Corporate Governance Report
Hoist Finance is a Swedish public limited liability company with corporate identification number 556012-8489. The Company has its registered office and headquarters in Stockholm, Sweden.
Good corporate governance aims to create favourable conditions for active shareholder engagement. This is achieved through a well-defined and well-balanced assignment of responsibilities between the company’s executive and shareholder functions, which ensures that accurate information is being presented to the market.
The aim of corporate governance is to ensure that the company is run as efficiently and effectively as possible in the interest of its shareholders, and that Hoist Finance AB (publ) (the ”Company” or ”Hoist Finance”) complies with corporate governance and other rules prescribed by regulatory and supervisory authorities. Corporate governance also aims to create order and a systematic approach for the board of Hoist Finance (the “Board”) and for management. With a clear structure and well-defined rules and procedures, the Board can ensure that management and employees are focused on developing the business and, accordingly, on creating shareholder value.
Application of the Swedish Corporate Governance Code
All companies with shares listed on Nasdaq Stockholm, regardless of market capitalisation, have been required since 1 July 2008 to apply the Swedish Corporate Governance Code. The Code is based on the “comply or explain” principle, meaning that a company’s deviation from the Code’s provisions is not deemed a breach thereof if the company explains its reason for the deviation. Hoist Finance complies with and in 2020 complied with all provisions of the Code. This Corporate Governance Report is part of the Company’s Administration Report and is reviewed by the Company’s auditors.
Corporate governance within the Company
Hoist Finance is subject to external and internal control systems.
The external control systems, which serve as the framework for Hoist Finance’s corporate governance, are the Swedish Companies Act, Annual Accounts Act, Banking and Financing Business Act, regulations and general guidelines by the Swedish Financial Supervisory Authority as well as the European Banking Association, Nasdaq Stockholm’s Rule Book for Issuers, other relevant laws and regulations, and the Swedish Corporate Governance Code. Governance, management and control are, pursuant to Swedish corporate law, the Swedish Corporate Governance Code and the Articles of Association, allocated between the shareholders at the Annual General Meeting (AGM), the Board and the CEO.
The internal control systems include the Hoist Finance Articles of Association adopted by the AGM. The Board has also adopted policies and instructions that clarify the division of responsibilities within the Group.
The following are of particular importance in this context:
- Rules of procedure for the Board
- Instruction for the CEO
- Policy for internal governance and control
- Instructions for the Risk and Audit Committee
- Instructions for the Remuneration Committee
- Instructions for the Investment Committee and
- Order of Authorisation
Articles of Association
The Articles of Association are adopted by the Annual General Meeting and contain basic compulsory information about the Company.
The Articles of Association specify the type of business activities the Company will carry out, limits on share capital and the number of shares and the number of Board members allowed. The Articles of Association include no special provisions for amendments thereto or for the appointment or dismissal of Board members. The Articles of Association are available in their entirety at www.hoistfinance.com.
As of 31 December 2020, the total number of shares was 89,303,000 and the share capital was SEK 29,767,666.66. Each share carries one vote. The Company had 6,875 shareholders at year-end. The 15 largest shareholders held an aggregate of 65.4 per cent of total share capital at the end of 2020. Read more about the Company’s largest shareholders at www.hoistfinance.com.
Annual General Meeting
The Annual General Meeting (AGM) is the Hoist Finance Group’s highest decision-making body. All shareholders have an opportunity at the AGM to influence the Company by exercising their voting rights. The Companies Act and Hoist Finance’s Articles of Association include rules that govern general meetings and their agenda.
Hoist Finance’s financial year runs from 1 January to 31 December. Pursuant to the Companies Act, notice must be given no earlier than six weeks prior to, and no later than four weeks prior to, the AGM. The AGM resolves on adoption of the year’s balance sheet and income statement, appropriation of profits, election of Board members and auditors, remuneration to Board members and auditors and other business matters as prescribed by the Companies Act and the Articles of Association. All shareholders listed in the shareholders’ register six banking days prior to the AGM who have provided notification of their participation during the prescribed time-frame are entitled to participate in the AGM, either in person or by proxy, and to vote in relation to their holdings.
Every shareholder is entitled to request that a matter is addressed by the AGM. A shareholder who wishes to do so must submit a written request to the Board no later than one week before the earliest date on which notice of the meeting may be published (i.e. the request must be received no later than seven weeks prior to the AGM). Pursuant to Chapter 7, Section 32 of the Companies Act, all shareholders are entitled to ask the Board and CEO questions about matters addressed during the AGM and about the financial situation of the Company and the Group.
