Policies, procedures & rules
DSM's Policies, Procedures & Rules to protect whistleblowers and to prevent misuse of inside information.
At DSM, clear structures and transparent business practices are what risk management is about. The goal is the maximum integration of DSM’s risk management system into the normal business processes. The purpose of the risk management system is to:
The Managing Board is responsible for risk management in the company and, supported by the Corporate Risk Office, has designed and implemented a risk management system and a risk management organization. The system and the organization are documented in the DSM risk management policy, the DSM Code of Business Conduct, DSM policies in several functional areas and the DSM Corporate Requirements and Directives. The aim of the system is to ensure that the extent to which the company’s strategic and operational objectives are being achieved is understood, that the company’s reporting is reliable and that the company complies with relevant laws and regulations.
The DSM risk management system is based on the COSO-ERM framework. It has been designed to achieve maximum integration of the risk management process in the normal business processes. It provides for risk assessment tools, controls for risks that commonly occur in the company and monitoring and reporting procedures and systems. The internal controls for the goods and money flows have been ‘built into’ business processes, and tools have been developed to support their implementation and to monitor their effectiveness in operation. In this way, a high level of internal control is achieved efficiently.
DSM’s overall governance structure is depicted above, showing the main governance levels and the most important governance elements and regulations at each level.
For DSM, as a company listed on the Amsterdam stock exchange, the primary references for good corporate governance are Dutch law and the Dutch Corporate Governance Code 2008 and its 2016 update (applicable since 2017).
DSM’s risk management system is based on the Enterprise Risk Management framework of the Sponsoring Organizations of the Treadway Commission (COSO-ERM), and covers the eight risk management elements identified in that model. DSM applies the risk management process to strategic, operational, reporting and compliance risks as specified in the framework, The DSM risk management system is defined at two levels: Corporate (in the Management Framework for the corporate level) and operational (in the Management Framework for operational units). Operational units may add more levels for regions, sites, etc. as necessary.
The COSO-ERM risk management elements:
Further starting points for DSM’s risk management system are optimal integration of risk management in the daily business processes and the application of common controls for common risks. The system is described below, first for the corporate level, then for the operational level. The description follows the eight COSO elements.
By instituting the governance structures as described above and specifying Management Frameworks for the corporate level and operational units, the Managing Board has established the internal environment for enterprise risk management. Values and business principles are important elements of the internal environment for risk management. Sustainability is DSM’s core value; this value directly relates to the company’s mission to ‘create brighter lives for people today and generations to come’. The business principles have been derived from this core value and are described in the DSM Code of Business Conduct. This code and the Corporate Policies and Requirements together define the ’tone at the top’ with regard to ethical behavior and doing business. In the execution of its risk management responsibilities, the Managing Board is supported by the Corporate Risk Office.
The strategy for the company is established in the Corporate Strategy Dialogue (CSD). The CSD takes place between every three to five years. If appropriate, risk profiles of alternative scenarios are analyzed before final strategic choices are made. The strategy is translated into concrete objectives (financial and otherwise), the attainment of which is checked in annual strategic reviews.
The chosen strategy is subjected to a Corporate Risk Assessment (CRA), conducted by the Managing Board. In the CRA, developments and events that could influence the achievement of strategic and operational targets are identified. The possible impacts of these events are assessed in terms of impact and likelihood and responses to the top risks are determined. The influence of some important parameters (e.g. exchange-rate fluctuations) is calculated in sensitivity analyses. The CRA is updated on an annual basis.
For sensitive processes at the corporate level, such as treasury and corporate accounting, controls have been defined and implemented.
Performance, risk and compliance are discussed regularly between the relevant accountable management and the Managing Board. The Corporate Risk Office provides information on the DSM risk management system via its Intranet site and regular publications. It also takes care of training programs on risk management and organizes information exchange meetings for risk management experts throughout the company.
