The Nordnet group consists of several legal entities. A full description of the Nordnet group’s structure can be found here.
Each legal entity adopts its own internal rules to govern its operations. Nordnet AB (publ) is the parent company and adopts policies that affect the governance of the group. Operations-specific policies are adopted by the applicable legal entity where the operations in question are conducted.
Below is a non-exhaustive list of policies that are relevant for the Nordnet group’s operating activities.
The Anti-Corruption Policy clarifies Nordnet’s position on corruption and acknowledges the importance of the combat against corruption. Nordnet strongly opposes corruption in any form.
There is no standardized definition of corruption, but a commonly used description of the concept is to use one’s position to achieve an undue advantage for one's own or someone else's gain. Corruption can occur in different shapes and forms, such as general nepotism, abuse of power and conflicts of interest. However, corruption can also be criminalized, such as bribery.
At Nordnet, the following is considered acceptable behavior:
- Prohibition on giving and receiving benefits. Employees, consultants and other parties acting on behalf of Nordnet may never, other than in exceptional cases described in the policy, give or receive benefits in their professional practice.
- Prohibition on engaging intermediaries. Nordnet shall not, other than in exceptional cases described in the policy, engage intermediaries. In this context, an intermediary is a natural or legal person appointed to represent Nordnet in a particular matter and to whom Nordnet supplies money or other assets.
- Compliance with Nordnet’s Supplier Code of Conduct. Before outsourcing or entering into an agreement with a major supplier, Nordnet shall ensure that the supplier commits to Nordnet’s Supplier Code of Conduct.
- Prohibition on sponsoring. Nordnet shall not engage in sponsoring. However, Nordnet may provide financial support to initiatives within the framework of its sustainability work, such as education of young people in personal finances and programming, and activities aiming for increasing equality within savings and investments.
Nordnet’s General Counsel is responsible for Nordnet’s anti-corruption framework. This responsibility includes ensuring that everyone subject to the policy receives regular training on bribery and anti-corruption, that annual risk assessments are conducted, that there is an approval procedure for granting exceptions in place, and that employees are consulted on ethical issues, where requested.
The Code of Conduct describes Nordnet’s way of working and guides Nordnet in building long-lasting relationships with customers and other stakeholders. The Code of Conduct covers all employees and representatives, including members of the board, independent contractors and consultants.
The Code of Conduct gives guidance on how to safeguard the interest of Nordnet’s customers in a transparent and fair way, what to do in order to be a good member of society, and how to behave towards customers and colleagues. It is distributed in the onboarding process and signed by each employee or consultant before starting their employment at Nordnet, and all employees and consultants confirm that they have read and understood the contents of the Code of Conduct annually.
The Communication Policy establish overall principles for communication, including disclosure of information in accordance with the market abuse regulation (MAR). It is stated in the policy that Nordnet as an organization is politically neutral. We do not give general support to specific political parties or politicians, but focus on topics related to personal finance, savings and investments. We do not have political opinions in topics unrelated to savings and investments.
The Customer Complaints Policy ensures that Nordnet’s handling of complaints is well-functioning and efficient, including, among other things, that Nordnet replies to complaints as soon as possible and in an objective and correct manner.
To maintain a high level of trust among the Nordnet’s customers, it is important that there is a responsiveness to problems that customers experience with regards to financial services generally and Nordnet’s services specifically. When a customer notifies Nordnet of such problems, it is important that the customer is treated correctly and that necessary adjustments to Nordnet’s services and routines are made in order to avoid similar problems in the future.
The complaints procedure is explained to the customers on Nordnet’s respective websites: Sweden, Norway, Denmark, Finland.
The Credit Policy states Nordnet’s overall credit risk strategy and credit risk appetite in order to ensure a long-term sustainable credit portfolio with balanced profitability in relation to risk. The policy establishes and defines qualitative goals, frameworks, and rules for Nordnet’s management of the risks associated with credit granting to ensure that all credit granting is properly controlled and in compliance with applicable regulations.
Nordnet shall have a sound credit culture that is characterized by a business-oriented and risk conscious approach. Customers are to be treated in an honest, fair, transparent and professional manner. All analyses and decisions should be based on information about the customer's circumstances and specific requirements as well as reasonable assumptions about the risks that may arise during the term of the credit agreement. All credit granting within Nordnet shall be based on the customer’s ability to make repayments and credit may only be granted if the credit obligation is expected to be fulfilled.
The policy also establish that sustainability have a central role in Nordnets lending business. The sustainability aspects are implemented in several different processes, for example through monitoring concentration risks to certain geographical areas identified as high risk and when setting pawn values on financial instruments.
The policy states that Nordnet continuously shall monitor its compliance with privacy regulations and have a clear allocation of responsibilities with regards to privacy issues. Nordnet shall ensure appropriate technical and organizational measures, for example proper and efficient internal governance, clear and guiding principles, and a safe and practical technical environment.
