Preventing and managing risk is central to Swedbank’s operations. Risk management begins with our business operations – in meetings with customers, for example – and encompasses every employee.
First line of defence – risk management by operations
Swedbank’s business units and subsidiaries bear full responsibility for the risks that arise in their operations. Branch employees are the closest to customers and therefore know the customer and specific market best. As a responsible financial partner, it is in Swedbank’s interest that our customers do not take unnecessarily high risks. Their cash flow, solidity and collateral are always the decisive factors in the loan approval process.
Risk management is based on clear targets, strategies, policies
and guidelines that explain how the bank operates in various respects, an efficient operating structure and a simple, clear reporting structure. Standardised risk classification tools are in place to support the lending process.
Second line of defence – Independent risk control
The risk organisation is responsible for identification, quantification, analysis and reporting of all risks. It also conducts independent analyses and stress tests of how events in the market and economy might impact Swedbank, in addition to contributing expert advice on various types of risk. The risk organisation also serves as an advisor in the executive management’s decisionmaking to ensure that the decisions taken are aligned with the Group’s risk appetite and risk tolerance.
The risk functions are independent of the business operations. They uphold principles and frameworks for risk management to facilitate risk assessments. The credit risk function also issues internal lending guidelines, such as cash flow and collateral requirements for customers as well as mandate structures for credit decisions within the organisation. For loans that exceed certain levels, the decisions are taken in credit committees to create a duality with the business operations. The committees also promote a sound risk culture by supporting and training employees in the business areas.
Each large business unit has a credit risk function as well as compliance and operational risk functions. The latter identify, monitor and report operational and compliance risks. In addition, they provide management with expertise in risk management issues. The compliance functions in the business operations are also a support function on compliance-related issues.
Third line of defence – Independent audit
Internal Audit, an independent review function directly subordinate to the Board of Directors, conducts reviews of the first and second lines of defence. The purpose of its work is to create operating improvements by evaluating risk management, governance and internal control. Internal Audit has also been tasked with identifying and helping to minimise activities that do not create value.