In addition to the Board’s rules of procedure and instructions for the CEO and the Board’s committees, a clear division of roles and responsibilities is ensured for the benefit of effective management of the business’s risks. The Board has also established a number of basic guidelines of importance for the work with internal control.

 

The routines for internal control, risk assessments, control activities and follow-up regarding financial reporting have been created to ensure reliable overall financial reporting and external financial reporting in accordance with International Financial Reporting Standards (IFRS) as well as applicable laws and regulations and other requirements for companies listed on Nasdaq Stockholm. This work involves the Board, executive management and other employees.

 

The external rules that Qliro is covered by, require solid internal control, identification and management of risks as well as requirements for internal control functions. Like all financial companies, Qliro uses a model with three lines of defense to describe roles and responsibilities regarding risk management and control, which is stated in Qliro’s Policy for risk management. Qliro’s board always has the ultimate responsibility for the internal governance and control of the company.

 

The first line of defense refers to all types of risk management carried out within the operational activitivies and its support functions. These activities include the implementation of relevant management, risk management and internal controls when these functions act within their respective areas of responsibility. Qliro’s first line of defense is thus risk owners within each individual business unit. These people must thus identify, assess, control and internally report risks within their own operations.

 

The second line of defense consists of Qliro’s risk control function and compliance function. These functions are separate from Qliro’s business operations and from each other and are responsible, in accordance with their respective policies, for monitoring and controlling that Qliro’s business units manage relevant risks and for advising and supporting Qliro’s employees, CEO and Board in conducting their business. in accordance with internal and external rules. Qliro’s risk control function and compliance function report to the Board and to the CEO, and are directly subordinated to the CEO.

 

The third line of defense consists of Qliro’s internal audit function, which is an independent audit function directly subordinate to the board. The Internal Audit function is responsible for reviewing and evaluating Qliro’s first and second lines of defense in accordance with its policy. The purpose of the internal audit function is to improve Qliro’s risk management, governance and internal control. Qliro has outsourced its internal audit function.

Qliro is faced with and manages a number of risks in its operations and must have sufficient capital to cover both credit risks and other risks, including market risks and operational risks. The Board is responsible for and shall decide on the framework for the Company’s risk strategy and shall regularly decide on and update the risk appetite.

 

For further information on Qliro’s risk management, please refer to the annual risk and capital adequacy reports, which can be found under the heading financial information.