Introduction

Risk management is an essential component of the corporate governance of blueplanet Investments AG. blueplanet Investments AG operates a two-sided risk management system. On the one hand, risks must be identified, classified and monitored. On the other hand, however, it must be ensured that opportunities are not missed. Risks are therefore not only those actions and events which have a clearly negative influence on financial development, reputation or long-term development of the company, but also those which prevent opportunities from being seized.

Risk assessment must be done on a variety of levels, both in-house and externally. blueplanet Investments AG maintains an internal risk management system in order to map all potential threatss and to control appropriate risk management measures. Contingency plans have been drawn up to ensure the continued operation of the company in the event of serious incidents. These include backup systems in the IT infrastructure, alternative options in the real estate sector and personnel redundancies. A quarterly risk report is prepared by the Management Board on the basis of a traffic light system. The report is presented to the Supervisory Board and describes the development of risks in the various areas.
The following describes only those risks that also pose a threat to external stakeholders. Other documents deal with the corporate structure as well as the requirements and guidelines of HR policy, supply chain and logistics management, product stewardship and ethical principles in order to minimize risks in these areas.

In order to ensure that stakeholder risks can be identified and that the handling of these risks within the workforce is appropriate, the most important sources of risk for blueplanet Investments AG and its holdings are explained below and guidelines for avoiding them are presented. This also includes the specification of training and education for employees.

The risk management of blueplanet Investments AG and its participations must be designed in such a way that the staff only have to make decisions about risks that are proportionate to their position. Each type of risk has a risk owner who is responsible for monitoring the assigned risks, as well as for creating measures in the event of a risky situation. In addition, the risk owner must ensure that the persons in whose area of responsibility a risk falls are capable to identify it and take appropriate risk management actions. This does not mean that no risks should be taken, but they should be managed in such a way that a negative impact on elementary organizational processes is excluded.

The Management Board is responsible for the allocation of decision-making powers and the basic identification of the associated processes. They must review the allocation of the positions as well as the associated decision-making powers and risks at regular intervals and, if necessary, intervene to correct a situation and reassign powers. This regulatory activity requires the active monitoring of all risks and the assessment of employees’ approaches to solutions. If risks are identified in this context that are not adequately managed by the solution approaches chosen by the risk owner, the Management Board must identify an appropriate risk management solution in cooperation with the Supervisory Board.

Contingency plans must be drawn up which ensure that the company’s core processes will continue to function in the event of a risk of any magnitude.