Financial Supervisory Authority of Norway publishes OBOS-banken inspection report highlighting weaknesses in governance, risk models and customer treatment

The Financial Supervisory Authority of Norway has issued an on-site inspection report on OBOS-banken AS, finding the bank’s overall control environment satisfactory but identifying improvement areas and specific weaknesses in corporate governance, risk management and regulatory compliance. Key issues include shortcomings in risk model documentation and validation, errors in IFRS 9 loss provisioning and classification of non-performing exposures, non-compliance when using agents under the Loan Intermediation Act, and deficiencies in customer advice and documentation in retail credit processes and complaints handling. Resource constraints in second-line functions, particularly compliance and anti-money laundering, were flagged alongside governance issues such as incomplete board evaluation of the governance framework and insufficiently holistic follow-up of the external auditor’s observations. Risk reporting did not clearly distinguish between the group and the parent bank, and the bank lacked board-set limits for lending growth and clearer credit risk tolerances for the parent bank’s own book. The report also highlights weaknesses in the framework for automated lending decisions, the validation approach for credit risk models, and control failures that allowed long-standing IFRS 9 errors and misclassification of forbearance exposures. On customer treatment, Finanstilsynet found inadequate advice and documentation for senior loans and shared-ownership loans (deleie), insufficient documentation of creditworthiness assessments and use of the flexibility quota under the Norwegian mortgage lending regulation, and complaints channels and routines that were not sufficiently accessible. Finanstilsynet expects the board to ensure remediation, including stronger risk reporting, compliant agent use and registration, improved advice and documentation in credit processes, and more accessible complaints handling. The authority notes that the board has considered the findings and that necessary measures are being implemented, and it has requested the minutes of the board meeting where the report is discussed and that the report be shared with the bank’s external and internal auditors.