The objective of risk management at the company

The objective of Risk Management is to secure profitable performance of the Enento Group and to ensure the continuity of the business by executing risk management in a cost-effective and systematic manner in the different functions of the company. Risk management is part of the company’s strategic and operative planning, daily decision-making process and internal control.

Main principles for organizing risk management 

The company complies with a policy approved by the company’s Board of Directors for the management of risks. Risk Management covers all activities that are related to the objectives being achievable and consistent with the strategy, to the identification, measuring, assessment, processing, reporting and control of risks and to the reaction to risks.

Main features of risk management process

In conjunction with the strategy process and annual planning, the company’s CEO and members of the management group evaluate the business risks which may prevent or endanger the achieving of the group’s strategic and result objectives. The units provide risk assessments of their own operations for the support of the strategy process. The directors of the units have to provide assessments of the risks of their own area of responsibility and present action plans for the management of risks. Changes taking place in the strategic and operative risks are discussed in the management group.

The company’s CEO reports the identified risks as well as planned and implemented actions for the risk mitigation to the Audit Committee and the Board of Directors. In accordance with the recommendation 26 of the Finnish Corporate Governance Code, the company shall disclose the major risks and uncertainties that the board is aware of and the principles along which risk management is organised. The Audit Committee shall assure that the Corporate Governance Statement published by the company shall contain an appropriate description of the main features of the internal control and risk management systems in relation to the financial reporting process.

The report by the Board of Directors contains an evaluation of the major risks and uncertainties. In addition, the interim reports and financial statements releases describe major short-term risks and uncertainties related to the business operations.

General description of internal control and operational principles

Internal control is carried out by the Board of Directors, management and the company’s entire personnel so that it can reasonably be asserted that:

1. The operations are functioning, efficient and in compliance with the strategy.
2. The financial reporting and information given to the management is reliable, sufficient, and timely.
3. Applicable laws and regulations as well as the company’s internal instructions and ethical values are complied with at Enento.

The company’s internal control contain the following structural elements:

• Instructions and principles set by the Board of Directors for internal control, risk management and administration.
• The implementation and application of instructions and principles under the supervision of the management.
• Control of the efficiency and functionality of operations as well as the reliability of the financial and management reporting by the financial department.
• The company’s risk management process, the purpose of which is to identify, assess and reduce risks threatening the achievement of objectives.
• Compliance processes, the purpose of which is to ensure that all applicable laws, regulations, internal instructions and ethical values are complied with common ethical values and strong internal control culture amongst all employees.

Key risks and uncertainties

The company is exposed to a number of risks and uncertainties related to, among other factors, the market conditions, the company’s industry, the company’s strategy, business operations of the company and financial risks. The materialisation of any such risks could have a material adverse effect on the company’s business, financial condition, results of operations and future prospects.

Market and strategic risks

The demand for Enento Group’s products and services depends on the activity of the business operations of its customers. Slow economic growth or a declining economy may result in a weakening demand for the services of the Group. In addition, regulatory changes that reduce the lending ability of the Group’s customers and/or impact customer behavior may have a negative effect on the demand for the Group’s services and products. Moreover, the Group is vulnerable to potential structural changes in any of its operating markets, including but not limited to shifts in the demand for consumer credit information. Such structural changes could alter market dynamics or customer behavior, potentially impacting the Group’s financial performance.

Geopolitical uncertainty, trade wars, wars and conflicts can have a negative impact on macroeconomic development and economic activity in the Nordic countries and globally. This decreases the Group’s ability to predict the demand for its services and causes a risk of weakening revenue development. The Group does not have business in Ukraine, Russia, Belarus, Israel or in the United States.

Enento Group operates in several product and service markets in which competition is continuously becoming tougher and customers’ needs keep changing. Information services are more easily available than before. This is primarily attributable to better availability of public information, increase of digital information, new service providers and new technologies such as artificial intelligence, which may increase competition in the markets. Better availability of information and new opportunities for in-house development of services, such as analysis services.

Tendering carried out by customers and general cost-awareness may put some pressure for lower prices on the Enento Group’s markets. In addition, price pressures caused by the Group’s competitors or price increases from the Group’s vendors may have a negative effect on the Group’s margins and result and hamper its opportunities to acquire new customers on the current terms and conditions.

No customer of the Enento Group accounted for more than ten per cent of the Group’s total invoicing in 2025. Even though the Group’s customer base is diverse, the loss of one or more major customers or a significant decrease in sales to one or more such customers for any reason could have a very harmful effect on the Group’s business, financial position, business result and future outlook.

The gathering, storage and use of information is subject to strict regulations, for example data privacy legislation. In Sweden, a license is required for certain operations of the Group, such as credit register related operations. In addition, according to UC’s shareholder agreement, UC’s minority shareholders may veto certain decisions concerning UC’s credit register and the control of credit register data. This may restrict Enento Group’s possibilities to materially change business operations related thereto. The Group and its employees must also comply with numerous other laws and regulations. Changes to the regulatory framework may require the Group to adapt its service offering or strategy. These changes can include an introduction of potential governmental credit registers. Any actions in breach of regulations concerning operations subject to a license may lead to changing of the Group’s operations, imposing additional conditions to the license or cancellation of the license. The above may also lead to higher costs, force the Group to stop providing some products or services, or prevent or delay development of its operations, or the Group may end up in legal proceedings or become subject to legal claims.

