Corporate Governance Statement of Arion Bank

Good corporate governance helps foster open and honest relations between the Board of Directors, shareholders, customers and other stakeholders, such as the Bank’s employees and the general public. Corporate governance also provides the foundations for responsible management and decision-making, with the objective of generating lasting value. The Board of Directors places great importance on good corporate governance and re-evaluates its governance practices regularly on the basis of recognized guidelines on corporate governance.

The Corporate Governance Statement of Arion Bank hf. is based on the legislation, regulations and recognized guidelines that are in force at the time the Bank’s financial statement is adopted by the Board of Directors.

Corporate Governance Statement of Arion Bank

Excellence in corporate governance

In December 2015 Arion Bank was recognized as a company that has achieved excellence in corporate governance following a formal assessment based on the Icelandic Guidelines on Corporate Governance issued by the Icelandic Chamber of Commerce, SA – Business Iceland and Nasdaq Iceland. Arion Bank received this recognition following an in-depth survey of corporate governance at the Bank, including governance by the Board of Directors, sub-committees and management, performed by KPMG ehf. in the autumn of 2015. The recognition applies for three years.

Compliance with guidelines on good corporate governance

According to the Financial Undertakings Act No. 161/2002 Arion Bank is obliged to comply with recognized guidelines on good corporate governance. The Bank complies with the fifth edition of the Icelandic Guidelines on Corporate Governance issued by Iceland Chamber of Commerce, SA – Business Iceland and Nasdaq Iceland, published in May 2015 and viewable on the website According to the guidelines, a company shall state whether it has deviated from the guidelines, if so, which parts and also explain why it has done so. The Bank complies with the guidelines with one deviation.

Article 5.1.2. states that the rules of procedure of sub-committees of the Board shall be posted on the Bank’s website. The rules of the Board Credit Committee have not been published on the Bank’s website due to their nature.

In order to promote good corporate governance within the Bank and to ensure that Board members of the Bank have wide and versatile qualifications and experience a shareholders' meeting on 25 May 2018 approved rules of procedure for a Nomination Committee. The Committee has an advisory role regarding the election of Board members and makes a proposal on their remuneration. At a shareholders’ meeting on 5 September 2018 two members of the Nomination Committee were elected, Christopher Felix Johannes Guth and Keith Magliana. The third Nomination Committee member is appointed by the Board in accordance with the rules of procedure of the Nomination Committee. The third member is Eva Cederbalk, Chairman of the Board of Directors.

Legal framework for the Bank’s operation

Arion Bank is a financial institution which operates in accordance with the Financial Undertakings Act No. 161/2002. Acts of law that also apply to the Bank’s operations include e.g. the Securities Transactions Act No. 108/2007, Act on Undertakings for Collective Investment in Transferable Securities (UCITS), Investment Funds and Professional Investment Funds No. 128/2011, Act on Payment Services No. 120/2011, Act on Measures Against Money Laundering and Terrorist Financing No. 140/2018, Act on Consumer Mortgages No. 118/2016, Consumer Loans Act No. 33/2013, Competition Act No. 44/2005 and Public Limited Companies Act No. 2/1995.

The Bank is a universal bank which provides a comprehensive range of financial services relating to savings, loans, asset management, corporate finance and capital markets. The Bank’s shares were listed on Nasdaq Iceland and Nasdaq Sweden on 15 June 2018 following a share offering of 28.8% of the Bank’s shares. The Bank has issued financial instruments which have been admitted for trading on regulated securities markets in Iceland, Norway and Luxembourg. The Bank is therefore subject to the disclosure requirements of issuers pursuant to the Securities Transactions Act and the rules of the relevant stock exchanges.

The Financial Supervisory Authority (FME) supervises the operations of Arion Bank in accordance with the provisions of Act No. 87/1998 on the Official Supervision of Financial Operations. Further information on the FME and an overview of the legal and regulatory framework applicable to the Bank, and the FME’s guidelines, can be seen on the FME’s website, Numerous other pieces of legislation apply to the operations of financial undertakings.

Internal controls, auditing and accounting

Internal control

Internal control at Arion Bank is organized into three lines of defence with the aim of ensuring effectiveness, defining responsibility and coordinating risk management. This structure is also designed to foster a sense of risk awareness and responsibility among all employees of the Bank.

The set-up distinguishes between the following roles:

  • People who bear responsibility for risk and manage risk.

  • People who monitor and check internal controls.

