Compliance and internal control

Castellum has a Compliance Officer to monitor compliance (i.e. ensuring compliance with laws and ordinances as well as internal policies and guidelines). The Group’s Chief Legal Officer is its Compliance Officer.

Internal control at Castellum is based on the established COSO framework, which consists of the following components: control environment, risk assessment, control activities, information, communication and monitoring. Internal control is described in more detail on Internal control.

Castellum has a whistleblower function, which is directed both externally and internally. It is available on the Group’s website and via the Group’s intranet. The service represents an early warning system for reporting deviations from Castellum’s values and business ethics guidelines. All incoming cases to the whistleblower function are sent to the appointed official within Castellum as well as to the Chairman of the Audit and Finance Committee.

The Compliance Officer function acts as a support for the operations driving the business when it comes to identifying and monitoring operational risks. The Compliance Officer regularly reports to the CEO and the Audit and Finance Committee regarding risks and regulatory compliance.