Operational and staff units monitor the effectiveness of key controls and regularly report on risks and controls as part of regular business reporting. Material risks and control incidents are reported in annual Letters of Representation, as are the responses to these risks and incidents. The reported risk and incidents are consolidated into a ‘bottom-up’ risk profile that is compared with the ‘top down risk profile’ as derived from the Corporate Risk Assessment; both are then integrated into a final picture. Risks and developments in the risk management system are also reported to the Audit Committee of the Supervisory Board. The bottom-up risk and response overviews are updated at the end of the second quarter.
The Managing Board, supported by the Corporate Staff Departments, maintains the Management Framework for the operational level (see below).
Within this Framework, the Corporate Policies and Requirements form the basis for systematic risk management. The structure of the Corporate Policies, Requirements and Directives is shown in below (Corporate Directives are temporary or local extensions of the Corporate Requirements and are instituted if an out-of-the-ordinary situation calls for it, for example a travel ban for security reasons).
How DSM applies the eight components of COSO-ERM in operational units is set out below.
An important part of the Internal Environment for risk management is set by the DSM Code of Business Conduct and the communications on risk management as described in the previous section. The Unit Risk Management Requirements additionally specify that each operational unit must:
The Corporate Requirements require that Corporate Policies are translated into policies for the operational units. They also stipulate that management should take the lead and give the example, and should keep the employees accountable for compliance. In this way the 'tone at the top’ is cascaded downward in the organization.
The Strategy Requirements specify that each operational unit execute a Business Strategy Dialogue (BSD) at regular intervals. The outcome of this strategic process is translated into clear objectives for financial as well as other functional and business fields. If appropriate, risk profiles of alternative scenarios are analyzed before final choices are made. The results and prospects of the unit’s strategy and the related risks and responses are reviewed as part of an annual strategic review.
As part of the BSD, a Business Risk Assessment (BRA) has to be carried out to identify the most important risks inherent in the chosen strategy. BRAs at the level of units reporting directly to the Managing Board are mandatorily supported by the Corporate Risk Office. For internal processes, Process Risk Assessments (PRAs) are carried out at a minimum frequency of once every five years. For the most important risks identified in the BRA and PRA, the unit identifies responses and manages the follow-up to those responses. Risk updates are made twice a year. As part of the BRA, major business disruptions need to be identified for which Business Continuity Plans need to be made.
The DSM risk management system provides for the identification and assessment of responses and controls in two ways: via the BRAs and PRAs as described above and via the identification of common risks and common controls. In companies such as DSM, a large part of the identifiable risks are directly linked to the nature of the operations. Therefore, DSM has chosen to identify and assess these common risks and design common controls for them. These mandatory common controls are described in the Corporate Requirements and cover all functional fields, for both the ongoing business as well as the activities of a project nature.
In the field of the transactional flows of goods and money and the related financial control and reporting processes, the implementation of controls is supported by (standard) ICT solutions. In these cases, the controls are built into (standard) business processes and the application of sufficient segregation of duties is controlled by central authorization management and regular checking for possible conflicts. Through this concept of common risks and common controls, control or mitigation of a large number of common risks is achieved in an efficient way. In their BRAs and PRAs, operational units can focus on unit-specific risks and responses.
All material activities of a project nature need to be run according to the Project Management Process requirements. This ensures that a clear project governance structure, clear project phasing and regular structured risk assessment are in place. Other elements of the requirements, covering specific aspects of project risks are: Mergers and Acquisitions (as part of the Strategy Requirements), Capital Investments (as part of the Control and Accounting Requirements), Large Capital Projects (as part of the Manufacturing Requirements) and Building and Construction (as part of the Safety, Health and Environmental Requirements).
To ensure that the ‘tone at the top’ regarding ethical conduct and sustainability as laid down in the DSM Code of Business Conduct effectively determines the actual culture and behavior in all of the company, considerable communication and training efforts have been put in place. Booklets containing the Code in 19 languages have been distributed to all employees. Mandatory (e-)learning is in place. Specific training programs are in place for starget groups regarding value based issues e.g. Competition Law, Trade Law compliance, Anti Bribery and Corruption and Privacy Laws.