Nordnet shall ensure that data subjects can exercise all their rights under the GDPR, that personal data breaches which are not unlikely to result in a risk to the rights and freedoms of data subjects are notified to the relevant supervisory authority without undue delay and at the latest within 72 hours after having become aware of it, and that privacy related trainings are provided to new employees and that any further trainings are provided when deemed necessary.
Nordnet’s DPO shall report regularly, at least annually, on significant privacy risks to the Board and to the CEO.
Information on Nordnet’s data processing can be found on Nordnet’s respective websites: Sweden, Norway, Denmark, Finland.
The Equal Opportunities Policy clarifies how Nordnet commits to equal opportunities in the workplace where individuals are selected and treated on the basis of their relevant merits and abilities, without regard to race, religion or belief, color, sex, age, national origin, disability or sexual orientation. The aim is to ensure that no job applicant or employee receives less favorable treatment on grounds which are not relevant to good employment practice.
By actively working to offer and promote equal rights, opportunities and obligations to all employees, Nordnet creates a work environment where employees feel comfortable and safe.
The Ethics Policy clarifies how situations not directly regulated in external or internal regulations should be addressed based on moral and ethical considerations, with the aim of promoting and maintaining a high ethical standard within Nordnet. If there are doubts on what is ethically acceptable, employees should turn to an immediate manager or to the Compliance function before an action is taken.
In its operations, Nordnet shall:
- Behave in an honest, fair and professional manner,
- Act with appropriate skill, care, diligence and urgency,
- Keep and use efficiently the resources and procedures necessary for the proper operation of the business,
- In its contacts with customers, provide sufficient information regarding circumstances of significance to the context,
- Identify and address conflicts of interests, as well as preventing the interests of customers from being adversely affected by conflicts of interest, and
- Otherwise adhere to all regulations applicable to the operations.
The Marketing Policy establishes Nordnet’s processes and routines to ensure proper compliance when conducting marketing activities. The following fundamental marketing principles must always be complied with:
- All communication must be legal, decent, honest and truthful.
- Communication may not be aggressive. Marketing is considered aggressive if it involves harassment, coercion, physical violence, threats or other aggressive pressure agents.
- All communication should be designed and presented in a way that makes it apparent that it is Nordnet that is responsible for the marketing.
- All communication should be designed and presented in a way that makes it clear that it constitutes marketing.
- Nordnet may not use false, misleading or unproven information in respect to Nordnet’s own or anyone else’s business activities. Nordnet may not omit significant information in the marketing of its own or another’s business activities (e.g. business partners).
- Nordnet may only make comparisons to identifiable competitors and products provided that Nordnet does not take unfair advantage of the reputation of another trader’s mark and name, nor make comparisons that are discrediting or may create confusion among customers or investors.
The Sustainability Policy describes Nordnet’s sustainability strategy by defining activities and guiding principles. Nordnet’s overall aim is to conduct a fair, ethical and transparent business as well as keep the trust from customers and the market.
The policy covers Nordnet’s environmental impact and clarifies that Nordnet shall report on greenhouse gas emissions in accordance with the Greenhouse Gas Protocol. The policy also describes, among other things, Nordnet’s overall procurement process and Nordnet’s Supplier Code of Conduct. The Supplier Code of Conduct is based on the Ten Principles of the UN Global Compact and reflects the expectations that Nordnet has for its suppliers.
More information on Nordnet’s sustainability strategy can be found here.
The Policy for Measures Against Money Laundering and Terrorist Financing provides a framework for Nordnet’s work against money laundering and terrorist financing. The work is critical to ensure compliance with external regulatory requirements and to contribute to the stability of the financial system.
The policy includes e.g. the overall processes on how Nordnet can ensure to have good customer knowledge about its customers, and continuously monitor customers’ transactions to discover transactions that can be suspected of having ties to money laundering, the financing of terrorism or other crimes. All employees undergo mandatory training on issues concerning money laundering and terrorist financing annually.
The Policy for Identification and Management of Conflict of Interest describes Nordnet’s processes and procedures to identify circumstances that constitute, or may be expected to cause, a conflict of interest and how to prevent customers or other stakeholders from being adversely affected by such conflicts. A “conflict of interest” entails a situation or circumstance which, with regards to Nordnet’s products and services, may pose a significant risk that the interests of one or more clients or other stakeholders will be adversely affected.
The Policy on the Compliance function, Policy on the Risk Control function, and the Policy on the Internal Audit function provide the framework and responsibilities of Nordnet’s respective control functions.
The Compliance function is Nordnet’s independent function for regulatory compliance. The function is placed within the second line of defense and is responsible for identification of compliance risks within the business. The function regularly reports on such risks to the CEO and the Board of Directors and is responsible for ensuring that applicable external requirements relevant to Nordnet’s licensed operations are known to employees as well as management.
The Risk Control function is Nordnet’s independent function for risk management. The function is placed within the second line of defense and is responsible for identification of all risks within Nordnet, but specifically credit-, market-, liquidity- and operational risks. The function regularly reports on such risks to the CEO and Board of Directors and is responsible for setting the principles and framework for Nordnet’s risk management. The function is responsible for promoting a sound risk management culture by supporting and educating business line managers and staff.
