Risk management

Hoist Finance's core business is to acquire and manage loan portfolios, which is why we are actively exposed to credit risk. Being a regulated company under supervision from the Swedish Financial Supervisory Authority (SFSA) puts further emphasis on a solid understanding and management of all the risks facing the company. 

The risk management framework  

Risk management at Hoist Finance aims to:  

  • Increase awarness around the company’s complete risk picture through identification, analysis, measurement, control and reporting of risks.
  • Facilitate and ensure sound and safe develpment of the business.
  • Secure the company’s survival by maintaining adequate capital and liquidity levels. 

This creates and maintains confidence in Hoist Finance among our stakeholders, thereby enabling sustainable shareholder value. 

To fulfil these goals, the Board of Directors has adopted policies and strategies for the management, analysis, control and reporting of risks in day-to-day operations, which together comprises a risk management framework. 

Hoist Finance’s core business and risk strategy is to generate returns through controlled exposure to credit risk in the form of acquired loan portfolios. Therefore, we actively pursue this type of credit risk. Other types of risk, such as operational risk and market risk, are undesirable but sometimes unavoidable. However, these risks are minimised as far as is economically justifiable.  

Woman headset computer

Risk capacity, which consists of the capital and liquidity buffers in place, is set in order to ensure the survival of the company. Capital risk capacity is the difference between actual capital levels and regulatory minimum levels and demonstrates the capacity to absorb losses before critical levels are reached. Liquidity risk capacity is the scale of the liquidity outflow Hoist Finance can accommodate without breaching regulatory minimum requirements.  

The Board of Directors determines our risk appetite within the available risk capacity. By weighing potential returns against potential risks, the Board decides on an appropriate risk and return level for Hoist Finance. Our risk appetite then provides the basis for business decisions and risk limits, which are applied in day-to-day business activities and in risk monitoring. Continuous monitoring performed by the Group’s Risk Control function ensures we do not assume any risks that exceed the established risk appetite, risk capacity or limits. 

Three lines of defence 

Hoist Finance’s risk management is built around a sound risk culture; an efficient operating structure governed by policies and guidelines and transparent reporting and monitoring. The Board of Directors’ risk management policy stipulates the framework, roles and responsibilities for risk management and the guidelines for ensuring that there is adequate capital and liquidity to withstand economic adversity. 

Hoist Finance’s risk management allocates roles and responsibilities in accordance with three lines of defence, described in the Corporate Governance Report. 

Risk culture 

We have a deep insight and understanding of why a sound risk culture is essential for efficient risk management. Therefore, structured efforts are taken to support and promote a sound risk culture within Hoist Finance. We define a sound risk culture as: 

  • Transparencywhere information is shared as far as possible and all communication and feedback is clear, concise and constructive. 
  • Teamworkwhere the atmosphere is open and it is easy to share and learn from experience, both from successes and from failures. 
  • Balance between risk/rewardwhere all decisions and considerations take into account both the risk and the reward that the decision entails. We believe that constructive discussions on risk and reward are essential for sophisticated decision-making on business opportunities. 
  • Sound incident managementwhere incidents are reported, analysed and actions taken to mitigate risks as far as economically justifiable; and where a sound and formative risk culture promotes learning from mistakes to continuously improve. 

Promoting a balanced risk culture is a long-term and continuous endeavour that permeates everything that we do. Internal rules, remuneration systems, incentives, ethical guidelines, formal educational initiatives and other governing mechanisms within the company are designed to ensure that the risk culture develops in a positive direction. We strive to improve the risk culture further and have initiated work to broaden the risk management to ensure inclusion of risks outside the traditional risk types for a bank. These risks include e.g. climate change and lack of social inclusion. This work is done in close collaboration with our Sustainability team and via active participation in the Business Ethics and Sustainability Committee.  

Security Management 

The focus in security management at Hoist Finance is to protect our customer data and business sensitive information. This is because we do not only need to adhere to regulatory requirements, but also given our business model we hold a lot of sensitive data that needs to be protected from external cyber-attacks. This means that we need agile processes and tools in place that can protect, detect and react to new upcoming cyber threats. Both regulatory and client-based requirements have increased significantly in the past five years and the area is under constant change.

Our Executive Management Team and the Board of Directors are highly involved in the security management work. Our Board of Directors decides on both the Security Strategy and on the Security Policy. These policies and strategies are based on the business strategy, threat intel and risk analysis conducted in the business.

We have functions in all three layers of defense that actively work with security to execute on operational level in the first line, control and measure through the second line and internal audits in the third line.

Table football game

We have started and implemented several security initiatives throughout the year. Among others, we have intensified the work around risk analysis and monitoring of our third parties, created a systematic approach on risk indicators as well as further enhanced the governance and control of the information security work. Furthermore, we have implemented new guidelines set out by the EBA that is relevant for our area of responsibility. We have a management system for the information security work that includes documented security requirements, for example how we classify information, how we technically must protect data within different classification levels, requirements on physical security and encryption of data.

Last year we created a training and awareness plan for the company. This year we implemented the plan and started measuring the results. The plan contains requirements on training in the field of information security for new employees but also on extended training for existing staff and more enhanced training for staff within ICT. For example, several key-functions within the ICT organization has conducted a Certified Information Security Manager (CISM) training. This is to further enhance the awareness level in the first line.  

We want to take an active role in safeguarding our business and customers and to contribute to a stable and secured financial market.  


