Norwegian Financial Supervisory Authority identifies governance and risk management improvements at SpareBank 1 Sør-Norge

The Norwegian Financial Supervisory Authority has published an inspection report following an onsite review of SpareBank 1 Sør-Norge’s internal governance and risk management system. Its overall assessment is that the bank group has a governance framework broadly adapted to its business, but with several areas that need strengthening, notably the risk appetite framework, the way risk and compliance are reported to the board, and the documentation of whether internal controls operate satisfactorily. The report says the bank should make its risk appetite framework more coherent, accessible and relevant across all material risks, and tie board reporting more clearly to approved risk appetite and risk limits. It also points to gaps in the treatment of nonfinancial and compliance risks, the absence of clearly aggregated limits for overall ownership risk, and limited measurement of total ownership risk despite the importance of the SpareBank 1 alliance to the bank’s business model. On internal control, the authority says the annual assessment process is too high level, does not sufficiently evidence evaluation of specific control measures in each area, and should be improved alongside follow-through on remediation agreed after internal audit findings. It also notes that, after a February 2026 reorganization, the heads of second-line control functions are no longer part of group management, which it believes weakens the head of risk management’s ability to maintain proactive dialogue on risk with management and the board. The board largely agreed with the supervisory findings and said it would ensure the bank develops and improves the areas identified. The Norwegian Financial Supervisory Authority expects the organizational change to be evaluated by the end of 2027.