Risk and Risk Management
Intrum defines risk as all factors which could have a negative impact on the ability of the Group to achieve its business objectives.
Risk management within Intrum shall comprise effective management and monitoring of all significant risks in the operations. Risk management shall support the business operations, maintain a high level of quality to ensure risks are kept under control, safeguard the Company’s survival and limit the volatility of Intrum’s financial development. The capacity to protect the Company’s value, where the ability to assess and manage price risks in new transactions while monitoring the development of the investment portfolio, is of great importance. This entails an ongoing dialogue about the risks generated by the operations and the resources necessary to counter the risks.
Intrum shall maintain an organization that identifies, addresses and controls the risks to which the Group is or may be exposed. There shall be satisfactory internal control and a functioning and effective risk framework. Intrum shall be knowledgeable and aware of possible risks to which the Company may be exposed and shall be able to estimate the scope of those risks. There should be an independent risk control function, which should have the requisite competences and authorizations. As part of their regular work, all of Intrum’s employees shall assume responsibility for managing the Company’s risks and the Group shall continuously inform and educate its employees about the risks inherent in the operations.
Intrum shall only expose itself to risks directly attributable to, or deemed necessary for, its business operations. Such risks primarily include credit risk, market risk, business risk, financial risk and operational risk. Intrum shall have a documented process for approving new or significantly altered products, services, markets, processes and IT systems and in connection with major changes in the Company’s organization, IT systems and operations.
Intrum’s risk strategy entails managing and assessing the risks to which its operations are, or may be, exposed by:
- Clear and documented internal procedures and control,
- An appropriate and transparent organizational structure with clearly defined and documented authorizations,
- Up-to-date and documented decision-making processes,
- Risk measurement methods and systems support tailored to the needs, complexity and scope of the operations,
- Adequate resources and skills to achieve the desired quality in both business and control activities,
- Regular incident reporting in operations,
- Documented and disseminated contingency and business continuity plans.
Intrum defines risk as all factors which could have a negative impact on the ability of the Group to achieve its business objectives. Intrum’s risk appetite is based on the following principles:
- To be able to pursue our strategy, the culture at Intrum shall be such that there is a built-in balance between risktaking and value generation.
- The risk culture determines the playing field on which the business operations can act with acceptable risks, within the limit set by the Board. Intrum’s risk appetite is expressed in, among other things, policies, instructions and the guidelines established for the investment operations.
- The risk appetite establishes the basis for an ongoing discussion within management regarding what risk levels are appropriate and how they are to be adjusted to the Group’s business strategy.
- Intrum investment operations entail the greatest inherent risks with a potential impact on the income statement and balance sheet and are therefore a central concern in the area of risk, where particular emphasis is placed on industrializing both transaction management and reporting.
To define the division of responsibilities between the business operations, risk control, compliance and the Internal Audit, Intrum applies the division of roles and responsibilities deriving from the principle of the three lines of defense:
- The first line of defense is the risk-taking part of the organization, which is tasked with managing the dayto- day management of the risks taken in the business operations.
- The second line of defense refers to the risk control and compliance functions (observance of rules). The risk organization shall ensure that there is sufficient risk awareness in the first line and shall play both a supportive and challenging role in the transaction process. Risk control shall also work to provide the business operations with the procedures, systems and tools required to uphold the on-going management of investments. Compliance shall verify that the business operations adhere to legislation and regulations, and shall support the business operations within their area of responsibility. The Chief Risk Officer, CRO, is responsible for the risk organization and compliance. The CRO reports to the President and, on a dotted line basis, to the Board of Directors.
- The third line of defense is the Internal Audit.
More detailed information to be found in Annual Report 2017, Board of Directors' Report (page 39-42) Note 34 Financial risks and financial policy (page 78-80)