Corporate governance statement of Arion Bank for 2015
Good corporate governance helps to foster open and honest relations between the Board of Directors, shareholders, customers and other stakeholders, such as the Bank's employees and the general public. Corporate governance also provides the foundations for responsible management and decision-making, with the objective of generating lasting value. The Board of Directors places great importance on good corporate governance and re-evaluates its governance practices annually on the basis of recognized guidelines on corporate governance.
The Corporate Governance Statement of Arion Bank hf. (Arion Bank or the Bank) is based on the legislation, regulations and recognized guidelines which are in force at the time the Bank's financial statement is adopted by the Board of Directors.
Corporate governance statement of Arion BankExcellence in corporate governance
In December 2015 Arion Bank was recognized as a company which has achieved excellence in corporate governance. The Icelandic Chamber of Commerce, SA – Business Iceland, Nasdaq Iceland and the Center for Corporate Governance at the University of Iceland have signed a partnership agreement under which companies are given the opportunity to undergo a formal assessment of their corporate governance. Arion Bank received this recognition following an in-depth survey of corporate governance at the Bank, including governance by the Board of Directors, sub-committees and management, performed by KPMG ehf. in the autumn of 2015. The recognition applies for three years unless significant changes are made to the Bank’s management or ownership.
Compliance with guidelines on good corporate governance
According to the Financial Undertakings Act No. 161/2002 Arion Bank is obliged to comply with recognized guidelines on good corporate governance. The Bank complies with the fifth edition of the Icelandic Guidelines on Corporate Governance issued by Iceland Chamber of Commerce, SA – Business Iceland and Nasdaq Iceland, published in May 2015 and viewable on the website www.leidbeiningar.is. According to the guidelines a company shall state whether it has deviated from the guidelines, if so, which parts and also explain why it has done so. The Bank complies with the guidelines but because of the current shareholder structure certain deviations have been made from the guidelines. The section below specifies in which instances the Bank has deviated from the guidelines.
Article 1.1.6. assumes that the board of a company shall post certain information on the candidates to the board on the company’s website. This has not been considered necessary given the current shareholder structure but the information in question has been sent to shareholders before the AGM.
Article 1.5. assumes that a shareholders’ meeting shall appoint a nomination committee or decide how it should be appointed. The Bank has not considered it necessary to appoint such a nomination committee given the current shareholder structure.
Article 5.1.2. assumes that the rules of procedure of sub-committees of the Board shall be posted on the Bank's website. The Board sub-committees have established rules of procedure which have been confirmed by the Board, but these rules have not been published on the Bank's website. The Board’s rules of procedure are, however, published on the Bank’s website and cover the role of sub-committees and this has been considered sufficient.
Articles 5.1.3. assumes that the sub-committees shall annually evaluate their own work and that of individual committee members under a pre-determined arrangement. The Board Audit and Risk Committee performed such an evaluation in the period December 2015 to January 2016. However, the Board Credit Committee and the Board Remuneration Committee have not performed such an evaluation.
Legal and regulatory framework
Arion Bank is a financial institution which operates in accordance with the Financial Undertakings Act No. 161/2002. Acts of law which apply to the Bank’s operations include the Financial Undertakings Act No. 161/2002, the Securities Transactions Act No. 10/2007 and Public Limited Companies Act No. 2/1995 and the Competition Act No. 44/2005. The Bank is a universal bank which provides a comprehensive range of financial services relating to savings, loans, asset management, corporate finance and capital markets. The Bank has issued financial instruments which have been admitted for trading on regulated securities markets, in Iceland, Norway and Luxembourg, and is therefore subject to the disclosure requirements of issuers pursuant to the Securities Transactions Act No. 108/2007 and the rules of the relevant stock exchanges.
The Financial Supervisory Authority (FME) supervises the operations of Arion Bank in accordance with the provisions of Act No. 87/1998 on the Official Supervision of Financial Operations. Further information on the FME and an overview of the legal and regulatory framework applicable to the Bank, and the FME’s guidelines, can be seen on the FME’s website, www.fme.is . Numerous other pieces of legislation apply to the Bank’s operations. The relevant legislation can be found on the website of the Icelandic parliament, the Althing, www.althingi.is.
