Risk management

Last updated: March 12, 2025

Overview of the risk management systems

Principles of risk management

Risk management is an essential part of the internal control system of the Group and an active means to analyze and manage opportunities and threats related to the business strategy and operations. The Company has defined the principles applied in the organization of the risk management. The purpose of risk management is to identify potential events that may affect the achievement of the Group’s objectives, either positively or negatively, in changing business environment. The purpose is to manage risks to a level that the Group is capable and prepared to accept, so that there is a reasonable assurance and predictability on the achievement of the Group’s objectives. The overall risk management process of the Group follows the principles of the Enterprise Risk Management (ERM) framework of Committee of Sponsoring Organizations of the Treadway Commission (COSO), and ISO 31000 Risk Management Standard. Further, Huhtamaki has tailored its ERM processes to meet its own needs.

Risk management process and responsibilities

Annual enterprise risk assessment process and follow-up of risk mitigation actions are essential elements of risk management at Huhtamaki. Specific scope risk assessments and property risk control program support Group’s risk assessment process. Further, business continuity management, crisis management and insurance programs are complementing enterprise risk management.

Risks are assessed both at the Group and business segment levels. To systematize and facilitate the identification of risks, they are categorized as strategic, operational and financial risks. These categories are closely aligned with the strategic, operational, financial and compliance objectives of the Group. The enterprise risk assessment targets to improve risk management awareness and supports cross-functional and business unit risk management initiatives.

Huhtamaki Group Enterprise Risk Management (ERM) Policy defines the objectives, scope and responsibilities of risk management. Compliance with the risk management policy assures timely identification and recording of risks and the application of relevant risk management measures to address these risks. More detailed risk management procedures are set forth in the Group’s ERM framework and process guidelines.

The Global Executive Team is to ensure implementation of the Group Enterprise Risk Management (ERM) Policy through allocating adequate resources as well as adopting and deploying risk management procedures. In addition, the GET reviews the Group’s and the segments’ risks and accepts the related risk levels, and the extent to which these risks have been properly identified, recognized, and addressed by the Group and the segments, for the approval of the Board.

The Global risk management function organizes, instructs, supports, supervises and monitors risk management activities on an ongoing basis. It reports results of the risk management process to the Audit Committee annually.

Leadership teams at global, segment and local levels are responsible for ensuring that risk management is appropriately implemented in their field of responsibility.