Kaupthing Bank Risk Policy

Risk Policy

Main principles

The assessment of risk is one of the major tasks of banks and other financial institutions. Many risk factors can affect Kaupthing. The policy of the Board of Directors is to constantly monitor and manage the various risks Kaupthing faces in its business. For these purposes the Bank operates a centralised Risk Management division. In addition, internal auditor oversees operations in order to ensure that the risk management rules are implemented in accordance with resolutions made by the Board of Directors.

The Board of Directors determines Kaupthing’s goals in terms of risk by issuing a risk policy. The risk policy both defines acceptable levels of risk for day-to-day operations, as well as the willingness to incur risk, weighed against the expected rewards. The risk policy is detailed in the Internal Control and Procedural Handbook, which is maintained by Risk Management and revised at least once a year. Amendments or minor changes can be made more frequently, but each change needs the approval of the Bank’s Chief Executive Officer before it comes into effect, and then it must be approved by the Board of Directors at its earliest convenience.

It is incumbent upon the Risk Management department to enforce the risk policy. Risk Management constantly monitors risk with the aim of identifying and quantifying significant risk exposures and acting upon such exposures if deemed necessary. To ensure that the decision- making process within Kaupthing is regulated, and that the boundaries set by the Board of Directors and regulatory authorities are not exceeded, Risk Management regularly reports risk exposures, usage of limits and any special concerns to senior management and the Board of Directors.

Chief Risk Officer (CRO) of the Kaupthing Bank group is Dr. Steingrímur Páll Kárason.