Governance

Corporate Governance Statement of Arion Bank

The Corporate Governance Statement of Arion Bank hf. is based on the legislation, regulations and recognized guidelines which are in force at the time the Bank’s financial statement is adopted by the Board of Directors.

Corporate Governance Statement of Arion Bank

Excellence in corporate governance

Arion Bank was recognized as a company which has achieved excellence in corporate governance following a formal assessment based on the Icelandic Guidelines on Corporate Governance issued by the Icelandic Chamber of Commerce, SA – Business Iceland and Nasdaq Iceland, initially in December 2015 and again in April 2019. This recognition was granted following an in-depth assessment by an independent party of corporate governance at the Bank, including governance by the Board of Directors, sub-committees and management, performed by KPMG ehf. The recognition applies for three years at a time.

Compliance with guidelines on good corporate governance

When it comes to governance arrangements, Arion Bank applies the EBA Guidelines on Internal Governance (EBA/GL/2017/11), in line with requirements found in Regulation (EU) 1093/2010 and Act 24/2017, on European Financial Supervision. The Guidelines are available on the website of the Financial Supervisory Authority of the Central Bank of Iceland.

Furthermore, according to the Financial Undertakings Act No. 161/2002 Arion Bank is obliged to comply with recognized guidelines on corporate governance. The Bank complies with the fifth edition of the Icelandic Guidelines on Corporate Governance issued by Iceland Chamber of Commerce, SA – Business Iceland and Nasdaq Iceland, published in May 2015 and viewable on the website www.leidbeiningar.is. According to the guidelines a company shall state whether it has deviated from the guidelines, if so, which parts and also explain why it has done so. The Bank complies with the guidelines with two deviations.

Article 5.1.2. states that the rules of procedure of sub-committees of the Board shall be posted on the Bank’s website. The rules of the Board Credit Committee have not been published on the Bank’s website with respect to their nature.

The final sub-paragraph of article 5.4.5 states that the role of a remuneration committee shall include taking an independent stance on the effect of wages on the Company’s risk exposure and risk management, in cooperation with the Company’s Audit Committee. In line with, inter alia, the EBA Guidelines on Internal Governance and article 78(3) of the Act on Financial Undertakings, this role falls to the Board’s Remuneration Committee in cooperation with the Board’s Risk Committee.

The role of the Nomination Committee at Arion Bank is to promote good corporate governance and to facilitate informed decision-making by shareholders when selecting Board members to ensure that Board members have wide and versatile qualifications and experience. The Committee has an advisory role regarding the election of Board members and makes a proposal on their remuneration. At the Bank’s annual general meeting on 17 March 2020, two members of the Nomination Committee were appointed, Sam Taylor and Júlíus Þorfinnsson. According to the Rules of Procedure for the Nomination Committee, the third member of the Committee shall be the Chairman of the Board of Directors or another Board Member appointed by the Board.

Legal framework for the Bank’s operation

Arion Bank is a financial institution which operates in accordance with the Financial Undertakings Act No. 161/2002. Acts of law which also apply to the Bank’s operations include e.g. the Securities Transactions Act No. 108/2007, Act on Undertakings for Collective Investment in Transferable Securities (UCITS), Investment Funds and Professional Investment Funds No. 128/2011, Act on Payment Services No. 120/2011, Act on Measures Against Money Laundering and Terrorist Financing No. 140/2018, Act on Consumer Mortgages No. 118/2016, Consumer Loans Act No. 33/2013, Competition Act No. 44/2005 and Public Limited Companies Act No. 2/1995.

Arion Bank is a strongly capitalized bank, the purpose of which is to excel by offering smart and reliable financial solutions which create future value for our customers, shareholders and society as a whole. The Bank is listed on Nasdaq Iceland and Nasdaq Sweden. The Bank has also issued financial instruments which have been admitted for trading on regulated securities markets in Iceland and Luxembourg. The Bank is therefore subject to the disclosure requirements of issuers pursuant to the Securities Transactions Act and the rules of the relevant stock exchanges.

The Financial Supervisory Authority of the Central Bank of Iceland (FSA)supervises the operations of Arion Bank in accordance with the provisions of Act No. 87/1998 on the Official Supervision of Financial Operations. Further information on the FSA and an overview of the legal and regulatory framework applicable to the Bank, as well as FSA guidelines and guidelines issued by European Financial Supervisory institutions, can be seen on the FSA’s website, www.cb.is/financial-supervision/.

Numerous other pieces of legislation apply to the operations of financial undertakings.

Internal controls, auditing and accounting

Internal control

Internal control at Arion Bank is organized into three lines of defense with the aim of ensuring effectiveness, defining responsibility and coordinating risk management. This structure is also designed to foster a sense of risk awareness and responsibility among all employees of the Bank.

The set-up distinguishes between the following roles:

• People who bear responsibility for risk and manage risk
• People who monitor and check internal controls
• People who perform independent surveys of the effectiveness of internal controls

The first line of defense is made up of people who have day-to-day supervision of operations and its organization. They are responsible for establishing and maintaining effective internal controls and managing risk in day-to-day operations. This involves identifying and evaluating risk and putting in place appropriate countermeasures to reduce risk. The first line of defense is responsible for supervising the implementation of internal rules and processes in compliance with the law, regulations and the Bank’s strategy and it must ensure that all actions are in compliance with established procedures and that corrective action is taken if any deficiencies are detected.

