Compliance and data security

Compliance is an independent control function which reports directly to the CEO and works in accordance with a special charter from the Board. The Compliance Officer is Hákon Már Pétursson.

The main role of Compliance is to ensure that the Bank has in place proactive measures to reduce the risk of rules being breached in the course of its activities. Compliance is also responsible for coordinating the Bank’s measures against money laundering and terrorist financing to reduce the risk of the Bank's services being used for illegal purposes. In September 2019 the Compliance Officer also took over the role of Data Protection Officer.

The duties of Compliance are carried out under a risk-based compliance plan approved by the Board of Directors, including a monitoring and training schedule for employees which addresses the laws and rules under which the Bank operates. Compliance provides the Board of Directors with a quarterly report on its activities.

Information on violations of laws and regulations

Arion Bank was not denied registration, authorization, membership or permission to conduct certain business activities or operations during the year, nor was it subject to withdrawal, revocation or termination of registration, authorization, membership or permission. 

Arion Bank paid one fine in 2019. In November 2019 the Bank and the FME agreed to reach a settlement on the violation of Article 8 (2) of the Securities Transactions Act No. 108/2007. The Bank agreed to pay a fine of ISK 21 million and acknowledged that it had failed to keep a formal and systematic record of its analysis of conflicts of interest concerning the financing of the United Silicon plant at Helguvík

Information on the main legal cases concerning Arion Bank can be found in the notes to the annual financial statement.

Measures against money laundering and other financial crimes

It is Arion Bank’s policy to combat money laundering and other financial crimes and to prevent the Bank’s services from being used for these purposes. The Bank has adopted a policy on measures against financial crime which can be viewed on the Bank's website.

On 1 January 2019, Act No. 140/2018 on measures against money laundering and terrorist financing came into effect which resulted in extensive changes to the measures undertaken by the Bank in this area.

In 2019 Arion Bank submitted 523 reports of suspicion of money laundering or terrorist financing to the Financial Intelligence Unit of the Icelandic Police

The Bank’s obligations as an issuer of publicly traded securities

Arion Bank shares are traded on both Nasdaq Iceland and Nasdaq Stockholm. Bonds issued by the Bank are traded on Nasdaq Iceland and Bourse de Luxembourg.

The regulatory authorities and stock exchanges made no criticisms of the Bank’s disclosure of information in 2019.

Data Protection

Arion Bank cares about data protection and our customers' personal data and we aim to ensure that personal data is processed legally, fairly and transparently in line with Data Protection Act and the General Data Protection Regulation. The Bank has adopted a data protection policy which can be viewed on the Bank's website.

In the 2019 the Bank received one legitimate complaint concerning a breach of data protection from a third party. No complaints were received from the Data Protection Authority. The Bank reported 24 incidents to the Data Protection Authority where there was breach of confidentiality. In all cases the risk to individuals’ rights and freedoms was minimal or limited. No incidents of theft or loss of personal data was reported during the year.