2020 Annual General Meeting
The most recent AGM was held on 14 May 2020 in Stockholm. 57 shareholders, representing 26.25 per cent of the shares and votes in the Company, were present at the AGM. Due to the Covid-19 pandemic, many shareholders participated via mail voting. The Chairman of the Board was present at the AGM.
In accordance with recommendations from the Board and the Nomination Committee, the AGM resolved, among other things:
- To adopt the balance sheet and income statements
- To not distribute dividend
- To discharge Board members and the CEO from liability
- To re-elect Board members Ingrid Bonde, Cecilia Daun Wennborg, Malin Eriksson, Liselotte Hjorth, Robert Kraal and Lars Wollung and to elect Henrik Käll as new Board member. The AGM re-elected Ingrid Bonde as Chairman of the Board. Former Board members Marcial Portela and Joakim Rubin resigned from the Board at the AGM
- On remuneration for the Chairman of the Board and other Board members
- To elect EY, represented by Daniel Eriksson, as auditor for the period until the close of the next AGM and to pay auditor’s fees based on approved invoices
- To adopt guidelines for remuneration of senior executives.
- To approve the deferred bonus plan for 2020
- To authorise the Board to issue shares
- To authorise the Board to acquire own shares
The complete minutes of the 2020 AGM are available at www.hoistfinance.com.
2021 Annual General Meeting
The 2021 AGM will be held via postal voting, on Tuesday, 13 April 2021.
The Nomination Committee is composed of representatives of the three largest shareholders, based on shareholder statistics from Euroclear Sweden AB, as per the last banking day in August the year before the Annual General Meeting and on all other reliable ownership information that has been provided to the Company at this point of time, together with the Chairman of the Board. The Chairman of the Board is also responsible for convening the Committee’s first meeting. If a shareholder who is offered to become a member of the Nomination Committee declines, the offer shall instead be made to next shareholder in order of size of holding. The Committee’s composition may be changed to reflect changes to the shareholder structure.
The Nomination Committee submits proposals for the election of the AGM Chairman; the Board members and Chairman of the Board; remuneration to Board members; and proposals for the election of and remuneration to auditors. The Committee conducts its work in the interest of all shareholders. Instructions for the Nomination Committee and information on the options for submitting proposals to the Committee are available on the Company’s website, www.hoistfinance.com.
The Nomination Committee is composed of the following members: Jan Andersson (representing Swedbank Robur Fonder AB) Chairman of the Nomination Committee, Erik Selin (representing Erik Selin Fastigheter AB), Per Arwidsson (representing Arwidsro) and Ingrid Bonde (Chair of the Board of Hoist Finance). The Committee has held five minuted meetings ahead of the 2021 AGM and maintained regular contact between meetings. The Committee also held individual interviews with several of the current board members, the CEO and a number of Board member candidates.
The Nomination Committee’s proposals, its report on Committee work performed in preparation for the 2021 AGM, and information on the new proposed Chairman of the Board, proposed Board members and auditors are published in connection with the AGM notice.
Board of Directors
Pursuant to the Articles of Association, Hoist Finance’s Board shall be composed of at least three and no more than nine members. Members of the Board are appointed by the AGM for a one-year term. In accordance with the resolution of the 2020 AGM, the Board is composed of Ingrid Bonde (Chair of the Board), Cecilia Daun Wennborg, Malin Eriksson, Liselotte Hjorth, Robert Kraal, Lars Wollung and Henrik Käll. Former Board members Marcial Portela and Joakim Rubin resigned from the Board at the AGM.
At the end of the financial year, the Board had four female and three male members. All Board members were independent in relation to the Company’s major shareholders (as defined in item 4.4 of the Swedish Corporate Governance Code), the Company and the Executive Management Team in 2020. For further information on the Board members, see the section on the Company’s Board of Directors and Executive Management Team on the Company’s website, www.hoistfinance.com.
See Note 9 “Personnel expenses” for details on the remuneration to the Board of Directors.
The Company’s Board as a whole shall have the appropriate collective expertise, experience and background in the Company’s business operations to enable identification and understanding of the risks such operations entail. The objective is to have a Board composed of members with complementary experience and expertise and of varying ages, genders, geographic origins, and educational and professional backgrounds that, taken together, contribute to independent and critical reflection.
