Risk and Risk Management
Risk management within Intrum shall comprise effective analysis and monitoring of significant risks in the operations.
Proactive and effective risk management
Our ability to prevent and manage risks is crucial for effective governance and control, and thus also for the Company’s opportunities to generate profitability and value. A key prerequisite for being able to manage risk in a balanced way, the risks must first be identified, analysed, reported and reviewed. In recent years, we have worked purposefully to strengthen both the organisation and the risk management process.
Intrum’s risk framework
Our risk management shall support the business operations, maintain a high level of quality to ensure risks are kept under control, safeguard the Company’s survival and limit the volatility of Intrum’s financial development. Risk control serves as protection safeguarding the Company’s value, where the ability to assess and manage price risks regarding new transactions, for example, combined with monitoring the development of the investment portfolio is of great importance. This builds on an ongoing internal dialogue about the risks generated by the operations and the resources necessary to counteract them.
We continuously strive to identify, mitigate and monitor the risks to which the Group is or may be exposed. Good internal control is important, as is a functioning and effective risk framework.
Intrum strives to expose itself only to risks directly attributable to, or deemed necessary for, our business operations. As part of their regular work, all employees are responsible for managing the Company’s risks. Continuous information and training on the risks inherent in the operations form an important part of Intrum’s internal processes.
We also have a documented process for risk analysis and for approving new or significantly altered products, services, markets, acquisitions, processes and IT systems and in connection with major changes in the Company’s organisation and operations.
Intrum’s risk strategy details the management and assessment of the risks to which its operations are, or may be, exposed. The strategy comprises:
- clear and documented internal procedures and control,
- an appropriate organisational structure with clearly defined and documented roles and authorisations,
- documented decision-making procedures,
- risk assessment methods and systems support tailored to the needs, complexity and scope of the operations,
- control of the Company’s compliance with laws and other regulations applicable to the Company’s operations,
- adequate resources and skills to achieve the desired quality in both business and control activities,
- regular incident reporting in operations,
- documented and disseminated contingency and business continuity plans.
Our risk strategy follows a clear division of roles and responsibilities according to the three lines of defence model and where responsibility is divided between business operations, risk control and compliance, and the internal audit function.
Control of risk management and compliance
Intrum applies the principle of the three lines of defence, a well-established model with clear roles and responsibilities, illustrated below. In accordance with Intrum’s risk policy, identified risks have been classified on the basis of a risk framework, Intrum’s “risk appetite”, which is the level of risk that Intrum considers acceptable in achieving its business objectives.
Board of Director
The Board of Directors is ultimately responsible for the Company’s organisation and for there being appropriate systems and policies in place for managing the risks associated with Intrum’s operations.
Intrum’s CEO is subordinate to the Board and is responsible for executing the risk strategy adopted by the Board of Directors in Intrum’s ongoing management.
Risk management – three lines of defence
The business operations – are responsible for the risks they take. The first line of defence comprises Intrum’s business operations, which are the risk-taking part of the organisation. This entails responsibility for daily risk management and compliance with the Group’s internal and external regulations.
Risk and Compliance – controls risks and compliance The second line of defence comprises the functions for risk control and compliance. Risk control ensures that there is sufficient risk awareness in the first line and shall play both a supportive and challenging role in the transaction process. To strengthen its independence, the Information Security function has been moved from the first line of defence to the Risk and Compliance function in the second line of defence.
Risk control - Also works to provide the business operations with the procedures, systems and tools required to uphold the on-going management of investments.
Compliance - Verifies that the business operations adhere to legislation and regulations, and support the business operations within their area of responsibility. Compliance reports to the Chief Risk Officer (CRO) and has a dotted reporting line to the Board of Directors. The CRO reports to the CEO and also has a dotted reporting line to the Board of Directors.
Internal audit - reports to the Board The internal audit function works completely independently of the operations on behalf of the Board of Directors and reports directly to the Audit Committee. The function carries out risk-based, independent reviews of the first and second lines of defence.
Intrum’s risk appetite is expressed in, among other things, policies, instructions and guidelines established for the operations. Intrum defines risk as all factors which could have a negative impact on the ability of the Group to achieve its business objectives. Intrum’s risk appetite is based on the following principles:
- To be able to pursue our strategy, the culture at Intrum shall be such that there is a built-in balance between risk-taking and value generation.
- The risk culture defines how the business operations are to act with acceptable risks, within the limits set by the Board.
- Intrum’s investment operations entail the greatest inherent risks with a potential impact on the income statement and balance sheet and are therefore a central concern in the area of risk, where particular emphasis is placed on both transaction management and reporting.
- The risk appetite forms the basis for an ongoing dialogue within the management regarding Intrum’s decision-making processes and is integrated into these. It determines what risk levels are appropriate and how the Group’s business strategy are adapted to these.
Find the full description in the Annual and Sustainability Report 2019 (pages 59 - 63)