EUR, PLN and GBP, while the reporting currency is SEK and the majority of liabilities are denominated in SEK. Interest-rate movements have an effect on net interest income.Market risks are hedged continuously by the Group’s Treasury function and are i ndependently analysed by the Group’s Risk Control function.
Liquidity risk
The risk of difficulties in obtaining funding, and thus being unable to meet payment obligations when they fall due, without a significant increase in the cost of obtaining means of payment.
Liquidity risk is linked primarily to deposits from the public and the risk of large withdrawals occurring at short notice. Furthermore, i ncreased requirements for funds pledged as collateral for derivative positions, and refinancing risk associated with existing market funding, could potentially impact liquidity in a negative way.The Group has a significant liquidity reserve to cover potential outflows of l iquidity. Hoist Finance also works pro-actively to diversify the number of funding sources.
Operational risk
The risk of loss resulting from inadequate or failed internal processes, people, IT-systems or from external events including legal and compliance risk.
Operational risk is present across our operations and come in many forms. Common examples are to failure in our processes due to issues with our IT-systems or lack of or erroneous data to perform tasks.Operational risks are identified, assessed and reported on a regular basis through different tools, such as Risk & Control Self Assessment and New Product Approval Process

Additional and more detailed information about Hoist Finance’s risk management is presented in the Administration Report, Note 31 and in Hoist Finance’s Pillar 3 report. This also includes quantitative risk measurements. 

- Annual Report 2019 -
- Årsredovisning 2019 -