Risk management and internal control

DNB's risk management and internal control

All of the Group's operations entail risk. The ability to manage risk is the core of financial activity and a prerequisite for long-term value generation. The Group aspires to have a low risk profile and will only assume risk which is understood and can be followed up. DNB shall not be associated with activities that can harm its reputation. Risk management and internal control shall help ensure effective operations and prudent management of significant risks.

The work on risk management in DNB is characterized by individual responsibility, transparent methods and processes that support sound risk management. Risk management shall be of good quality and have high information value. The Group's report on capital adequacy requirements and risk management, the Pillar 3 report, includes a description of risk management and framework structure, capital management and capital calculations, in addition to the assessment and monitoring of various types of risk. In addition, DNB's adaptations to and compliance with the capital adequacy requirements are described. 

Responsibility for risk management and internal control is distributed along three lines of defence

  1. The first line of defence includes all of DNB’s operative functions. It is the operative managers’ responsibility to establish, manage and follow up internal control within their own area of responsibility, including processes and activities to reach defined goals relating to operational efficiency, reliable financial reporting, risk management and compliance with laws and regulations. The employees are responsible for carrying out the established internal control through their daily tasks. All authorisations linked to risk-taking in the first line of defence must be personal, and all risk must be owned by the first line. 
  2. The second line of defence consists of independent and autonomous control functions, which use a risk-based approach to monitor, report on and give advice about risk-related issues and compliance and follow up the internal control activities carried out by the management and employees in the operative functions. In DNB, second line of defence functions are organised under Group Risk Management and Group Compliance.
  3. The third line of defence is internal audit (Group Audit), which uses a risk-based approach to review and assess the Group’s processes for governance and internal control. Group Audit is independent of the Group’s executive management and reports to the Board of Directors.