The second line of defense is set up to ensure that the first line of defense has established adequate internal controls which work as intended. Risk Management and Compliance are the main participants in the second line of defense, although other units may also be assigned specific monitoring roles.

The third line of defense is Internal Audit, which keeps the Board and management informed of the quality of corporate governance, risk management and internal controls, including by performing independent and objective audits.

Compliance

Compliance is an independent control function which reports directly to the CEO and works in accordance with a special charter from the Board.

The main role of Compliance is to ensure that the Bank has in place proactive measures to reduce the risk of rules being breached in the course of its activities. Compliance is also responsible for coordinating the Bank’s measures against money laundering and terrorist financing to reduce the risk of the Bank's services being used for illegal purposes. Furthermore, the Compliance Officer has the role of the Bank’s Data Protection Officer. The Bank has adopted a data protection statement which can be seen on the Bank's website.

The duties of Compliance are carried out under a risk-based compliance plan approved by the Board of Directors, including a monitoring and training schedule for employees which addresses the laws and rules under which the Bank operates. Compliance provides the Board of Directors with a quarterly report on its activities.

Risk Management

A central feature of the activities of all financial companies is carefully calculated risk-taking according to a predetermined strategy. Arion Bank thus takes risk compatible with its risk appetite, which is regularly reviewed and approved by the Board of Directors. The Bank’s risk appetite, set by the Board, is translated into exposure limits and targets that are monitored by Risk Management. The Board is responsible for Arion Bank’s internal capital adequacy assessment process, the main objective of which is to ensure that Arion Bank understands its risk profile and has systems in place to assess, quantify and monitor its total risk exposure.

The Bank’s Risk Management division is headed by the Chief Risk Officer. It is independent and centralized and reports directly to the CEO and operates in accordance with a special charter from the Board. Risk Management comprises three departments whose role is to analyze, monitor and regularly report to the CEO and Board of Directors on the risks faced by the Bank.

Pillar 3 Risk Disclosures

Further on Risk Management

Internal Audit

The Internal Auditor is appointed by the Board of Directors and reports directly to the Board. The Board sets the Internal Auditor a charter which sets out the responsibilities associated with the position and the scope of the work. The role of the Internal Auditor is to provide independent and objective assurance and advice designed to add value and improve the Bank's operations. The scope of the audit is the Bank, its subsidiaries and pension funds serviced by Arion Bank.

Internal Audit is governed by the audit charter, the FME’s guidelines on the internal audit function in financial institutions and international standards on internal auditing.

Accounting and auditing

The Bank’s Finance division is responsible for preparing the accounts and this is done in accordance with the International Financial Reporting Standards (IFRS). The Bank publishes its financial statement on a quarterly basis and management statements are generally submitted to the Board ten times a year. The Board Audit Committee examines the annual financial statement and interim financial statements, while the external auditors review and audit the accounts twice a year. The Board Audit Committee gives its opinion on the accounts to the Board of Directors, which then approves and endorses the accounts.

Cornerstones and code of ethics

Arion Bank’s cornerstones is the name used to describe the Bank’s core values. The cornerstones are designed to provide guidance when making decisions and in everything else employees say and do. They refer to the Bank’s role, attitude and conduct. Arion Bank’s cornerstones are we find solutions, we make a difference, we get things done and we say what we mean.

The management and employees of Arion Bank are conscious of the fact that the Bank’s activities affect different stakeholders and society at large. The Bank’s code of ethics is designed to serve as a key to responsible decision-making at Arion Bank. The code of ethics is approved by the Board of Directors.

Sustainability

Arion Bank’s sustainability policy bears the title Together we make good things happen and signifies that the Bank wants to act as a role model in responsible and profitable business practices, taking into account the environment, the economy and the society in which we live and work.

Arion Bank shows its commitment to sustainable banking by making a difference to our customers and performing our role as a financial institution conscientiously and responsibly. Arion Bank takes an active role in our society and its development. Financial institutions are one of the pillars of society and our role is to help our customers, both individuals and companies, reach their goals. We place great importance on doing things fairly with the interests of our customers, employees, investors and the community at heart.

Arion Bank has been a partner of Festa, the Icelandic Center for Corporate Social Responsibility, for several years and since 2014 has been a signatory to the CEO Statement of Support for the Women’s Empowerment Principles (UN Women and UN Global Compact). In 2015 the Bank signed the City of Reykjavík and Festa’s Declaration on Climate Change and has published its environmental accounts since 2016. Arion Bank has been a signatory to the UN Global Compact, the UN's initiative to encourage businesses to adopt sustainable and socially responsible practices, since the end of 2016. The Bank has also complied with the UN’s Principles for Responsible Banking (UN PRI) since the end of 2017. In September 2019 the Bank became a signatory to the UN Principles for Responsible Banking (UN PRB), the goal of which is to align banking with international goals and commitments such as the UN Sustainable Development Goals and the Paris Climate Agreement.

