Risk management process and internal control system

The BASF Group’s risk management process is based on the international risk management standard COSO II Enterprise Risk Management – Integrated Framework and comprises the risk management system, the internal control system and compliance management. Its key features are as follows:

Organization and responsibilities

• Risk management and the internal control system is the responsibility of the Board of Executive Directors. It defines the basic requirements and processes as well as the organization of the risk management system. It also determines the processes for approving investments, acquisitions and divestitures.
• The Board of Executive Directors is supported by the Corporate Center. Corporate Finance and Corporate Development, which are units within the Corporate Center, and the Chief Compliance Officer (CCO) coordinate the risk management process at a Group level, examine financial and sustainability-related opportunities and risks, and provide the structure and appropriate methodology. Opportunity and risk management is thus integrated into the strategy, planning and budgeting processes.
• BASF’s risk committee reviews the BASF Group’s risk portfolio at least twice a year to evaluate any adjustments to risk management measures and informs the Board of Executive Directors of these. Members of the risk committee are the president of Corporate Finance (chair), the president of Corporate Development, the president of Corporate Legal, Compliance & Insurance and the heads of the Corporate Audit, Corporate Environmental Protection, Health, Safety and Quality, Corporate Treasury, and Group Reporting & Performance Management departments.
• The management and control of specific opportunities and risks is largely delegated to the divisions, the service and research units and the regions, and is steered at a regional or local level. This also applies to sustainability-related topics relevant to BASF including the impact of climate change on BASF. A network of risk managers in the divisions, service and research units as well as in the regions advances the implementation of appropriate risk management practices in daily operations. Financial risks are an exception. The management of liquidity, currency and interest rate risks is conducted in the Corporate Finance department. The management of commodity price risks takes place in the Global Procurement unit or in authorized Group companies.
• The BASF Group’s management is informed of short-term operational opportunities and risks that fall within an observation period of up to one year in the monthly Management’s Report produced by Corporate Finance. In addition, Corporate Finance provides information twice a year on the aggregated opportunity / risk exposure of the BASF Group. Furthermore, any arising individual risks which have an impact of more than €10 million on earnings or risks qualitatively evaluated to have a material impact on our sustainability targets as well as reputational risks, must be reported immediately. The Supervisory Board is informed annually about short-term operational opportunities and risks as well as the risk management system and its further development.
• As part of strategy development, the Corporate Development unit additionally conducts strategic opportunity / risk analyses with a five-year assessment period. These analyses are annually reviewed as part of strategic controlling and are adapted if necessary. Scenarios are also developed to map possible impacts beyond the five-year horizon, for example from climate-related developments. The Board of Executive Directors and Supervisory Board are informed annually about strategic opportunities and risks.
• We also regularly consider exceptional situations at global, regional and local level – from process safety incidents and goods spillages to pandemics and cyberattacks – which are very rarely successful but can have a fundamental impact. In addition, a crisis organization exists to proactively create contingency plans where necessary and appropriate. The crisis management organization is activated in the event of a sudden crisis.

• More information on emergency response
• More information on health and safety

• BASF’s CCO manages the implementation of our Compliance Management System, supported by additional compliance officers worldwide. The CCO regularly reports to the Board of Executive Directors on the status of implementation as well as on any significant results and provides a status report to the Supervisory Board’s Audit Committee at least once a year, including any major developments. The Board of Executive Directors immediately informs the Audit Committee about significant incidents.

• More information on compliance, compliance management and monitoring adherence to our compliance principles

Organization of the BASF Group’s risk management

aThe Corporate Audit department is part of the Corporate Center.

bThe Chief Compliance Officer is the head of the Corporate Legal, Compliance & Insurance unit.

