Corporate governance

The English version of the articles of association is an in-house translation. In case of any discrepancy between the Swedish version and the English version, the Swedish version shall prevail.

Articles of Association for Nordnet AB (publ), 559073-6681

§ 1 Company name

The company’s name is Nordnet AB (publ). The company is a public company.

§ 2 Registered Office

The registered office of the company shall be in the municipality of Stockholm.

§ 3 Object of the company’s business

The object of the company’s business is to, through wholly or partially owned companies, conduct banking business, securities business, insurance business and any other activities compatible therewith, as well as to, directly or through wholly or partially owned companies, conduct insurance mediation, issue and mediate credits to consumers and distribute financial information via Internet and conduct any other activities compatible therewith.

§ 4 Share Capital and shares

The company’s share capital shall be not less than SEK 1,000,000 and not more than SEK 4,000,000. The company shall have not less than 200,000,000 shares and not more than 800,000,000 shares.

§ 5 Financial year

The company’s financial year shall be calendar year.

§ 6 Board of directors

The Board of directors shall consist of not less than three (3) and not more than ten (10) board members.

§ 7 Auditor

The company shall have not less than one and not more than two auditors, with not more than two deputy auditors. A registered auditing company may also be appointed as auditor.

§ 8 Notice of shareholders’ meeting

The summons to the shareholders’ meeting shall be made by means of announcement in the Swedish Official Gazette and on the company’s website. It shall be announced in Svenska Dagbladet that a summoning to the shareholders’ meeting has been made.

§ 9 Notification of attendance of shareholders’ meeting

Shareholders wishing to participate in the shareholders’ meeting shall notify the company of their intention to attend not later than the day stated in the notice to attend the meeting. This day may not be a Sunday, any other public holiday, Saturday, Midsummer Eve, Christmas Eve or New Year’s Eve and may not be earlier than the fifth working day before the Meeting.

At a shareholders’ meeting, shareholders may be accompanied by one or two assistants, although only if the shareholder has given notification of this as specified in the previous section.

§ 10 Collection of powers of attorney and voting by post

The Board of Directors may collect powers of attorney in accordance with the procedure described in Chapter 7, section 4, second paragraph of the Companies Act (2005:551).

The Board of directors has the right before a general meeting to decide that shareholders shall be able to exercise their right to vote by post before the general meeting.

§ 11 Business at annual shareholders’ meetings

The following business shall be addressed at annual shareholders’ meetings:

1. election of a chairman of the meeting;
2. preparation and approval of the voting list;
3. election of one or two persons who shall approve the minutes of the meeting;
4. determination of whether the meeting was duly convened;
5. approval of the agenda;
6. submission of the annual report and the auditors’ report and, where applicable the consolidated financial statements and auditors’ report for the group;
7. resolutions regarding the adaption of the income statement and the balance sheet and, when applicable, the consolidated income statement and the consolidated balance sheet;
8. resolutions regarding allocation of the company’s profits or losses in accordance with the adapted balance sheet;
9. resolutions regarding discharge of the members of the board of directors and the managing directors from liability;
10. determination of the number of members of the board and auditors and, where applicable, the number of deputy auditors;
11. determination of fees for members of the board of directors and auditors;
12. election of the members of the board of directors and auditors and, where applicable, deputy auditors;
13. resolution on guidelines for determining salary and other remuneration to the managing director and other persons in the company’s management;
14. other matters, which are set out in the Swedish Companies Act or the company’s articles of association.

§ 12 Record date provision

The shareholder or nominee who on the record date is registered in the share register and in a central securities depository register pursuant to Chapter 4 of the Central Securities Depositaries and Financial Instruments Accounts Act (1998:1479) or any person who is registered in a central securities depository account pursuant to Chapter 4, Section 18 paragraph 6-8 of the mentioned Act, shall be deemed to be authorised to exercise the rights set out in Chapter 4, Section 39 of the Companies Act (2005:551).

