Swedbank’s risk management builds on three lines of defence

Swedbank’s risk management is built on three lines of defence and a sophisticated risk process. The Board of Directors’ Enterprise Risk Management (ERM) policy details the risk framework, as well as risk management roles and responsibilities. In addition,
as protection against unforeseen losses, Swedbank maintains
a capital buffer. The ERM policy also includes guidelines on the size of this buffer based on the level of risk currently being taken by the bank.

First line of defence – risk management by operations

Swedbank’s business units and subsidiaries bear full responsibility for the risks that arise in their operations. Branch employees are the closest to customers and therefore know the customer and specific market best. Personal interaction creates an opportunity to provide advice on the customer’s overall financial situation. As a responsible financial partner,
it is in our interest that our customers do not take unnecessarily high risks. Their cash flow, solidity and collateral are always
the decisive factors in the loan approval process.

By delegating responsibility, the organisation can more quickly respond if problems arise. Clear procedures and processes are in place to approve, review and manage credits if a borrower incurs payment problems. The Group’s special units for problem loans work with individual companies that have encountered, or are considered at risk of encountering, financial problems, in order to find a solution that helps the customer and mitigates Swedbank’s risk as early as possible.

Risk management is based on clear targets, strategies, policies and guidelines that explain how the bank operates in various respects, an efficient operating structure and a simple, clear reporting structure. Standardised risk classification tools are in place to support the lending process.

Second line of defence – Independent risk control

The Group’s risk control, which is organised under the Chief
Risk Officer (CRO), comprises a number of specialised units.

The risk organisation is responsible for identification, quantification, analysis and reporting of all risks. Each risk function conducts regular analyses of how external and socioeconomic events might impact the Group.

These functions are independent from the business operations. They uphold principles and frameworks for risk management to facilitate risk assessments. The credit risk function also issues internal regulations, such as cash flow and collateral requirements for customers as well as mandate structures for credit decisions within the organisation. For loans that exceed certain levels, the decisions are taken in credit committees to create a duality with the business operations. These committees are headed by a representative of the credit risk function. They also promote a sound risk culture by supporting and training employees in the business areas.

Each large business unit has compliance and operational risk functions that identify, control and report operational and compliance risks and help management to manage them.

Third line of defence – Independent audit

Internal Audit, an independent review function directly subordinate to the Board of Directors, conducts risk-based, policy-driven reviews of the first and second lines of defence. Internal Audit’s purpose is to create operating improvements by evaluating Swedbank’s risk management, governance and internal control.