Internal controls, auditing and accounting
Internal controlInternal control at Arion Bank is organized into three lines of defence with the aim of ensuring effectiveness, defining responsibility and coordinating risk management. This structure is also designed to foster a sense of risk awareness and responsibility among all employees of the Bank.
The set-up distinguishes between the following roles:
- People who bear responsibility for risk and manage risk
- People who monitor and check internal controls
- People who perform independent surveys of the effectiveness of internal controls
The first line of defence is made up of people who have day-to-day supervision of operations and its organization. They are responsible for establishing and maintaining effective internal controls and managing risk in day-to-day operations. This involves identifying and evaluating risk and putting in place appropriate countermeasures to reduce risk. The first line of defence is responsible for supervising the implementation of internal rules and processes in compliance with the law, regulations and the Bank’s strategy and it must ensure that all actions are in compliance with established procedures and that corrective action is taken if any deficiencies are detected.
The second line of defence is set up to ensure that the first line of defence has established adequate internal controls which work as intended. Risk Management and Compliance are the main participants in the second line of defence, although other units may also be assigned specific monitoring roles.
The third line of defence is Internal Audit, which keeps the Board and management informed of the quality of corporate governance, risk management and internal controls, including by performing independent and objective audits.
Compliance and measures against money laundering and terrorist financingArion Bank seeks to detect any risk of failure to fulfil its legal obligations and has taken appropriate measures to minimize such risks.
The Bank employs an independent compliance officer according to a special charter from the Board. The Compliance Officer reports directly to the CEO and provides the CEO with regular reports about his work. The Compliance Officer may refer cases directly to the Board if deemed necessary. The main roles of Compliance are:
- To monitor and regularly assess the adequacy and effectiveness of measures designed to minimize the risk of failure to fulfil the Bank’s obligations under the Securities Transactions Act and the Act on Measures against Money Laundering and Terrorist Financing.
- To provide the employees with the necessary training and advice to enable them to fulfil their and the Bank’s obligations under the Securities Transactions Act and the Act on Measures against Money Laundering and Terrorist Financing.
- To investigate and notify the authorities of any suspicion of money laundering or terrorist financing or suspicion of market abuse. The Compliance Officer also conducts independent investigations if there is any suspicion of a violation of the Competition Act.
- The Compliance Officer also undertakes outsourced tasks from Stefnir hf. and certain pension funds.
Compliance had seven employees at the end of 2015.
Risk managementA central feature of the activities of all financial companies is carefully calculated risk-taking according to a predetermined strategy. Arion Bank thus takes risk which is compatible with its risk appetite which is regularly reviewed and approved by the Board of Directors. The Bank’s risk appetite, set by the Board, is translated into exposure limits and targets that are monitored by Risk Management. The Board is responsible for Arion Bank’s internal capital adequacy assessment process, the main objective of which is to ensure that Arion Bank understands its risk profile and has systems in place to assess, quantify and monitor its total risk exposure.
The Bank’s Risk Management division is headed by the Chief Risk Officer. It is independent and centralized and reports directly to the CEO. Risk Management comprises five departments whose role is to analyze, monitor and regularly report to the CEO and Board of Directors on the risks faced by the Bank.
Further information on risk management and capital management is contained in the section on Risk Management and in the Bank’s risk report.
Internal AuditThe Internal Auditor is appointed by the Board of Directors and reports directly to the Board. The Board sets the Internal Auditor a charter which lays out the responsibilities associated with the position and the scope of the work. The mission of the Internal Auditor is to provide independent and objective assurance and advice designed to add value and improve the Bank's operations. The scope of the audit is the Bank, its subsidiaries and pension funds serviced by Arion Bank.
The audit is governed by the audit charter, directive No. 3/2008 issued by the FME on the internal audit function in financial institutions and international standards on internal auditing. All audit work is completed by issuing an audit report with deadlines for the implementation of audit findings. Implementations are followed up by the Internal Audit every quarter.
