Internal supervision, risk management, internal auditing, insider trading regulations

Internal supervision is a process used to ensure

  • The achievement of established objectives and aims,
  • The economic and efficient use of resources
  • Sufficient management of the risks related to our activities
  • The reliability and accuracy of financial and other governance information
  • Compliance with laws, regulations and instructions, as well as
  • Compliance with the decisions of the administrative organs, internal plans, rules and procedures.

Risk management objectives and foundations

Risk management is part of internal supervision and its purpose is to support the company in implementing the strategy and reaching the business operation objectives, secure the continuity of the business operations, and to manage the uncertainty factors or threats related to these areas as well as to the company’s reputation.

The arrangement of Elo’s risk management is based on compliance with the regulations issued by the authorities and the aim of achieving the best practices in terms of risk management. Through risk management, we will be able to ensure the continuity of our operations and to support the company in enhancing its competitive edge. The company endeavours to enact comprehensive risk management that will support the activities of the entire organisation, while also supporting the implementation of the company's strategy and business operation objectives, and securing the continuity of these business operations. In accordance with the company's risk management principles, risk management shall be comprehensive and systematic:

  • Comprehensive - risk management shall concern all risk classes and all aspects of the organisation.
  • Systematic - the risk management processes shall be systematic and ongoing.

Risk management process

The objectives and principles of risk management, the risk-bearing capacity, the responsibilities related to risk management and the main characteristics of the risk management process are all described in the company's risk management policy. The risk management plan, drafted on an annual basis, defines in more detail the company's risk-taking willingness and describes the risks detected in the risk surveys along with the related procedural plans and appointing of persons in charge.

The risk management process is comprised of four stages:

  • Identification of risks,
  • Measurement and assessment of risks (in advance),
  • Planning and implementation of risk management measures and risk preparedness, and
  • The follow-up, supervision and reporting of risks.

Risk management planning is carried out in a manner that is consistent with the company’s strategic, annual and investment planning.

Organisation and responsibilities of risk management

The Board of Directors assumes full responsibility for the organisation of internal supervision and risk management, as well as for the annual evaluation of the state of internal supervision. The Board of Directors approves the risk management principles (risk management policy) and, on an annual basis,a risk management plan related to the steering of the company, and follows up on the progress of the management measures presented therein on the basis of the reports it receives. The Board is assisted by the Audit Committee whose tasks include, for example, monitoring the company’s financial position and financial reporting, the sufficiency and appropriateness of internal supervision and risk management, and the handling of the planning and reporting related to internal auditing.
The Managing Director is responsible for the organising and supervising of risk management, and for the content of the risk management plan concerning the company’s key risks drawn up and presented to the Board of Directors for approval. The Managing Director is supported in these tasks by the company management groups and other operational coordination groups and the company’s risk management functions.

Acting as members of the Executive Group, the owners of the main processes and directors of the support units are responsible for supervising the implementation of internal supervision and appropriateness of the risk management process within their own operations and processes. Elo’s Investment Committee monitors the financial risks of investment operations. Actuarial Services monitors the insurance technical risks.

Internal auditing

Internal auditing assists the company management and Board of Directors to reach their objectives by assessing the sufficiency and effectiveness of the risk management processes, by issuing recommendations for their improvement, and by consulting on their development.

Compliance

Compliance activities are organised through the Legal Affairs unit. Within the company’s risk management system, the compliance activities involve supporting business operations by ensuring and supervising conformity with government norms (laws, decrees, regulations, instructions).

Risk management process

Elo’s risk management policy describes the objectives of risk management and the principles applied to reach those objectives, determines the responsibilities of risk management, the risk management process and the company’s risk-bearing capacity and risk-taking willingness, and the manner of reporting the risks to the Board of Directors and within the organisation.

Elo’s risk management process is as uniform as possible across the entire organisation. The risk management process is comprised of four stages:

  1. Identification of risks,
  2. Risk assessment,
  3. Planning and implementation of risk management measures, and
  4. The follow-up and reporting of risk management (realised risk management measures).

The aim has been to integrate the risk management process into the company’s strategic planning.

Elo’s central risks concern investment activities, insurance techniques, operations, and strategies. The company’s strategic risks are surveyed and updated in connection with Elo’s strategic planning.