Risk management

The year was characterised by challenges in the external environment, including seismic and volcanic activity on the Reykjanes peninsula, political uncertainty both at home and abroad, persistent inflation and high interest rates in Iceland. Despite all this, the Bank’s risk measurements and assessment of key risk factors is generally positive and the outlook stable.  

Risk Management enhanced support for the Bank’s main profit goals even further during the year through the implementation of new metrics and information disclosure. The division was more active in education for the Bank’s employees and laid the foundation for further use of data with key management. 

Landsbankinn’s risk policy 

Landsbankinn has adopted a risk policy that provides a framework for the Bank’s risk management and risk appetite and forms the basis for long-term profitability and stability. The Bank’s risk policy also sets out the parameters for implementing risk culture, risk rules and governance that sets out decision and risk-taking authorisations, follow-up and control of risk management. 

All main risks in the Bank’s operation are identified, assessed and measured, both financial and non-financial risks. The main risks in the Bank’s operation are credit risk, market risk, liquidity risk, concentration risk, operational risk, business risk, legal risk, reputational risk, conduct risk, compliance risk, IT risk, data risk, model risk and sustainability risk. 

Landsbankinn’s governance structure sets out the main decision-taking process on key risks, the decision-making and risk-taking authority of individuals, follow-up and control by the Board of Directors, CEO and individual Bank committees. 

The Board of Directors has approved a risk appetite which reflects the Bank’s risk strategy and functions as a management tool that controls risk-taking, in addition to setting aims for individual and aggregate risk in the Bank’s operation. Risk appetite is reviewed at least annually. The Bank’s main risk metrics are listed below. In addition, the Bank assesses and measure various other risk factors to support risk management and decision taking. 

Risk measurement and risk factors 

In general, the Bank’s risk measurements and assessment of material risk factors are positive and all key risk factors were aligned with risk appetite targets at year-end 2024. Defaults in the Bank’s loan portfolio remain minimal, the Bank is securely funded and its liquidity and equity positions are strong. 

Credit risk remains the most significant risk in the Bank’s operation, or 89.5% of risk-weighted exposure. There was significant lending growth during the year, with lending increasing by a total of ISK 177 billion. Demand for inflation-indexed loans grew considerably during the year, especially in housing loans but also in lending to corporates. Increased demand expanded the Bank’s inflation-indexed assets considerably in excess of inflation-indexed liabilities. 

The second most significant risk in the Bank’s operation is operational risk, which includes numerous sub-risks. The Bank has been focused on protecting customers against cyberattacks, which remain a growing threat. The Bank has been certified under the ISO 27001 information security standard for over 15 years. The certification, along with staff and customer education on information security, is one of the main pillars of the Bank’s cybersecurity.  

Non-financial risk factors play a significant role in the Bank’s operations and have increased in scope, particularly in terms of cybersecurity and IT risk. The Bank is currently working on implementing EU Regulation No. 2022/2554 on the digital operational resilience of financial sector entities (Digital Operational Resilience Act, or DORA), which will take effect in Iceland on 1 July 2025. Additionally, the Bank has been preparing for the implementation of EU Regulation No. 2024/1623 (CRR III) in 2025 and expects the impact of its adoption on the Bank’s risk base to be minimal.  

At year-end 2024, the Bank’s total capital ratio of 24.3% was well above current regulatory requirement of 20.4%. The Bank’s liquidity position was very strong at year end and liquidity ratios well above regulatory requirements and the Bank’s internal risk limits. The total liquidity coverage ratio (LCR) at year end was 164%, 133% in ISK and 951% in EUR. 

Risk factors in the Bank’s operations are assessed by various measurements, in line with their scope and nature, and these measurements provide the foundation for risk limits, analysis of risk factors, disclosure of information and risk management. A common measurement for all risk factors is the Bank’s internal assessment of economic capital (EC). In 2024, internal assessment of the Bank’s capital requirements was considerably lower than capital requirements. 

Sustainability risk assessment

The Bank has integrated the assessment and management of sustainability risk into its risk framework. Sustainability risk includes risks related to environmental, social and governance (ESG) factors. The implementation includes, among other things, a dedicated assessment of sustainability risk in lending to larger companies.  

Active internal control

Active internal control forms one of the cornerstones of robust risk management and is conducive to the Bank operating in accordance with its risk policy and risk appetite. 

Internal control is a process shaped by the Bank’s executives and employees and comprises all actions taken with the aim to support, manage, mitigate or monitor certain activities and in so doing increase the likelihood of the Bank attaining set goals. 

Landsbankinn endeavours to maintain good and constructive relations with regulators and to ensure accurate and timely information disclosure. 

Risk metrics in Landsbankinn’s risk appetite

The Bank’s main risk metrics are listed below. In addition, the Bank assesses and measure various other risk factors to support risk management and decision taking.