• Risk-specific monitoring and control systems, some of which are decentralized, have been set up for each area identified in the risk portfolio. The results of the monitoring processes are incorporated into regular risk reporting to the Risk Committee and the Board of Executive Directors. Compared with internal control systems in financial reporting, these monitoring and control systems in other subject areas have a lower degree of formalization. As a rule, however, they also include organizational security precautions such as compliance with the basic principles of transparency, dual control, segregation of duties and least privilege, deployment of sufficiently qualified employees and adequate IT systems. The design of internal controls depends on the subject area. It ranges from monitoring the development of specific key indicators and evaluating internal and external reports or benchmarking analyses to formalized committee meetings in which decisions are made on applications for investments or research projects, for example. In addition, the appropriateness and effectiveness of the topic-specific internal control systems is monitored by the Corporate Center units responsible for the respective topics. To this end, the individual Corporate Center units choose different approaches depending on the subject area, such as the evaluation of questionnaires for self-assessment of the effectiveness of the internal control system, sample tests to validate the implementation and effectiveness of internal controls or the monitoring of compliance-related key indicators.
• The Corporate Audit department is responsible for regularly auditing the effectiveness and appropriateness of the risk management system, internal control system and the compliance management system. In addition, the Supervisory Board’s Audit Committee addresses the effectiveness and appropriateness of these systems as part of its monitoring activities. The suitability of the early risk detection system set up by the Board of Executive Directors in accordance with section 91(2) of the German Stock Corporation Act is assessed and evaluated by the auditors.

Tools

• The Governance, Risk Management, Compliance (GRC) Policy, applicable throughout the Group, forms the framework for risk management and is implemented by the operating divisions, the service and research units and the regions according to their specific business conditions.
• A catalog of opportunity and risk categories helps identify all relevant financial and sustainability-related opportunities and risks relating to our targets as comprehensively as possible. We derive the sustainability-related opportunities and risks from the materiality analysis.
• The positive contributions and negative impacts of our business activities on sustainability topics along the value chain, and the impact of sustainability topics on our business are assessed in a materiality analysis. Opportunities and risks for our business activities that could arise from material sustainability topics, or for sustainability topics that could arise from our business activities, can only rarely be measured in specific financial terms and mainly have a medium to long-term impact. Relevant sustainability topics are systematically considered in our strategic and operational risk management through our integrated risk catalog.

• More information on the our materiality analysis

• We also systematically assess opportunities and risks with effects that cannot yet be measured in monetary terms, such as climate and reputational risks. To reflect these, risks for companies in connection with the transition to a low-emission economy (transition risks) as well as physical risks as defined by the Task Force on Climate-related Financial Disclosures (TCFD), among other, were added to this catalog.
• Because global climate policy ambitions and the implementation of the relevant measures play a decisive role in the ongoing growth of the chemical industry and its customer industries, we defined and quantified global long-term scenarios (up to 2050) with various global warming paths. To assess the impact of different global climate policy approaches on our business units, the scenarios were discussed by the business units in workshops. Feedback was incorporated into the ongoing development of the scenarios. A dataset of scenario-specific macroeconomic parameters will be provided to test the economic feasibility of investments and business strategies. Our decentralized specialists use a central decision tree to document reportable sustainability risks within the meaning of section 289b et seq. of the German Commercial Code. No reportable residual net risks within the meaning of section 289b et seq. of the German Commercial Code were identified for 2023.

• More information on our sustainability management processes

• We use standardized evaluation and reporting tools for the identification and assessment of risks. The aggregation of opportunities, risks and sensitivities at division and Group level using a Monte Carlo simulation helps us to identify effects and trends across the Group. We base our sensitivities to oil and gas prices and currency developments on forward-looking assumptions in order to reflect specific market expectations and improve the quality of our forecasts. We also aggregate qualitatively assessed risks at Group level using a risk portfolio.
• Our Group-wide Compliance Program aims to ensure adherence to legal regulations and the company’s internal guidelines. Our global employee Code of Conduct firmly embeds these mandatory standards into everyday business. Members of the Board of Executive Directors are also expressly obligated to follow these principles.

• More information on our Group-wide Compliance Program

• Based on the reviews and findings of the risk management process, the Board of Executive Directors has no indication that BASF’s risk management system and the internal control system are not adequate or effective in all material respects.