Kamux logo
>Kamux Corporation Governance Risk management and internal control

Risk management and internal control

The aim of risk management is to ensure the keeping of customer promises, profit development, the ability to pay dividends, shareholder value, responsible operating practices and the continuity of business. Kamux has harmonised and efficient methods to identify, assess and manage risks and their consequences.

Kamux complies with the internal control and risk management principles approved by the company’s Board of Directors.

Risk management is a systematic activity, the purpose of which is to guarantee comprehensive and appropriate identification, assessment, management and monitoring of risks. It is an essential part of Kamux’s planning and management process, decision-making, daily leadership, operations and supervision and reporting procedures. Risks are assessed and managed in a business-oriented fashion and comprehensively. This means that the key risks are identified, assessed, managed, monitored and reported on systematically as part of business.

The Group’s CEO and other members of the Management Team are each responsible for their own areas. The Management Team regularly reports to the Board of Directors about risks and management measures. The Board of Directors processes the most significant risks and measures to manage them, and assesses the effectiveness and efficiency of risk management. The CFO is responsible for coordinating risk management.

Internal control

The objective of internal control in Kamux is to ensure that business operations are efficient and profitable, financial reporting is reliable, and applicable laws and regulation for the company’s business, as well as the company’s internal instructions, are followed. The specific objective of the internal control over financial reporting is to ensure that interim reports, half-yearly reports, financial statement bulletins and other financial reporting as well as financial statements and annual reports are reliable and are prepared in accordance with the accounting and reporting principles adopted by the company. The Board of Directors of the Company is responsible, in accordance with its rules of procedure, for monitoring the process of financial reporting and the effectiveness of the company’s internal control and risk management system.

The CEO is operationally responsible for the organisation of internal control. This includes ensuring that the company has implemented adequate internal control mechanisms as stipulated in the operating principles defined by the board. The CEO, supported by the Management Team, is responsible for ensuring that the group operates in accordance with the agreed principles, follows laws and regulations, and reacts to identified exceptions and takes adequate corrective actions.

As part of the listing process, Kamux has developed internal control of the preparation of the financial statements and financial reporting processes. This initiative has consisted of assessment of essential risks relating to the financial statements and financial reporting process, and identification and documentation of the key control points for related processes in a consistent documentation model. In connection with this process, a responsible person has been defined for each control point, and the adequacy of the control design has been evaluated. Depending on the process, the control points are e.g. reconciliations, analyses, approvals and authorisations, segregation of duties, and system access management. Development of internal control continues throughout the year and includes the design of the monitoring process of the controls’ effectiveness, and assessments to review that the control environment has been implemented in all Kamux operating countries.

Kamux’s board has assessed that due to the nature of the company’s operations, number of employees and geographical scope, it is not necessary to organise internal audit as a separate function. The board shall evaluate on a yearly basis whether such function should be established. The board may use either internal or external resources to carry out specific internal audit assignments.

Kamux has documented the common operating principles as a Code of Conduct, which is available in Finnish, Swedish, German and English. The Code of Conduct is part of preparatory risk management.


Kamux Corporation (“Kamux” or “Company”) observes the insider guidelines approved by the Board of Directors and based on the Market Abuse Regulation (“MAR”), the insider guidelines of Nasdaq Helsinki Ltd and other appropriate rules and guidelines.

Kamux has identified the members of the Board of Directors, the CEO and possible deputy CEO and the members of the Management Team (including persons closely associated with them for the purposes of MAR) as managers (“managers”) required to report transactions in Kamux financial instruments for the purposes of MAR. Managers are subject to a restriction on trading (closed window) on Kamux financial instruments for a period of 30 days prior to the publication day of the company’s financial statements or interim report.

In addition, the company has designated some Kamux employees as persons working in the company’s information core who, by virtue of their duties, have access to the company’s information core (“persons working in the information core”). These persons typically include persons who prepare an interim or annual financial report, persons responsible for the company’s finances, financial reporting or communications, or other persons in the company’s management positions. These persons are also subject to a 30-day restriction on trading (closed window).

In addition, the Company maintains project-specific insider registers. Persons involved in the planning and preparation of projects or events concerning inside information are considered as project-specific insiders. A project-specific insider must not trade or conduct other transactions in the company’s financial instruments during the project. The prohibition also applies to their dependant children and to entities under their direct or indirect control.

The person in charge of insider matters for the Company is Kamux’s CFO.

Related party transactions

Kamux’s Board of Directors has defined the principles for monitoring and evaluating related party transactions. The related party policy also defines the principles and processes that the company uses to organize decision-making in terms of related party transactions and to monitor and report on possible related party transactions. The Group maintains a list of related parties. The main principle of the Kamux related party policy is that all legal transactions between the company and related parties shall be carried out on normal market terms.

Transactions carried out with related parties are addressed in the Audit Committee of the Board of Directors and/or in the Board of Directors in accordance with the related party policy. Significant transactions with the management of Kamux and its related parties are decided by Kamux’s Board of Directors. The Board of Directors also decides on related party transactions that are not the company’s normal business operations or that are not carried out on normal market terms.

The company and its related parties did not carry out any transactions that are material to the company and not in the ordinary course of business or otherwise based on market terms in 2023. Related party transactions carried out in the ordinary course of business concern certain lease agreement arrangements, vehicle procurement and sale, and mutual service sales and loan arrangements between Group companies.

Reporting suspected miscoduct (Whistleblowing)

Kamux has an anonymous Whistleblowing channel, thought which all Kamux employees and external stakeholders can report misconduct or suspicion of misconduct, or violation to Kamux’s Code of Conduct, in a confidential way. 

The whistleblowing channel is intended only for reporting suspected misconduct. It should not be used for customer feedback or complaints.

Suspicion is sufficient reason to report

Reporting concerns and suspicions is important so that Kamux can resolve possible issues and problematic situations. You do not need to have firm evidence of the misconduct before reporting it but reports must be submitted honestly and in good faith.

Reports are handled securely

Access to messages received through the whistleblowing channel is restricted to appointed individuals with the authority to handle whistleblowing cases. Only those participating in the investigation will receive information on the report and related investigation. People under or related to suspicion are not allowed to participate in the investigation. By this we ensure that reporting suspicions will not cause retaliation for the whistleblower who has submitted his/her contact information.

Reporting channel is technically implemented by an external service provider WhistleB, Whistleblowing Center, which ensures the security of whistleblower’s anonymity, encryption of reports and compliance with strict information security criteria in the Reporting system. The whistleblower and appointed individuals at Kamux will receive personal IDs which will allow them to view the encrypted report and continue communication through the channel anonymously and securely. Kamux does not seek to find out the identity of an anonymous whistleblower at any time.

All reports are investigated

It is important for Kamux that trust in the company's fair and transparent operations is maintained. All suspicions will be investigated thoroughly. Investigative procedures will be decided on a case by case basis, and Kamux will use external specialists when needed. The company will not take disciplinary action towards persons under suspicion before investigation has been completed. 

Sometimes sending a report may lead to further action by authorities. In that case, information submitted by whistleblower will been seen by those who are legally entitled to do so. This also applies to whistleblower’s contact information, if he/she has provided it.

Share tools

Read more


Read more

Investor calendar

Read more

Reports and presentations

Read more