Strategy and objective-setting
The Managing Board supported by the Executive Committee establishes the company strategy and business objectives.
The risk appetite defines the level of risk the company is prepared to take in the different risk categories, being generic/strategic, operational, financial & reporting and legal & compliance. The risk appetite supports priority setting in risk responses. The Executive Committee decides on the risk appetite, which is reviewed annually. In 2020, our risk appetite did not change compared to 2019 (see figure below).
The Corporate Requirements are our internal rules and regulations, which are defined and maintained by the support functions and GRM. In line with the Code of Business Conduct and the risk appetite, the Corporate Requirements provide:
- Risk-based guidance for managing common business and process risks (‘common controls for common risks’)
- Standards and practices to increase the efficiency of our main business processes and functions
The Corporate Requirements are mandatory for all units, and management is responsible to implement these as and when applicable.