Finansinspektionen’s General Guidelines Amending Governance and Control Rules for Financial Undertakings

Finansinspektionen’s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished for information purposes only and is not itself a legal document. 1 General guidelines amending Finansinspektionen’s general guidelines (FFFS 2005:1) regarding governance and control of financial undertakings; decided 25/11/2015. Finansinspektionen decides with regard to Finansinspektionen’s general guidelines (FFFS 2005:1) regarding governance and control of financial undertakings in part that Chapter 1, section 3, Chapter 4, section 5 and Chapter 7, section 5 shall be repealed, in part that current Chapter 1, sections 4 and 5 shall be designated Chapter 1, sections 3 and 4, and in part that Chapter 1, section 2, Chapter 2, section 2, Chapter 4, section 1 and Chapter 7, sections 1 and 3 shall have the following wording. Chapter 1 Section 2 These general guidelines apply to – exchanges, – central securities depositories, – clearing organisations, – legal persons with authorisation in accordance with the Insurance Mediation Act (2005:405), – Svenska skeppshypotekskassan, and – mutual benefit societies. If appropriate, the general guidelines should also be applied to groups and financial conglomerates. However, this does not apply to central counterparties in accordance with Regulation (EU) No 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories. Chapter 2 Section 2 Where an undertaking addressed in Chapter 1, section 2 is the parent undertaking in a group, the board of directors of the parent undertaking should endeavour to ensure that common internal rules are adopted in respect of the operations requiring authorisation which are conducted by undertakings within the group. The board of directors of the undertaking in a financial conglomerate which has a superior position within the conglomerate should endeavour to ensure that common internal regulations are adopted for the operations requiring authorisation which are conducted by undertakings within the conglomerate. FFFS 2015:16 Published 04/12/2015

FFFS 2015:16 2 Where appropriate, the functions addressed in Chapter 4 (Risk management and Risk Control), Chapter 5 (Compliance) and Chapter 6 (Independent Monitoring Functions) may be located centrally within a group or a financial conglomerate. The aforesaid shall apply provided that the functions possess expertise and resources relating to all operations requiring authorisation. Chapter 4 Section 1 Risks which should be managed and controlled include, for example, the following:

– credit and counterparty risks, – market risks (interest rate risks, currency risks, and price risks), – liquidity risks, – operational risks (risk of losses due to incorrect or inappropriate internal processes and routines, human error, defective systems or external events, including legal risks). Furthermore, there are specific insurance risks associated with mutual benefit societies, such as – underwriting risks, – provisions risks, – reinsurance risks, and – matching risks. Chapter 7 Section 1 An undertaking may outsource parts of its operations to an external service provider, whether within or outside the undertaking’s own group. However, the board of directors and managing director shall be responsible at all times for the outsourced activities. Section 3 Where an undertaking outsources its operations within a group, bias and conflicts of interest that may arise should be given special consideration. The board of directors should ensure that all such situations of bias and conflicts of interest that may arise are identified and that the undertaking has internal rules to manage them.

These general guidelines shall enter into force on 01/01/2016. ERIK THEDÉEN Sabina Arama Ström