Internal control and risk management

Municipality Finance Plc (MuniFin) has a strategy approved by the Board of Directors (the Board). In addition, the Board has confirmed internal guidelines  related to administration and risk management and those guidelines serve as the key principles for the company’s risk management and internal control. MuniFin has also a significant amount of other internal guidelines to support the arrangement of the governance and risk management.

One of the internal guidelines approved by the Board is MuniFin’s Corporate Governance Policy, which describes the principles guiding the governance and the essential governance related practices. The Corporate Governance Policy also includes principles for managing any conflicts of interest. The Corporate Governance Policy is updated on a regular basis.

Due to the nature of its operations, MuniFin is inevitably exposed to numerous risks, and thus the internal control and risk management form a part of the company’s strategic planning and management. The efficient internal control and risk management are included in the company’s daily operations, which increases the security and customer satisfaction, contributes to the achievement of the set objectives, and ensures that the company’s risk position remains at a desired level.

The purpose of the internal control is to ensure that the risks associated with lending, funding, investment and other business operations are in line with the company’s approved risk profiles and that the company attains the objectives set for its business. The aim is to keep the overall risk status at a level so low that MuniFin’s credit rating is the best possible in respect to that of the Republic of Finland and that the company’s strong credit rating is not compromised through any actions of its own. The internal control at MuniFin includes a financial administration that manages financial reporting, a risk management function, which reports on the company’s risk position and any changes to it and is independent of the business of the company, and the internal audit performed by business units, which produces reports that are processed by supervisors, the President and CEO assisted by the Executive Management Team, as well as the Board.

MuniFin’s general principles, limits and measurement methods used in the risk management are decided by the Board. The implementation of the risk management is the responsibility of the President and CEO, who is assisted by the Executive Management Team, and various functions/units in accordance with the duties delegated to them.

MuniFin’s risk position related monitoring and reporting duties have been differentiated to the independent Risk Management and Compliance function, which also prepares various analyses in support of decision-making by the company’s management. The risk management and the company’s risk position are reported to the Executive Management Team and the Board (including the Board’s Risk Committee) on a regular basis.

The management of operational risks, including information systems critical to the company’s business operations, and the monitoring of operational risks are part of the ordinary processes of functions and units. In addition, the company’s independent Risk Management and Compliance function bears overall responsibility for the monitoring of operational risks.  A part of the management of operational risks are tasks related to the compliance with the external and internal regulation, such as follow-up on regulation that affects the company’s operations, communication, training and monitoring. These tasks are the responsibility of the Compliance and Operational Risks unit, which operates under the Risk Management and Compliance function.

Internal audit

The tasks of the Internal Audit include assessing the reliability and accuracy of MuniFin’s financial and other management information. These tasks also include ensuring that the company has adequate and properly organised manual and IT systems for its operations and that the risks associated with the operations are being managed sufficiently.

The Board approves an operational plan for the internal audit for each financial period. All audits performed by the Internal Audit are reported to the company’s executive management, the Audit Committee and the Board. The company monitors the measures based on recommendations issued by the internal audit and the implementation of the measures is reported to the Executive Management Team, the Audit Committee and the Board on an annual basis. The Internal Audit assesses the status of the implementation of the measures.

External audit

The company’s auditor must be an auditing corporation certified by the Central Chamber of Commerce. The auditor’s term is the financial period, and the term ends at the closing of the Annual General Meeting following its election. The company’s financial period is the calendar year. The lead audit partner may act as the company’s auditor for a maximum of seven consecutive terms.

The Audit Committee prepares the appointment of the auditor and makes a proposal to the Board, which presents the proposal to the Annual General Meeting. In the appointment process, the Audit Committee must considerthe auditor’s independence. The auditing is monitored and supervised by the Audit Committee.

Insider administration, transactions of the management and conflicts of interest

As an issuer of a financial instrument admitted to trading in a regulated market, MuniFin is obliged to maintain an insider list. This list includes a section of permanent insiders, in which MuniFin’s employees who have regular access to the company’s inside information are included. This section of the insider list also includes other individuals and corporate bodies who have access to the company’s inside information on a regular basis.

While MuniFin does not, in practice, offer investment services, through its position as a credit institution authorised to offer investment services it is, however, obligated to maintain a public insider register, in which the members of the Board, the CEO and President and the Deputy to CEO must be declared. Other individuals in the company are not subject to the declaration requirement, as the company’s current business operations do not include offering investment services in a form that would give employees the opportunity to receive insider information.

MuniFin has guidelines in place for insiders, which have been approved by the Executive Management Team. Those included in the insider register and the insider list are obliged to comply with these guidelines.

MuniFin is obligated to make public all transactions conducted by its managers with the financial instruments issued by the company. Municipality Finance has concluded that the notification obligation applies to the members of the Board of Directors and Executive Management Team.

The company has a Responsibility Policy approved by the Board and principles are in place for managing conflicts of interest. The key principle in this policy is that Municipality Finance always strives for  equal treatment of its customers and other partners. The company’s business operations must not be based on personal interests of any individuals. In every case, MuniFin will inform the customer or other counterparty if a business transaction may involve a risk of a conflict of interest. Members of the  Board act independently, considering the interests of both the company and all of its shareholders.