Risk management

Hoist Finance's core business is to acquire and manage NPL portfolios, which is why we are actively exposed to credit risk. Being a regulated company under supervision from the Swedish Financial Supervisory Authority (SFSA) puts further emphasis on a solid understanding and management of all the risks facing the company.

The risk management framework

Risk management at Hoist Finance aims to:

Increase awareness around the company’s complete risk picture through identification, analysis, measurement, control and reporting of risks.
Facilitate and ensure sound and safe development of the business.
Secure the company’s survival by maintaining adequate capital and liquidity levels.

This creates and maintains confidence in Hoist Finance among Hoist Finance stakeholders, thereby enabling sustainable shareholder value. To fulfil these goals, the Board of Directors has adopted policies and strategies for the management, analysis, control and reporting of risks in day-to-day operations, which together comprises a risk management framework.

Hoist Finance’s core business and risk strategy is to generate returns through controlled exposure to credit risk in the form of acquired loan portfolios. Therefore, we actively pursue this type of credit risk. Other types of risk, such as operational risk and market risk, are undesirable but sometimes unavoidable. However, these risks are minimised as far as is economically justifiable.

Risk capacity, which consists of the capital and liquidity buffers in place, is set to ensure the survival of the company. Capital risk capacity is the difference between actual capital levels and regulatory minimum levels and demonstrates the capacity to absorb losses before critical levels are reached. Liquidity risk capacity is the scale of the liquidity outflow Hoist Finance can accommodate without breaching regulatory minimum requirements.

The Board of Directors determines our risk appetite within the available risk capacity. By weighing potential returns against potential risks, the Board decides on an appropriate risk and return level for Hoist Finance. Our risk appetite then provides the basis for business decisions and risk limits, which are applied in day-to-day business activities and in risk monitoring. Continuous monitoring performed by the Group’s Risk Control function ensures we do not assume any risks that exceed the established risk appetite, risk capacity or limits.

Three lines of defence

Hoist Finance’s risk management is built around a sound risk culture; an efficient operating structure governed by policies and guidelines and transparent reporting and monitoring. The Board of Directors’ risk management policy stipulates the framework, roles and responsibilities for risk management and the guidelines for ensuring that there is adequate capital and liquidity to withstand economic adversity.

Hoist Finance’s risk management allocates roles and responsibilities in accordance with three lines of defence, described in the Corporate Governance Report.

Risk culture

We have a deep insight and understanding of why a sound risk culture is essential for efficient risk management. Therefore, structured efforts are taken to support and promote a sound risk culture within Hoist Finance. We define a sound risk culture as:

Transparency, where information is shared as far as possible and all communication and feedback is clear, concise and constructive.
Teamwork, where the atmosphere is open and it is easy to share and learn from experience, both from successes and from failures.
Balance between risk/reward, where all decisions and considerations take into account both the risk and the reward that the decision entails. We believe that constructive discussions on risk and reward are essential for sophisticated decision-making on business opportunities.
Sound incident management, where incidents are reported, analysed and actions taken to mitigate risks as far as economically justifiable; and where a sound and formative risk culture promotes learning from mistakes to continuously improve.

Promoting a balanced risk culture is a long-term and continuous endeavor that permeates everything that we do. Internal rules, remuneration systems, incentives, ethical guidelines, formal educational initiatives and other governing mechanisms within the company are designed to ensure that the risk culture develops in a positive direction. We strive to improve the risk culture further and have initiated work to broaden the risk management to ensure inclusion of risks outside what was previously considered traditional risk types for a bank. These risks include for example climate change and the well-being of our employees. This work is done in close collaboration with our Sustainability team and via active participation in the Business Ethics and Sustainability Committee.

Security management

Our information security management continues to focus on protecting our customer data and business critical information. The demands of regulatory requirements for the finance industry are high and going forward we will see an increase in those that we need to adhere to, therefore, this is a prioritized part of the Security work at Hoist Finance.

During the year we have seen a considerable increase of cyber-attacks towards the finance sector as well as evolving attack methods. In order to prevent the new attack methods, we have taken several initiatives and implemented various defense mechanisms.

The Board of Directors and our Management are continuously engaged in the work with information security. Reporting is done on a quarterly basis to the Management team and the Board, both when it comes to KPI’s within the field as well as follow ups on any incidents or special projects.

Security is handled in all three layers of defense where the first layer is focused on operations, the second on reviews and tests and the third on internal audits.

An important part of the security management is having a high security awareness level among our employees; therefore, we have invested in a new training and awareness tool to test and train our staff on a regular basis. The results are carefully examined to identity any gaps towards our target.

Apart from protecting our business and our customers we also want to contribute to a stable and secure financial market.

Climate change risk assessment

Climate change has an impact on the economy in general, on a more specific note it affects collateral values and customers’ repayment capacity. The level of investments in portfolios secured by real estate increases and Hoist Finance is placing greater focus on monitoring our collateral, including effects from environmental/climate change risks. This serves both to protect Hoist Finance against unforeseen deterioration in collateral asset quality and to ensure we are able to assess whether environmental factors pose any risk to our customers. Read more about climate change risk in the Sustainability report.

