Risk management The Group is exposed to a number of strategic, operational, financial and compliance risks that it continuously monitors. Below is a presentation of the various types of risk and examples of preventive measures that the Group is taking. STRATEGIC RISKS DESCRIPTION PREVENTIVE MEASURES Increased competition Increased competition can have a negative effect on the market share. Due to globalisation, new large and international competitors may enter the domestic market, which could increase the competition. The vision and strategic objectives are reviewed annually by Group management in order to enable the Group to analyse and adapt to the current business and market situation. The strategic process is described in the company’s Financial Manual and responsibilities are outlined in the Corporate Governance Policy. Political instability Political instability in countries where the Group is present may effect supply and demand. A risk assessment process is implemented and followed up on an annual basis according to the procedure for risk management and internal control. Changes in demand for tobacco products Increasing health awareness around the world may affect the demand for tobacco products, which could have an adverse effect on Group turnover and earnings. Changes in tobacco legislation taking effect in May 2016 may affect the Group’s customers negatively and thus the turnover and earnings of the Group. The vision and strategic objectives are reviewed annually by Group management in order to enable the Group to analyse and adapt to the current situation regarding tobacco products. OPERATIONAL RISKS DESCRIPTION PREVENTIVE MEASURES Dependence on a few large customers Dependence on top 10 customers accounting for around 65 per cent of the Group’s total revenue. Loss of a major customer could adversely affect the Group’s turnover and earnings. The Group engages in long-term relationships with key customers. The average relationship with a key customer is currently around 20 years. Detailed key account plans exist as part of the strategic planning within the Group. The Group also focuses on ensuring high product quality and delivery precision in order to retain customers. Lack of firm purchase commitments A lack of firm purchase commitments within existing customer framework agreements, which could lead to lower factory utilisation and lower turnover compared to budget. A strategy is in place to ensure that long-term agreements are always pursued with key customers. In general, customer agreements are signed for between two and four years. Supply of raw materials and components A lack of availability and timely supply of raw materials and components from external suppliers could cause delays and entail adverse consequences for production. A purchase policy and procedures for handling supplier-related risks have been established and are being implemented within the Group. Logistics network Limitations in national and international logistic networks for customer deliveries could cause delivery problems, such as delays, which may affect the customer relationship. A review is performed regarding delivery accuracy and quality requirements for transportation. All measures to improve the degree of delivery precision and criteria for the quality of vehicles used by transportation providers are established and approved by management. Price of raw materials Volatile raw material prices and long-term increases in raw material prices could result in decreased earnings. Price risk is managed through an ongoing, continuous dialogue between the purchasing and sales departments, along with an increasingly coordinated harmonisation of contracts within the Group, with index clauses and possibilities to push cost increases onto customers. Confidentiality of technical know-how Failure to keep critical “know-how” with regards to product development and manufacturing confidential. In addition to confidential know-how, the ARP Group seeks protection for its development efforts through registered intellectual property rights, such as patents, utility models and designs. The Communication Policy and Code of Ethics include defined rules for internal and external communication. Securing technical know-how Failure to secure know-how relating to the development and manufacturing of certain materials and products. The HR Policy includes defined procedures for recruitment, retention and development of personnel. The goal is to ensure that critical know-how is available within the organisation. Product claims or legal actions Risk of product claims against the Group that could lead to unfavourable effects on the Group’s financial position, performance and market position. The manufacturing process includes quality checks during the production phase. In addition, a Business Continuity Plan and Maintenance Plan have been established to ensure quality in production and safe and timely delivery to customers. Intellectual property claims or legal actions Risk of intellectual property claims or legal actions that could lead to unfavourable effects on the Group’s financial position. The Group seeks protection for its development efforts through registered intellectual property (IP) rights, such as patents, utility models and designs. A continuous process is in place for securing IP rights for new products and innovations. Protection of intellectual property rights (IPR) Risk of being unable to properly