The Company’s Board has adopted a Diversity Policy applicable to the Board. To achieve a diverse Board, in preparing its proposal to the AGM, the Nomination Committee takes into consideration item 4.1 of the Swedish Corporate Governance Code, the Board’s Diversity Policy and the European Banking Authority’s guidelines on eligibility assessments for Board members. The Company continuously evaluates the composition of the Board and believes that its composition was satisfactory in 2020.
Work of the Board
The primary task of the Board is to serve the interests of the shareholders and the Company. The Board is responsible for the Company’s organisation and the management of the Company’s business, and for ensuring that the Group is suitably structured to enable the Company to optimally exercise its ownership responsibilities with respect to the Group subsidiaries. The Board is responsible for ensuring that the Company complies with applicable laws and regulations, the Articles of Association and the Swedish Corporate Governance Code. The Board is obliged to regularly assess the Company and the Group’s financial situation and ensure that the Company’s organisation is structured to enable satisfactory monitoring of its accounting, management of assets, and general financial situation.
The Board adopts financial targets for the Company, decides on
the Company’s strategy and business plans and ensures good internal control and risk management.
The Board’s duties and working methods are regulated by the Companies Act, the Articles of Association and the Swedish Corporate Governance Code. The Banking and Financing Business Act also regulates the duties and work of the Board.
The Board has adopted written rules of procedure and instructions on internal reporting for the Board that deal with:
- The Board’s duties and responsibilities
- Members of the Board
- Chairman of the Board
- Board meetings; and
- Board Committees
Board meetings in 2020
A total of 11 minuted Board meetings were held in 2020; seven ordinary meetings, one statutory meeting and three extraordinary meetings. All Board members attended these meetings, with the exception of the Board meetings held on 28 January, 11 February and 26 March when Marcial Portela did not participate. The CEO, the CFO and the Board’s secretary participated in the Board meetings. A number of Company employees also participated in some of the Board meetings to report on specific issues.
The Board’s work is carried out in accordance with an annual plan. This may be adjusted, however, depending on the year’s events and projects. The majority of ordinary Board meetings are held in conjunction with the Company’s reporting; the annual accounts were addressed in February, the Annual Report and issues related to the AGM in March, the interim accounts in May, July and October, strategy in June and the budget and business plan for the coming year in December. As a rule, governance documentation and instructions are adopted at the statutory Board meeting. At ordinary meetings the Board receives regular reports from its Committees and the control functions.
The matters addressed by the Board in 2020 included, among other things, organisation, strategy, cost saving programme, digitalisation, security and remuneration matters. The Board also held a meeting with the external auditors without the Executive Management Team in attendance.
Training for the Board
The Board received training in various subjects during 2020, including securitisation, data protection, security and ICT risks, ICAAP/ILAAP, and anti-money laundering.
Work of the Board in 2020
Risk and Audit Committee
The Risk and Audit Committee serves in an advisory capacity and prepares issues for consideration and decision by Hoist Finance’s Board. The Risk and Audit Committee also has a mandate to make decisions in matters regarding the procurement of non-audit-related services from the Company’s external auditors. The Committee is responsible for monitoring and ensuring the quality of financial reporting, the effectiveness of the Company’s internal control and the tasks performed by the Internal Audit, Risk Control, Compliance and Security functions. The Committee also discusses valuation issues and other assessments pertaining to the annual accounts. In matters relating to external audit, the Risk and Audit Committee is, notwithstanding the Board’s responsibilities and duties, to regularly meet with and review reports from the Company’s external auditors in order to remain informed about the focus and scope of the audit and to discuss the coordination of the external and internal audit with the external auditor. The Risk and Audit Committee is to inform the Board about audit results, the manner in which the audit contributed to the reliability of financial reporting, and the role played by the Committee in the process. The Committee is also to remain informed about the Swedish Inspectorate of Auditors’ quality control of the Company’s external auditors and is responsible for the auditors’ independence and impartiality and the selection procedure ahead of the choice of auditor.
The Committee is required to meet at least four times per financial year.
The Risk and Audit Committee has at least three members appointed by the Board on an annual basis. Committee members may not be employed by the Company. One member is elected Committee Chairman. The Chairman may not be the Chairman of the Board of Hoist Finance. Since the 2019 AGM, the Risk and Audit Committee members have been Cecilia Daun Wennborg (Chair), Ingrid Bonde and Liselotte Hjorth. The CEO, CFO and the Company’s external auditors also attend the Committee’s meetings. The Company’s employees may be summoned to Committee meetings to provide details on specific reports or issues. Committee meeting minutes are kept and made available to all Board members. The Committee Chairman reports to the Board at all Board meetings concerning the issues discussed and proposed at Committee meetings. The Committee held six meetings in 2020, with all members in attendance at these meetings.