To ensure sufficient awareness of functional policies and applicable risk-controls, the Corporate Policies and Requirements and their implementation in the operational units are subject to (mandatory) training. A Risk Management Awareness Video is available for all employees world-wide, highlighting the risk management process by analogy with a mountaineering expedition. Specific training programs on risk management are in place for risk management professionals and financial experts. Attention is also given to communication about residual risks (so, after mitigation), for instance in job hand-over procedures at senior management levels.
Information exchange, alignment and collective learning within the community of risk management professionals are achieved via various platforms, meeting at regular intervals (sometimes via (partly) virtual meetings). The Corporate Policies, Requirements and Directives Structure is available on the DSM Intranet as a portal, giving access to all Policies, Requirements and Directives, including detailed annexes and non-mandatory practices. The portal thus serves as a source of information and a learning structure for risk management and functional professionals.
To help the operational units in implementing the risk management system and in integrating it with the daily business processes, the Management Framework for the operational units has been made available as a portal on the DSM Intranet. All relevant policies, requirements, practices and standard business processes are to be found under the respective buttons. The operational units have copied the portal for their own use and have added unit-specific business processes, policies, requirements and practices and made links to archived documents, such as standard operating procedures.
The effectiveness of controls is monitored and reported in various ways and using ‘three lines of defense’. The first line of defense is daily management attention to risks and compliant behavior, using the Code of Business Conduct and the requirements as the yard-stick. This management attention is, amongst other means, fed by information from regular control-self-assessments.
At the second line of defense, the risk management system is used to identify and control risks in several ways: through control monitoring in the standard business processes, through monitoring of compliance with the Corporate Requirements, through periodic reporting on risks and controls and through various incident reports. Special tools are available to support the monitoring of the effectiveness of the controls in standard business processes. Specific monitoring is executed with respect to access controls to and segregation of duties in business processes related to the goods and money flow. To this end, operational ERP systems are screened by the Business Process Management department, using specialist analytical tools.
One of the specific objectives of the risk management system is to be able to provide a reasonable level of assurance that the financial reporting does not contain any material inaccuracies and to confirm that the internal controls function properly. Therefore, in the financial field there are detailed accounting and reporting requirements and related annexes specifying amongst other things reporting time schedules and formats, the DSM Chart of Accounts, the IFRS compliant DSM Accounting Rules and the format for a quarterly affidavit, to be signed by the Financial Director of each unit.
To embed risk management in the normal way of doing business, behavior-based practices have been made available to help make risk management sustainable without it becoming a ‘tick the box’ affair. They include workshops on learning from non-conformities and deviations and principle-based compliance. Specific reporting, analyzing and improvement procedures are in place for reported breaches of the Code of Business Conduct. The Fraud Committee, under the direction of the CFO, oversees all material incidents involving fraud. For situations where employees feel unable to report via the line, the DSM Alert System (whistleblower procedure and communication channel) is available for them to report any infringements.
As mentioned in the paragraph on ‘Corporate Level’, at the end of the year, all units confirm that they have applied adequate risk management and report any material residual risks and incidents that have happened over the past year in a Letter of Representation to the Managing Board. These reports, which are updated on a half-yearly basis, are used for the units to identify and track any additional risk mitigating actions needed.
Corporate Operational Audit (COA) and external financial audit act as the third line of defense. COA conducts full operational audits in all units; the average auditing cycle is 3 years and follows a risk based program that is agreed with the Managing Board and the Audit Committee of the Supervisory Board. These ‘cold eye reviews’ use the DSM Code of Business Conduct and the Corporate Requirements as reference and report findings which, dependent on how critical they are, units have to take action on within defined periods. The consolidated COA results and feedback from the operational units on the functioning of the Corporate Requirements and other elements of the risk management system are used to regularly improve the system.
