Internal control

 

Internal control within Mandatum Group is a framework that ensures that the business is conducted in a planned and responsible manner and in compliance with applicable laws and regulatory requirements. It is a continuous process that extends to all organisational levels, from senior management to operational units. Internal control ensures that the Group’s activities support its strategic objectives, that risks are identified in a timely manner and that decision-making is based on reliable information.

Mandatum Group’s internal control model is based on two internationally recognised frameworks: the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control – Integrated Framework and the three lines model defined by The Institute of Internal Auditors (IIA). The COSO framework sets out the principles and structures of internal control, while the IIA model clarifies the responsibilities and roles in risk management and control. Together, these frameworks ensure that internal control is systematic, comprehensive and effective.

The key objectives of internal control are to:

• ensure the reliability and efficiency of operations
• ensure the accuracy and transparency of reporting
• ensure compliance with laws and regulatory requirements.

In practice, this means that the Group’s governance and processes support its 
strategic objectives, risks are managed proactively and deviations are identified 
without delay. The Board of Directors of Mandatum plc steers operations through the policies and principles it has approved, establishing clear rules for the entire Group. In addition, the Board ensures that the internal control system is sufficiently comprehensive and flexible to respond to changes in the operating environment. Continuous monitoring and reporting of processes support decision-making and enable the swift implementation of corrective measures. This creates a robust foundation for trust from the perspective of both stakeholders and supervisory authorities and ensures that the Group’s operations remain transparent, responsible and sustainable over the long term.

Read more: Principles and Policies

Read more: Code of Conduct

 

Financial reporting

 

Mandatum Group’s financial reporting process aims to ensure that the executive management have timely and reliable information to support their decision-making and that also external stakeholders can rely on the financial information provided to them.

To ensure reliable reporting, the databases used for reporting are reconciled monthly, and the efficiency and accuracy of the process are further supported by a number of systems and analytical tools.

Mandatum’s group-level financial reporting is organised under the Management Accounting and External Accounting units operating under the Group Chief Financial Officer. 

The Management Accounting unit is responsible for preparing and monitoring the Group's and parent company's strategic targets and forecasts and for monthly earnings monitoring and reporting.  

The role of External Accounting is to produce the monthly income statements and balance sheets of Mandatum Group’s most significant subsidiaries for tax calculations in accordance with Finnish accounting standards (Finnish GAAP). External Accounting is also responsible for preparing Mandatum Group’s interim reports and financial statements in accordance with International Financial Reporting Standards (IFRS).

 

Risk management

 

The Board of Directors of Mandatum plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board establishes both the Group-level risk management policies and the remuneration principles closely connected with them and provides guidance on risk management and internal control for the business areas. The Audit Committee of the Board of Directors is responsible for preparing Mandatum Group’s Risk Management Policy. The Remuneration Committee of the Board of Directors is responsible for preparing the remuneration principles, which are closely connected to risk management. Working within the framework of these principles and guidelines, the subsidiaries tailor their risk management practices to take account of the special features of their respective business activities. The Board makes decisions on business strategy, performance targets and overall guidelines regarding risk-taking and capital management.

The goal of risk management in Mandatum plc and all its subsidiaries is to ensure a stable and well-understood risk management culture in each company and to ensure that risks are identified, assessed, managed, monitored and reported and that the actions are in the correct proportion related to the risks’ effect on short-term and long-term financial results. Moreover, the company regularly assesses its own risk and solvency position with the aim of ensuring that Group companies have adequate buffers for the capital requirements set by the authorities and that they also maintain operational capabilities also under financial turmoil. The company’s Board of Directors steers the preparation of this risk and solvency assessment. Successful risk management supports the general efficiency, safety and continuity of operations and secures Mandatum’s reputation and reliability in the eyes of customers and stakeholders.

In Mandatum Group, the risk management function is part of the second line in accordance with the company’s internal control principles. The main task of the risk management function is to ensure that the Group has a functional, efficient and highquality risk management process and to attend to its maintenance and development. A central method for this is to support the business units in risk management. The risk management function also conducts threat and risk analyses based on a risk register created on the basis of identified risks, and compiles and disclosure reports on the Group’s risk position and level as a whole, making proposals for actions based on it.

In order to ensure the achievement of the objectives set for risk management, Mandatum Group has a separate Risk Management Committee structure (see figure on right). Both business unit representatives (first line) and representatives of the risk management and compliance functions are represented on the committees. Different risk areas are discussed in dedicated committees to ensure a sufficiently comprehensive review of risks. The Group CEO acts as the Chair of Mandatum Group’s Risk Management Committee, and other members of the Extended Management Team are also represented. 

 

 

Risk Management Process

 

More information is available in Mandatum Group’s risk management policy.

More detailed information on Mandatum’s risk management is available in the notes to Mandatum's financial statements.

 

Mandatum Group’s risk management governance framework

Compliance

 

At Mandatum, compliance is at the core of all activities and the responsibility of each employee. The purpose of the separate compliance function is to support business activities, ensuring the compliance with applicable regulations and ethically sustainable conduct in all Group operations.

The independent second-line compliance function is part of Mandatum’s governance and risk management framework as well as internal control system. The function supports Mandatum’s Boards of Directors and management, ensuring that Mandatum Group companies have the necessary internal guidelines, processes, resources and tools to comply with binding laws, 
regulations and guidelines. In addition, the function supports the first line in identifying compliance risks and independently assesses these risks. The function also includes the Mandatum Group’s Data Protection Officer and the Group AML Compliance Officer. The Data Protection Officer independently monitors and oversees compliance with data-protection regulations within the Mandatum Group companies. The Group AML Compliance Officer ensures that the company’s principles, procedures, and controls comply with AML/CTF regulation and internal guidelines. The compliance function, the Data Protection Officer, and the AML Compliance Officer report regularly on compliance matters to the Boards and management of the Mandatum Group companies. The Boards of the Group companies have adopted an internal Compliance Policy governing the organisation and responsibilities of the function within the Mandatum Group.

The compliance function must be organised in an appropriate manner that enables Mandatum to respond to the evolving requirements of its business environment. The function employs individuals who are subject to applicable fitness and propriety requirements and who possess the competence necessary to reliably carry out their duties. The remuneration of the function’s personnel may not be based on the performance of the business units they oversee. Management is responsible for ensuring that the compliance function has adequate resources to carry out its statutory and regulatory duties. The function is also entitled to obtain all information and documentation necessary to perform its work. 

All employees must comply with applicable rules and foster a culture of compliance, supported by training provided by the compliance function.

See also: Internal audit

See also: Insider administration and related party transactions