Risk Management

General

Anyone considering investing in Euroloan Group Plc is recommended to review all of the risk factors described below. The description contains estimates of the current state and future development of the Group which carry risks and uncertainties. Investors should be aware of these when making their investment decisions. Estimates, risk descriptions and listed uncertainties are prepared by the Group’s Board and management and are based on the information available to the Board and management at the time of preparation.

The Group’s management and Board strive to update relevant changes to the Group’s risks without delay in order to keep the risk description current. If realised, the risks may have a negative impact on the Group’s business operations and financial position and the value of the business operations, decreasing the value of the Group’s issued shares and securities. The Group aims to prevent risk where possible and to minimise the impact of any risks realised within its risk management.

Euroloan applies state-of-the-art corporate risk management models and methodologies as part of its strategic planning, business development and daily operations.

The aim of Euroloan’s risk management process is to limit the total risk exposure of the company to an acceptable level while optimising the risk/return ratio. Due to the nature of Euroloan’s business, particular emphasis is placed on analysing and managing credit risk and on managing total risk exposure. Advanced risk metrics are used in analysis to form an accurate company risk profile.

The company management and the Board of Directors monitor risk exposure.

group_risk_management_framework

Risk management structure

Proper risk management is a working combination of identification, analysis, management, control and supervision of risk, along with the continuous documentation of activities for audit and quality control purposes. The principles for the identification, analysis and management of the main risk areas are linked to the properties of each risk, whereas the control and supervision of each risk is linked to the organisation, authorisation, supervision and responsibilities.

Risk Management is an integral part of the strategic and operational management framework of Euroloan Group.

The risk management is structured based on the separation of responsibilities and duties as described in the “Three lines of defence” table below.

three_lines_of_defence

The following risk management decision-making structure illustrates the Group’s risk management organisation:

risk_management_structure

Board of directors

The Board of Directors of the company is responsible towards the company’s owners (the annual shareholders’ meeting) and regulatory authorities for the entire business of the company. Risk management falls under the responsibility of the Board. The Board has the principal responsibility to ensure that regulations, good corporate governance and sound business practices are followed in all of the Group’s business operations. The Board also sets guidelines and limits for risk management.

CEO

The CEO is responsible for daily operations being carried out in accordance with the instructions and directives issued by the Board of Directors. The Board appoints and discharges the CEO and oversees the CEO’s actions.

The CEO may only take actions which are unusual or sizable considering the size and nature of the company’s business with the permission of the Board. The CEO is responsible for making sure that the accounting methods employed by the company are legal and that financial matters are managed in a reliable way.

In the company’s risk management, the operational management led by the CEO is responsible for the daily operations and activities in the company, without the right to make decisions about risk levels. The operational management has the right to view but not decide upon internal controls and documentation, and is responsible for implementing daily risk management.

Risk management

Risk management is operated by the Risk Management Team, led by the company’s Risk Manager. Decisions regarding risk management and changes to it are prepared by the Risk Management Team, which puts them forward to the Risk Committee appointed by the Board. The Risk Management Team regularly monitors and assesses whether the company’s risk guidelines and instructions are suitable and effective, and assesses what measures need to be taken to address potential deficiencies. Any decisions are made by the Risk Committee or the company’s Board of Directors.

Risk control

The Risk Control function shall analyse and report without delay to the Risk Committee, the Risk Management Team and the company’s operative management and internal audit any significant deviations from set guidelines or limits which may lead to significant changes in the company’s internal risk level. Reporting is done according to an agreed process and is documented in a way that facilitates the control and audit of analysis results.

Internal audit

An internal auditor, who is independent of the operational functions in the company, regularly assesses internal processes, decisions and controls, and reports any findings, along with improvement suggestions, directly to the company’s Board of Directors. Internal audit services may also be provided by a third-party 
provider (audit company), which is independent of the company’s external auditors.

Audit

The company’s external auditors audit the entire business, with complete insight into reporting, decisions made and documentation. The auditors are responsible to the company’s shareholders and regulatory authorities. The external audit is carried out on a continuous basis (i.e. process audit) and for the company’s annual review.