GAPP Principle 22

The SWF should have a framework that identifies, assesses, and manages the risks of its operations.

• GAPP 22.1 Subprinciple The risk management framework should include reliable information and timely reporting systems, which should enable the adequate monitoring and management of relevant risks within acceptable parameters and levels, control and incentive mechanisms, codes of conduct, business continuity planning, and an independent audit function.
• GAPP 22.2 Subprinciple The general approach to the SWF’s risk management framework should be publicly disclosed.

Status: Implemented

The management mandate issued by the Ministry of Finance stipulates the benchmark indices and permitted deviations from such indices, and further requires the Board of Folketrygdfondet to set supplementary risk limits for the investment activities. The mandate states that Folketrygdfondet shall establish principles for valuation, performance measurement and the management, measurement, and control of risk that, at a minimum, adhere to internationally recognised standards and methods. Folketrygdfondet shall have routines for reporting risk and exposures in the areas covered in the mandate set by the Ministry, including market risk and credit risk, counterparty exposure and operational risk.

The Board holds the overall responsibility for organising the risk management and defining the risk appetite of Folketrygdfondet, within the limits set out in the mandate issued by the Ministry. The Board has published principles for such risk management, and has further stated that the risk management and internal control of Folketrygdfondet to the extent suited be based on the following frameworks and standards:

1. Regulation on Risk Management and Internal Control – the Financial Supervisory Authority of Norway
2. Regulations on use of Information and Communication Technology (ICT) – the Financial Supervisory Authority of Norway
3. Enterprise Risk Management – Integrating with Strategy and Performance – the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
4. Framework for Internal Control Systems in Banking Organisations – the Basel Committee on Banking Supervision, BIS
5. Principles for the Sound Management of Operational Risk and the Role of Supervision – the Basel Committee on Banking Supervision, BIS
6. Internal Control – Integrate Framework – the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
7. Corporate governance principles for banks – the Basel Committee on Banking Supervision, BIS

The risk management framework of Folketrygdfondet includes procedures for risk identification, assessment, and monitoring. If a particular risk factor falls outside the risk tolerance level, further action shall be taken to mitigate or avoid such risks. The principles for risk management and internal control of the Board are publicly disclosed.

See also response to principle 10 and 18.

Sources: GPFN Mandate, Folketrygdfondet’s website.