protect the Group’s IPR for products or a failure to negotiate new IPR for new products. The Group seeks protection for its development efforts through registered intellectual property rights, such as patents, utility models and designs. A continuous process is in place for securing IP rights for new products and innovations. External fraud threats Risk of the Group being subject to fraud from an external party, such as: – Cyber security attacks – Physical intrusions – Theft or misappropriation of assets – Blackmail of key employees – Fraudulent business transactions – or others Cyber security attacks: The Group is protected by a firewall, which is managed and monitored by TeliaSonera. According to the Group’s agreement with the company, the firewall continuously updated with the latest software/firmware for protection. Changes can only be made by approved personnel in Group IT according to the established change process. SLA reports are delivered at all quarterly service review meetings. All computers and servers are virus protected by a hosted Group solution. IT information and security documents have been established in order to regulate end-user behaviour. A VPN with security is enabled for remote login. Other risks are identified as relevant according to the Group Business Ethics Policy and other guidelines. Production interruption Risk of interruptions to production that could lead to an inability to deliver to customers due to natural disasters, fire, flooding or other reasons. A disaster recovery (DR) plan is in place for the ERP systems. An extended plan, which includes the main account system, is being developed in order to make switchover quicker. Most servers are virtualised or redundant. Data centres are built according to best practice. The Group uses dual WAN links with different media or routes to all hosting environments and most sites. DR plans exist for all local sites. IT data centre inaccessible Risk of a complete outage of entire hosting environment. A project has been started to address this issue by establishing a secondary data centre location. FINANCIAL RISKS DESCRIPTION PREVENTIVE MEASURES Currency risk International operations entail an exposure to transaction and translation currency risk, mainly in trade receivables and trade payables relating to EUR, GBP and SEK. A Treasury Policy and procedures for handling currency risk have been established and are being implemented within the Group. Interest rate risk Fluctuations in market interest rates may affect the Group’s loan portfolio, leading to increased financial costs and decreased earnings. A Treasury Policy and procedures for handling interest risk have been established and are being implemented throughout the Group. Liquidity risk The Group is a net borrower, which entails a refinancing risk in connection with the extension of existing loans and the raising of new loans. A Treasury Policy and procedures for handling funding, including refinancing risk, as well as cash management and liquidity risk, have been established and are being implemented throughout the Group. External financing Access to external financing may be limited and there may be unforeseen events and costs associated with refinancing. A Treasury Policy and procedures for handling funding, including external financing risk, as well as cash management and liquidity risk, have been established and are being implemented throughout the Group. Covenant measures In the event of new financing, there is a risk that covenant measures, such as the interest coverage ratio and net debt in relation to EBITDA, may not be met. A Treasury Policy and procedures for handling funding, including refinancing risk, have been established and are being implemented throughout the Group. Credit risk related to customers Credit risk exposure arising as a result of a high concentration to a few large customers, who could use their position to extend their credits. Credit risk exposure arising as result of entering into new customer relationships. Credit policy and procedures for credit risk management are established and implemented throughout the Group. Credit risk exposure is monitored on a regular basis as part of the controlling procedures. COMPLIANCE RISKS DESCRIPTION PREVENTIVE MEASURES Anti-corruption and trade sanction violations Risk that the Group, its affiliated entities or their respective officers, directors, employees and agents may take action determined to be in violation of anti-corruption or trade sanction laws. Implementation of the Code of Ethics and Anti-Counterfeiting and Anti-Illicit Trade Policy, with associated training programmes for employees. A whistle-blower function is available and well communicated to all employees. Compliance with internal rules and regulations Risk that the Group, its affiliated entities or their respective officers, directors, employees and agents may not comply with the Group’s Business and Ethics Policy or other critical policies and procedures. Policies and procedures are implemented according to a defined plan. Compliance with all policies, procedures and controls is assessed on an annual basis through Control Self Assessments (CSA) and reported to the Board of Directors. Compliance with new tobacco legislation Failure of the Group to comply with the new European Tobacco Products Directive (EU Directive 2014/40/EU). Handled by the Group Tobacco organisation. A project plan to handle this is in place.