Policy and goals regarding risk management
General information regarding risk assessment and risk assessment goals
Risk management within Spotlight Group AB (“SPGR”) aims to maintain a high level of risk awareness and a sound risk culture and is well integrated into the group’s organizational and decision-making structure. The goal of the group’s risk management is to identify, measure and analyze as well as creating a capital plan to meet the challenges of risks to which the group is or may be exposed. The group’s risk management also aim to create even and predictable costs and revenues over time by actively working with and managing risks. The management aim particularly to identify and eliminate risks and uncertainties whose consequences may have a negative impact on the group. In addition, adequate capital needed in order to absorb unexpected negative outcomes shall be allocated, without threatening the position of the group. All risks of considerable importance are primarily concentrated to the business conducted in the subsidiary companies that are requiring authorization to conduct operations; Sedermera Corporate Finance AB, Nordic Issuing AB, Spotlight Stock Market AB and Placing Corporate Finance AB. The board of directors (“board”) of each company has established written policies on risk management in order to supervise and control risk taking within business activities.
The board of directors has the ultimate responsibility for the group’s risk management. The board of SPGR determines the framework for the group’s risk management and reporting by deciding the strategy of the group. The board is also responsible of ensuring that the group is sufficiently capitalized in order to address the identified risks. It is the understanding of the board that managing risks must permeate the business in each subsidiary to be sound and effective. There is an independent risk control unit who directly answers to the board of each subsidiary with authorization requirements, as well as to the executive management and to the board of SPGR. The unit for risk control is responsible for, amongst others, identifying risks, and developing and maintaining strategies, methods, and techniques for reducing, measuring, and controlling risks. The risk unit’s responsibility, within the framework of the risk management process, is regulated in each respective authorized subsidiary’s policy for risk control.
The group’s risk management is designed based on a three line of defence model, where each line has a responsibility according to established policy to prevent, supervise and manage potential risks. The first line of defence is responsible for risks within the company business, including risks due to failing to meet regulatory demands (compliance) covering the business operating part of the company as well as its support functions. Therefore, the first line of defence has the primary responsibility to deal with risks as well as rules within the business. The second line of defence includes the regulatory compliance unit and risk unit and is independent and separate from the business operating part of the company. These units are responsible for controlling that the first line of defence follows both internal and external rules. Furthermore, the second line shall support the first line when dealing with internal management and control and work in a proactive manner to create a satisfying and effective control environment within the company. The third line of defence is made up by the internal audit function. The overall purpose of the internal auditor’s review is to ensure that rules governing the company business is observed and that any identified deviations is handled as quickly as possible.
The group’s capital requirements stem from Regulation (EU) 2019/2033 of the European parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms and amending Regulations (EU) No 1093/2010, (EU) No 575/2013, (EU) No 600/2014 and (EU) No 806/2014. This regulation entered into force on the 26th of June 2021. SPGR is to be considered as an investment holding company.
Regarding to the consolidated situation of the group, the rules are contributing to strengthen the resilience against financial losses and thereby protecting the company customers. The rules establish that the group’s eligible own funds (equity for example) must cover prescribed minimum capital requirements with margin. To manage risks, the group has an internal capital and liquidity assessment process aimed at a sound risk management. This process includes the board of SPGR, external consultants, Risk Manager as well as senior executives and their overview, follow-ups, reporting and internal control. The internal capital and liquidity assessment process is necessary to be able to identify, reduce and measure risks, and to ensure that the necessary capital is available to keep the Company’s capital and liquidity intact in relation to the Company’s risk profile.
The term credit and counterpart risk refers to risks that occur in relation to the Company not receiving payments that have been previously agreed on, and/or will face a loss due to the counterparts’ inability to fulfill its obligations. Credit and counterpart risks also include concentration risk, which refers to risks arising as a result of certain larger exposures, or due to significant exposure to groups of counterparties for which the likelihood of default is depending on one mutual underlying factor, such as sector or geographical area. The biggest concentration risk within the group is the mutual clients between the authorized subsidiaries. Mutual clients within subsidiary companies are not a risk per se and cross-selling practice remains an important source for expanding the clienteles.
Liquidity risk refers to the risk of the Company being unable to meet its payment obligations at the due date without the cost of acquiring the means to do so increases substantially. Each authorized subsidiary has established its own risk policy which includes liquidity risk. The subsidiary companies within SPGR, with authorization requirements in order to operate, shall define the risk tolerance with regard to the company liquidity, and also ensure that each company has enough liquidity in accordance with the appetite for risk-taking of said company and that the company has a satisfactory management of liquidity risks within its business activity. The board of SPGR follows up on the management of liquidity risks at a group level on a regular basis. This occurs for instance through the liquidity controls and measurements of identified liquidity measures of the risk unit. In addition, stress tests are conducted at least annually to identify and measure liquidity risks under different scenarios and to ensure that the group’s current exposures to liquidity risk comply with the risk tolerance established by the board.
All of these risk categories are followed up by the risk unit at quarterly risk council meetings that take place together with representatives from each authorized company. The board of each company, including the board of SPGR, are later informed about the content of the meetings.