Arion Bank’s activities are governed by the provisions of the Annual Accounts Act on non-financial reporting, which, among other things, apply to the status and influence of the company in respect of environmental, social and human resources issues. Non-financial reporting in the annual report is based on the Global Reporting Initiative, GRI Core and the ESG reporting guide for the Nasdaq Nordic and Baltic exchanges.

The Board of Directors has adopted an environment and climate policy. Under the policy the Bank focuses its attention on financing projects on sustainable development and green infrastructure, require that suppliers take into account the environmental and climate impact of their activities and reduce its own greenhouse gas emissions by 40% by 2030.

Further on sustainability

Board of Directors and committees

The main duty of the Board of Directors of Arion Bank is to manage the Bank between shareholders’ meetings according to applicable laws, regulations and articles of association. The Board tends to those operations of the Bank which are not considered part of the day-to-day business, i.e. it makes decisions on issues which are unusual or of a significant nature. One of the Board’s main duties is to supervise the Bank’s activities. The Board’s work, duties and role are defined in detail in the rules of procedure of the Board of Directors, which have been established on the basis of Article 54 of the Financial Undertakings Act, Article 70 of the Public Limited Companies Act No. 2/1995, FSA Guidelines No. 1/2010, and the articles of association of the Bank. The rules of procedure of the Board of Directors can be found on the Bank’s website.

The Board of Directors appoints a Chief Executive Officer who is responsible for the day-to-day operations in accordance with a strategy set out by the Board. The Board of Directors and the Chief Executive Officer shall carry out their duties with integrity and ensure that the Bank is run in a sound and reasonable manner in the interests of the customers, the community, the shareholders and the Bank itself, cf. Article 1 (1) of the Financial Undertakings Act. The Chief Executive Officer shall ensure that the Board receives sufficient support to carry out its duties.

The Board of Directors is generally elected for a term of one year at the Bank’s annual general meeting. At Arion Bank’s annual general meeting on 17 March 2020, seven Directors and three Alternates were elected to the Board of Directors.

The elected Board Directors have diverse backgrounds and extensive skills, experience and expertise. When electing the Board care is taken to ensure at least 40% representation of each gender among directors and alternates. Currently the Board consists of four men and three women.

Information on the independence of Directors is published on the Bank’s website before the annual general meeting or a shareholders’ meeting where a Board member is to be elected. The minutes of the annual general meeting and shareholders’ meetings are also published on the Bank’s website.

The Board of Directors meets at least ten times a year. In 2020 the Board met on 12 occasions. The Chairman of the Board is responsible for ensuring that the Board performs its role in an efficient and organized manner. The Chairman chairs Board meetings and ensures that there is enough time allocated to the discussion of important issues and that strategy issues are discussed thoroughly. The Chairman is not permitted to undertake any other work for the Bank unless part of the normal duties of the Chairman.

According to the Board’s Rules of Procedure the Board is permitted to establish committees to discuss particular areas of the Bank’s operations. No later than one month following the annual general meeting the Board appoints members to each of its sub-committees and assesses whether it is necessary to appoint external members to certain committees in order to bring in a greater level of expertise. One of the committee members in the Board Audit Committee, Heimir Þorsteinsson, is not a Board member and is independent of the Bank and its shareholders.

The Board sub-committees are as follows:

• Board Audit Committee (BAC): The BAC’s main role is to contribute to the high-quality statutory auditing of the Bank and monitor the effectiveness of the Bank’s internal quality control, risk management systems and internal audit function, with regard to the Bank’s financial reporting. The Committee met seven times in 2020.
  
  
• Board Risk Committee (BRIC): The Committee’s main role is, inter alia, to evaluate the Bank’s risk policy and risk appetite and to have a thorough knowledge of the risk assessments and methods used to manage risk employed by the Bank. Committee members should have the qualifications and experience necessary to be able to discharge their duties including forming the Bank's risk policy and risk appetite. The Committee met 12 times in 2020 and a joint meeting was held with the Board Remuneration Committee.
  
  
• Board Credit Committee (BCC): Its main task is to attend to credit issues which exceed the credit limits of its sub-committees. The Committee met 13 times in 2019.
  
  
• Board Remuneration Committee (BRC): The Committee’s main role is to prepare a remuneration policy for the Bank on an annual basis. It also advises the Board on remuneration to the CEO, Managing Directors, the Compliance Officer and the Chief Internal Auditor, and on the Bank’s incentive scheme and other work-related payments. The Bank’s remuneration policy shall be examined and approved by a shareholders’ meeting annually. The Committee met four times in 2019 and a joint meeting was held with the Board Risk Committee.
  
  
• Board Tech Committee (BTC): In late 2020, the Board setup a temporary, ad hoc, tech committee, whose main role is to advice the Board of Directors and the Bank’s Senior Management on the Bank’s near to medium-term development of the Bank’s IT function, including IT strategy. The Committee met once in 2020.
  

Sub-committees regularly inform the Board of their activities. Furthermore, the Board has access to all material used by the sub-committees and their minutes.