  • People who perform independent surveys of the effectiveness of internal controls.

The first line of defence is made up of people who have day-to-day supervision of operations and its organization. They are responsible for establishing and maintaining effective internal controls and managing risk in day-to-day operations. This involves identifying and evaluating risk and putting in place appropriate countermeasures to reduce risk. The first line of defence is responsible for supervising the implementation of internal rules and processes in compliance with the law, regulations and the Bank’s strategy and it must ensure that all actions are in compliance with established procedures and that corrective action is taken if any deficiencies are detected. 

The second line of defence is set up to ensure that the first line of defence has established adequate internal controls which work as intended. Risk Management and Compliance are the main participants in the second line of defence, although other units may also be assigned specific monitoring roles.

The third line of defence is Internal Audit, which keeps the Board and management informed of the quality of corporate governance, risk management and internal controls, including by performing independent and objective audits.


The Compliance unit is an independent control function that reports directly to the CEO, in accordance with the Compliance Charter issued by the Board of Directors. The main role of Compliance is to ensure that the Bank has efficient measures in place to manage and mitigate compliance risk. The duties of Compliance are carried out under a risk-based compliance plan approved by the Board of Directors, including a training and monitoring schedule.

The goals of Compliance are:

  • Ensuring that compliance risks and breaches are identified, assessed and mitigated with proactive measures.

  • Fostering the Bank's values and culture.

  • Ensuring customers are treated fairly.

  • Ensuring that conflicts of interests are managed effectively.

  • Promoting adequate transparency towards public authorities, investors and other stakeholders.

  • Ensuring that the Bank's services are not used for illegal purposes.

  • Ensuring accountability.

Risk management

A central feature of the activities of all financial companies is carefully calculated risk-taking according to a predetermined strategy. Arion Bank thus takes risk compatible with its risk appetite, which is regularly reviewed and approved by the Board of Directors. The Bank’s risk appetite, set by the Board, is translated into exposure limits and targets that are monitored by Risk Management. The Board is responsible for Arion Bank’s internal capital adequacy assessment process, the main objective of which is to ensure that Arion Bank understands its risk profile and has systems in place to assess, quantify and monitor its total risk exposure.

The Bank’s Risk Management division is headed by the Chief Risk Officer. It is independent and centralized and reports directly to the CEO. Risk Management comprises three departments whose role is to analyze, monitor and regularly report to the CEO and Board of Directors on the risks faced by the Bank.

Pillar 3 Risk Disclosures 2018 report

Further on Risk management

Internal audit

The Internal Auditor is appointed by the Board of Directors and reports directly to the Board. The Board sets the Internal Auditor a charter that lays out the responsibilities associated with the position and the scope of the work. The mission of the Internal Auditor is to provide independent and objective assurance and advice designed to add value and improve the Bank’s operations. The scope of the audit is the Bank, its subsidiaries and pension funds serviced by Arion Bank.

The audit is governed by the audit charter, guidelines No. 3/2008 issued by the FME on the internal audit function in financial institutions and international standards on internal auditing. All audit work is completed by issuing an audit report with deadlines for the implementation of audit findings. Implementations are followed up by the Internal Audit every quarter.

Accounting and auditing

The Bank’s Finance division is responsible for preparing the accounts and this is done in accordance with the International Financial Reporting Standards (IFRS). The Bank publishes its financial statement on a quarterly basis and management statements are generally submitted to the Board ten times a year. The Board Audit Committee examines the annual financial statement and interim financial statements, while the external auditors review and audit the accounts twice a year. The Board Audit Committee gives its opinion on the accounts to the Board of Directors, which then approves and endorses the accounts.

Customers' Ombudsman

The Customers’ Ombudsman is appointed by, and responsible to, the CEO. The role of the Ombudsman is to ensure that the business of customers is handled fairly and objectively, prevent discrimination against customers and make certain that the process for handling cases is transparent and documented. The Customers’ Ombudsman examined 126 cases in 2018, compared to 162 cases in 2017 and 160 cases in 2016.

Cornerstones and codes of ethic

Arion Bank’s cornerstones is the name used to describe the Bank’s core values. The cornerstones are designed to provide guidance when making decisions and in everything else employees say and do. They refer to the Bank’s role, attitude and conduct. Arion Bank’s cornerstones are we make a difference, we get things done and we say what we mean.

The management and employees of Arion Bank are conscious of the fact that the Bank’s activities affect different stakeholders and society at large. The Bank’s code of ethics is designed to serve as a key to responsible decision-making at Arion Bank. The code of ethics is approved by the Board of Directors.