The Internal Audit function is Nordnet’s independent function for assessing Nordnet’s internal control, including the Compliance and Risk Control functions. The function is placed within the third line of defense and is responsible for performing audits in order to evaluate the range, scope, organization, routines and internal control of Nordnet’s operations to assure that the business is run in accordance with the Board’s and the CEO’s directives.
The Policy for Portfolio Management and Investment Advice establishes overall principles on portfolio management and investment advice services and ensures that Nordnet complies with relevant laws and regulations.
The Policy for Product Governance of Insurance Products establishes requirements which Nordnet must consider when distributing insurance products. The policy entails that Nordnet shall have a product approval process in place and regularly review insurance products that Nordnet offers and markets. Nordnet shall establish and specify a target market for insurance products and establish an appropriate distribution strategy.
Nordnet shall have a product distribution system that enables Nordnet to obtain all necessary information about the product from the manufacturer for Nordnet to understand the product, establish a target market, and enable the distribution of the product in a way that protects the interests of the customer.
The Policy for Product Governance, Distribution and Production of Financial Instruments contains requirements which Nordnet must consider when producing and distributing financial instruments.
Nordnet shall have a process for approving financial instruments both as a distributor and as a producer, and regularly review said process. Nordnet shall regularly review each financial instrument it distributes, taking into account any events that may affect the risk for a target market.
It is the responsibility of Nordnet, as both producer and co-producer and distributor, to identify and specify a target market of end customers for each instrument and to establish an appropriate distribution strategy. In these cases Nordnet shall also, when the responsibility for carrying out the risk analysis is assigned to Nordnet, carry out an analysis of different scenarios for the instrument group in order to assess the risk that the financial instrument produce a negative result for an end customer and what circumstances may lead to this.
The Policy for Evaluation and Reporting of Significant Events determines routines for evaluating and reporting events that may jeopardize Nordnet’s stability or the protection of customers’ assets.
Nordnet shall report events of significant importance to the financial supervisory authority, such as events that may lead to changes in the economic conditions in a way that causes Nordnet to fail in its commitments towards its customers. Furthermore, Nordnet shall report events that may lead to a larger number of customers suffering significant economic damages, and events that may lead to a significant loss in Nordnet’s reputation.
The Policy for Internal Governance and Control establishes the main parts of Nordnet’s framework for internal governance and control. Nordnet shall, for example, ensure that there is an appropriate organizational structure with a clear distribution of functions and areas of responsibilities that ensures that Nordnet is governed efficiently and soundly and enables the financial supervisory authority to exercise effective supervision. Furthermore, Nordnet shall ensure that the company has documented decision-making routines, that the responsibilities and duties of each relevant position are properly documented and that all employees have the necessary skill and knowledge to carry out their duties.
The Policy on Personal Account Dealings defines rules and prohibitions regarding employees’ and consultants’ own transactions in financial instruments. The policy is based on industry-common guidelines which are applied across financial institutions with the objective to restrict personal account dealings among employees and consultants to ensure that they do not engage in any speculative trading in such a way that it might risk the customers’ confidence in the securities market, in the financial institutes, or in their employees.
The Risk Policy establishes the general scope of risks which Nordnet is exposed to and how Nordnet should manage and organize the identification, assessment, handling, control, and reporting of its risks.
The policy states Nordnet’s routines for regular reporting on risks and risk management to the Board of Directors, the CEO and other relevant functions within Nordnet. Nordnet’s risk reporting shall be designed to provide reliable, current, complete and timely information, reflecting the nature of different risk types as well as market developments, and follow up on previous recommendations as well as identify new ones.
The Security Policy establishes guiding principles for Nordnet’s security and the Board of Director’s direction with regards to security objectives and security risk appetite. Nordnet shall adopt and implement a tailored security management system, built on proven standards, that enables a systematic approach to security.
Security is integrated throughout the organization via underlying and detailed instructions approved by the CEO with clear allocation of responsibilities. The CEO also approves annual security initiatives and actively participates in Nordnet’s Security Committee, where the business quarterly reports on the status of ongoing security activities to, for example, identify the need of additional supportive measures.
Nordnet shall have a high security awareness, systematic evaluation of security measures and risks, procedures for regular testing and assessments of security measures, and continuous evaluation of security aspects in, for example, Nordnet’s new product approval process.
The Whistleblowing Policy describes Nordnet’s routines and procedures for capturing potential or actual violations against Nordnet’s internal rules, code of conduct, as well as other laws and regulations. Anyone involved in Nordnet’s operational business has the opportunity to call attention to a potential or actual violation, and the employee can remain anonymous throughout the process unless otherwise agreed. An employee who has reported suspected violations will not be held responsible for having breached any obligation of professional secrecy, if the notifier had reason to believe that a violation had occurred.