Internal control and risk management activities are an integral part of the management’s overall duty to ensure that the company achieves its objectives, including sustainability targets. Through efficient and effective systems of internal control and risk management, deviations from objectives can be prevented or detected as early as possible.
Sustainability requirements are integrated into the management system through the policies, rules, procedures, key controls, and compliance monitoring of the implementation. The Board of Directors is responsible for monitoring and evaluating the efficiency of the Company’s internal control and risk management systems.
The primary governance principle is adherence to the Three Lines of Defence model, with a clear division of roles and responsibilities regarding internal control and risk management. A proper Three Lines of Defence governance ensures that the segregation of duties is defined and established between risk management and risk control.
The main features of the internal control and risk management systems are described in the Corporate Governance Statement.
Finnair has established and defined top-level policies to ensure the implementation of appropriate internal control and risk management structures across all relevant areas. This means that sustainability requirements are integrated into the management system. The top-level policies, that is, the Code of Conduct and the Internal Control and Risk Management Policy, are annually reviewed and confirmed by the Board of Directors.
Our commitment to sound corporate culture, which is based on transparency, honesty, integrity and ethical behaviour, is emphasised in both of these top-level policies. Finnair’s Code of Conduct outlines our commitment to ethical business principles in all our operations. We act in compliance with applicable local, national, and international laws, as well as our own policies. We expect our partners and suppliers, when working for Finnair, to adhere to the same principles as set out in Finnair’s Code of Conduct.
In addition, we have defined and established specific and more detailed policies and rules on a number of important areas, such as aviation safety, occupational health and safety, anti-bribery and anti-corruption, fair competition, conflict of interest situations, whistleblower protection, environmental and energy efficiency, accessibility of Finnair’s products and services, trade sanctions, data governance, data privacy, information security, decision-making authorisations, procurement, business continuity management, business travel, disclosure, insider requirements, Board diversity etc. All company policies, rules, procedures, and key controls are part of the internal control and risk management frameworks.
Finnair is committed to respecting all internationally recognised human rights as defined in the International Bill of Human Rights and the ILO Declaration on Fundamental Principles and Rights at Work. We conduct our business in accordance with the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. We are also committed to implementing the principles of the UN Global Compact. This is outlined in Finnair’s Policy Commitment to Human Rights and Modern Slavery and Human Trafficking Statement, both approved by the CEO.
The Policy Commitment describes Finnair’s continuous human rights due diligence process, which is integrated into the company’s internal control and risk management frameworks. This includes identifying, assessing and mitigating potential risks and impacts on human rights, as well as monitoring the effectiveness of related controls and risk mitigation activities.
Finnair’s commitment to protecting the natural environment and minimising energy use, emissions and waste is articulated in our Environmental and Energy Efficiency Policy. We manage our environmental sustainability efforts through Finnair’s Environmental Management System (EMS), which complies with the IATA Environmental Assessment Program (IEnvA) standard.
Finnair is committed to ensuring that its procurement practices are transparent, fair and responsible, upholding high standards of integrity. The Finnair Supplier Code of Conduct (SCoC) is an integral part of a purchase contract.