Arion Bank’s sustainability policy bears the title Together we make good things happen. The policy indicates that the Bank wants to act as a role model in responsible and profitable business practices, taking into account the environment, the economy and the society in which we live and work.

Arion Bank shows its commitment to sustainable banking by making a difference to our customers and performing our role as a financial institution conscientiously and responsibly. Arion Bank takes an active role in our society and its development. Financial institutions are one of the pillars of society and our role is to help our customers, both individuals and companies, reach their goals. We place great importance on doing things fairly with the interests of our customers, employees, shareholders and the community at heart.

Arion Bank has been a partner of Festa, the Icelandic Center for Corporate Social Responsibility, for several years and has been a signatory to the CEO Statement of Support for the Women's Empowerment Principles (UN Women and UN Global Compact) since 2014. Arion Bank has been a signatory to the UN Global Compact, the UN's initiative to encourage businesses to adopt sustainable and socially responsible practices, since the end of 2016. The Bank has also been a signatory to the UN’s Principles for Responsible Banking (UN PRI) since the end of 2017.

Arion Bank’s activities are governed by the provisions of the Annual Accounts Act on non-financial reporting, which, among other things, apply to the status and influence of the company in respect of environmental, social and human resources issues. The Bank bases its reporting on 33 criteria specified by Nasdaq in the Nordic and Baltic region concerning the reporting of non-financial information. The objective of the Nasdaq criteria is to fulfil certain requirements of the Global Reporting Initiative, an international standard which helps companies and institutions to report information on sustainability in a transparent manner.

Further on sustainability

Data protection

Arion Bank cares about data protection and our customers’ personal data rights. One of our cornerstone values is that we say what we mean, and we place great importance on ensuring that personal data is processed in a legal, fair and transparent manner. The Bank has established a data protection policy, which can be found on the Bank’s website. The data protection policy specifies which personal data the Bank may collect, for what purpose, how long this data can be stored, who it may be passed on to and how the security of the data is guaranteed. Customers can request a copy of their personal data file from the Bank in the online bank.

The Bank has a Data Protection Officer, who reports directly to the CEO, and ensures that the Bank adheres to the Data Protection Act and responds to any questions that may arise regarding data protection.

Further on data protection on the Bank's website

Board of Directors and committees

The main duty of the Bank's Board of Directors is to manage the Bank between shareholders' meetings according to applicable laws, regulations and articles of association. The Board tends to those operations of the Bank that are not considered part of the day-to-day business, i.e. it makes decisions on issues that are unusual or of a significant nature. One of the Board’s main duties is to supervise the Bank’s activities. The Board’s work, duties and role are defined in detail in the rules of procedure of the Board of Directors, which have been established on the basis of Article 54 of the Financial Undertakings Act, Article 70 of the Public Limited Companies Act No. 2/1995, FME Guidelines No. 1/2010, and the articles of association of the Bank. The rules of procedure of the Board of Directors can be found on the Bank’s website.

The Board of Directors appoints a Chief Executive Officer who is responsible for the day-to-day operations in accordance with a strategy set out by the Board. The Board of Directors and the Chief Executive Officer shall carry out their duties with integrity and ensure that the Bank is run in a sound and reasonable manner in the interests of the customers, the community, the shareholders and the Bank itself, cf. Article 1 (1) of the Financial Undertakings Act. The Chief Executive Officer shall ensure that the Board receives sufficient support to carry out its duties.

The Board of Directors is generally elected for a term of one year at the Bank’s annual general meeting. At Arion Bank’s annual general meeting on 15 March 2018 seven Directors were elected to the Board of Directors, four men and three women, and three Alternates. The Chairman is a woman. At the Bank’s shareholders’ meeting on 5 September 2018 Benedikt Gíslason was elected to replace Jakob M. Ásmundsson who resigned from the Board on 30 May 2018. On 5 September 2018 John P. Madden resigned from the Board and an Alternate will attend Board meetings until a new Board member has been elected.

The elected Board Directors have diverse backgrounds and extensive skills, experience and expertise. When electing the Board care is taken to ensure at least 40% representation of each gender among directors and alternates. Information on the independence of Directors is published on the Bank’s website before the annual general meeting or a shareholders’ meeting where a Board member is to be elected. The minutes of the shareholders' meetings were sent to shareholders up until the time of the Bank's listing, excluding the minutes of the annual general meeting, which are published on the Bank’s website. Following the Bank’s listing, minutes of shareholders' meetings have been published on the Bank's website.