The conditions for cross-border trade in financial services to and from the UK as a consequence of Brexit are still uncertain. During the year Hoist Finance has continoulsy followed the process and evaluated the effects this will have on the Group and the direct and indirect impact of these effects on our operations. The areas that were analysed include legal structure, operational consequences, risk exposure, personal data management, funding, existing third-party agreements, and IT systems. The Brexit issue has been taken into account in the Group’s strategy work and our preparation of business plans and decisions. The UK is an important part of Hoist Finance’s operations. A sharp economic downturn as a result of Brexit would most likely impact the Group’s collections on current portfolios.

Climate change risk assessment 

Climate change has an impact on the economy in general, on a more specific note it affects collateral values. The level of investments in portfolios secured by real estate increases and Hoist Finance is placing greater focus on monitoring our collateral, including effects from environmental/climate change risks.  This serves both to protect Hoist Finance against unforeseen deterioration in collateral asset quality and to ensure we are able to assess whether environmental factors pose any risk to our customers. 

Risk exposure

The risks to which Hoist Finance is exposed can be divided into two groups: strategic risks relating to Hoist Finance in the context of its macro environment, and business-related risks which are more linked to Hoist Finance’s financial and operational activities. 

Strategic Risks

Risk type Risk profile Risk management 
The risk of increased competition in purchasing  loan portfolios or in offering savings accounts to the public could result in lower earnings for Hoist Finance.   
As regards the purchasing of loan portfolios, Hoist Finance operates in ten countries within Europe and offers savings accounts in Sweden and Germany.  Hoist Finance strives to be competitive through a good geographic footprint, a well-diversified portfolio, efficient operations and a low cost of funding.
Regulatory framework  
The risk of new regulations negatively impacting Hoist Finance’s business model or otherwise adversely affecting earnings.   

As a credit market company, Hoist Finance is regulated by the Swedish FSA and subject to Swedish banking regulation, furthermore Hoist Finance is subject to applicable European banking regulations and changes hereof.

Hoist Finance has a compliance function that works internationally across the jurisdictions in which the company operates. Forthcoming regulations are continuously monitored and subjected to risk analysis. Hoist Finance actively participates in dialogue with the regulator and makes statements on proposed regulatory frameworks.  
The risk that new or substantially altered products have not been properly assessed from a VAT or income tax perspective. The risk that appropriate processes are not in place, resulting in improper management of income tax and VAT. The risk that Hoist Finance will take over unknown tax liabilities in acquired companies.  
Given that Hoist Finance operates in a large number of jurisdictions in Europe, tax issues are relatively  complex.  A high degree of complexity entails a risk that misinterpretations may have arisen.  There is ongoing work to ensure a sustainable structure includes analysing new tax rules and their impact on Hoist Finance corporate structure.  Hoist Finance also works continuously to ensure that the Group has the necessary processes in place and the expertise required to identify tax risks and clarify roles and responsibilities regarding income tax and VAT. 

Business-related financial risks 

Risk type Risk profile Risk management
Credit risk
The risk of loss arising from a customer’s failure to repay principal or interest or otherwise meet a contractual obligation.
Credit risk refers mainly to acquired NPL portfolios and the risk that collection on these will be lower than forecasted. Credit risk also includes the risk of credit losses on acquired performing loans. Other credit risk exposures are: (i) cash deposits with banks; (ii) investments in interest bearing instruments; and (iii) counterparty risk related to hedging FX and interest-rate risk.Credit risk in acquired loan portfolios is monitored, analysed and managed by the management in each country, and by the Group’s Business Control unit. Other credit risks are analysed and managed by the Group’s Treasury function. The Risk Control function analyses and monitors all credit risk exposures.
Market risk
The risk arising from adverse movements in foreign exchange rates and interest rates.
The main FX risks arise from the fact that the loan portfolios (the assets) are denominated in EUR, PLN and GBP, while the reporting currency is SEK and the majority of liabilities are denominated in SEK. Interest-rate movements have an effect on net interest income.Market risks are hedged continuously by the Group Treasury function and are independently analysed by the Group’s Risk Control function.
Liquidity risk
The risk of difficulties in obtaining funding, and thus being unable to meet payment obligations when they fall due, without a significant increase in the cost of obtaining means of payment.
Liquidity risk is linked primarily to deposits from the public and the risk of large withdrawals occurring at short notice. Furthermore, increased requirements for funds pledged as collateral for derivative positions, and refinancing risk associated with existing market funding, could potentially impact liquidity in a negative way.The Group has a significant liquidity reserve to cover potential outflows of liquidity. Hoist Finance also works pro-actively to diversify the number of funding sources.
Operational risk
The risk of loss resulting from inadequate or failed internal processes, people, IT-systems or from external events including legal and compliance risk.
Operational risk is present across our operations and come in many forms. Common examples are to failure in our processes due to issues with our IT-systems or lack of or erroneous data to perform tasks.

The operational risk framework is implemented to analyse, control, report and mitigate operational risks Hoist Finance is exposed to. During 2020 confirmation has been received that Hoist Finance has good capacity to handle a crisis and adopt the way of working to deal with unexpected changes.

Additional and more detailed information about Hoist Finance’s risk management is presented in the Administration Report, Note 33 and in Hoist Finance’s Pillar 3 report. This also includes quantitative risk measurements. 

This website uses cookies to provide the best possible user experience. If you continue without making any changes you allow this. Read more about cookies here

- Annual Report 2020 -
- Årsredovisning 2020 -