Board responsibilities

Nordnet’s Board of Directors has the overall responsibility for the company’s organization and management of the company’s affairs in accordance with the Swedish Companies Act, as well as for having a well-functioning reporting system. The Board is responsible for the company’s long-term operations and significant issues, for reviewing the company’s operations including procedures, resolutions on issues concerning general targets, strategies, the business plan and budget, and continuously monitoring the company’s development and financial situation. The Board is responsible for the Group’s financial statements being prepared in compliance with legislation and applicable accounting principles, and for quality assuring the company’s financial reporting. The Board ensures that the company’s external communication is characterized by openness and objectivity as well as high relevance to the target groups to which it is directed. The Board also has the task of ensuring that there is satisfactory control of the company’s compliance with laws and regulations and that necessary ethical guidelines are established for the company’s and the Group’s conduct, and appointing an internal auditor, whose work is evaluated annually. This responsibility also includes appointing a CEO, approving the composition of the management team as proposed by the CEO, and evaluating its work.

Chairman of the board

The Chairman manages the work of the Board to ensure that this is done efficiently and in accordance with legislation and regulations. The Chairman monitors operations in consultation with the CEO and is responsible for ensuring that other members receive the information they need to maintain high levels of quality in discussions and decisions. The Chairman ensures that the Board’s work is evaluated annually and verifies that the Board’s decisions are implemented effectively.

Composition of the board

At the Annual General Meeting on 29 april 2024 it was resolved that the Board would consist of eight regular members and no deputies. The CEO is not a member of the Board but attends Board meetings and presents reports to it. The company’s General Counsel usually acts as the secretary at the Board meetings. Where necessary, other company officials also present reports.

The board’s procedures

The rules of procedure are set annually at the Board meeting following election. The rules of procedure are reviewed when necessary. The rules of procedure include the Board’s responsibilities and duties, the duties of the Chairman, composition of the Board, and audit issues, and state which reports and financial information are to be received by the Board prior to each ordinary Board meeting. Furthermore, the rules of procedure include instructions to the CEO complemented by CEO terms of reference. The rules of procedure also stipulate that remuneration, Audit, Risk and Compliance and IT Committees will be established and what their tasks will be. The Board’s rules of procedure were established 29 april 2024. In addition to these committees, there is a bank-specific Credit Committee.

Evaluation of the work of the board

The rules of procedure state that an annual evaluation of the work of the Board should take place by means of a systematic and structured process. The Chairman of the
Board ensured that the work of the Board in 2023 was evaluated by an external consult.

Board control over financial reporting

The Board of Directors monitors and bears the ultimate responsibility for ensuring that the financial statements comply with external regulations and is responsible for the follow up of internal control on financial reporting (ICFR).

The ICFR framework is closely related to Nordnet’s internal framework for operational risk management. Methods and processes are coordinated and adapted to ensure efficiency and accuracy. Internal governance and control are carried out by the Board, management and other staff and the framework is structured to provide reasonable assurance that goals concerning the operations, reporting and compliance to laws and rules are met. The framework aims to identify risks and create control environments with clear roles and responsibility. The work with ICFR as well as the general operational
risk control is based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and five internal control components:

•  Control environment – Nordnet has instructions, policies, procedures, authorization handbooks and guidelines related to the governance of the operations, compliance, financial accounting and reporting. All documents are published and made available to all staff.
• Risk assessment – The CEO has the overall responsibility for managing the Group’s risks. Risk management is an integral part of the business that shall be assessed and handled in accordance with the risk policy. In order to exercise effective internal control of the financial reporting, the company must understand and identify the risks that the business is facing and, as part of the assessment process, determine and take into account the consequences of relevant risks. Nordnet constantly assesses the risks in its financial reporting; i.e. it identifies, analyzes and assesses the principal risks of misstatement in the financial reports.
• Control activities – The control activities serve to detect, guard against and limit risks and the assumption of risks in operations while also preventing deviations and errors in financial reporting. To ensure the quality of the financial reporting, controls are done at several levels. The internal report and control systems are based on internal regulations for financial planning, accounting principles, reporting and follow-up and analysis of the financial results.
• Information & communication - All employees must understand their own role in the internal control system, as well as how individual activities relate to other’s work. The employees have tools to communicate important information upstream and downstream. Every responsible manager is responsible for adequate reporting related to internal control to the next management level and thereby secure communication in the entire organization. Instructions, policies and guidelines are made available and kept updated via Nordnet’s intranet. Knowledge and awareness of these are obtained by means of ongoing internal training and information for the various departments and functions covered by internal reporting responsibility.
• Monitoring - Follow-up of the controls included in the ICFR framework is done annually to ensure the reliability of the process. Self-evaluation is done regularly and continuously. The results of the evaluations are followed up by the finance department and reported to the Audit Committee.

In 2023, the interim report for the third quarter was subject to review by the company’s auditors. In addition, on four occasions over the year, the company’s auditors conducted reviews regarding the inclusion of the interim result in the capital base for Nordnet Bank AB and its consolidated situation. The Group’s auditors report their findings to the Board in connection with the review of the annual accounts. In addition, the Board meets the company’s auditors at least once a year – without the presence of the executive management team – to learn about the focus and scope of the audit, and to discuss coordination between the external and internal audits and views of the company’s risks. The auditor issues a presentation and receives feedback from the Board regarding the focus and scope of the audit.