Compliance is an independent control function which reports directly to the CEO and works in accordance with a special charter from the Board. The Compliance Officer is Hákon Már Pétursson.

The main role of Compliance is to ensure that the Bank has in place proactive measures to reduce the risk of rules being breached in the course of its activities. Compliance is also responsible for coordinating the Bank’s measures against money laundering and terrorist financing and also performs the role of Data Protection Officer.

The duties of Compliance are carried out under a risk-based compliance plan approved by the Board of Directors, including a monitoring and training schedule for employees which addresses the laws and rules under which the Bank operates. Compliance provides the Board Risk Committee with a quarterly report on its activities.

Information on violations of laws and regulations

Arion Bank was not denied registration, authorization, membership or permission to conduct certain business activities or operations during the year, nor was it subject to withdrawal, revocation or termination of registration, authorization, membership or permission.

Arion Bank paid one fine in 2020. In July 2020 the Financial Supervisory Authority of the Central Bank of Iceland imposed an administrative fine on the Bank amounting to ISK 87.7 million for a violation of Article 122 (1) of the Securities Transactions Act No. 108/2007. The FSA concluded that the conditions for delaying the publication of insider information due to proposed organizational changes had not been met after a report was published on 22 September 2019 by an online media outlet on redundancies at the Bank. Arion Bank rejects the conclusion reached by the FSA and has taken legal action to have the decision annulled.

Information on the main legal cases relating to Arion Bank can be found in the notes to the annual financial statement.

Measures against money laundering and other financial crimes

It is Arion Bank’s policy to combat money laundering and other financial crimes and to prevent the Bank’s services from being used for these purposes. The Bank has adopted a policy on measures against financial crime which can be viewed on the Bank's website.

In 2020 Arion Bank submitted more than 700 reports of suspicion of money laundering or terrorist financing to the Financial Intelligence Unit of the Icelandic Police.

The Bank’s obligations as an issuer of publicly traded securities

Arion Bank shares are traded on both Nasdaq Iceland and Nasdaq Stockholm. Bonds issued by the Bank are traded on Nasdaq Iceland and Bourse de Luxembourg.

The regulatory authorities or stock exchanges made no criticisms of the Bank’s disclosure of information in 2020, with the exception of the aforementioned administrative fine.

Data Protection

Arion Bank cares about data protection and our customers' personal data and we aim to ensure that personal data is processed legally, fairly and transparently in line with the Data Protection Act and the General Data Protection Regulation. The Bank has adopted a data protection policy which can be viewed on the Bank's website.

In the 2020 the Bank received one legitimate complaint concerning a breach of data protection from a third party. No complaints were received from the Data Protection Authority. The Bank reported 72 incidents to the Data Protection Authority where there was breach of confidentiality. In one case there was a significant risk to an individual’s rights and freedoms, while in all the other cases the risk was minimal or limited. No incidents of theft or loss of personal data were reported during the year.