The Board of Directors meets at least ten times a year. In 2018, the Board met on 21 occasions. The Chairman of the Board is responsible for ensuring that the Board performs its role in an efficient and organized manner. The Chairman chairs Board meetings and ensures that there is enough time allocated to the discussion of important issues and that strategy issues are discussed thoroughly. The Chairman is not permitted to undertake any other work for the Bank unless part of the normal duties of the Chairman.

According to the Board’s Rules of Procedure, the Board is permitted to establish committees to discuss particular areas of the Bank’s operations. No later than one month following the annual general meeting the Board appoints members to each of its sub-committees and assesses whether it is necessary to appoint external members to certain committees in order to bring in a greater level of expertise. One of the committee members on the Board Remuneration Committee, Ólafur Ö. Svansson, is an Alternate Director. One of the committee members in the Board Audit Committee, Heimir Thorsteinsson, is not a Board member and is independent of the Bank and its shareholders. The Board sub-committees are as follows:

  • Board Audit Committee (BAC): Board Audit Committee (BAC): Its main task is, inter alia, to guarantee the quality of the financial statement and other financial information from the Bank and ensure the independence of its auditors. The Committee also assists the Board in meeting its responsibility to ensure an effective system of internal controls and compliance and for meeting its external financial reporting obligations under applicable laws and regulations. The Committee met five times in 2018.

  • Board Risk Committee (BRIC): The Committee’s main role is, inter alia, to evaluate the Bank’s risk policy and risk appetite and to have a thorough knowledge of the risk assessments and methods used to manage risk employed by the Bank. Committee members should have the qualifications and experience necessary to be able to discharge their duties including forming the Bank's risk policy and risk appetite. The Committee met nine times in 2018.

  • Board Credit Committee (BCC): Its main task is to attend to credit issues which exceed the credit limits of its sub-committees. The Committee met 20 times in 2018.

  • Board Remuneration Committee (BRC): The Committee’s main task is to prepare a remuneration policy for the Bank every year. It also advises the Board on remuneration to the CEO, Managing Directors, the Compliance Officer and the Chief Internal Auditor, and on the Bank's incentive scheme and other work-related payments. The Committee met seven times in 2018.

Sub-committees regularly inform the Board of their activities. Furthermore, the Board has access to all material used by the sub-committees and their minutes.

Below is an overview of the attendance of individual Directors and committee member.

Board (21)
BAC (5) BRIC (9)
BCC (20)
BRC (7)
 Eva Cederbalk  1 Jan - 31 Dec 21 - - 19 -
 Brynjólfur Bjarnason  1 Jan - 31 Dec 21 4 - 20 -
 Benedikt Gíslason (1)  5 Sept - 31 Dec 5 - 3 - 3
 Herdís D. Fjeldsted (2)  15 March - 31 Dec 2
 -  -  5
 Jakob M. Ásmundsson (3)  1 Jan - 31 May 13 1 5 - 2
 John P. Madden (4)  1 Jan - 5 Sept 13 - 4 - 2
 Kirstín Th. Flygenring (5)  1 Jan -15 March 8 2 - - 2
 Måns Höglund  1 Jan - 31 Dec 18 - 9 13 -
 Steinunn Kr. Thórdardóttir (6)  1 Jan - 31 Dec 21 - 7 14 -
 Thóra Hallgrímsdóttir (7)  1 Jan - 15 March 8 2 - - 2
 Ólafur Ö. Svansson (8)  1 Jan - 31 Dec 10 - - - 3
 Sigurbjörg Á. Jónsdóttir  1 Jan - 31 Dec 1 - - - -
 Thórarinn Thorgeirsson  1 Jan - 31 Dec - - - - -
 Heimir Thorsteinsson  1 Jan - 31 Dec - 5 - - -

The Board carries out an annual performance appraisal, at which it assesses its work, the necessary number of Board Directors, the Board composition with respect to experience and skills, working procedures and methods, the performance of the CEO, their achievements and the work of the subcommittees with respect to the aforementioned. This appraisal was last performed by the Board during the period September to December 2018.