______________________________________________________
These articles of association have been adopted at the extraordinary general meeting held on 10 September 2020.

Exposure to risk is a fundamental element of Nordnet’s operations. It is very important to ensure that exposure to risk takes place under controlled forms. Nordnet’s ambition is for its control environment to be permeated by the company’s ethical values and corporate culture. The ethical guidelines are adopted by the Board and communicated to all employees, as are other governance documents in the form of policies, guidelines and instructions with a view to limiting and controlling the company’s risks and risk exposure.

How risk management is conducted is described in the risk management framework. The framework is comprised of a number of steering documents that describe the strategies, processes, procedures, internal regulations, limits, controls and reporting procedures. The risk framework is integrated into the organization and covers all relevant risks.

The Board at Nordnet holds the overall responsibility for ensuring a good internal control of Nordnet’s operations in accordance with the directives, laws and regulations applicable to its business. This responsibility involves ensuring that there are independent functions for the control and management risks and regulatory compliance and that they report on how the operations are conducted in this respect to the Board and the management. Nordnet’s control functions are Risk Control, Compliance and Internal Audit. In assessing the effectiveness of the internal control within Nordnet, the Board primarily relies on the work carried out by the control functions. 

Nordnet shall work with risks in accordance with the principles associated with the three lines of defence. The first line of defence is comprised of the operations in the line organization and pertains to all risk management activities done by line management and staff.

The second line of defence is comprised of the risk control and compliance functions. They are independent of the line operations and monitor, control and report the Nordnet’s risks and regulation compliance and shall also support and provide advice to the first line of defence.

The third line of defence is comprised of the internal audit function that carries out independent periodic audits of the governance structure and the system for internal control. Within Nordnet, the internal audit is performed on direct assignment from the Board of Directors by external consultants. Read more about the three lines of defence in the Annual Report of 2019, note 7.

The Internal Capital and Liquidity Assessment process (IKLU) is a continuous process that evaluates the capital and liquidity requirements in relation to Nordnet’s risk profile, plans and global factors. As part of the internal capital assessment, a comprehensive study and analysis is conducted of the risks in the operations. Nordnet is working for the entire organization to be involved in risk analysis. All employees are responsible for identifying risks and increasing their knowledge about these. The IKLU process is part of the organization’s work with risk and requires an active participation of risk owners and the employees concerned.

The risks to which Nordnet is exposed are divided into the following categories:

• Credit risk including concentration risk
• Market risk
• Financing risk/Liquidity risk
• Operational risk
• Risks in the insurance operations

For a description of each one of the above mentioned risks, see the Annual Report of 2019, note 7.

For Nordnet, proper and secure information management is a key element in maintaining trust from customers, authorities, owners and partners. Maintaining this trust and making use of the potential of digitalization requires structured information and IT security work, which is integrated throughout our entire operations. We ensure this by:

• Involvement of Management and the Board in the structure of the security work
• Nordnet’s security controls are evaluated and improved on an ongoing basis
• Nordnet participates in collaboration activities both at the national level and in the Nordic region to strengthen security in society
• There is a process for approving significant changes in the operations
• Our various IT systems are monitored around the clock, all year
• Our staff undergo security training

In order to further strengthen Nordnet’s information and data security, a number of improvement measures were implemented in 2019. For example, we structured the responsibility for systems and trained our systems owners, verified that our critical systems have an appropriate security level and examined our primary suppliers. In 2020, we will work to further improve our monitoring and security for our staff.

In accordance with the Board’s procedures and procedures for the subsidiaries Nordnet Bank AB and Nordnet Pensionsförsäkring AB and the regulations of the Swedish Financial Supervisory Authority, the Board has appointed an independent review function/internal audit, which is directly subordinate to the Board.The internal auditor’s work is based on a Board-approved instruction. Internal auditing shall review and periodically evaluate if the company’s internal controls are appropriate and effective. As at 2018, the function is held by E&Y.