Risk Management and Control functions
The Board has ultimate responsibility for the Group's risk organisation and for ensuring satisfactory internal control. The RCC supports the Board in this work. At least once a quarter the Board and RCC receive a report on development of the Group's risk exposure.
The President has overall responsibility for managing all of the Group's risks in accordance with the Board's policies and instructions. The President shall ensure that SEB's organisation and administration are appropriate and that the Group's operations are in compliance with external and internal rules.
In particular, the President shall present essential risk information regarding SEB to the Board, including the utilisation of limits.
Primary responsibility for ensuring that the Board's intent regarding risk management and risk control is applied in practice within the Group lies with the GRC. Management at all levels within the divisions, the Group's business support and staff functions represent the first line of defence for risks in the organisation. The Group Risk organisation and Group Compliance form the second line of defence for ensuring that the Board's intent regarding risk management and risk control is applied in practice within the Group. Group Internal Audit provides independent assurance and is the third line of defence.
The CRO function
The CRO function is independent from the business and is responsible for identifying, measuring, analysing and controlling SEB's risks. The function is headed by the CRO, who is appointed by the Board and reports to the President. The CRO keeps the Board, the RCC, the ACC, the GEC, the ALCO and the GRC regularly informed about risk matters. The CRO has global functional responsibility.
The activities of the CRO are governed by and set out in an instruction adopted by the Board. The CRO function is organised in two units that report to the CRO: Group Risk and Group Credits. Group Risk assesses, measures and monitors risks – primarily market, liquidity, operational, credit and insurance risks against established limits and in accordance with best practice for risk management throughout the organisation. Group Risk also aggregates and analyses consolidated risk data across risk types and the Group's credit portfolios, handles models for the risk weighting and general matters surrounding risk governance and risk disclosure. Group Risk provides GRC, RCC and the Board with regular reports and analysis of SEB's risk profile and on the overall risk development.
Group Credits is responsible for managing the credit approval process, for certain individual credit decisions and for monitoring compliance with policies set by the RCC and the Board. Its activities are regulated by the Group's Credit Instruction, adopted by the Board. The Group Credit Officer is appointed by the President, upon recommendation by the CRO, and reports to the CRO. The chairs of the respective divisional credit committees have the right to veto credit decisions. Significant exceptions to the Group's Credit Policy must be escalated to a higher level in the decision-making hierarchy.
The Group Compliance function is independent from the business activities while serving as a business support function. The Compliance function shall act proactively to assure the quality of compliance in the Group through information, advice, control and follow-up within the compliance areas, thereby supporting the business activities and management.
Special areas of responsibility include:
- customer protection
- market conduct
- prevention of money laundering and financing of terrorism
- regulatory compliance and control.
The Head of Group Compliance, who is appointed by the President upon approval by the ACC, reports regularly to the President and the GEC, and informs the ACC about compliance issues. Following a Group-wide compliance risk assessment and approval from the ACC, the President adopts an annual compliance plan. The Board has adopted an Instruction for Group Compliance activities.
Group Internal Audit
Group Internal Audit is an independent Group-wide function that is directly reporting to the Board. The main responsibility of Internal Audit is to provide reliable and objective assurance to the Board and the President regarding the effectiveness of controls, risk management and governance processes, with the aim of mitigating current and evolving high risks and in so doing improve the control culture within the Group. The Head of Group Internal Audit is appointed by the Board and reports to the Board through the ACC and keeps the President and GEC regularly informed about internal audit matters. The ACC adopts an annual plan for the work of Internal Audit. The Board has adopted an Instruction for Group Internal Audit's activities.