Enento Group has a lot of goodwill recognized on acquisitions. The Group has also capitalized meaningful amount of investments in other intangible assets. Impairment of goodwill and other assets could have a material effect on the Group’s reported result.

Operational risks

Safe and uninterrupted functioning of Enento Group’s IT network and systems, cyber security and mitigation of cyber risks, are critical for the Group’s business. Unauthorized access to or disclosure of information as well as loss or abuse of information may lead to a breach of data protection and other applicable laws by the Group, harm to reputation, loss of income, claims or measures taken by the authorities. In its business, the Group relies on information from external sources, such as government offices and other public sources, customers and other sources. If one or more of them stopped providing information for any reason or considerably increased the price of the information provided, this could have a harmful effect on the Group’s ability to offer its products and services to its customers.

Enento Group believes that its continued success will be influenced by its ability to meet customers’ needs through the development of products and services that are easy to use and that seek to increase customers’ business process efficiency, offer cost savings, and facilitate better business decisions. The Group’s financial result may suffer if the development of new products or services or improvements to existing products are delayed for reasons related to possible technical challenges, problems related to external IT development resources, information acquisition or regulatory requirements.

Enento Group has invested and will continue to invest in its technical infrastructure, including equipment and software. If the Group fails in its technological investments, its income may not develop as expected and its expenses may increase. In addition, the Group may end up in an unfavorable competitive position in the market if it cannot, for example, offer certain new products and services or gather certain type of new information.

Despite testing and information quality control, products and services developed and supplied by Enento Group as well as the operating systems and software it uses may contain errors or faults. Material defects or errors in the Group’s information, products or services as well as delays in providing products and services may harm its reputation or lead to loss of income, increased costs, regulatory measures or legal claims. Enento Group’s IT network and infrastructure may be exposed to damage and problems resulting from many reasons. Such damage or problem may lead to a failure of Enento Group’s IT infrastructure, which in turn may complicate the company’s work and lead, for instance, to breaches of contract.

Enento Group operates in a regulated business and changes in the applicable regulation may impact on revenue and profit. Such regulation may concern, but are not limited to data protection, freedom of speech, credit information and lending related legislation. Any governmental plans to change credit information register related regulations or potential introduction of governmental credit information registers beyond the current regulations may change the competitive landscape and/or otherwise impact the Group’s business, revenue and profit. Also, the failure to comply with regulations could have legal consequences and cause reputational harm.

Enento Group’s brands and reputation are important competitive advantages. The Group’s success is also based on its own technologies, processes, methods and information. The Group protects its intellectual rights with trademarks and domain names, for instance, and by relying on business secrets and the development of products and technology. Failure to protect intellectual rights, damage to reputation or negative views of the company in the market may have a
negative effect on the Group.

Enento Group’s success also depends on its management and other professional personnel as well as its ability to recruit competent personnel and develop, train and retain them. The Group’s inability to retain or recruit new employees may have a material harmful effect on the Group.

Disproportionately high sickness absences and especially long sick leave for key personnel pose a risk to the development of the Enento Group’s business. In information work, the most significant health hazards consist of inadequate work ergonomics and stress caused by work pressure. A good working atmosphere and high-quality
management, as well as early intervention in problem areas, prevent the need for sick leaves.

Enento Group has taken out insurances to cover various risks or loss events. The Group’s insurance coverage may be insufficient, or the Group may not be able to maintain its current insurance coverage, in which case the company may suffer losses not covered by its insurances.

Enento Group is exposed to various financing risks, including currency exposure, interest rate risk, liquidity risk and solvency risk which can have an impact on the Group’s financial performance. The Group’s financing risks and their management are described in note 4 in Notes to the consolidated financial statements.

Internal control

The objective of the internal control in the company is to ensure that business operations are efficient and profitable, financial reporting is reliable, and that applicable laws and regulation for the company’s business, as well as company’s internal instructions are followed. The specific objective of the internal controls over financial reporting is to ensure that interim reports, earnings releases and other financial reporting made available to the public, and financial statements and annual reports are reliable and are prepared in accordance with the accounting and reporting principles adopted by the company.  

The Audit Committee of the company responsible for, according to its working order, monitoring of the financial statement preparation and financial reporting processes, and monitors the effectiveness of the company’s internal control and risk management processes.

CEO is operationally responsible for the organization of the internal control. It includes that the company has designed and implemented adequate internal control mechanisms as stipulated in the operating principles approved by the board. CEO, supported by the Management Team, is responsible to ensure that the company operates in accordance with the agreed and defined principles, follows laws and regulations, and reacts towards identified exceptions and takes adequate corrective actions.

An integral part of the internal control is the document indicating the company’s roles and delegation of authority, as defined by the Board (Delegation of Authority Summary). The guideline defines authorisations of the board, the CEO and other management team members. The guideline deals with the situations where authorisations may be required for annual accounts, budget, remuneration, investments, acquisitions, financing and one-off transactions. The company’s Code of Ethics is applicable for all the group employees. It has been published in the company’s intranet and is also introduced to all new employees.

Internal audit

Enento has no specific internal audit organisation. This has been taken into consideration in the content and extent of the annual audit plan. The Audit Committee of the Board shall, according to its working order, evaluate on a yearly
basis whether such function should be established. The Audit Committee may use either internal or external resources to carry out specific internal audit assignments. The Group Finance of the Company monitors adherence of the approval limits as defined in the Delegation of Authority guidelines.