The Remuneration Committee’s primary task is to prepare the Board to make decisions on remuneration policies, remuneration and other terms of employment for Executive Management Team members and employees responsible for control functions. The Committee is to monitor and evaluate variable remuneration programmes for the Executive Management Team (both ongoing and those completed during the year), as well as the application of the remuneration guidelines for senior executives resolved by the AGM and the Group’s remuneration structure and remuneration levels.
The Remuneration Committee is to have at least two members appointed by the Board on an annual basis. All members must be independent in relation to the Company, the Company’s management and the Company’s major shareholders. The Remuneration Committee meets at least twice per financial year. Since the 2020 AGM, the Board’s Remuneration Committee members have been Ingrid Bonde (Chairman), Lars Wollung and Robert Kraal. Joakim Rubin was a member of the Remuneration Committee until the 2020 AGM. The CEO and Chief People Officer also attend the Committee’s meetings. Company employees may be summoned to Committee meetings to provide details on specific reports or issues. Remuneration Committee meeting minutes are recorded and are available to Board members. The Committee Chairman reports to the Board concerning the issues discussed and proposed at Committee meetings. The Committee held five meetings in 2020, with all members in attendance at these meetings, except for the meeting on 4 February 2020 which Lars Wollung did not attend.
The Investment Committee is both a preparatory and a decision-making committee. Its responsibilities include evaluating and approving standard portfolio acquisitions valued at EUR 75m or more, portfolio acquisitions not considered to be standard and valued at EUR 25m or more and investments that require the approval of the Swedish Financial Supervisory Authority. The Investment Committee is also involved in the process of potential revaluations of credit portfolios. The Investment Committee is to have at least three members appointed by the Board on an annual basis. The Chairman must be independent in relation to the Company and the Company’s management and may not be the Board Chairman of Hoist Finance. The Committee meets at least four times per financial year and whenever a Committee decision or recommendation is required as per the Company’s Investment Policy or Revaluation Policy. Since the 2020 AGM, the Board’s Investment Committee has been composed of Malin Eriksson (Chairman), Liselotte Hjorth, Lars Wollung and Henrik Käll.
Joakim Rubin was a member of the Committee until 14 May 2020. Company employees may be summoned to Committee meetings to provide details on investment data. Committee meeting minutes are recorded and are available to all Board members. The Committee Chairman reports to the Board at all Board meetings concerning the issues discussed, proposed and decided on at Committee meetings. The Committee held seven meetings in 2020, and, save for one revaluation meeting (where the non-attending member was provided a separate presentation the day after the meeting), all members attended these meetings. In addition, the Committee has had continuous communication and discussions around revaluation matters.
With regard to standard investments valued at less than EUR 75m and non-standard investments valued at less than EUR 25m, and provided such investments do not require the Swedish Financial Supervisory Authority’s approval, the Investment Committee may delegate decision-making authority to the Company’s Management Investment Committee which is composed of employed executives.
Chairman of the Board
Ingrid Bonde was re-elected as Chair of the Board of Hoist Finance by the AGM held on 14 May 2020. Ingrid Bonde has served in this capacity since 16 November 2014.
The Chairman of the Board leads the Board’s work and oversees the fulfilment of its duties and has a specific responsibility for ensuring that the Board’s work is well-organised, efficiently run and aligned with operational developments. The Chairman of the Board verifies that Board decisions are effectively executed, ensures that the Board’s work is evaluated annually and that the Nomination Committee is informed of the evaluation results. The purpose of the evaluation is to gain an understanding of the Board members’ views on the Board’s performance and the measures that can be taken to make the Board’s work more efficient.
The Chairman’s particular duties are to:
- In consultation with the CEO, decide the matters to be considered by the Board, prepare meeting agendas and issue meeting notices when needed
- Organise and lead the Board’s work, while overseeing that the Board addresses those matters that rest with the Board pursuant to law, the Articles of Association and the Swedish Corporate Governance Code
- Serve as the Board’s spokesperson towards Hoist Finance’s shareholders; and
- Ensure that the CEO provides sufficient information for Board decisions and oversee that Board decisions are executed.
