Risk and Risk Management
Risk management within Intrum shall comprise effective analysis and monitoring of significant risks in the operations.
Proactive and effective risk management
Within Intrum, Risk Management shall comprise proper analysis, effective handling and continuous monitoring of significant risks in all aspects of its operations.
Our ability to prevent and manage risks is crucial for effective governance and control, and thus also for the company’s opportunities to generate profitability and value. A key prerequisite for being able to manage risks in a balanced way, the risks must first be identified, reported, analysed and reviewed. In recent years, we have worked purposefully to strengthen both the organisation and the risk management process.
Intrum’s risk framework
Our risk management shall support the business operations, maintain a high level of quality to ensure risks are kept under control, safeguard the company’s survival and limit the volatility of Intrum’s financial development. Risk control serves as protection safeguarding the company’s value, where the ability to assess and manage price risks regarding new transactions, for example, combined with monitoring the development of the investment portfolio is of great importance. This builds on an ongoing internal dialogue about the risks generated by the operations and the resources necessary to counteract them.
Intrum continuously works to identify, assess, mitigate and monitor the risks to which the Group is or may be exposed. Good internal controls are important, as is a functioning and effective risk framework.
We strive to not expose ourselves to any risks not directly attributable to, or deemed necessary for, our business operations. As part of their regular work, all employees are responsible for managing the company’s risks. Continuous information and training on the risks inherent in the operations form an important part of Intrum’s internal processes. We also have a documented process for risk analysis and for approving new or significantly altered products, services, markets, acquisitions, processes and IT systems and in connection with major changes in the company’s organisation and operations.
Intrum’s risk strategy details the management and assessment of the risks to which its operations are, or may be, exposed. The strategy comprises:
- clear and documented internal procedures and controls,
- an appropriate organisational structure with clearly defined and documented roles and authorisations,
- documented decision-making procedures,
- risk assessment methods and systems support tailored to the needs, complexity and scope of the operations,
- control of the company’s compliance with laws and other regulations applicable to the company’s operations,
- adequate resources and skills to achieve the desired quality in both business and control activities,
- regular incident reporting in operations,
- documented and disseminated contingency and business continuity plans.
Our risk strategy follows a clear division of roles and responsibilities according to the three lines of defence model where risk management and control activities are separated and divided between business operations, risk control and compliance, and the internal audit.
Control of risk management and compliance
Our risk management follows the division of roles and responsibilities according to the three lines of the defence model. Identified risks have been classified and balanced in relation to the business objectives, after which acceptable risk levels have been established in Intrum’s Risk Appetite and Strategy Policy.
Board of Directors
• Sets “the tone from the top”
• Establishes risk appetite and strategy
Intrum's CEO executes the strategy set by the Board
Audit and Risk Committee
Internal Audit has direct report to the ARC. CRO and Compliance have dotted line reporting to the ARC.
Risk management – three lines of defence
Risk Management - Governance: Business lines, global functions; Reports to CEOResponsibility
• Full ownership of Day-to-Day business, e.g. Intrum´s Operational Management, also including management of risks, processes and controls.
• Risk owners with the mandate and budget to handle risks, incl. responsibility for compliance with applicable laws and internal rules.
• Ultimate decision makers on how to handle risks (e.g. by mitigating or accept the risk).
• Reports on risk management and internal control, e.g. by financial reporting.
• Conduct the business to meet the objectives of Intrum, in line with Global Internal Rules.
Risk and Compliance - Governance: Independent from first line; Reports to the CRO, with dotted line to the Board of Directors; Control and monitor business operations and global functions by e.g. providing independent reports to Group Management and the Board; Provide recommendations only, not risk owners.Responsibility
• Areas: compliance control, risk control of investment, information security and operational risks
• Define mandates, guidelines and limits to keep the business within the risk appetite.
• Support business and global functions e.g. by identifying and quantifying risks.
• Control and evaluate if routines and measures to minimise risks are sufficient and appropriate
• Modelling, aggregation and analysis of overall risk profile.
• Coordinators of Global Internal Rules, but not owners of all rules
Group Internal audit - Governance: Internal Audit is a group-wide function; Reports directly to the Audit & Risk Committee; Independent from first and second lineResponsibility
• Risk based, independent assurance on governance, risk management and control processes.
• Identifies through independent assessment strategic, operational and financial weaknesses in first and second line of defense.
Intrum’s risk appetite is expressed in, among other things, policies, instructions and guidelines established for the operations. Intrum defines risk as all factors which could have a negative impact on the ability of Intrum to achieve its business objectives. Intrum’s risk appetite is based on the following principles:
- To be able to pursue our strategy, the culture at Intrum shall be such that there is a built-in balance between risk-taking and value generation.
- The risk culture defines how the business operations are to act with acceptable risks, within the limit set by the Board.
- Intrum investment operations entail the greatest inherent risks with a potential impact on the cash flow statement, income statement and balance sheet. It is therefore a central concern in the area of risk, where particular emphasis is placed on both transaction management and reporting throughout the lifetime of any investments.
- We have no appetite for intentional or deliberate violations of regulatory requirements and we should always strive for full compliance with applicable laws and regulations.
- The risk appetite statements form the basis for a continuous dialogue within the management regarding Intrum’s decision-making processes and are integrated into these. They determine what risk levels are appropriate and how Intrum’s business strategy shall be adapted to these.
Find the full description in the Annual and Sustainability Report 2022 (pages 60-66)