Risk management, objectives and policies

Group risk management

Risk management is a fundamental element of the Group’s business practice at all levels and is embedded in the business strategy, planning, and controlling processes of the Group. Material risks are discussed within the Risk and Compliance Committee, alongside other committees that oversee specific risk areas within the Group’s risk management framework.

The Risk and Compliance Committee, headed by the CEO and the CFO, includes the CHRO, the Chief Compliance Officer, the Head of Internal Audit, and the Group General Counsel as members. This committee monitors the risk profile of the Group and the development of essential internal controls to mitigate these risks, in coordination with other committees.

A risk is defined as the possibility of an adverse event that negatively impacts the achievement of the Group’s objectives.

The Group carries out an annual risk assessment in conformity with the Swiss Code of Best Practice for Corporate Governance. The Group’s risk management system covers both financial and operational risks. 

Risk management as an integral part of the Internal Control System (ICS) for financial reporting

Risk management is incorporated within the ICS. Preventive, risk-mitigating measures to control risks are proactively taken at different levels and are an integral part of management responsibility. 

Risk assessment in 2025

An independent risk assessment procedure is implemented for operational risks. In addition, each Management Board member assesses the overall strategic risk exposure of the Group. Within the framework of the Corporate Governance process, the updated risk assessment is presented to the Audit Committee of the Board of Directors.

Financial risks analysis and assessment are carried out by the finance and accounting department.

The following risk areas have been identified among others for which mitigating actions have been implemented: 

• Financial risks such as the development of interest rates, credit and financial markets and currency risks are constantly monitored and controlled by the corporate finance and accounting department.
• Risks arising from unstable macroeconomic developments and uncertainties in the financial markets. These risks are mitigated by appropriate risk diversification and avoidance of regional and industry clustering. 
• Risks of political instability, civil war and pandemic or epidemic spread of diseases are constantly monitored and assessed for impact on the business model as well as on the staff. The Group keeps backup structures and business continuity plans updated.
• Risks related to IT network availability, IT data and security are managed by continuous monitoring of systems, redundant infrastructure as well as interlinked data centres with backup structures and business continuity plans.
• The increase in regulations, growing complexity and customer expectations have led to rising security requirements and risks; such risks and requirements are considered in the planning of supply chain solutions and worldwide operations.
• Organised crime, terrorism, legal and non-compliance risks such as fraud, intentional and unintentional violations of the law and internal regulations are counteracted by comprehensive and worldwide staff training and a network of compliance officers at corporate and national levels. 

Organisation of risk management

A continuous dialogue between the Management Board, Risk and Compliance Committee and Audit Committee ensures the Group’s effective risk management. The risk management system is governed by the Risk Assessment Guideline defining risk groups and sub-groups, the structure, and the process of risk assessments. The risk catalogue is reviewed regularly, and critical analysis ensures continuous development of the risk management system.