In accordance with the Board’s rules of procedure, the Chairman of the Board initiates an evaluation of the Board’s performance once per year. For the 2020 evaluation all Board members were able to give their views during individual meetings between the Chairman of the Board and the Board members, on issues including working methods, Board meetings, work performed by the Board and management during the year, and Board and management structure. The purpose of the evaluation is to gain an understanding of the Board members’ views on the Board’s performance and the measures that can be taken to make the Board’s work more efficient. The purpose is also to gain an understanding of the type of issues the Board believes should be given more attention and the areas that may require additional Board expertise. The result of the evaluation was shared with the board members and the nomination committee.
CEO and Executive Management Team
The CEO is appointed by the Board and runs the business in accordance with instructions adopted by the Board. The CEO is responsible for the Company and the Group’s day-to-day administration pursuant to the Companies Act. The CEO also works with the Chairman of the Board to decide on matters that will be addressed at each Board meeting. The Board adopts instructions for the CEO each year and evaluates the CEO’s duties on a regular basis.
Klaus-Anders Nysteen is the Company’s CEO and was appointed 15 March 2018. For additional information on the CEO and the CEO’s shareholdings, see the section on the Company’s Board and Executive Management Team on the Company’s website, www.hoistfinance.com.
The Company’s CEO is head of the Executive Management Team, which meets regularly and under the structure set by the CEO. In addition to the CEO, the Executive Management Team is composed of members appointed by the CEO. The Executive Management Team’s role is to prepare and implement strategies, manage corporate governance and organisational issues and monitor the Company’s financial performance.
The CEO is responsible for ensuring that Board members receive information and essential decision-making material, and for presenting reports and proposals at Board meetings on issues dealt with by the Company. The CEO keeps the Board and Chairman updated on the Company and the Group’s financial position and performance. The CEO’s work is evaluated by the Board on a continuous basis.
The CEO’s main duties include:
- Assuming responsibility for the financial reporting by ensuring that it is carried out in accordance with applicable law and that assets are managed prudently
- Managing and coordinating Group companies in accordance with the Board’s guidelines and instructions; and
- Ensuring that Board resolutions are executed and keeping the Board updated on the performance of the Company and the Group’s operations, earnings and financial position.
Executive Management Team
For information on the Executive Management Team, see the section on the Company’s Board and Executive Management Team and the Company’s website, www.hoistfinance.com.
See Note 9 “Personnel expenses” for details on the remuneration of the CEO and Executive Management Team.
The Company has set up a Business Sustainability and Ethics Committee composed of i.a. the CEO, the Head of Sustainability, the Head of Compliance and certain other Company managers that the CEO nominates. The Company’s CSR policy is applied throughout the Group, and in the day-to-day operations measures are taken to achieve both Group wide and local goals. The CSR governance structure is composed of a framework for internal governance and control that includes a functional organisational structure with a clear division of responsibilities between management, operations and control functions, as well as principles, policies and processes. To further support policy application and relevance, each policy is assigned to a “document owner” – often the person responsible for the policy’s specific area. The Executive Management Team is responsible for the CSR strategy, while the Chief Retail Banking and Business Development Officer has had overall responsibility for implementation of the strategy during 2020. Day-to-day responsibility for the achievement of individual targets rests with each relevant manager.
The Company’s ethical guidelines, composed of an umbrella document and several ancillary documents, are designed to be applied by both employees and partners. The umbrella document specifies fundamental values and principles and provides information on some of the ancillary documents. All employees receive continuous training on ethical issues, and training statistics are monitored on a monthly basis.
The Company’s measures to prevent money laundering and terrorist financing are integrated into core operational processes, and include risk analyses, policies, customer due diligence procedures, monitoring procedures, employee training and transaction monitoring. The Company also has well-established procedures for reporting suspected money laundering to the competent authorities.
The 2020 AGM elected registered public accounting firm Ernst & Young AB as the Company’s auditor for the period until the close of the next AGM. Authorised Public Accountant Daniel Eriksson is Auditor in Charge.
The Board is responsible for ensuring that the Company’s organisation is structured in a way that enables its financial situation to be satisfactorily monitored, and that financial statements, such as interim reports and annual accounts, are prepared in accordance with applicable law, accounting standards and other requirements. Interim reports are initially handled by the Risk and Audit Committee and are then approved by the Board as a whole. The Board of Directors ensures the quality of financial reporting through its Risk and Audit Committee. The Board and the Risk and Audit Committee address not only the Group’s financial statements and material accounting issues, but also issues concerning internal control, compliance, significant uncertainty in carrying amounts, events after the balance sheet date, changes in estimates and assessments, and other conditions affecting the quality of the financial statements. The CEO is responsible for ensuring that the Company’s accounting is prepared in compliance with applicable law and that assets are managed prudently. The Company and the Group prepare accounts each month. The Board and the Executive Management Team continuously receive information on the Company’s and the Group’s financial situation.
