Our risk management procedures are derived from both internal and external requirements. We are committed to always be in compliance with relevant legal requirements, regulations and industry standards, as well as our internal policies that give guidance on employee conduct in accordance with our fundamental values.

Anti corruption

Our zero tolerance approach means that all reasonable measures against corruption are in place, and that business is to be conducted diligently.

The prohibition against corruption applies to all individuals acting on Arctic’s behalf, and all associated partners are expected to adhere to ethical standards in line with our own.

Anti money laundering (AML)

We recognize our responsibility to help protect the integrity of the global financial system.

In order to enact on that responsibility, we work actively to prevent, detect and report transactions that could in any way be related to the proceeds of criminal acts or connected to the financing of terrorism.

Conflict of Interest

Our investment banking department is separated from our brokering desk with both digital and physical barriers to ensure that the flow of information between them is strictly administered.

Each investment banking assignment is to be approved by our Engagement Committee which will assess all engagements in light of risks of conflicts of interest. In the event that we are familiarised with information that could be regarded as inside information, only those employees considered to be relevant will have access and insider lists are maintained.

There is a general duty of confidentiality related to all information that our employees become acquainted with in their work. This general confidentiality extends to all employees and contractors.

Operational resilience

Our emergency readiness plan was introduced to ensure that we are able to react rationally and efficiently in a critical situation. The plan is accessible for all employees on our intranet.

An emergency manager shall assess the situation and the need to inform and involve other personnel in order to handle incidents and subsequently coordinate the execution of important business functions in an emergency situation.

Emergency readiness

Our emergency group is tasked with implementing preventative measures that ensure operational resilience. These measures aim to prevent damage to persons, property and the company’s reputation.

The group will gather information and oversee necessary communications internally in the organisation, to the Board, relevant stock exchanges, public authorities, clients and media.

The group will carry out important business functions in an emergency situation, and review the emergency readiness plan and security measures annually.

Whistleblowing

We have an open door policy and encourage employees to share their questions, concerns, suggestions or complaints with their supervisor.

If an employee is not comfortable speaking with their supervisor, the employee may speak to the CEO of the relevant entity or call the "whistleblower hotline" operated by BAHR.

Those with concerns or complaints may also submit their concerns orally or in writing directly to the organization’s compliance department, employee representatives or safety officer. Notifications may be submitted on a confidential basis by the complainant.

"We develop our internal procedures to stay ahead of market trends. We are continuously updating our internal Code of Conduct framework and we have seen great engagement from our employees in this regard. Our team is working non-stop to ensure that all governance procedures are in line with best practices."

Christian Falkenberg Kjøde, Chief Compliance Officer

Privacy and data security

Our data is a valuable and we treat it accordingly. We have opted for a multifaceted approach to securing both our data and its various points of access due to the multitude of ways it may be lost or compromised. This means focusing on three key areas:

• Data Protection: The process of safeguarding important information from corruption, compromise or loss.
• Data Security: The defense of digital information against both internal and external malicious threats.
• Data Privacy/Information Privacy: The processes where an organisation or individual determine what data they may share with third parties.

IT records

We keep records of client conversations, meetings and promotional activities as a form of governance as we believe these measures to be within our legitimate interests when providing our services to our clients.

Similarly, we use and store the personal data of individuals within suppliers' organisations in order to facilitate the reception of services. We have deemed these activities to be within the range of legitimate interests as a recipient of our suppliers' services.

Data storage

Arctic will seek to store external data with data centres that operate using renewable energy and reuse of excess heat. We work with highly professional third-party vendors with data centres in secure countries.

IT resource management

Ensuring alignment between IT and other areas of our operations is something that requires significant IT resources.

The continuous development of new systems and technologies accentuates the need for informed resource management. We manage our IT resources with energy opimisation, operational integrity and security in mind.