Corporate governance

Articles of Association for Nordnet AB (publ), 556249-1687

§ 1 Name

The name of the company shall be Nordnet AB. The company is a public company (publ).

§ 2 Registered Office

The registered office of the company shall be in Stockholm.

§ 3 Purpose

The purpose of the company’s operations shall be, through wholly- or partially-owned companies, to conduct banking operations, securities operations and insurance operations and operations compatible therewith, and on its own or through wholly- or partially-owned companies, to conduct insurance brokerage operations, offer and provide credits to consumers, and provide financial information via the Internet and operations compatible therewith.

§ 4 Share Capital

The share capital shall be no less than SEK 77,872,654 and no more than SEK 311,490,616.

§ 5 Numbers of Shares

The number of shares shall be no less than 77,872,654 and no more than 311,490,616.

§ 6 Record Day Provision

The company’s shares shall be registered in the share ledger according to the Swedish Companies Act (1998:1479) regarding account management of financial securities.

§ 7 Board of Directors

The board of directors shall consist of no less than three and no more than ten members. The members shall be elected annually at the annual general meeting for the period until the end of the next annual general meeting.

§ 8 Auditor

At the annual general meeting, one auditor with or without a deputy auditor shall be elected. A registered auditing firm may also be appointed as auditor.

§ 9 Notice

Notices of shareholders meetings shall be made by advertising in the Official Swedish Gazette [Post- och Inrikes Tidningar] and on the corporate website. An announcement that the notice has been made shall be published in Svenska Dagbladet.

In order to participate in the meeting, a shareholder shall be included in the print-out of the entire share ledger, reflecting the situation five days before the meeting, and also notify the company of his or her attendance no later than 4 pm on the day stated on the notice of the meeting. This day may not be a Saturday or Sunday, other public holiday, Midsummer’s Eve, Christmas Eve or New Year’s Eve, and may not be before the fifth day (excluding Sundays) before the meeting.

A shareholder shall also notify the company of the number of advisers that the shareholder intends to take to the shareholders meeting in the manner prescribed in the section above.

§ 10 Shareholders Meetings

Shareholders meetings shall be held in Stockholm or Gothenburg.

The annual general meeting shall be held annually within six months after the end of the financial year.

At the Annual General Meeting of Shareholders the following matters shall be addressed.

1. Election of chairman of the meeting.

2. Preparation and approval of the voting list.

3. Election of secretary of the meeting and of two persons to certify the minutes.

4. The issue of whether the meeting has been duly called.

5. Approval of the agenda.

6. Presentation of the annual report and auditor’s report and, if any, the group annual report and the group auditor’s report.

7. Decisions:

a) regarding adoption of the income statement and balance sheet and, if any, the group income statement and the group balance sheet.

b) regarding discharge from liability for the board of directors and the managing director,

c) regarding the profit or loss of the company in accordance with the adopted balance sheet.

8. Determination of the number of directors and deputy directors.

9. When required, determination of the number of auditors and deputy auditors.

10. Determination of the fees for the board of directors and the auditors.

11. Election of the board of directors and deputy board members, and if applicable, auditors and deputy auditors.

12. Decisions regarding guidance for deciding salary and other remuneration to the CEO and Group executives.

13. Any other matter which is incumbent on the meeting according to the Companies Act or the articles of association.

§ 11 Chairman

The chairman of the board, or if he or she is unable to attend, the person appointed by the board of directors, shall open the meeting and chair the meeting until a chairman of the meeting has been elected.

§ 12 Financial Year

The company’s financial year shall be the calendar year.

______________________________________________________
Adopted at the Extraordinary General Meeting, 11 August 2010.

Exposure to risk is a fundamental element of Nordnet’s operations. It is very important to ensure that exposure to risk takes place under controlled forms. Nordnet’s ambition is for its control environment to be permeated by the company’s ethical values and corporate culture. The ethical guidelines are adopted by the Board and communicated to all employees, as are other governance documents in the form of policies, guidelines and instructions with a view to limiting and controlling the company’s risks and risk exposure.

How risk management is conducted is described in the risk management framework. The framework is comprised of a number of steering documents that describe the strategies, processes, procedures, internal regulations, limits, controls and reporting procedures. The risk framework is integrated into the organization and covers all relevant risks.

The Board at Nordnet holds the overall responsibility for ensuring a good internal control of Nordnet’s operations in accordance with the directives, laws and regulations applicable to its business. This responsibility involves ensuring that there are independent functions for the control and management risks and regulatory compliance and that they report on how the operations are conducted in this respect to the Board and the management. Nordnet’s control functions are Risk Control, Compliance and Internal Audit. In assessing the effectiveness of the internal control within Nordnet, the Board primarily relies on the work carried out by the control functions. 

Nordnet shall work with risks in accordance with the principles associated with the three lines of defence. The first line of defence is comprised of the operations in the line organization and pertains to all risk management activities done by line management and staff.

The second line of defence is comprised of the risk control and compliance functions. They are independent of the line operations and monitor, control and report the Nordnet’s risks and regulation compliance and shall also support and provide advice to the first line of defence.

The third line of defence is comprised of the internal audit function that carries out independent periodic audits of the governance structure and the system for internal control. Within Nordnet, the internal audit is performed on direct assignment from the Board of Directors by external consultants. Read more about the three lines of defence in the Annual Report of 2018, note 7.

The Internal Capital and Liquidity Assessment process (IKLU) is a continuous process that evaluates the capital and liquidity requirements in relation to Nordnet’s risk profile, plans and global factors. As part of the internal capital assessment, a comprehensive study and analysis is conducted of the risks in the operations. Nordnet is working for the entire organization to be involved in risk analysis. All employees are responsible for identifying risks and increasing their knowledge about these. The IKLU process is part of the organization’s work with risk and requires an active participation of risk owners and the employees concerned.

The risks to which Nordnet is exposed are divided into the following categories:

• Credit risk including concentration risk
• Market risk
• Financing risk/Liquidity risk
• Operational risk
• Risks in the insurance operations

For a description of each one of the above mentioned risks, see the Annual Report of 2018, note 7.

For Nordnet, proper and secure information management is a key element in maintaining trust from customers, authorities, owners and partners. Maintaining this trust and making use of the potential of digitalization requires structured information and IT security work, which is integrated throughout our entire operations. We ensure this by:

• Involvement of Management and the Board in the structure of the security work
• Nordnet’s security controls are evaluated and improved on an ongoing basis
• Nordnet participates in collaboration activities both at the national level and in the Nordic region to strengthen security in society
• There is a process for approving significant changes in the operations
• Our various IT systems are monitored around the clock, all year
• Our staff undergo security training

To further strengthen Nordnet’s security, we implemented several improvement measures in 2018. For example, we recruited IT security specialists, tested the staff’s security awareness, trained HR personnel in secure recruitment and clarified the responsibility for our system owners. In 2019, we will further strengthen our incident management, train our programmers in secure development and strengthen traceability in our IT systems.

In accordance with the Board’s procedures and procedures for the subsidiaries Nordnet Bank AB and Nordnet Pensionsförsäkring AB and the regulations of the Swedish Financial Supervisory Authority, the Board has appointed an independent review function/internal audit, which is directly subordinate to the Board.The internal auditor’s work is based on a Board-approved instruction. Internal auditing shall review and periodically evaluate if the company’s internal controls are appropriate and effective. As at 2018, the function is held by E&Y.