To safeguard financial reporting within the Group, monthly reports are issued directly to a joint intergroup accounting system that includes quality controls. Detailed analyses and reconciliations are performed in connection with the periodic reporting. The consolidation process also includes a number of specific reconciliation controls. Hoist Finance has developed internal accounting and reporting guidelines, the “Hoist Finance Financial Framework”.
The Board monitors the Group’s financial performance, ensures the quality of financial reporting and internal control, and follows up and evaluates the operations on a regular basis. Internal reports, such as consolidated financial statements, are regularly prepared and submitted to the Board. An income statement, balance sheet and investment budget are prepared for each financial year and are adopted at the ordinary Board meeting held in December.
Guidelines for remuneration of senior executives, etc.
Guidelines for remuneration to senior executives were adopted by the AGM on 14 May 2020. Remuneration to senior executives shall be on market terms and may consist of the following components; fixed cash salary, variable cash remuneration, pension benefits and other benefits. The remuneration in Hoist Finance shall encourage senior executives to promote the Company’s business strategy, long-term interests and sustainability and a behaviour in line with the Company’s ethical code of conduct and values. The remuneration shall also be structured to enable Hoist Finance to attract, retain and motivate employees who have the requisite skills. The remuneration shall encourage good performance, prudent behaviour and risk-taking aligned with customer and shareholder expectations. Hoist Finance’s business strategy, long-term interests and sustainability work are described on the Company’s webpage, www.hoistfinance.com.
Variable remuneration for senior executives will be paid out based on a long-term incentive program (LTIP) and shall not exceed 100 per cent of the fixed annual cash salary. Variable remuneration is based on various financial and non-financial criteria and is linked to the performance of the Hoist Finance Group and the respective business unit as well as individual targets. It is hence distinctly linked to the business strategy and thereby to the Company’s long-term value creation, including its sustainability.
Variable remuneration takes into account the risks involved in the Company’s operations and is proportional to the Group’s earning capacity, capital requirements, profit/loss and financial position. The payment of variable remuneration must not undermine the Group’s long-term interests and is contingent upon the recipient’s compliance with internal rules and procedures. Variable remuneration is not paid to a senior executive who has participated in or been responsible for any action resulting in significant financial loss for the Group or the relevant business unit.
For senior executives, payment of 60 per cent of the variable remuneration is deferred for a period of at least three years. Variable remuneration, including deferred remuneration, is only paid to the extent warranted by the Group’s financial situation and the performance of the Group and the relevant business unit, and the senior executive’s achievements.
Pension and insurance are offered pursuant to national laws, regulations and market practices and are structured as collective agreements, company-specific plans or a combination of the two. Hoist Finance has defined-contribution pension plans. A few senior executives receive gross salary, in these instances, the Company does not make pension contributions. The Remuneration guidelines are presented in their entirety in Note 9 “Personnel expenses”. The Board’s proposed new guidelines for 2021 are presented in the Administration Report. Information on salaries and other remuneration to senior executives is presented in Note 9 “Personnel expenses”.
Internal control over financial reporting
Internal governance and control
The internal governance and control process is governed by law and regulations and is supervised by the Board. In Sweden, where the Company has its registered office, internal governance and control are regulated primarily by the Companies Act, Banking and Financing Business Act, the Swedish Financial Supervisory Authority’s regulations and guidelines, the Corporate Governance Code, and stock exchange regulations.
Hoist Finance has an internal governance and control framework aimed at creating the environment necessary to enable the entire organisation to promote effective, high quality corporate governance by providing clear definitions, assignments of roles and responsibilities and Group-wide tools and procedures.
Hoist Finance applies the COSO model for internal control over financial reporting.
COSO focuses on developing a framework that can be used directly by a Company’s management team to evaluate and improve risk management in three inter-related areas; enterprise risk management (ERM), internal control and fraud deterrence.
Roles and responsibilities
The Board is ultimately responsible for limiting and overseeing Hoist Finance’s risk exposure. The Board and the Risk and Audit Committee are responsible for establishing the main rules and guidelines for internal control.