Full details of the functioning of the system in 2018 can be found in the Integrated Annual Report 2018.
Note: All internal regulations apply in addition to applicable national and international laws and regulations. In cases where internal regulations are incompatible with national or international laws and regulations, the latter prevail.
The following is a selection of important risks that have been identified and for the management of which strategies, controls and/or mitigating measures have been put in place as part of DSM’s risk management practices. They nevertheless involve uncertainties that may lead to the actual results differing from those projected. There may also be current risks that the company has not yet fully assessed and that are currently qualified as ’minor’ but that could have a material impact on the company’s performance at a later stage. The company’s risk-management and internal-control system has been designed to signal and respond to these developments on time, but 100% assurance can never be achieved of course.
The top four risks and other important risks as derived from these categories during the year under review (and the corresponding responses) are described in the Integrated Annual Report 2018.
In the Corporate Risk Assessment the likelihood and impact of events that could jeopardize the achievement of the (financial) targets set in the ‘Driving Profitable Growth’ strategy for 2016 - 2018 need to be addressed. In setting these targets, assumptions were made about the macro-economic and financial conditions in the global markets. Although DSM is positioned itself to be able to adjust quickly to sudden adverse market conditions, those cannot be ruled out. If an economic downturn or financial instability were to occur, this could have a significant detrimental effect on the achievement of the targets. This effect could be aggravated by major movements of currency exchange rates.
The strategy to grow the company through increased presence and business in the High Growth Economies is being successfully implemented. This implies that the relative exposure to the business climate in these regions is also increasing. DSM is further reinforcing its governance and resources in these regions in order to grab the opportunities and manage the downside risks these regions present. There is, however, always a risk that the markets will not grow as expected and/or that opportunities in these markets will be missed. In addition, price pressure from these countries may jeopardize profitability in established markets.
DSM has considerably reduced its exposure to cyclical and commodity markets. Price pressure and other competitive challenges may, however, always cause the profitability of DSM’s activities to deviate from the projected levels.
DSM has subsidiaries in more than 50 countries. These subsidiaries can be exposed to potentially unfavorable changes in (financial) regulations and political climate that might hamper the exploitation of projected opportunities or might impair the value of the local business.
In the current strategy period, DSM’s main focus is on organic growth and – unlike in the previous period – not on sizeable acquisitions. Hence, this type of risk should inherently be lower in this period. However, this doesn’t exclude that we do smaller acquisitions and partnerships, with the corresponding risks (mainly related to making the wrong forecasts, failing to effectively integrate the new activities, or getting into a conflict with the partner). Through the multiple acquisitions and partnerships that DSM has executed in the previous strategy periods (and the actual performance of those undertakings), DSM believes that it has developed very solid practices for finding the right targets, assessing their attractiveness, making value creating deals, integrating the new activities, dealing with partners and following up on performance, thereby providing an adequate risk mitigation.
Fully exiting the activities in Pharma and Base Materials – all put in partnerships as a first step towards a full exit in the previous strategy period – is one of the main priorities in the current strategy period. The risks associated to this relate to business performance at the desired time of exit, generating sufficient buyer interest, and striking the most value creating deal for DSM. Through the multiple divestments made or initiated in the previous strategy periods, DSM believes that it has developed very solid practices and a certain savviness in this, providing adequate risk mitigation.
Innovation is another main growth driver in DSM’s strategy. The company has strengthened its market intelligence and enhanced its market and customer orientation. In addition it has taken a multitude of actions to create an excellent innovation process and the company has reinforced its product launch capabilities. Nevertheless, the actual developments in the targeted markets, the speed with which new products and technologies are accepted and the emergence of new competition will always constitute risks to the success of the chosen strategy.