Risk exposure

The risks to which Hoist Finance is exposed can be divided into two groups: strategic risks relating to Hoist Finance in the context of its macro environment, and business-related risks which are more linked to Hoist Finance’s financial and operational activities.

Strategic risks

Risk type	Risk profile	Risk management
Competition The risk of increased competition in purchasing loan portfolios or in offering savings accounts to the public could result in lower earnings for Hoist Finance.	As regards the purchasing of loan portfolios, Hoist Finance operates in several countries within Europe and offers savings accounts in Sweden, Germany and the UK.	Hoist Finance strives to be competitive through a good geographic footprint, a well-diversified portfolio, efficient operations and a low cost of funding.
Regulatory framework The risk of new regulations negatively impacting Hoist Finance’s business model or otherwise adversely affecting earnings.	As a credit market company, Hoist Finance is regulated by the Swedish FSA and subject to Swedish banking regulation. Furthermore Hoist Finance is subject to applicable European banking regulations and changes hereof.	Hoist Finance has a compliance function that works internationally across the jurisdictions in which the company operates. Forthcoming regulations are continuously monitored and subjected to risk analysis. Hoist Finance actively participates in dialogue with the regulator and makes statements on proposed regulatory frameworks.
Tax The risk that new or substantially altered products have not been properly assessed from a VAT or income tax perspective. The risk that appropriate processes are not in place, resulting in improper management of income tax and VAT. The risk that Hoist Finance will take over unknown tax liabilities in acquired companies.	Given that Hoist Finance operates in a large number of jurisdictions in Europe, tax issues are relatively complex. A high degree of complexity entails a risk that misinterpretations may have arisen.	There is ongoing work to ensure a sustainable structure includes analysing new tax rules and their impact on Hoist Finance corporate structure. Hoist Finance also works continuously to ensure that the Group has the necessary processes in place and the expertise required to identify tax risks and clarify roles and responsibilities regarding income tax and VAT.

Business-related financial risks

Risk type	Risk profile	Risk management
Credit risk The risk of loss arising from a customer’s failure to repay principal or interest or otherwise meet a contractual obligation.	Credit risk refers mainly to acquired NPL portfolios and the risk that collection on these will be lower than forecasted. Credit risk also includes the risk of credit losses on acquired performing loans. Other credit risk exposures are: (i) cash deposits with banks; (ii) investments in interest bearing instruments; and (iii) counterparty risk related to hedging FX and interest-rate risk.	Credit risk in acquired loan portfolios is monitored, analysed and managed by the management in each country, and by the Group’s Business Control unit. Other credit risks are analysed and managed by the Group’s Treasury function. The Risk Control function analyses and monitors all credit risk exposures.
Market risk The risk arising from adverse movements in foreign exchange rates and interest rates.	The main FX risks arise from the fact that the loan portfolios (the assets) are denominated in EUR, PLN and GBP, while the reporting currency is SEK and the majority of liabilities are denominated in SEK. Interest-rate movements have an effect on net interest income.	Market risks are hedged continuously by the Group Treasury function and are independently analysed by the Group’s Risk Control function.
Liquidity risk The risk of difficulties in obtaining funding, and thus being unable to meet payment obligations when they fall due, without a significant increase in the cost of obtaining means of payment.	Liquidity risk is linked primarily to deposits from the public and the risk of large withdrawals occurring at short notice. Furthermore, increased requirements for funds pledged as collateral for derivative positions, and refinancing risk associated with existing market funding, could potentially impact liquidity in a negative way.	The Group has a significant liquidity reserve to cover potential outflows of liquidity. Hoist Finance also works pro-actively to diversify the number of funding sources.
Operational risk The risk of loss resulting from inadequate or failed internal processes, people, IT-systems or from external events including legal and compliance risk.	Operational risk is present across our operations and come in many forms. Common examples are to failure in our processes due to issues with our IT-systems or lack of or erroneous data to perform tasks. Operational risk category is expanding broadly due to the increasing connection with Environmental Social Governance - ESG related risk such as pandemic, climate change risks, and financial inclusion. The operational risk framework is then updated accordingly.	The operational risk framework is implemented to analyse, control, report and mitigate operational risks Hoist Finance is exposed to. During 2021 the Risk and Control Self-Assessment – RCSA process has considered, for the first time, if any ESG related risks rely on the business process to provide input to a dedicated sustainability risk assessment to conduct in 2022.Hoist Finance has showed good capacity to handle a crisis and adopt the way of working to deal with unexpected changes. Hoist Finance is committed to continuous improvement of such capacity, planning and proper training to get prepared for further crisis.

^{Additional and more detailed information about Hoist Finance’s risk management is presented in the Administration Report, Note 33 and in Hoist Finance’s Pillar 3 report. This also includes quantitative risk measurements.}

Annual and sustainability report 2021