The Risk and Audit Committee assists the Board by continuously monitoring the risks that may affect financial reporting and by adopting manuals, policies and accounting policies. The Risk and Audit Committee interacts directly with the external auditors.
The CEO is responsible for the effective design and implementation of internal control within the Group. The CFO is responsible for the design, implementation and correct application of the internal control framework at a central level. Local management is responsible for the design, implementation and correct application at a local level.
Hoist Finance’s roles and responsibilities with respect to internal control and risk management are structured in three lines of defence. These three lines of defence jointly form the internal control framework, which is designed to develop and maintain systems that ensure:
- Effective and efficient business operations
- Satisfactory risk control
- Business management
- Reliable reporting of financial and non-financial information (internally and externally); and
- Compliance with laws, regulations, supervisory authority requirements and internal policies and procedures.
Areas of responsibility
Risk Control function
The Risk Control function is responsible for providing relevant and independent analyses, advice and expert opinions on the Company’s risks. It is also responsible for the ongoing evaluation and development of the Company’s risk management framework to ensure its functionality. This involves:
- Verifying that all material risks that the Company is exposed to are identified, analysed and managed by the appropriate functions.
- Identifying and reporting on risks arising from deficiencies in the Company’s risk management. Providing recommendations for correcting deficiencies and thereby avoiding or minimising these risks in the future.
- Providing information, analyses and advice on the Company’s risks to the Board and CEO on a regular basis.
- Providing all relevant information that may constitute decision-making material when the Company develops or changes its risk strategy and risk appetite, as well as evaluating proposed risk strategies and providing recommendations before decisions are made.
- Evaluating whether company proposals or decisions that may give rise to a significant increase in risk are compatible with the Company’s risk appetite.
- Identifying, verifying and reporting risks of error in the Company’s estimates and assumptions that form the basis of the financial statements.
- Evaluating risks prior to company decisions on new or substantially changed products, services, markets, processes or IT systems and in the event of major changes to the Company’s operations and organisation, and evaluating the anticipated impact on the Company’s aggregate risk.
The Compliance function is responsible for supporting the Company’s compliance with all legal, regulatory and other requirements for its licensed operations. This involves:
- Identifying risks of the Company failing to comply with its legal, regulatory and other duties with respect to its licensed operations, and monitoring and verifying that these risks are managed by the relevant functions.
- Overseeing and monitoring compliance with laws, regulations and other rules, as well as with relevant internal regulations.
- Reviewing and evaluating the functionality and effectiveness of the Company’s procedures on a regular basis.
- Providing recommendations to relevant persons based on the function’s findings.
- Providing advice and support to the Company’s personnel, CEO and Board regarding the laws, regulations and other rules applicable to the licensed operations, and regarding internal regulations.
- Informing and training relevant persons regarding new or amended regulations.
Ensuring the quality of, and continuously updating, the Company’s internal rules, policies and instructions.
- Verifying that new or substantial changes to products, services, markets, processes and IT systems and major changes to the Company’s operations and organisation comply with legal, regulatory and other requirements applicable to the Company’s licensed operations.
- Advising and reporting to the Board and the CEO on a regular basis.
As from the beginning of 2020, the Company’s Security function is organised as a control function. The Head of Security is responsible for ensuring that security and ICT risks are identified, monitored, managed and reported.
The Security function is supporting the entire Group in managing security and ICT risks and is continuously reporting to the CEO, the Board and the Risk and Audit Committee.
Internal Audit function
The Internal Audit function is responsible for ensuring the independent review and supervision of work performed by the first and second lines of defence. Accordingly, the Internal Audit function follows an updated, risk-based audit plan adopted by the Board, under which it reviews and regularly evaluates:
- Whether the Company’s organisation, governance processes, IT systems, models and procedures are appropriate and effective.
- Whether the Company’s internal control is appropriate and effective and whether the operations are conducted in accordance with the Company’s internal regulations.
- Whether the Company’s internal regulations are adequate and consistent with laws, regulations and other rules.
- The reliability of the Company’s financial reporting, including off-balance sheet commitments.
- The reliability and quality of the work performed within the Company’s various control functions.
- The Company’s risk management based on the adopted risk strategy and risk appetite.
The Internal Audit function also provides recommendations to relevant persons based on the function’s findings, monitors whether the measures are subsequently implemented, and reports to the Board on a regular basis.