In the Emerging Business Areas, efforts have been concentrated in the areas of Biomedical and Bio-based Products and Services. The developments in these areas are subject to the uncertainties inherent in new technologies and markets.
DSM’s success in implementing its strategy is highly dependent on an effective organizational structure, the ability to attract, develop and retain capable people with the right and diverse backgrounds, the appropriate leadership and behaviors and the creation of an entrepreneurial yet responsible culture. The DSM talent agenda addresses these key areas through
Special attention is being given to enhancing regional and functional effectiveness and creating a diverse workforce. Nevertheless, the achievement of the strategic targets may be hampered by organizational inefficiencies, a lack of key people and/or an unsupportive culture.
DSM has reinforced its processes and capabilities to establish, protect and exploit Intellectual Property rights as these rights are of increasing importance to DSM’s strategic development. Nevertheless, the risk exists that, in certain situations, DSM will not be able to valuate or protect its intellectual property effectively (e.g. in patent or license disputes or other litigation). This, in turn, may lead to negative financial impacts.
DSM implements various policies to avoid supply chain disruptions (e.g. multiple supplier-strategy) as well as to secure our Global Trade Control (GTC) policy and decrease price volatility (e.g. commodity hedging). Nevertheless, the increasing complexity and interdependence of worldwide supply streams as well as increasing (perceived) pressure on availability of resources may lead to GTC non-conformities, price fluctuations and availability issues, influencing DSM’s profitability and/or business continuity.
Sustainability plays a central role in DSM's strategy implementation. It is seen as a measure of responsible behavior (implementing high standards in social, environmental and business-ethical matters as described in the DSM Code of Business Conduct) as well as a business driver; developing products, processes and behaviors that make the value chains in which DSM takes part more socially and environmentally sustainable in an economically viable way. The risks related to the first area are amongst others, reported in other risk categories such as Safety, Health and Environment, Human Rights, and those related to non-compliance with DSM rules and external laws and regulations.
For sustainability as a business driver, DSM has set ambitious targets, and although it has put rigorous programs in place to clarify and achieve these targets, there is considerable risk that difficulties will occur in doing so for every target, particularly as the activities are highly innovative and, for their success, dependent on cooperation in novel stakeholder relationships. We also see competition increasing, leading to changing sustainability from a differentiator to a qualifier. Not achieving clear and accepted definitions on the sustainability standards and/or not reaching the set targets may lead to reputation damage for DSM and hence to financial damage related to credibility issues in (financial) markets and/or to extra internal management attention.
The DSM brand is a key intangible business asset which brings DSM’s mission and core value to expression and has grown considerably in value over the last five years. The value of the brand is related to the awareness, consideration and preference levels of DSM’s key stakeholders globally. The main risks are that the DSM brand promise is not lived up to by DSM and that the brand is not protected well enough across the globe from an IP/Trademark point of view. Related to the former risk mitigation actions have been put in place by training key audiences within DSM as well as key suppliers (brand e-learning program) on the proper application of the DSM brand. In terms of IP an annual strategic global trademark review takes place through which mitigating actions are defined.
Any failure by any of its business units to meet production safety, social, environmental and/or ethical standards could harm DSM’s reputation and thereby impact on its business and results. DSM has confirmed sustainability to be its core value and, on the basis of this, has formulated a Code of Business Conduct specifying desired behavior on the social, environmental and economic dimensions. The Code is distributed in 17 languages, (e-) learning has to be followed by all employees and compliance is being actively monitored and followed up. This should reasonably assure appropriate employee conduct. Moreover, the company mitigates its reputation risk by making substantial efforts to reduce the probability that any of its units will fail to comply with internal requirements and/or external laws and regulations. Nevertheless, it cannot be ruled out that accidents may happen, mistakes are made by individual employees or issues may arise, potentially leading to complaints, liabilities, loss of business and / or customer’s resp. reputation damage.
