Internal control is an essential part of Tokmanni Group’s governance and management system, in which Tokmanni Group Corporation’s Board of Directors, management and personnel participate. The purpose of internal control is to ensure the achievement of Group’s goals.

Tokmanni’s internal auditor is responsible for internal auditing within the Group. Administratively, the unit reports to the CFO. However, in matters related to internal auditing, the auditor reports to the Finance and Audit Committee. The purpose of internal auditing is to monitor and ensure that the company’s business operations are efficiently managed and profitable, that its risk management is at a sufficient level and that its internal and external reporting is accurate and appropriate.

Internal control helps Tokmanni Group comply with good governance practices, provides the Group’s management with an independent perspective on examining its operations and helps the company achieve its targets by providing a systematic and disciplined approach to assessing and enhancing the efficiency of risk management, monitoring and governance processes.

The operating principles and key procedures for internal controlling are defined in the operating guidelines confirmed by the Finance and Audit Committee (internal principles of auditing). The internal control unit prepares a three-year plan that is implemented in line with a separately approved annual plan. In accordance with the plan, the internal control unit also independently carries out audits on different parts of the company. In addition, it may conduct special audits and stipulated audits in cooperation with auditors and external experts.

Key practices of the Compliance function

Compliance is tasked with assisting senior management, executive management and other business operations in the management of risks associated with regulatory non-compliance, supervising regulatory compliance and, for its part, developing internal control further.

Compliance risk is the risk of legal or administrative penalties, financial losses or loss of reputation as a result of a failure of the company to comply with laws, regulations or other administrative provisions applicable to its activities. Tokmanni’s compliance risk management ensures that operations comply with legislation and the company’s own requirements. Tokmanni expects all its staff to comply with the company’s Code of Conduct and its principles and unit-specific guidelines. The Code of Conduct and guidelines cover a wide range of compliance issues, including the prohibition of corruption and bribery, issues regarding labour, occupational health and safety, and human rights issues.

The CFO is responsible for the company’s compliance operations and reports directly to CEO and also regularly informs the Board of Directors. The CFO is supported by Tokmanni’s Compliance team, which is composed of the Head of Sustainability, the Manager of Security and Real Estate, the Vice President, Sales and Supply Chain and the HR Manager.

The Compliance team convenes every two months, but urgent matters are dealt with without delay. The team handles notifications concerning financial misconduct received via the whistleblowing channel or otherwise and actions that violate the Tokmanni Code of Conduct, and imposes potential sanctions. All notifications of violations are processed confidentially as required by data protection legislation. Tokmanni will take appropriate action based on the notifications.

The Compliance team aims to prevent the materialisation of compliance risks. For this purpose, the Compliance team shall, for example:

• prepare and maintain guidelines on key matters related to practices (Tokmanni Code of Conduct and principles),
• advise and train the staff in matters related to practices,
• support business units in planning development measures that promote internal control and compliance risk management,
• keep senior management and executive management informed of upcoming regulatory changes and monitor the business’s preparation for regulatory changes,
• report to the company’s Group CEO on issued recommendations and the results of control and other observations related to compliance risks.

Principles for related party transactions

Tokmanni Group has deemed the following people to be executives obligated to disclose their business transactions that involve Tokmanni’s financial instruments: members of the Board of Directors, CEO, Deputy CEO and CFO of Tokmanni Group. The people listed above must also determine their related parties (individuals and companies).

Tokmanni Group reports related party transactions in note to the financial statements. In addition, the Group evaluates and monitors transactions between the Group and its related parties in order to ensure that possible conflicts of interest are taken into account in decision making. The disqualification provisions of the Finnish Limited Liability Companies Act are observed in decision making.

Tokmanni Group Corporation’s insider register is maintained by the company’s financial department. The company’s Investor Relations is responsible for the timely disclosure of business transactions carried out by executives and their related parties in compliance with regulations.