Risk manage­ment and inter­nal control

Risk manage­ment and inter­nal control

Internal control


Internal control means all activities that ensure that Mandatum Group’s businesses are carried out towards desired targets in accordance with desired policies and practices and in compliance with applicable legal and regulatory requirements. Accordingly, the tasks of internal control are performed by different actors starting from the top management.

In addition to managing business-related risks, Mandatum Group's internal control system also encompasses the management of operational and compliance risks. Internal control is a process comprising tasks and functions with the aim of providing reasonable assurance of the achievement of the organisation's objectives related to operations, reporting and compliance. The internal control model applied in Mandatum Group is based on two specific frameworks: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework and the three lines model of The Institute of Internal Auditors (IIA). 

In order to ensure the proper running of operations, Mandatum plc’s Board has approved Group-level policies and guidelines concerning corporate governance, financial target setting, remuneration, risk management, compliance, reporting and internal audit in conformity with and supplementing the existing legal and regulatory framework. With the policies and guidelines Mandatum plc’s Board directs the Group’s activities towards desired practices and, with appropriate control mechanisms provided by the policies, ensures that potential deviations are discovered without undue delay.


Financial reporting


Mandatum Group’s financial reporting process aims to ensure that the executive management have timely and reliable information supporting their decision-making, and that external stakeholders can also rely on the financial information provided to them. To ensure reliable reporting, the databases used for reporting are reconciled monthly, and the efficiency and accuracy of the process are further supported by a number of systems and analytical tools.


Mandatum’s financial reporting process

Mandatum’s Group-level financial reporting is organised under the Management Accounting and External Accounting units operating under the Group Chief Financial Officer. The Management Accounting unit is responsible for preparing and monitoring the Group’s and parent company’s strategic targets and forecasts and for monthly earnings monitoring and reporting.


Non-financial reporting


Mandatum plc is committed to developing the sustainability activities of the Group, as well as the related reporting, targets and target monitoring in line with the Group’s internal and external stakeholders’ interests and expectations.

Mandatum plc’s Board of Directors has the responsibility for and ultimate oversight of Group level sustainability, covering the entire range of environmental (including climate change), social, and governance (ESG) aspects. The Board has assigned its Audit Committee to monitor Mandatum Group’s sustainability reporting and activities. At Mandatum, various business areas, operational departments, and units are actively involved in the Group’s sustainability endeavours and reporting. Mandatum Group’s Communications unit is responsible for developing and coordinating sustainability work and reporting. 

Mandatum Group’s Sustainability Report is prepared in accordance with the EU’s  Non-Financial Reporting Directive (NFRD). From 2024 onwards, Mandatum will prepare a sustainability report in accordance with the EU’s new Corporate Sustainability Reporting Directive (CSRD). Mandatum Group’s Sustainability Report is published annually as soon as possible after the publication of the Report of the Board of Directors and Financial Statements. The Sustainability Report 2023 for the period 1 January to 31 December 2023 will be published in April 2024.


Risk management


The Board of Directors of Mandatum plc is responsible for ensuring that the Group’s risks are properly managed and controlled. The Board establishes both the risk management policies and closely connected remuneration principles and provides guidance on the risk management governance structure and internal control in the business areas. The Audit Committee of the Board of Directors is responsible for preparing Mandatum Group’s risk management policy. The Remuneration Committee of the Board of Directors is responsible for preparing the remuneration principles, which are closely connected to risk management.

Working within the framework of these principles and guidelines, the subsidiaries tailor their risk management practices to take account of the special features of  their respective business activities. The Board makes decisions on strategy, performance targets and overall guidelines regarding risk-taking and capital management.

The goal of risk management in Mandatum plc and all its subsidiaries is to ensure a stable and well-understood risk management culture in each company and to ensure that risks are known, assessed, managed, monitored and reported and in the correct proportion related to their effect on short-term and long-term financial results. Moreover, the company regularly assesses its own risk and solvency position with the aim of ensuring that Group companies hold adequate buffers to regulatory capital requirements and maintain operational capabilities also under financial turmoil. The company’s Board of Directors steers the preparation of this risk and solvency assessment. Successful risk management supports the general efficiency, safety and continuity of operations and secures Mandatum’s reputation and reliability in the eyes of customers and stakeholders.

In Mandatum Group, the risk management function is part of the second line in accordance with the company’s internal control principles. The main task of the risk management function is to ensure that the Group has a functional, efficient, and high-quality risk management process and to take care of its maintenance and development. A central method of undertaking this is to provide support to the business units in risk management. The risk management function also conducts threat and risk analyses based on a risk register created on the basis of identified risks, and compiles and reports on the Group’s risk position and level as a whole, making proposals for actions based on it.

In order to ensure the achievement of the objectives set for risk management, Mandatum Group has a separate Risk Management Committee structure. Both business unit representatives (first line) and representatives of the risk management and compliance functions are represented on the committees. Different risk areas are discussed in dedicated committees to ensure a sufficiently comprehensive review of risks. The Group CEO acts as the Chair of Mandatum Group’s Risk Management Committee, and other members of the Group Management Team are also represented. The risk management function facilitates the practical arrangements of this committee. 


Risk Management Process


More information is available in Mandatum Group’s risk management policy.

More detailed information on Mandatum’s risk management is available in the notes to Mandatum's financial statements.


Mandatum Group’s risk management governance framework

Mandatum plc Risk Management Organisation.png



At Mandatum, compliance is at the core of all activities and the responsibility of each Mandatum employee. The purpose of the compliance function is to support business activities, ensuring the compatibility with applicable norms of all Group activities in an ethically sustainable manner.

The starting point of the Mandatum Group compliance principles is that compliance with norms is an established part of Mandatum’s corporate culture, and the principles ensure that compliance activities are properly organised, and that Mandatum is capable of responding to the changing requirements of the business environment. In addition to public compliance principles, the Group companies’ Boards have approved an internal compliance policy that concerns the arranging of the compliance function and its responsibilities in the Mandatum Group.

The independent second line compliance function is part of Mandatum’s governance and risk management system and internal control. The compliance function supports Mandatum’s Boards of Directors, Audit Committee and management, ensuring that Mandatum Group companies have the internal guidelines, processes, resources and tools they need to comply with binding laws, regulations and guidelines. The compliance function is also involved in identifying the organisation’s risks by assessing the compliance risks.

Further information is available in Mandatum Group’s compliance principles.


See also: Internal audit

See also: Insider administration and related party transactions