We operate in a competitive market for payments and digital services which is characterised by changes to technology, business and operations, making risk management an integral part of doing business at Nets. Our company’s position at the forefront of the financial technology innovation, operating within an environment of shifting regulation and destabilizing threats, drives an ever-shifting risk landscape.
In order to navigate in this environment and create continued value for our stakeholders, we have set a clear course of action for managing the risks facing Nets.
Governance of risk at Nets
At Nets, we operate a tiered approach to risk governance. The Board of Directors delegates authority to the executives running Nets’ Risk Management group to take responsibility for the overall governance of Nets and our risk landscape, setting the company’s risk appetite, tolerances and limits and approves strategies and policies within the area of risk, security and business continuity.
The Board appoints an Audit Committee which supervises the relevance and applicability of board approved policies, including risk management policies, audit plans, charters and other governing sources. A three lines of defence model is implemented throughout the organisation and forms the basis for risk decision-making within Nets.
First line of defence
Formed by the operating segments performing the day-to-day risk management activities by identifying, assessing and treating risks. The operating segments functionas risk owners and are thus responsible for compliance with legal, contractual and regulatory requirements as well as risk management in relation to IT systems, information security, business continuity, projects and processes.
Second line of defence
Formed by Risk Management group function, which assesses the risks identified in the operating segments and based on this submits a report on the consolidated Nets risk landscape to the Executive Committee, the Audit Committee and finally to the Board of Directors.
Third line of defence
Undertaken by our internal and external auditors and thus serves as an independent assurance concerning the risk and control functions performed by the first and second lines of defence.
Risk methodology & reporting
At Nets, our risk management methodology adopts the risk management approach of the ISO 31000 standard with a continuous risk management process as follows:
The risk reporting reflects the three lines of defence and has our risk landscape as its point of reference in the risk management process. Each business unit and operational unit develops its own risk landscape. The landscape reflects inherent risks related to our business but also risks stemming from the use of IT systems and operational processes, financial activity and compliance/legal matters.