Operational risks refer to the risk of loss due to incorrect or non-appropriate internal processes and procedures, human errors, incorrect systems or external events, including legal risks.

Operational risks include the following main categories of risk:

  • Personnel risks refer to risks linked to the Group’s organisational structure, personnel management, working conditions, failings in the work environment or internal criminal activity.
  • Business and process risks refer to risks arising due to weaknesses in the implementation or design of the Group’s significant processes and established procedures related to these processes.
  • Legal and compliance risks refers to legal risks leading to financial loss due to violation af laws and regulations within the organisation. It also refers to risks due to non-compliance of legal requirement, external and internal regulatory frameworks and failing to implement new regulatory framework.
  • IT and information security risks refer to risks that affect the availability, integrity or confidentiality of information and communication systems or information used to provide services.
  • External risks refer to risk that are outside the Group’s control, for example, criminal action, supplier failings or disasters. This could also involve outsourcing operations and regulatory changes.

The Group has a standardized risk management process, that among other things includes a framework  for risk identification, assessment, training, control and reporting operational risks

Focus is on managing significant risks by analysing and documenting processes and procedures and by applying risk-mitigating measures. The Group’s processes have been mapped with controls to ensure that identified risks are managed and monitored effectively.

The group has a process for approval of new or significant changes in existing product/services. markets, processes or other major changes  within the organisation. The purpose of the process is to ensure that the group effective and appropriate mitigates the risk that for example may  occur in connection with new or significantly changed products/services.