Assessment and mitigation of the broadest variety of risks is arranged on group level into one comprehensive Enterprise Risk Management (ERM) system. ERM is a risk management framework covering group-level business units and functional units as well as flagship and operating companies, with specific attention to projects as well.
The risk management methodology applied by MOL is based on international standards and best practices. It considers the organisation’s exposure to uncertainty in regard to value creation, meaning factors critical to the success and threats related to the achievement of objectives, also occurrence of incidents causing potential threat to people, assets, environment or reputation.
Risks are managed by risk owners, who are managers responsible for supervising the existing control framework and implementation of defined risk mitigation actions in responsible organisations. Monitoring and reporting of risks is performed by the Group Risk Management department to the Finance and Risk Management Committee of the Board of Directors.
During 2017, we renewed our risk management processes to ensure special attention is given to our 2030 Strategy: we identified major long-term risks that may impact our strategic objectives and detailed analysis is ongoing.
At the same time, mid-term risks related to our business plans are assessed and managed over the full lifetime of assets, performed at business segment level and coordinated by the group-level risk management team.
As in previous years, the short-term risk profile of the company is regularly reviewed with main focus on the 1-year budget of MOL Group.
Regular reporting to top management provides oversight on top risks and assurance that updated responses, controls, and appropriate mitigation actions are set and followed by the Executive Board.
The main risk drivers of the Group
Risks are categorised to ensure effective risk reporting and consistent responses for similar or related risks.
- a) Market and financial risks include, but are not limited to:
- Commodity price risk: MOL is exposed to commodity price risk on both the purchasing side and the sales side. The main commodity risks stem from the integrated business model with downstream processing more crude and selling more than our equity crude oil production. We monitor this risk in order to support our strong financial position and capacity to fund operations and investments. When necessary, we consider commodity hedging to eliminate risks other than ‘business as usual’ risks or general market price volatility.
- Foreign exchange (FX) risk: Business operation is economically driven mainly by USD. MOL’s current FX risk management policy is to monitor the FX risk, and to balance the FX exposures of the operating cash flow with the financing cash flow exposures when necessary and optimal.
- Credit risk: MOL Group provides products and services to a diversified customer portfolio - both from business segment and geographical point of view – with a large number of customers representing an acceptable credit risk profile. MOL Group’s risk management tracks these risks on a continuous basis, and provides support to the sales processes in accordance with MOL Group’s sales strategy and ability to bear risk.
- b) Operational risks include, but are not limited to:
- Physical asset safety and equipment breakdown risk: High asset concentration in Downstream is a significant risk driver. The potential negative effects are mitigated by comprehensive HSE activities and a group-wide insurance management program.
- Crude oil supply risk: Crude supply disruption is a major risk factor for the Downstream business, as it canhamper continuous operations. In order to mitigate this risk, supplies of crude oil via pipelines are currently diversified with regular crude cargo deliveries from the Adriatic Sea.
- Cyber risk: Cyber risk needs attention and effective management to ensure the company is able to monitor, detect and respond to cyber threats. MOL has adapted and changed the way it deals with cyber defence and cyber threats (people, process and technology): a clear vision and strategy has been set up to manage cyber incidents with end-to-end ownership and accountability.
- c) Strategic risks include, but are not limited to:
- Regulatory risk: MOL has significant exposure to a wide range of laws, regulations, environmental and government policies that may change significantly over time. Due to the economic, and also in some regions political crisis, the risk of potential government actions increased, as well as potential impact of such decisions.
- Country risk: The international portfolio requires proper management of country risk exposures, therefore possible political violence, compliance with local regulations or sanctions are monitored to enhance the diversification effect in the investment portfolio.
- Reputation risk: Reputation of energy industry players has been in the focus of media for the past years due to extreme negative events. MOL, as a major market player in the region, operates under special attention from a considerable number of stakeholders, and we are constantly seeking to meet our responsibilities towards them.
- Climate change risk: The effects of climate change have the potential to adversely impact MOL’s current operations. As a response, MOL Group launched its 2030 Strategy based on the expected decrease in demand for fossil fuels, primarily driven by a combination of electrification and digitalization of transportation, energy and fuel efficiency gains, as well as changes in consumer behaviour and advances in technology. MOL Group’s transformational strategy is meant as a response to the fast-developing consequences of global warming and climate change. Several measures have already been taken at group and divisional level in the past, and actions are ongoing. For more details, go to the Notes on Sustainability Performance.
Main risk management tools
Enterprise Risk Management is a framework covering business units and functional units, which ensures incorporation of risks faced by the company into risk maps. The risk assessment activity supports stable and efficient operation by identifying key risks that threaten the achievement of company objectives and require specific attention by top management through strengthened controls or execution of mitigation actions.
To ensure the profitability and the financial stability of the group, financial risk management is in place to handle short-term, market related risks. Commodity price, FX and interest rate risks are measured regularly by using a complex model based on Monte Carlo simulation, and are managed – if necessary - with hedging measures.
Transferring of the financial consequences of our operational risks is done by insurance management, which represents an important risk mitigation tool used to cover the most relevant exposures and liabilities arising out of our operations. Insurance is managed through a joint program for the whole group to exploit considerable synergy effects.
Following best industry practice and focusing on low probability high potential risks that could disrupt our operations, value chain and cash generation, MOL Group has implemented and is currently working to integrate a crisis management and business continuity program in order to reduce recovery times within tolerable limits for processes critical to our business.
Besides providing information on the most imperative risks that MOL Group faces, risk management also supports the top management and the Board of Directors to take more educated decisions on capital allocation for major CAPEX projects.