Internal Audit had seven employees at the end of 2015.
Auditing and accountingThe Bank’s Finance division is responsible for the preparing the accounts and this is done in accordance with the International Financial Reporting Standards (IFRS). The Bank publishes its financial statement on a quarterly basis and management statements are generally submitted to the Board 10 times a year. The Board Audit and Risk Committee examines the annual financial statement and interim financial statements, while the external auditors review and audit the accounts twice a year. The Board Audit and Risk Committee gives its opinion on the accounts to the Board of Directors, which then approves and endorses the accounts.
Customers' Ombudsman
The Customers’ Ombudsman is appointed by the Chief Executive Officer. The role of the Ombudsman is to ensure fairness and objectivity, prevent discrimination against the customer and make certain that the process for handling cases is transparent and documented. The Customers’ Ombudsman examined 185 cases in 2015, compared with 202 cases in 2014.
Cornerstones, code of ethics and corporate social responsibility
Arion Bank’s Cornerstones is the name used to describe the Bank’s core values. The Cornerstones are designed to provide guidance when making decisions and in everything else employees say and do. They refer to the Bank’s role, attitude and conduct. Arion Bank’s Cornerstones are: We make a difference. We get things done. We say what we mean.
The management and employees of Arion Bank are conscious of the fact that the Bank’s activities affect different stakeholders and society at large. The Bank’s code of ethics is designed to serve as a key to responsible decision-making at Arion Bank. The code of ethics is approved by the Board of Directors.
One of the fundamental principles of corporate social responsibility is to align the interests of companies with those of the wider community. Arion Bank is a responsible member of Icelandic society and as such takes an active role in its construction and future development. Corporate social responsibility means that the Bank must perform its role conscientiously, ensuring that its customers receive first-rate services and get the support they need. The Bank also supports a select number of causes which it believes benefit and improve the community. Many of these projects require the active participation of employees, which is the key to achieving results.
Board of directors and committees
The main duties of the Board of Directors of Arion Bank are to manage the Bank between shareholders’ meetings and as further described in the law, regulations and articles of association. The Board tends to those operations of the Bank which are not considered part of the day-to-day business, i.e. it makes decisions on issues which are unusual or of a significant nature. One the Board’s main duties is to supervise the Bank’s activities. The Board of Directors meets at least ten times a year. The rules of procedure of the Board of Directors and its subcommittees take into account the law and the aforementioned Guidelines on Corporate Governance. The rules of procedure of the Board of Directors can be found on the Bank’s website. In other respects the Board of Directors works in accordance with the laws and regulations in effect at any particular time and its role is defined in detail in the rules of procedure of the Board of Director, which have been established on the basis of Article 54 (2) of the Financial Undertakings Act, Article 70 (5) of the Public Limited Companies Act No. 3/1995, FME Guidelines No. 1/2010, and the articles of association of the Bank.
One of the main duties of the Board of Directors is to appoint a Chief Executive Officer who is responsible for the day-to-day operations in accordance with a strategy set out by the Board. The Board of Directors and the Chief Executive Officer shall carry out their duties with integrity and ensure that the Bank is run in a sound and reasonable manner in the interests of the customers, the community, the shareholders and the Bank itself, cf. Article 1 (1) of the Financial Undertakings Act. The Chief Executive Officer shall ensure that the Board receives sufficient support to carry out its duties.
The Board of Directors is elected for a term of one year at the company's annual general meeting. At Arion Bank’s last annual general meeting on 19 March 2015, seven Directors and three Alternates were elected to the Board of Directors. The elected Board Directors have diverse backgrounds and extensive skills, experience and expertise. In July Gudjón Gústafsson resigned as a member of the Board Audit and Risk Committee. Gudjón was replaced in the Board Audit and Risk Committee by Lúdvík Karl Tómasson.
