Corporate governance

Articles of Association for Nordnet AB (publ), 556249-1687

§ 1 Name

The name of the company shall be Nordnet AB. The company is a public company (publ).

§ 2 Registered Office

The registered office of the company shall be in Stockholm.

§ 3 Purpose

The purpose of the company’s operations shall be, through wholly- or partially-owned companies, to conduct banking operations, securities operations and insurance operations and operations compatible therewith, and on its own or through wholly- or partially-owned companies, to conduct insurance brokerage operations, offer and provide credits to consumers, and provide financial information via the Internet and operations compatible therewith.

§ 4 Share Capital

The share capital shall be no less than SEK 77,872,654 and no more than SEK 311,490,616.

§ 5 Numbers of Shares

The number of shares shall be no less than 77,872,654 and no more than 311,490,616.

§ 6 Record Day Provision

The company’s shares shall be registered in the share ledger according to the Swedish Companies Act (1998:1479) regarding account management of financial securities.

§ 7 Board of Directors

The board of directors shall consist of no less than three and no more than ten members. The members shall be elected annually at the annual general meeting for the period until the end of the next annual general meeting.

§ 8 Auditor

At the annual general meeting, one auditor with or without a deputy auditor shall be elected. A registered auditing firm may also be appointed as auditor.

§ 9 Notice

Notices of shareholders meetings shall be made by advertising in the Official Swedish Gazette [Post- och Inrikes Tidningar] and on the corporate website. An announcement that the notice has been made shall be published in Svenska Dagbladet.

In order to participate in the meeting, a shareholder shall be included in the print-out of the entire share ledger, reflecting the situation five days before the meeting, and also notify the company of his or her attendance no later than 4 pm on the day stated on the notice of the meeting. This day may not be a Saturday or Sunday, other public holiday, Midsummer’s Eve, Christmas Eve or New Year’s Eve, and may not be before the fifth day (excluding Sundays) before the meeting.

A shareholder shall also notify the company of the number of advisers that the shareholder intends to take to the shareholders meeting in the manner prescribed in the section above.

§ 10 Shareholders Meetings

Shareholders meetings shall be held in Stockholm or Gothenburg.

The annual general meeting shall be held annually within six months after the end of the financial year.

At the Annual General Meeting of Shareholders the following matters shall be addressed.

1. Election of chairman of the meeting.

2. Preparation and approval of the voting list.

3. Election of secretary of the meeting and of two persons to certify the minutes.

4. The issue of whether the meeting has been duly called.

5. Approval of the agenda.

6. Presentation of the annual report and auditor’s report and, if any, the group annual report and the group auditor’s report.

7. Decisions:

a) regarding adoption of the income statement and balance sheet and, if any, the group income statement and the group balance sheet.

b) regarding discharge from liability for the board of directors and the managing director,

c) regarding the profit or loss of the company in accordance with the adopted balance sheet.

8. Determination of the number of directors and deputy directors.

9. When required, determination of the number of auditors and deputy auditors.

10. Determination of the fees for the board of directors and the auditors.

11. Election of the board of directors and deputy board members, and if applicable, auditors and deputy auditors.

12. Decisions regarding guidance for deciding salary and other remuneration to the CEO and Group executives.

13. Any other matter which is incumbent on the meeting according to the Companies Act or the articles of association.

§ 11 Chairman

The chairman of the board, or if he or she is unable to attend, the person appointed by the board of directors, shall open the meeting and chair the meeting until a chairman of the meeting has been elected.

§ 12 Financial Year

The company’s financial year shall be the calendar year.

______________________________________________________
Adopted at the Extraordinary General Meeting, 11 August 2010.

Exposure to risk is a fundamental element of Nordnet’s operations. It is very important to ensure that exposure to risk takes place under controlled forms. Nordnet’s ambition is for its control environment to be permeated by the company’s ethical values and corporate culture. The ethical guidelines are adopted by the Board and communicated to all employees, as are other governance documents in the form of policies, guidelines and instructions with a view to limiting and controlling the company’s risks and risk exposure. A low risk level and the markets confidence are high priorities for Nordnet. As a consequence of this, Nordnet shall continuously strive to strengthen the risk awareness of the organization and the necessary conditions for good control and follow up with risk owners and controlling units.

The Board at Nordnet holds the overall responsibility for ensuring a good internal control of Nordnet’s operations in accordance with the directives, laws and regulations applicable to its business. This responsibility involves ensuring that there are independent functions for the control and management risks and regulatory compliance and that they report on how the operations are conducted in this respect to the Board and the management. Nordnet’s control functions are Risk Control, Compliance and Internal Audit. In assessing the effectiveness of the internal control within Nordnet, the Board primarily relies on the work carried out by the control functions. 

The CEO is responsible for the on-going administration of the company in accordance with the policies, strategies and steering documents adopted by the Board. Nordnet shall work with risks in accordance with the principles associated with the three lines of defence. The first line of defence consists of the operations. The second line of defence consists of Risk Control and Compliance. They monitor, control and report on Nordnet’s risks and its compliance with internal and external regulations. The third line of defence consists of Internal Audit which performs a regular review of both management and Nordnet’s internal controls, the work of the control functions and Nordnet’s risk management. Within Nordnet, the internal audit is performed on direct assignment from the Board of Directors by external consultants. Read more about the three lines of defence in the Annual Report of 2017, note 7.

The Internal Capital and Liquidity Assessment process (IKLU) is a continuous process that evaluates the capital and liquidity requirements in relation to Nordnet’s risk profile, plans and global factors. As part of the internal capital assessment, a comprehensive study and analysis is conducted of the risks in the operations. All employees are responsible for identifying risks and increasing their knowledge about these. The IKLU process is part of the organization’s work with risk and requires the active participation of risk owners and the employees concerned.

The risks to which Nordnet is exposed are divided into the following categories:

• Credit risk including concentration risk
• Market risk
• Financing risk/Liquidity risk
• Operational risk
• Risks in the insurance operations

For a description of each one of the above mentioned risks, see the Annual Report of 2017, note 7.

For Nordnet, high security in our banking services is a basic and important area. This is why IT security is one of Nordnet’s most important core competencies. We closely monitor technological developments to ensure that our services remain at the forefront, making online trading in securities both easy and secure.

When our customers are logged into their security accounts, all communications between the customer and the website are encrypted to protect against unauthorized access. The security is ensured, as Nordnet’s website only uses trusted certificates, a form of digital identification that contains a key used to encrypt the information between the user and the systems. That way we are able to safeguard that the information transmitted between the web browser and the web server cannot be accessed by unauthorized persons.

Nordnet’s IT systems are monitored around the clock, every day of the year. In addition, regular independent security reviews are conducted by IT security experts and IT auditors. Nordnet’s work on information security is centered around continuous improvements, and we regularly implement measures to ensure that all services and systems maintain a high level of security.

In accordance with the Board’s work procedure and the work procedures for the subsidiaries Nordnet Bank AB and Nordnet Pensionsförsäkring AB and the regulations of the Swedish Financial Supervisory Authority, the Board has appointed an internal auditor that is directly subordinate to the Board. The work of the internal auditor will be based on a review plan established annually by the Board. This review will involve assessments of the internal control of the operations and of its appropriateness.

The function of internal auditor was held by KPMG from April 2014 until the end of 2017. As at 2018, the function is held by E&Y.