Governance
Risk management
B2Holding’s approach to risk management is to proactively manage risks so that it generates profitability and value for all the Company’s stakeholders and ensure sustainability.
B2Holding ASA (“the Company”) is the parent company of the B2Holding consolidated group of companies described as “the Group” or “B2Holding”. The Risk management report is an integral part of the Directors’ report.
B2Holding has placed significant focus on risk management during 2020 by embedding a new Group-wide enterprise risk management framework. The framework facilitates effective analysis and monitoring of significant risks (both internal and external), by enabling the Group’s management at all levels to easier identify and quantify the risk factors that may negatively affect the Company’s profitability and sustainability, while at the same time strengthening internal controls and governance.
B2Holding risk management framework
B2Holding is implementing risk management principles based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework with the overriding objective to achieve improved governance, drive operational excellence and achieve enhanced value for all stakeholders.
The components and principles of the COSO ERM framework that B2Holding is actively embedding across the Group are transforming the business into a risk aware organization.
Source: COSO Enterprise Risk Management Framework
At B2Holding, the risk framework is underpinned by ten key principles which define internal expectations on risk management with all employees expected to apply these principles in their daily work, promoting risk ownership and management where it arises. Risk management principles are grouped into categories as follows:
| Dimension | Definition | Principle and Objectives |
|---|---|---|
| 1. Strategic | Risks linked with the overall business plan, organizational structure, culture, competition, and macro and political environment. | Build a strong vision, strategy and product offering that enables the Company to grow profitably aligned with its strategic objectives. Lead by example, create a culture that promotes loyal and ethical behaviour aligned with company values and stakeholders’ expectations. |
| 2. Financial | Risks linked to financial losses, impacting the overall financial results, including liquidity, currency and interest rates, credit, investments, and tax. | Build a strong, transparent, and auditable financial position that enables the Company to plan and optimise its financial resources, meet financial obligations and grow profitably. |
| 3. Operations | Risks linked with failed internal processes and procedures, people's actions, systems or from external events including legal and compliance. | Deliver exceptional service that meets and exceeds targeted operational expectations. Create operational efficiencies, build company resiliency, auditability, transparency, and processes optimisation. |
At the end of 2020, the risk framework and risk mapping process, has been rolled out in six major B2Holding entities with clear actions and improvement plans agreed and pro-actively followed up by the Group Risk function. The risk framework will be rolled out to the remaining Group entities in 2021.
The risk governance structure is overseen by the Board through the Audit Committee, owned by the Group CEO and headed by the Group Chief Risk Officer (CRO) with appointed risk managers from local entities, who have a dotted reporting line to the CRO.
The Group Risk function works with local risk managers to correctly identify and assess risks, challenge risk assessments and act as a consultant to support clear and transparent risk mapping process.
Functional description of effective risk management and control
During 2020, the Internal Audit function was established by appointing a Group Internal Auditor, thus completing the implementation of the risk management and control functions, which started in 2019 and is now implemented.
- The first function comprises the business operations and responsible for the risks they take. This entails responsibility for daily risk management and compliance with Group’s
internal policies and external regulations. - The second function comprises Risk and Compliance functions and responsible for independent risk monitoring, management support and control.
- The third function comprises of the Internal Audit function which ensures proper functioning of the first and second lines.
During 2020, the Group has worked to strengthen its internal governance with more central control and oversight implemented, including re-organization of key Board and Group Management positions.
Furthermore, the Group’s core internal policies – such as the Code of Conduct, core values and policies related to operations – were updated. The work to strengthen Group governance will continue into 2021.
Illustration of the functional organization of effective risk management and control
Risk strategy and appetite
The Group’s core business is to generate profitable returns through controlled exposure to credit risks in the form of acquiring and managing non-performing loans. Therefore, we actively pursue this type of risk which inherently carries the highest potential impact on the income statement and balance sheet. As such, there is an increased central focus on this area of risk, with particular emphasis and oversight on the portfolios acquisition process, performance management and reporting.
Risks such as liquidity, operational and market risk should be minimized but balanced, as far as it is economically justifiable, following internal policies and guidelines. Other types of risk such as management, regulatory and reputational risk are addressed through the Group’s governance and compliance policies.
