NASDAQ OMX Group (NDAQ)

(A) Risk Management at OMX

OMX’s business operations place high demands on effective risk management which comprise a fundamental part of the Group’s strategic and systematic efforts to achieve operational goals while minimizing potential disruptions. Units in OMX are directly or indirectly subject to special regulation and supervision. The conditions for an efficient process and controlled risk for the purpose of optimizing business value are created through a business adapted and integrated risk management model. There is particular focus at Group and business area levels to maintain high levels of capability in crisis management, business-related continuity and incident management, as well as business intelligence.

The aim of risk management is to increase value for our shareholders, customers, employees and other stakeholders by maintaining an adequate level of protection of the Group’s prioritized assets. This is achieved by eliminating or minimizing risks and disruptions to our business operations that would otherwise generate financial losses or other undesired costs.

RISK MANAGEMENT AT OMX

OMX’s business operations place high demands on effective risk management which comprise a fundamental part of the Group’s strategic and systematic efforts to achieve operational goals while minimizing potential disruptions. Parts of OMX are subject to special regulation and supervision. The conditions for an efficient process are created through a business adapted and integrated risk management model that takes into account external and internal requirements. This enables controlled risk for the purpose of optimizing business value. There is particular focus at Group and business area levels to maintain high levels of capability in crisis management, business-related continuity and incident management, as well as business intelligence.

The aim of risk management is to increase value for our shareholders, customers, employees and other stakeholders by maintaining an adequate level of protection of the Group’s prioritized assets. This is achieved by eliminating or minimizing risks and disruptions to our business operations that would otherwise generate financial losses or other undesired costs.

(A) Risk Management at OMX

OMX’s business operations place high demands on effective risk management which comprise a fundamental part of the Group’s strategic and systematic efforts to achieve operational goals while minimizing potential disruptions. Units in OMX are directly or indirectly subject to special regulation and supervision. The conditions for an efficient process and controlled risk for the purpose of optimizing business value are created through a business adapted and integrated risk management model. There is particular focus at Group and business area levels to maintain high levels of capability in crisis management, business-related continuity and incident management, as well as business intelligence.

The aim of risk management is to increase value for our shareholders, customers, employees and other stakeholders by maintaining an adequate level of protection of the Group’s prioritized assets. This is achieved by eliminating or minimizing risks and disruptions to our business operations that would otherwise generate financial losses or other undesired costs.

RISK MANAGEMENT AT OMX

OMX’s business operations place high demands on effective risk management which comprise a fundamental part of the Group’s strategic and systematic efforts to achieve operational goals while minimizing potential disruptions. Parts of OMX are subject to special regulation and supervision. The conditions for an efficient process are created through a business adapted and integrated risk management model that takes into account external and internal requirements. This enables controlled risk for the purpose of optimizing business value. There is particular focus at Group and business area levels to maintain high levels of capability in crisis management, business-related continuity and incident management, as well as business intelligence.

The aim of risk management is to increase value for our shareholders, customers, employees and other stakeholders by maintaining an adequate level of protection of the Group’s prioritized assets. This is achieved by eliminating or minimizing risks and disruptions to our business operations that would otherwise generate financial losses or other undesired costs.

(A) Risk Management at OMX

OMX’s business operations place high demands on effective risk management which comprise a fundamental part of the Group’s strategic and systematic efforts to achieve operational goals while minimizing potential disruptions. Units in OMX are directly or indirectly subject to special regulation and supervision. The conditions for an efficient process and controlled risk for the purpose of optimizing business value are created through a business adapted and integrated risk management model. There is particular focus at Group and business area levels to maintain high levels of capability in crisis management, business-related continuity and incident management, as well as business intelligence.

The aim of risk management is to increase value for our shareholders, customers, employees and other stakeholders by maintaining an adequate level of protection of the Group’s prioritized assets. This is achieved by eliminating or minimizing risks and disruptions to our business operations that would otherwise generate financial losses or other undesired costs.

(i) OMX’s risk management organization

The following roles and responsibilities are included in OMX’s risk management in order to ensure compliance with laws and regulations, governance, coordination and the development of methodology, as well as operational risk management activities:

(ii) OMX’s risk management process

OMX’s risk management is a business-integrated process that covers both business and support units at various levels in the organization. The methodology applied is partially based on the

F-25

international ERM-standard (Enterprise Risk Management standard) in accordance with COSO (the Committee of Sponsoring Organizations of the Treadway Commission) with additional methodology for the areas of Security, Insurance and Internal Control. The risk management process is integrated in the operations conducting business activities, such as strategic management and development work, and is directly linked to the company’s business planning and follow-up.

Risk management is a standardized and continuous process which aims to identify, evaluate, manage, control and report significant risks to which OMX may be exposed. Risk management employs different forms of preventative measures and strategies, such as risk prevention, damage limitation and risk financing, in order to safeguard the Group’s objectives and the majority of goals set at business area and operational levels.

OMX’s risk management not only includes risks in the day-to-day business operations but also risks arising in conjunction with forward-looking strategic investments in order to optimize the company’s business opportunities.

Risk management including control activities is decentralized to each business area and support function. As a result, all business areas, support functions and Group staff functions work with the management of financial, operational and strategic risks. Risks are divided into short-term and long-term risks.

The business areas and central support functions periodically report on risks to GRMC which presents consolidated risk reports to the Risk Steering Group. The CEO is the Chairman of the Risk Steering Group and periodically reports on risks in OMX to the OMX Board.

(iii) Risk management in OMX’s business areas

The Nordic Marketplaces business area and its units comprise operations that are subject to special regulation. Corresponding requirements apply to the Information Services & New Markets business area which comprises trading information, the Baltic exchange operations and central securities depositories. Finally, the Market Technology business area provides system solutions, systems operation and other services to exchanges, clearing organizations, central securities depositories and other types of authorized companies in the financial markets in a number of different countries. All business areas manage operational and strategic risks particularly those that fall under their respective areas of focus and responsibility.

a) Nordic Marketplaces

Nordic Marketplaces primarily manages risks attributable to the clearing operations for derivatives instruments. These risks arise as a result of the clearing organization serving as the counterparty in those transactions that are subject to counterparty clearing in different markets, entailing issuing a guarantee for ensuring that a clearing contract will be fulfilled. The clearing operations’ risks include counterparty risks, settlement risks and liquidity risks, of which the significant risk is that one or more clearing counterparties will fail to fulfill its commitments. One of the primary obligations of clearing counterparties is to pledge the requisite collateral as required by the applicable rules as protection against the counterparty risk assumed. In addition, netting is applied which facilitates risk management in the clearing operations by decreasing the value of the payments to be made, thereby reducing the need for liquidity facilities. Furthermore, netting implies that the counterparty risk is reduced to the net exposure of outstanding positions vis-à-vis respective counterparties.

F-26

b) Market Technology

The special risks associated with the Market Technology business area are attributable mainly to the various phases in the provision of a service: the sales phase, the delivery and implementation phase and the production phase. The sales phase involves the risk of the absence of profitability and foreign exchange risk. Operational risks are managed in the other phases. Significant emphasis is also placed on managing IT security and continuity operations.