Strategy and objective-setting
The Managing Board supported by the Executive Committee establishes the company strategy and business objectives.
Risk appetite
The risk appetite defines the level of risk the company is prepared to take in the different risk categories, being strategic, operational, financial, compliance, and reputational risks. The risk appetite supports priority-setting in risk responses. The Executive Committee decides on the risk appetite, which is reviewed annually. In 2021, our risk appetite was updated. The category of reputational risks was added and the criteria to rate the risk appetite were changed in order to give better guidance to the units for decision making (see figure below).
Corporate Requirements
The Corporate Requirements are our internal rules and regulations, which are defined and maintained by the support functions and GRM. In line with the Code of Business Conduct and the risk appetite, the Corporate Requirements provide:
- Risk-based guidance for managing common business and process risks (‘common controls for common risks’)
- Standards and practices to increase the efficiency of our main business processes and functions
The Corporate Requirements are mandatory for all units, and management is responsible to implement these as and when applicable.