Internal control

 

Internal control refers to all activities that ensure that Mandatum Group’s business activities are carried out towards the desired targets in accordance with desired policies and practices and in compliance with applicable legal and regulatory requirements. Accordingly, the tasks of internal control are performed by different actors within the organisation, starting from the top management.

In addition to managing business-related risks, Mandatum Group’s internal control system also encompasses the management of operational and compliance risks. Internal control is a process comprising tasks and functions with the aim of providing reasonable assurance of the achievement of the organisation’s objectives related to operations, reporting and compliance. The internal control model applied in Mandatum Group is based on two specific frameworks: the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control – Integrated Framework and the three lines model of The Institute of Internal Auditors (IIA).

In order to ensure the proper running of operations, Mandatum plc’s Board of Directors has approved Group-level policies and guidelines concerning Mandatum Group’s corporate governance, financial target setting, remuneration, risk management, compliance, reporting and internal audit in conformity with and supplementing the existing legal and regulatory frameworks. With the policies and guidelines, Mandatum plc’s Board directs the Group’s activities towards desired practices and, with appropriate control mechanisms provided by the policies, ensures that potential deviations are discovered without undue delay.

 

Financial reporting

 

Mandatum Group’s financial reporting process aims to ensure that the executive management have timely and reliable information to support their decision-making and that also external stakeholders can rely on the financial information provided to them.

To ensure reliable reporting, the databases used for reporting are reconciled monthly, and the efficiency and accuracy of the process are further supported by a number of systems and analytical tools. Mandatum’s group-level financial reporting is organised under the Management Accounting and External Accounting units operating under the Group Chief Financial Officer. The Management Accounting unit is responsible for preparing and monitoring the Group’s and parent company’s strategic targets and forecasts and for monthly earnings monitoring and reporting.

The role of External Accounting is to produce the monthly income statements and balance sheets of Mandatum Group’s most significant subsidiaries for tax calculations in accordance with Finnish accounting standards (Finnish GAAP). External Accounting is also responsible for preparing Mandatum Group’s interim reports and financial statements in accordance with International Financial Reporting Standards (IFRS).

 

Mandatum’s financial reporting process

Mandatum’s Group-level financial reporting is organised under the Management Accounting and External Accounting units operating under the Group Chief Financial Officer. The Management Accounting unit is responsible for preparing and monitoring the Group’s and parent company’s strategic targets and forecasts and for monthly earnings monitoring and reporting.

 

Risk management

 

The Board of Directors of Mandatum plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board establishes both the Group-level risk management policies and the remuneration principles closely connected with them and provides guidance on risk management and internal control for the business areas. The Audit Committee of the Board of Directors is responsible for preparing Mandatum Group’s Risk Management Policy. The Remuneration Committee of the Board of Directors is responsible for preparing the remuneration principles, which are closely connected to risk management. Working within the framework of these principles and guidelines, the subsidiaries tailor their risk management practices to take account of the special features of their respective business activities.

The Board makes decisions on business strategy, performance targets and overall guidelines regarding risk-taking and capital management.

The goal of risk management in Mandatum plc and all its subsidiaries is to ensure a stable and well-understood risk management culture in each company and to ensure that risks are identified, assessed, managed, monitored and reported and that the actions are in the correct proportion related to the risks’ effect on short-term and long-term financial results. Moreover, the company regularly assesses its own risk and solvency position with the aim of ensuring that Group companies have adequate buffers for the capital requirements set by the authorities and that they also maintain operational capabilities also under financial turmoil. The company’s Board of Directors steers the preparation of this risk and solvency assessment. Successful risk management supports the general efficiency, safety and continuity of operations and secures Mandatum’s reputation and reliability in the eyes of customers and stakeholders.

In Mandatum Group, the risk management function is part of the second line in accordance with the company’s internal control principles. The main task of the risk management function is to ensure that the Group has a functional, efficient and highquality risk management process and to attend to its maintenance and development. A central method for this is to support the business units in risk management. The risk management function also conducts threat and risk analyses based on a risk register created on the basis of identified risks, and compiles and disclosure reports on the Group’s risk position and level as a whole, making proposals for actions based on it.

In order to ensure the achievement of the objectives set for risk management, Mandatum Group has a separate Risk Management Committee structure (see figure on right). Both business unit representatives (first line) and representatives of the risk management and compliance functions are represented on the committees. Different risk areas are discussed in dedicated committees to ensure a sufficiently comprehensive review of risks. The Group CEO acts as the Chair of Mandatum Group’s Risk Management Committee, and other members of the Group Management Team are also represented. The risk management function facilitates the practical arrangements of this committee.

 

 

Risk Management Process

 

More information is available in Mandatum Group’s risk management policy.

More detailed information on Mandatum’s risk management is available in the notes to Mandatum's financial statements.

 

Mandatum Group’s risk management governance framework

Compliance

 

At Mandatum, compliance is at the core of all activities and the responsibility of each Mandatum employee. The purpose of the separate compliance function is to support business activities, ensuring the compliance with applicable regulations and ethically sustainable conduct in all Group operations.

The starting point of Mandatum Group’s compliance principles approved by Mandatum plc’s Board of Directors is that compliance with norms is an established part of Mandatum’s corporate culture, and the principles ensure that compliance activities are properly organised and that Mandatum is capable of responding to the changing requirements of the business environment. In addition to public compliance principles, the Boards of the Group companies have approved an internal compliance policy concerning the arranging of the compliance function and its responsibilities in Mandatum Group.

The independent second-line compliance function is part of Mandatum’s corporate governance and risk management system and internal control. The compliance function supports Mandatum’s Boards of Directors, Audit Committee and management, ensuring that Mandatum Group companies have the necessary internal guidelines, processes, resources and tools to comply with binding laws, regulations and guidelines. The compliance function is also involved in identifying the organisation’s risks by assessing compliance risks. 

Further information is available in Mandatum Group’s compliance principles.

 

See also: Internal audit

See also: Insider administration and related party transactions