Information on the independence of Directors was sent to shareholders before the shareholders' meeting and the information was published on the Bank's website after the general meeting. The meetings of the AGM and shareholders’ meetings are sent to the shareholders following the meeting but have not been published on the Bank’s website because of the current shareholder structure.
In 2015 the Board of Directors met on 16 occasions. An Alternate was asked to attend one meeting during the year due to the absence of a Director.
The Chairman directs and is responsible for the work of the Board. The Chairman chairs Board meetings and ensures that there is enough time allocated to the discussion of important issues and that strategy issues are discussed thoroughly. The Chairman is not permitted to undertake any other work for the Bank unless part of the normal duties of the Chairman.
At the first scheduled meeting of the new Board following the AGM the Board appoints members to each of its sub-committees and assesses whether it is necessary to appoint external members to certain committees in order to bring in a greater level of expertise. One of the committee members in the Board Audit and Risk Committee, Lúdvík Karl Tómasson, is not a Board Director and is independent of the Bank and its shareholders. The Board sub-committees are as follows:
- Board Audit and Risk Committee: Its main task is to examine issues concerning auditing and risk which the Board needs to make a decision on. The regular tasks of the committee include examining reports of internal regulators, reviewing the risk policy, examining the annual and interim financial statements to ensure the quality of the information contained in them and the independence of the company’s auditors. The risk committee shall also assess whether incentives which may be part of the Bank’s remuneration system are consistent with the Bank’s risk policy.
- Board Credit Committee: Its main task is to attend to credit issues which exceed the credit limits of its sub-committees.
- Board Remuneration Committee: Its main task is to advise the Board on the terms of remuneration to the Chief Executive Officer and other employees hired directly by the Board. Regular tasks at committee meetings are to review the remuneration policy, the human resources policy, salary distribution and the incentive system if one is in place. The Bank’s remuneration policy shall be examined and approved by a shareholders’ meeting annually.
The Board has decided to go further than stipulated in the Guidelines on Corporate Governance with respect to the disclosure requirements of sub-committees. At every meeting the Board receives the minutes of the previous meeting of each sub-committee and are given access to all the information from the meetings of the sub-committees.
The Board Credit Committee met 11 times during the year, the Board Audit and Risk Committee met seven times and the Board Remuneration Committee met seven times. Below is an overview of the attendance of individual Directors.
| Chairman |
Period |
Board (16) |
Audit and Risk Committee (7) |
Credit Committee (11) |
Remuneration Committee (7) |
|---|---|---|---|---|---|
| Monica Caneman | 1 Jan. - 31 Dec. | 16 | - | 11 | - |
| Gudrún Johnsen | 1 Jan. - 31 Dec. |
15 | 6 | 5 | 7 |
| Brynjólfur Bjarnason | 1 Jan. - 20 Mar. | 15 | - | 7 | - |
| Benedikt Olgeirsson | 1 Jan. - 31 Dec. |
16 | - |
9 | - |
| Thóra Hallgrímsdóttir2 | 1 Jan. - 31 Dec. |
16 | 7 |
- | 7 |
| Kirstín Flygenring | 1 Jan. - 31 Dec. | 16 | - | - | 7 |
| Måns Höglund | 20 Mar. - 31 Dec. | 15 | 7 | - | - |
| Ólafur Örn Svansson | 1 Jan. - 31 Dec. | 0 | 6 | 11 | - |
| Björg Arnardóttir | 1 Jan. - 31 Dec. | 1 | - | - | - |
| Sigurbjörg Ásta Jónsdóttir | 1 Jan. - 31 Dec. | 0 | - | - | - |
| Gudjón Gústafsson6 | 1 Jan. - 31 Dec. | 3 | - | - | |
| Lúdvík Tómasson | 19 Aug. - 31 Dec. | 2 | - | - |
The Board carries out an annual performance appraisal, at which it assesses its work, the necessary number of Board Directors, the Board structure, achievements and work of the sub-committees with respect to the aforementioned. This appraisal was last performed by the Board at its meetings and between meetings during the period 16 December 2015 to 21 January 2016.
Corporate governance structure
