Risk Management Process
The BASF Group’s risk management process is based on the international risk management standard, COSO II Enterprise Risk Management – Integrated Framework and comprises the risk management system, internal control systems and compliance management. Its key features are as follows:
Organization and responsibilities
- Risk management and the internal control system is the responsibility of the Board of Executive Directors. It defines the basic requirements and processes as well as the organization of the risk management system. It also determines the processes for approving investments, acquisitions and divestitures.
- The Board of Executive Directors is supported by the Corporate Center. Corporate Finance and Corporate Development, which are units within the Corporate Center, and the Chief Compliance Officer (CCO) coordinate the risk management process at a Group level, examine financial and sustainability-related opportunities and risks, and provide the structure and appropriate methodology. Opportunity and risk management is thus integrated into the strategy, planning and budgeting processes.
- BASF’s risk committee reviews the BASF Group’s risk portfolio at least twice a year to evaluate any adjustments to risk management measures and informs the Board of Executive Directors of these. Members of the risk committee are the president of Corporate Finance (chair), the president of Corporate Development, the president of Corporate Legal, Compliance & Insurance and the heads of the Corporate Audit, Corporate Environmental Protection, Health, Safety & Quality, Corporate Treasury, and Group Reporting & Performance Management departments.
- The management and control of specific opportunities and risks is largely delegated to the divisions, the service and research units and the regions, and is steered at a regional or local level. This also applies to sustainability-related topics relevant to BASF including the impact of climate change on BASF. A network of risk managers in the divisions, service and research units as well as in the regions advances the implementation of appropriate risk management practices in daily operations. Financial risks are an exception. The management of liquidity, currency and interest rate risks is conducted in the Corporate Finance department. The management of commodity price risks takes place in the Global Procurement unit or in authorized Group companies.
- The BASF Group’s management is informed of short-term operational opportunities and risks that fall within an observation period of up to one year in the monthly management report produced by Corporate Finance. In addition, Corporate Finance provides information twice a year on the aggregated opportunity/risk exposure of the BASF Group. Furthermore, any arising individual risks which have an impact of more than €10 million on earnings or risks qualitatively evaluated to have a material impact, such as reputational risks, must be reported immediately.
- As part of strategy development, the Corporate Development department additionally conducts strategic opportunity/risk analyses with a 10-year assessment period. These analyses are annually reviewed as part of strategic controlling and are adapted if necessary. Scenarios were also developed to map possible impacts beyond the ten-year horizon, for example from climate-related developments.
- We also regularly consider exceptional situations at global, regional and local level – from process safety incidents and goods spillages to pandemics and cyberattacks – which occur very rarely but can have a fundamental impact. In addition, a crisis organization exists to proactively create contingency plans where necessary and appropriate. The crisis management organization is activated in the event of a sudden crisis.
- BASF’s CCO manages the implementation of our Compliance Management System, supported by additional compliance officers worldwide. The CCO regularly reports to the Board of Executive Directors on the status of implementation as well as on any significant results and provides a status report to the Supervisory Board’s Audit Committee at least once a year, including any major developments. The Board of Executive Directors immediately informs the Audit Committee about significant incidents.
- Risk-specific monitoring and control systems, some of which are decentralized, have been set up for each area identified in the risk portfolio. The results of the monitoring processes are incorporated into regular risk reporting to the Risk Committee and the Board of Executive Directors. Compared with internal control systems in financial reporting, these monitoring systems have a lower degree of formalization.
- The Corporate Audit department is responsible for regularly auditing the effectiveness and appropriateness of the risk management system, internal control systems and the compliance management system. In addition, the Supervisory Board’s Audit Committee addresses the effectiveness and appropriateness of these systems as part of its monitoring activities. The suitability of the early risk detection system set up by the Board of Executive Directors in accordance with section 91(2) of the German Stock Corporation Act is assessed and evaluated by the auditors.
- The Governance, Risk Management, Compliance (GRC) Policy, applicable throughout the Group, forms the framework for risk management and is implemented by the operating divisions, the service and research units and the regions according to their specific business conditions.
- A catalog of opportunity and risk categories helps identify all relevant financial and sustainability-related opportunities and risks relating to our targets as comprehensively as possible. Here, we take into account topics identified by the materiality analysis that we have an impact on and that have an impact on us, in line with the principle of double materiality.
- We also systematically assess opportunities and risks with effects that cannot yet be measured in monetary terms, such as climate and reputational risks. To reflect these, risks for companies in connection with the transition to a low-carbon economy (transition risks) as well as physical risks as defined by the Task Force on Climate-related Financial Disclosures (TCFD), among others, were added to this catalog.
- Because global climate policy ambitions and the implementation of the relevant measures play a decisive role in the ongoing growth of the chemical industry and its customer industries, we defined and quantified global long-term scenarios (up to 2050) with various global warming paths. To assess the impact of different global climate policy approaches on our business units, the scenarios were discussed by the business units in workshops. Feedback was incorporated into the ongoing development of the scenarios. A dataset of scenario-specific macroeconomic parameters will be provided to test the economic feasibility of investments and business strategies.
- We use standardized evaluation and reporting tools for the identification and assessment of risks. The aggregation of opportunities, risks and sensitivities at division and Group level using a Monte Carlo simulation helps us to identify effects and trends across the Group. We also aggregate qualitatively assessed risks at Group level using a risk portfolio.
- Our Group-wide Compliance Program aims to ensure adherence to legal regulations and the company’s internal guidelines. Our global employee Code of Conduct firmly embeds these mandatory standards into everyday business. Members of the Board of Executive Directors are also expressly obligated to follow these principles.
- Based on the reviews and findings of the risk management process, the Board of Executive Directors has no indication that BASF’s risk management system, including the internal control system, is not adequate or effective in its entirety.