To ensure adequate response to a condition or event, either internal or external which, if it continues, will have a significant effect on the functioning or performance of DSM or on its future interests, DSM implemented Issue Management (IM). This proactive management process makes DSM prepared, enables adequate response in the shortest possible time, and secures continuing follow-up to mitigate/take advantage of the impact on share price, LtO and/or reputation (eg. global, regional, local impact).
In the CSD it has been defined that the successful implementation of our strategy requires world class Marketing and Sales performance. Over the past years DSM has made enormous progress in catching up with resp. outpacing peer companies wrt M&S skills, capabilities and processes. DSM Marketing and Sales is driving the further professionalization of the M&S disciplines across DSM. In addition the Net Promoter Score (NPS), a mandatory customer feedback process, has been defined to increase customer loyalty, reduce customer churn, evaluate the DSM company brand and is the KPI for external orientation. Appropriate Quality Assurance systems and processes are in place to mitigate the risks of non-compliance wrt to specifications and customer agreements. Similarly, extensive measures have been put in place to comply with the complexities of trade embargoes. Although digital still is in its infancy in B2B marketing, the company has taken appropriate measures as defined in requirements and guidelines, to mitigate risks on privacy / customer data as well as the use of social media. Nevertheless, it cannot be ruled out that issues may arise, potentially leading to complaints, liabilities, loss of business and / or customers, resp. reputation damage.
DSM tries to mitigate production process risks by spreading production where possible, but concentration is necessary in order to achieve economies of scale. The design of any new facilities and/or production processes requires incorporation of state-of-the-art safety and security facilities. Plants are designed according to the highest technical and technological standards and are regularly and systematically inspected against predefined risk and maintenance standards. Nevertheless, technical and technological risks may not always be sufficiently well known or controlled so as to exclude any mishaps. These could affect the quality, costs and/or availability of products.
The influence of major physical disruptions caused by mishaps affecting the supply chain or facilities in the company has been inventoried and business continuity plans have been put in place. Unexpected developments may nevertheless result in interruptions of supply to customers, causing financial and reputational damage.
As a result of DSM’s strategy, the company’s product portfolio has shifted. This has been accompanied by a corresponding shift in the product liability risk profile. To protect itself against these risks, DSM has put in place highly demanding process and product requirements and is putting in a great deal of effort on an ongoing basis to assure that all its units comply with internal and external regulatory requirements (e.g. FDA). Additionally, DSM has stepped up its efforts to structurally assess product liability exposures, and the company has enhanced its sales contracting policies. Nevertheless, product liability issues leading to financial and/or reputational damages can never be totally excluded.
DSM continuously improves its measures to mitigate ICT risks. We also recognize that ICT incidents are today’s reality. A cyber resilience strategy has been defined in 2015 to address the need for additional cyber security detection and response capabilities. An agile risk management process is in place to assess ICT risks, define necessary controls and monitor compliance of all ICT services. Although DSM has implemented industry standard risk mitigating measures, ICT complexity and shortcomings in technology, processes and employee behavior could still lead to ICT risks materializing which can have a material impact on DSM assets, operations and reputation. The digital transformation could increase the impact of incidents as the business becomes more dependent on secure and reliable ICT services. On the other hand, digitization could also offer opportunities to build new business models that are less vulnerable for ICT risks, e.g. by via partnerships.
Strategy implementation for a large part takes place through the implementation of major programs and projects in a variety of fields, such as innovation and new business development, capacity expansions for existing businesses, mergers and acquisitions, organizational change, business process development, ICT and human resources. DSM has recognized that it needs to further improve its capability to manage programs and projects and has a Project Management Excellence program in place to support this. This includes specific project management training courses. Independent Value Assurance Reviews and Unit owned Roadmaps are in place to mitigate the risk of failure of major projects and support the journey towards excellence in Project Management. Programs and projects may nevertheless fail to produce the (financial) results projected.