Principal risks
Principal risks are identified through the Group-wide risk framework or through incidents raised. All material risks raised, are discussed at periodic senior management meetings, with mitigating actions defined, implemented and improvements actively monitored by the Group Risk function. The risks are grouped into three broad categories: strategic, financial and operations, with the tables below summarizing the key risks and mitigants B2Holding is exposed to:
Strategic Risks: Risks linked with the overall business plan, organizational structure, culture, competition and macro and political environment.
| Risk Type | Description | Mitigation |
|---|---|---|
| Management risk | B2Holding operates in multiple countries with different competitive and regulatory landscape and historically operating a decentralised model. This may give rise to different types of risks as local entities have different operating models and different levels of maturity. | A more centralised model through Group level functions and oversight is being implemented, enabling synergies, optimisation and greater governance control. An ongoing Group-wide project to update, harmonise and modernise policies, processes and procedures taking into consideration oversight requirements. Aim: More standardised and unified business operating model, greater financial control mechanisms, local operations supported to a larger extent by Group knowledge and competence. |
| Competition risk | The risk of increased competition in purchasing NPL portfolios, pricing pressure and lower returns accepted by competitors may adversely affect operations and profitability. | Management monitors the competitive environment by regularly monitoring the countries opportunity pipeline and horizon scanning for suitable transactions to pursue and these are taken into consideration during the decision-making process. The Group uses local collection platforms with established positions and experience, providing in-depth local knowledge of the markets. The local platforms are supported by dedicated Group resources in key business areas, such as investment pricing, portfolio management, operations, IT and others. The Group is actively pursuing investment partnerships which allow opportunistic participation in multiple portfolio investments with reduced capital requirements, whilst benefitting from additional servicing earnings. |
| Macroeconomic and political risk | B2Holding operates in multiple countries and therefore it is implicitly exposed to different economic and political regimes. Changes in the economic and political environment may negatively impact B2Holding’s ability to collect from portfolios acquired or competitively price these. | The Group maintains an on-going dialogue with the local management teams and conducts regular checks on the macroeconomic and political development of each market. The Group uses external market research and data to actively monitor the macroeconomic trends in each country. The market and macroeconomic analyses and insights are incorporated into Group’s strategic considerations. |
Financial Risks: Risks linked to financial losses, impacting the overall financial results, including liquidity, currency and interest rates, credit, investments and tax.
| Risk Type | Description | Mitigation |
|---|---|---|
| Liquidity risk | B2Holding is dependent on access to financing, both from banks and capital markets through issuance of bonds and share capital to have sufficient liquidity available to meet its contractual obligations. | The Group’s capacity to assume risk is determined by the Board of Directors. B2Holding policy is to always have liquidity available to cover the contractual financial forward flows and outstanding binding portfolio investment offers, operating within bank and financing covenants restrictions. The capital threshold for equity in the loan agreements are set at a minimum consolidated book equity ratio of 25 %. Liquidity risk is monitored by the Group’s Treasury function and reported monthly to the Board of Directors. B2Holding works actively to maintain good relationships with the financing banks and credit rating agencies. |
| Currency and interest rate risk | B2Holding is partly exposed to fluctuations in exchange and interest rates. These risks can affect the earnings and financing costs as B2Holding’s accounts are denominated in NOK, whilst a large part of the Group’s business is carried out in Euros and other local currencies. | To mitigate the currency risk the Group uses a multicurrency bank facility and bond loans denominated in Euros, to effectively establish natural hedging. For most countries, investments, revenues, and operating expenses are denominated in local currencies, therefore the currency fluctuations have a relatively minor effect on operating earnings within the relevant country, which limits transaction exposure. However, portfolios acquired in specific countries such as Croatia, the Czech Republic, Bulgaria and Romania are financed in Euros due to limited possibilities for medium and long-term hedging arrangements when borrowing in those currencies. Croatia and Bulgaria have pegged their currency to the Euro. B2Holding is exposed to changes in interest rates since the Group’s debt has an element of floating interest rate. The Group employs hedging strategies that enable B2Holding to, within certain limits, hedge its interest exposure and hence monitor and reduce overall interest rate risk exposure. Currency and interest rates exposure are regularly monitored with hedging arrangements assessed and modified in accordance with the Group’s Treasury policies to continuously minimise these risks. |
