Risk Management Process Integrated process for identification, assessment and reporting Decentralized management of specific opportunities and risks Aggregation at a Group level Organization of BASF Group’s risk management since January 1, 2020 a The Corporate Audit unit is part of the Corporate Center. The BASF Group’s risk management process is based on the international risk management standard, COSO II Enterprise Risk Management – Integrated Framework, and has the following key features: Organization and responsibilities Risk management is the responsibility of the Board of Executive Directors, which also determines the processes for approving investments, acquisitions and divestitures. The Board of Executive Directors is supported by the Corporate Center. Corporate Finance and Corporate Development, which are units within the Corporate Center, and the Chief Compliance Officer coordinate the risk management process at a Group level, examine financial and sustainability-related opportunities and risks, and provide the structure and appropriate methodology. Opportunity and risk management is thus integrated into the strategy, planning and budgeting processes. BASF’s risk committee reviews the BASF Group’s risk portfolio at least twice a year to evaluate any adjustments to risk-management measures and informs the Board of Executive Directors of these. Members of the risk committee are the head of Corporate Finance (president), the head of Corporate Development, the head of Corporate Legal, Compliance, Tax & Insurance and representatives of the Corporate Audit and Corporate Environmental Protection, Health & Safety units. The management of specific opportunities and risks is largely delegated to the divisions, the service and research units and the regions, and is steered at a regional or local level. This also applies to sustainability-related topics relevant to BASF including the impact of climate change on BASF. Financial risks are an exception. The management of liquidity, currency and interest rate risks is conducted in the Corporate Finance unit. The management of commodity price risks takes place in the Global Procurement unit or in authorized Group companies. A network of risk managers in the divisions, service and research units as well as in the regions advances the implementation of appropriate risk management practices in daily operations. The BASF Group’s management is informed of short-term operational opportunities and risks that fall within an observation period of up to one year in the monthly management report produced by the Corporate Finance department. In addition, Corporate Finance provides information twice a year on the aggregated opportunity/risk exposure of the BASF Group. Furthermore, if a new individual risk is identified which has a more than €10 million impact on earnings or bears reputational risks, it must be immediately reported. As part of strategy development, the Corporate Development unit conducts strategic opportunity/risk analyses for long-term opportunities and risks with a 10-year assessment period. These analyses are annually reviewed as part of strategic controlling and are adapted if necessary. BASF’s Chief Compliance Officer (CCO) manages the implementation of our Compliance Management System, supported by additional compliance officers worldwide. He regularly reports to the Board of Executive Directors on the status of implementation as well as on any significant results. He also provides a status report to the Supervisory Board’s Audit Committee at least once a year, including any major developments. The Board of Executive Directors immediately informs the Audit Committee about significant incidents. The internal audit unit (Corporate Audit) is responsible for regularly auditing the risk management system established by the Board of Executive Directors in accordance with section 91(2) of the German Stock Corporation Act. Furthermore, as part of its monitoring of the Board of Executive Directors, the Supervisory Board considers the effectiveness of the risk management system. The suitability of the early detection system we set up for risks is evaluated by our external auditor. Tools The Governance, Risk Management, Compliance (GRC) Policy, applicable throughout the Group, forms the framework for risk management and is implemented by the operating divisions, the service and research units and the regions according to their specific business conditions. A catalog of opportunity and risk categories helps to identify all relevant financial and sustainability-related opportunities and risks as comprehensively as possible. We also systematically assess opportunities and risks with effects that cannot yet be measured in monetary terms, such as reputational and climate risks. To reflect these, risks for companies in connection with the transition to a low-carbon economy (transition risks) as well as physical risks as defined by the Task Force on Climate-related Financial Disclosures (TCFD) were added to the catalog in 2020. We use standardized evaluation and reporting tools for the identification and assessment of risks. The aggregation of opportunities, risks and sensitivities at division and Group level using a Monte Carlo simulation helps us to identify effects and trends across the Group. More information on our sustainability management processes Our Group-wide Compliance Program aims to ensure adherence to legal regulations and the company’s internal guidelines. Our global employee Code of Conduct firmly embeds these mandatory standards into everyday business. Members of the Board of Executive Directors are also expressly obligated to follow these principles. More information on our Group-wide Compliance Program back next