DSM employs strict practices with regard to the assessment and control of (information) security risks. In the design of the processes governing the goods and money flows, strict standards of Internal Control have been taken into account and the functioning of these controls is being monitored regularly. Nevertheless, (information) security incidents and/or misappropriation of goods or money through mistakes or fraud may still occur, possibly causing material damage to the company.
DSM invests in a good relationship with its employees and tracks employee engagement, amongst other things by conducting worldwide surveys. Nevertheless, it cannot be excluded that risks materialize in the area of industrial relations.
DSM implements strict policies with regard to the containment of safety, health and environmental risks. Nevertheless, safety, health or environmental elements may not always be sufficiently well known or controlled so as to prevent any possible mishaps. SHE-risks are mitigated via a SHE-management system that is kept up-to-date and includes, amongst others, requirements, audits, a multi-year program and competence management.
The main financial risks faced by DSM relate to liquidity risk and market risk (comprising interest rate risk, currency risk and price risk). DSM’s financial policy is aimed at minimizing the effects of fluctuations in currency-exchange and interest rates on its results in the short term and following market rates in the long term. DSM uses financial derivatives to manage financial risks relating to business operations and does not enter into speculative derivative positions.
DSM maintains internal controls over external reporting in order to ensure that external reporting is complete, transparent and free from material inaccuracies. Failure of these controls may result in shortcomings that may cause the external reporting does not provide the desired true and fair view of the financial position and business performance of DSM.
Although DSM has replaced several defined benefit plans with defined contribution plans in the last years, DSM still has defined benefit pension plans in a number of countries. The funded status and pension cost of defined benefit pension plans are impacted by financial markets (mostly through investment returns and interest rates) and by changes in life expectancy. Low interest rates cause DSM’s pension cost to increase and therefore have an adverse effect on profitability and cash flows.
To control pension risks for DSM, a Pension Committee (chaired by the Chief Executive Officer of DSM) is in place. The pension committee determines DSM’s pension strategy and monitors and anticipates on pension risks worldwide. Pension plans are managed by local trustees in accordance to local regulations. The investment strategy of the pension plans is aligned with the risk profile of the underlying pension liabilities through an integrated balance sheet management approach. This integrated approach improves the risk management process, risk identification and strategic decision making, leading to a more balanced approach towards risk. The volatility in pension costs for DSM of these plans is limited by contractual arrangements.
Defined contribution schemes in a low interest rate environment, give rise to a new type of risk. As a result of the low interest rates the price of an annuity has increased, leading to lower results in defined contribution schemes. An insufficient level of pension could inhibit employees to retire at an appropriate age, which is a risk that is addressed in the development of the pension plan (for instance through a life cycle investment mix).
Financial risks additional to the macroeconomic risks mentioned above include commodity price risk and credit risk. Furthermore, the major credit rating agencies may change their assessments of DSM creditworthiness; thereby affecting the company’s borrowing capacity and/or the conditions under which DSM can borrow money causing fluctuations in the cost of finance. The company aims to maintain a strong investment grade long-term credit rating and spread the maturity profile of outstanding bonds in order to have adequate financial flexibility.
DSM has put in place a Code of Business Conduct, Policies, Requirements and Directives to induce ethical behavior in the company and clearly mark the limits of risk taking in (operational) processes. Implementation is monitored and reported by the units and through independent full operational audits. Nevertheless, it cannot be excluded that non-compliances may occur, leading to risks and possible financial and/or reputational damage.
DSM operates in fields to which a multitude of (international) laws and regulations apply. Although a great deal of attention is given to full compliance with all these laws and regulations, breaches may still go unnoticed, possibly leading to fines, loss of permits, breach of contract plus liability for damages and/or reputational damage.
DSM anticipates regulatory developments and contributes to such developments where appropriate. Changes in laws and regulations may nevertheless impact the company’s ability to implement its strategy and/or may have detrimental effects on profitability.
*) For the risk categories marked with an asterisk, potential financial losses are limited by (global) insurance policies.