Three lines of defence for risk management and internal control
1st line of defence
The first line of defence is comprised of the Board, CEO and business organisation, which are responsible for conducting operations in accordance with the adopted risk exposure, internal control framework and the rules and regulations applicable to Hoist Finance. The first line of defence has a well-functioning governance structure and effective processes to identify, measure, assess, monitor, minimise and report risks.
2nd line of defence
The second line of defence is comprised of the Risk Control function, the Compliance function and the Security function, independent units that monitor and control Hoist Finance’s risks and report independently of each other to the Board and the CEO.
3rd line of defence
The third line of defence is the Internal Audit function that conducts independent audits and reviews and provides the Board with evaluations of Hoist Finance’s internal control and risk management processes.
Internal control process
The Board of Directors has ultimate responsibility for ensuring that internal control operates efficiently. The internal control and risk management systems for financial reporting are designed to achieve reasonable assurance regarding the reliability of external financial reporting and to ensure that the financial statements are prepared in compliance with generally accepted accounting policies, applicable laws and regulations and other requirements for listed companies.
Hoist Finance’s internal control process follows the COSO model, which is based on the following components
- Control environment
- Risk assessment
- Control activities
- Information & Communication; and
The control environment is the foundation of the Company’s system for internal control of financial reporting. The control environment is primarily based on the corporate culture and the values that have been established by the Board of Directors and the Executive Management Team, as well as the organisational structure with distinct authorities and responsibilities. Policies and instructions are documented and evaluated continuously. These steering documents, and well-conceived process descriptions, are made available to the relevant personnel.
The risk assessment includes processes for identifying, analysing and evaluating risks arising in financial reporting. This component assesses and prioritises the areas that each business area believes to be the most relevant in the Company, based on a risk analysis. This risk analysis takes into account both the probability and consequence of a risk materialising. The risk analysis is conducted regularly at Group level to identify and create an understanding of the risks arising in the Group, in terms of both materiality and complexity. The risk analysis is then used as the starting point for determining the areas that are to be assigned priority and how the risks in these areas are to be limited and managed.
Control activities are the activities designed to limit the risks and ensure the reliability of the Company’s organisation. The main purpose of the control activities, which can be of both a manual and automated character, is to uncover and prevent errors and thereby assure the quality of financial reporting. Examples of control activities include authorisation manuals, payment instructions, payment vouchers, reconciliations, business performance reviews, general IT controls and division of responsibilities. Control activities exist at both subsidiary and Group level.
Information & Communication is both an internal tool to strengthen the internal control environment and a process to ensure that correct information is identified, collected and communicated in a manner and within a timeframe that allows the organisation to carry out its duties. Policies and instructions have been adopted and the Company’s financial manual (Hoist Finance Financial Framework) includes instructions and guidance for accounting and financial reporting. The policies, instructions and financial manual are updated continuously and are available to the entire organisation. Regular meetings are also held with accounting staff and local Heads of Finance to provide information on new or updated rules and regulations applicable to Hoist Finance, and on internal control responsibility. The Group’s intranet is another important communication channel. The Board also receives information regarding risk management, internal controls and financial reporting from the control functions and the Risk and Audit Committee. A Communication Policy has been established to ensure that the information disclosed externally is correct and complete. The Company has further established a Disclosure Committee which takes decisions regarding disclosure of information to the capital market.
Monitoring occurs at all levels in the Group. The Company regularly evaluates the internal control of financial reporting. Work on the internal control is reported to the Board of Directors and the Risk and Audit Committee. This reporting forms the foundation for the Board’s evaluation and assessment of the efficiency of the internal control of financial reporting and also constitutes a basis for decisions about potential improvement measures. The Company has an incident reporting procedure in place, under which incidents are reported and analysed and actions taken to reduce risks as far as is economically justifiable. The Company also has an internal whistleblowing procedure through which employees can report suspicions of improprieties in the organisation. Such reporting can be done anonymously.
Financial reporting competencies
The quality of financial reporting is largely controlled by the organisation’s expertise in accounting matters and the way in which the Finance, Accounting and Treasury functions are staffed and organised. The Executive Management Team is continuously involved in ongoing financial reporting and therefore always has insight into the preparation of financial information. The Finance function is organised and staffed based on the need to ensure that the Group maintains high accounting standards and complies with accounting laws, regulations and standards. The Executive Management Team works actively to ensure that the Group has employees with the necessary expertise in all key positions and that there are procedures in place to ensure that employees have the requisite knowledge and skills.