| Credit risk | The risk of loss arising from customers not repaying principal or interests accrued or counterparties not meeting their contractual obligations. For B2Holding, this refers mainly to NPL portfolios acquisitions receivables, cash and cash equivalents, and outlays on behalf of clients. | NPL portfolio risks are addressed under investments risk. For cash and cash equivalents, these are deposited with established banks where the risk of loss is remote. For counterparty risks, the Group deals primarily with known customers who have a good creditworthiness risk. Credit risk is analysed, monitored, and controlled by the local entities management and strengthen with additional oversight from the Group controlling units. |
| Investments risk | B2Holding invests in NPL portfolios and then tries to make a profit from these investments by assuming all rights and risks arising from these transactions. The risk on this type of business may arise by overestimating collections or underestimating costs to collect, or timing for these, and thereby incurring losses. Therefore, it is crucial for the Group’s business to achieve an overall rate of collection above that reflected in the prices paid. While B2Holding believes that the recoveries on the Group’s loan portfolios will be in excess of the amount paid, amounts recovered may be less than targeted. | B2Holding buys NPL portfolios at discounted prices and therefore the risk is partially mitigated through pricing and expected returns. Furthermore, the Group’s assets are diversified both in terms of asset classes (secured, unsecured) and geographical location across more than 20 countries. All acquisitions are based on careful valuations to predict future net collections and are strictly governed via the Group Investment Office and investment process as illustrated at the bottom of the page. B2Holding constantly aims to reduce the risk through applying extensive experience and using the Company’s proprietary database consisting of detailed analytical data based on a history of NPL purchases and performance. In 2020, the Group strengthened this process further by introducing new standardized forecasting models owned by the Group Risk function. |
| Tax risk | Changes in domestic and international direct and indirect tax laws may result in financial losses or increased expenses for the Group, related to investments and on the operational level. | B2Holding’s policy is to always engage the services of external tax advisors for large and complex transactions, to ensure these are properly assessed and managed. B2Holding has established a reporting tool whereby Group companies report potential tax risks on a monthly basis to Group Tax, before they are due or changes in legislation occurs. |
Operational Risks: Risks linked with failed internal processes and procedures, people actions, systems or from external events including legal and compliance.
| Risk Type | Description | Mitigation |
|---|---|---|
| Data Protection Risk | The operations are dependent on a large amount of information containing personal data. Risk arises from human error non-compliance with our internal policies or external regulations, or inappropriate processes and procedures implemented including internal control. | B2Holding prioritises privacy and has restricted and controlled access to personal information. The overriding principle is that, in accordance with applicable regulations, B2Holding only processes personal data for which the Company has legal grounds to do so and are necessary for the operations. In 2020, the Group updated and implemented the Group GDPR policy and Data Breach policy across the Group and all its local subsidiaries. All Group and operating subsidiaries have appointed a Data Protection Officer who assure and regularly monitor GDPR compliance. All employees are trained on GDPR regulations and are expected to report any breaches to their respective data protection officer. Furthermore, all data and compliance breaches are now monitored through Group central databases. |
| Regulatory risk | The Group depends on authorisations and licenses from different authorities in order to operate. Risk arises from non-compliance or breaches to existing processes and procedures implemented. Regulatory changes can also influence the markets and local operations, either in a positive or in a negative way. | License requirements, adherence to these and potential regulatory changes are managed and monitored by the relevant local operations and reported to Group on a regular basis. In 2020, the Group updated and implemented the Group Compliance policy across the Group and all its local subsidiaries. The Group also monitors regulatory changes and developments through open dialogue with the local senior management team. Furthermore, B2Holding also participates and co-operates with policymakers and actively participates in industry associations that develop standards and best practices and promote the role of the industry in supporting the health and viability of the financial system. All data and compliance breaches are now monitored through Group central databases. |
