The objective, framework, and process of risk management
The Corporate Risk Management Policy and Principles approved by the Board of Directors define the risk management principles for managing the risks associated with the Group’s strategic and operational targets and those of its business areas and common functions. The Board is also responsible for approving Neste Oil’s Treasury Risk Policy and Credit and Counterparty Risk Management Principles. Business areas and corporate common functions have additional principles, instructions, and procedures related to risk management, approved by the President & CEO or a member of the Neste Executive Board.
Neste Oil’s business, personnel, assets, and operating environment are exposed to a wide range of operational risks due to the extent, diversity, and nature of the company’s business activities. Continuous operational activities are involved in tackling risks in functions such as Finance, Sustainability and HSSE, and ICT, as well as those related to corporate reputation, legal affairs, technology, investments, and HR.
Neste Oil recognizes that risk is an integral and unavoidable component of its business and is characterized by both threats and opportunities. Neste Oil promotes a risk-aware culture in all decision-making.
Neste Oil’s Risk Management Policy emphasizes:
- the awareness and proactive management of risks
- the value of risk management in enhancing opportunities and reducing threats, and thereby gaining competitive advantage
- the importance of sufficient risk treatment and risk control, particularly in respect of HSSE and sustainability
- the benefits of managing risks as an integrated part of planning, decision-making, and operational processes with a defined structure of roles and responsibilities.
Neste Oil’s risk management framework is based on three risk assessment elements:
1. An Enterprise Risk Management (ERM) process that provides a systematic approach to identifying threats and opportunities related to strategic targets and performance plans.
2. Risk manuals for specific risk disciplines. Risk manuals and defined processes cover areas such as credit and counterparty risk principles, price risk management principles and instructions, treasury principles and instructions, and proprietary trading manuals and instructions.
3. Risk awareness across the organization, based on proactive thinking and behavior among individual employees.
Risk management is handled through these three elements by following the basic risk management process (see Risk management process graphic).