(1) Benedikt Gíslason was elected to the Board at the Bank’s shareholders’ meeting on 5 September 2018 and appointed to the Board Risk Committee and the Board Remuneration Committee on 18 September 2018.
(2) Herdís D. Fjeldsted was elected to the Board at the Bank’s annual general meeting on 15 March 2018. Herdís was appointed to the Board Audit Committee and the Board Remuneration Committee on 15 March 2018.
(3) Jakob M. Ásmundsson was appointed to the Board Audit Committee and the Board Remuneration Committee on 15 March 2018. Jakob resigned from the Board on 30 May 2018.
(4) John P. Madden resigned from the Board on 5 September 2018.
(5) Kirstín Th. Flygenring resigned from the Board on 15 March 2018.
(6) Steinunn Kr. Thórdardóttir was appointed to the Board Risk Committee and the Board Remuneration Committee on 15 March 2018.
(7) Thóra Hallgrímsdóttir resigned from the Board on 15 March 2018.
(8) Ólafur Ö. Svansson was appointed to the Board Remuneration Committee on 2 August 2018.

Arion Bank Governance overview


Communication between shareholders and the Board of Directors and changes in the group ownership

The main venue at which the Board and the Bank report information to the shareholders and propose decisions to be made is at legally convened shareholders’ meetings. The Bank provides an effective and accessible arrangement for communications between shareholders and the Board of Directors between those meetings. Any information defined by the Bank as inside information is published in the reporting system of the relevant stock exchange in accordance with the rules on MAR press releases. As part of the investor relations programme, Arion Bank has also arranged quarterly meetings where the CEO, CFO and Investor Relations present the interim financial results.

The Bank has a strong capital position despite substantial dividends and share buybacks totaling ISK 33 billion during the year. The Bank’s listing on Nasdaq Iceland and Nasdaq Stockholm took place on 15 June following an initial public offering of 28.7% of shares in the Bank placed with investors in Iceland, Scandinavia, UK, Continental Europe and the US. This is the first listing of an Icelandic bank on the main market in Iceland since 2008. The IPO represents a significant step in the development of Arion Bank and the Bank welcomes the new shareholders. Following the IPO there have been no major changes to the largest shareholdings. At the end of the year, Kaupthing ehf., is the largest shareholder with a 32.67% shareholding through Kaupskil ehf. The total number of shareholders at year-end 2018 was more than 6,000.

Chief Executive Officer

Höskuldur H. Ólafsson

Höskuldur was born in 1959. He was appointed CEO of Arion Bank in June 2010. Höskuldur is a shareholder of Arion Bank but no stock option agreements have been entered into with him. Höskuldur joined the Bank from Valitor hf. where he had been CEO since 2006. Prior to that he worked at the Icelandic transportation company Eimskip hf. for 17 years and held a range of management positions, including that of deputy CEO. He has also served on the boards of directors of numerous companies and organizations in Iceland and abroad. Höskuldur graduated with a cand. oecon. degree in business administration from the University of Iceland in 1987.

The CEO and the executive committee carry out the Bank’s daily operations in accordance with a strategy set out by the Board. The CEO shall provide the Board with reports on the Bank’s operations and financial position and all important issues that may affect the Bank’s operations and finances. With respect to other duties responsibilities and duties of the CEO, please refer to Chapter VII of the Financial Undertakings Act and Chapter IX of the Public Limited Companies Act. The duties of the CEO and his responsibilities take into account the legal environment in which the Bank operates at any given time and the rules which the Board of Directors may establish.

Executive Committee

The Bank’s Executive Committee consists of ten people, including the CEO. Members are Höskuldur H. Ólafsson, CEO; Gísli S. Óttarsson, Chief Risk Officer; Ida Brá Benediktsdóttir, managing director of Retail Banking; Lýdur Thór Thorgeirsson, managing director of Investment Banking; Jónína S. Lárusdóttir, managing director of Legal Division; Margrét Sveinsdóttir, managing director of Asset Management; Rakel Óttarsdóttir, managing director of IT; Rúnar Magni Jónsson, managing director of Corporate Banking; Stefán Pétursson, Chief Financial Officer; and Sture Stölen, head of Investor Relations.

Information on violations of laws and regulations

Arion Bank has not been denied registration, authorization, membership or permission to conduct certain business, activity or operations. The Bank has not been subject to withdrawal, revocation or dismissal of registration, authorization, membership or permission. Information on the main legal cases relating to Arion Bank can be found in the notes to the annual financial statement.

The Board of Directors annually reviews and approves the Corporate Governance Statement.

This Corporate Governance Statement was examined and approved at a meeting of the Board of Directors on 13 February 2019.