| Reputation risk | A good reputation is crucial to B2Holding’s longterm sustainability to operate as a viable company, and more so as it deals with debt collection activities and the customers need to trust B2Holding in order to positively engage with the Company. It is therefore crucial to B2Holding that the customers are always fairly treated. The Group places great emphasis on reputation and relationships with all stakeholders: clients, customers, employees, board members, investors authorities and suppliers. | Group’s compliance policies, Code of Conduct and adopted values are embedded in the operations and how the employees conduct themselves in day-to-day work and relationships with stakeholders. In 2020, the above policies were updated, communicated, and implemented across the Group. The Group also expects its suppliers to comply with the Code of Conduct, including in particular those that provide collection services on behalf of the Company. All the entities have a Compliance function that follows up on collections practices and internal standards regularly to ensure that good ethical practices are applied through the Group. All data and compliance breaches are now monitored through Group central databases. The Group is also in the process of setting up a whistleblowing channel and finalising the Group whistleblowing policy. |
| IT functionality and security risk | The Group depends on accessible and well-functioning IT systems. Interruptions and errors in business-critical systems can pose risks to the operations and Company reputation. Although strict protocols are implemented there is always a risk of illegal infringement and access to the systems, giving unauthorised access to information, loss of data through malicious software or illegal exploitation on the Company’s behalf through phishing. | IT functionality and security risks are managed through a combination of technical and administrative controls, security training and regular checks and monitoring of systems, and applies to both local entities and Group level. For Group functions, centralised logging and prevention of intrusion is in place. During 2020, a new IT risk policy was implemented with entities required to report local IT arrangements and breaches to the Group. In 2020, the Group also strengthened its systems access control by introducing multi-factor authentication access to its systems applications, initiated the migration of its central database to Cloud, and recruited additional IT expert competency to the Group. A full review of the IT strategy and governance for the Group has also been initiated and is expected to be completed in 2021. |
| Corruption risk | The Group’s employees face corruption, bribery, and money laundering attempts both internally and in relation to external stakeholders. Therefore, there is a risk that employees will use their position of power in order to benefit themselves, or to influence decision makers. B2Holding also faces being exploited to money laundering from criminal activities through insufficient knowledge of clients or through the payment of transactions undertaken. | B2Holding applies zero-tolerance policy to corruption and bribery, and this is reflected in the Code of Conduct and B2Holding’s values. To minimise this risk, B2Holding collects information about clients and their shareholders and have local Know Your Counterparty (KYC) policies in place. The Group regulatory compliance function works to identify, evaluate and manage risks in this area, and also provides training as appropriate. All employees are expected to report suspected cases of corruption or illegal activity by directly contacting the Group Compliance function. This will be extended to the whistleblowing channel, once finalised. The Company is currently working on a Group KYC policy which will be applicable as minimum standards for all entities of the Group. Furthermore, it is also in the process of setting up a whistleblowing channel and finalising the Group whistleblowing policy. These are all due to be completed in 2021. |
| Employee risk | The employees are crucial to B2Holding’s success and the Group is committed to attract and retain competent and motivated employees and managers to ensure success. | All Group subsidiaries have internal Employment and Training policies which are compliant with local laws and regulations and most entities monitor and manage their employee induced turnover ratios. The Group is constantly working on harmonising and strengthening programs dedicated to promoting employee loyalty and retention. |
External event: Covid-19 pandemic
2020 was marked by the outbreak of the Covid-19 pandemic which affected the circumstances in all of the markets in which B2Holding is present, and changed the way the vendors, clients and employees operated.
The European governments have introduced significant economic relief packages, and at the time of writing this report, are in the process of vaccinating the population. The ultimate timing and effectiveness of these efforts remain uncertain and the spread of the virus in Europe is not yet under control.
B2Holding’s primary concern is the well-being of its employees, followed by ensuring business continuity, and it has actively addressed both as the pandemic progressed.
B2Holding and its entities moved their workforce to work-from-home within weeks from the inception of the pandemic and complied with all regulations imposed by the local health authorities and governments. This allowed the Group to mitigate the risks caused by the lockdowns imposed in the first quarter of 2020. Furthermore, the Group has successfully operated under flexible work-from-home schemes throughout 2020, being able to adjust its operations to the health and safety requirements during the subsequent waves of the pandemic.
In second quarter 2020, B2Holding undertook the stress testing of its back book to estimate the financial impact of the outbreak on its portfolios. So far, the Group has been outperforming the projected stressed scenarios.
B2Holding continues to actively monitor the pandemic developments as they unfold and maintains a cautious stance towards new investments.
The investment process
