Risk management in 2014

Enterprise Risk Management is a company-wide driven activity under the responsibility of the Executive Committee that includes a bottom-up process which aims to provide full coverage of the organization and ensure that we focus on the areas of major risk exposure. The scoping of our 2014 risk management activities was performed by the Executive Committee, Business Area and business unit Managing Directors and Corporate Directors, in association with the risk management function. In addition to focusing on the coverage of our organization, emphasis is put on organizational changes, key strategic projects and high growth regions.

During the year, we facilitated 87 Enterprise Risk Management workshops. In these workshops, almost 1,800 unique risk scenarios were identified and prioritized by the responsible management teams and functional experts. All major risks were responded to by the unit that identified them. The outcome of all risk assessments was reported to the next higher management level. Risk profiles and trends were shared by managers across the company. In the bottom-up consolidation process, the risks were taken to the next management level, where they were re-assessed, either because of the materiality of the risk exposure and/or because of the accumulated effect.

In the fourth quarter of 2014, one of our subsidiaries located in Chicago (US) was targeted by an external fraud. The fraud involved international wire transfers totaling an amount of €51 million in reported currencies. When detected, immediate actions were taken including contacting and working with appropriate law enforcement authorities. Independent legal counsel, assisted by an independent audit firm, was assigned to investigate the matter, which was an isolated event not linked in any way to the operational activities of the company and our businesses. Customary and appropriate controls were in place and were breached. An extensive fraud awareness campaign was started and a plan to reinforce controls was launched. We believe that we will be able to reduce the ultimate financial impact.

Under the explicit understanding that this is not an exhaustive list, the major risk factors that may prevent full achievement of our strategic ambitions and the corresponding mitigating actions are listed in detail in this chapter. Where references are made to functional and process improvement initiatives, more detailed information can be found earlier in this section. There may be current risks that the company has not fully assessed, or that are currently identified as not having a significant impact on the business, but which, at a later stage, could develop into a material impact. The company’s risk management systems endeavor to ensure the timely discovery of such incidents.