Risks and Opportunities

Like the oil, gas, and chemical industry as a whole, OMV is exposed to a variety of risks – including market and financial risks, operational risks, and strategic risks. The Group’s risk management processes focus on identification, assessment, and evaluation of such risks and their impact on the Group’s financial stability and profitability. The objective of these activities is to actively manage risks in the context of the Group’s risk appetite and defined risk tolerance levels in order to achieve OMV’s long-term strategic goals.

Enterprise-Wide Risk Management

Financial and non-financial risks are regularly identified, assessed, and reported through the Group-wide Enterprise-Wide Risk Management (EWRM) process. The main purpose of the OMV Group’s EWRM process is to deliver value through risk-based management and decision-making, which is ensured by applying a “three lines of defense model” (1. Business management, 2. Risk management and oversight functions, 3. Internal audit). The OMV Group is continually enhancing the EWRM process based on internal and external requirements such as, for example, newly developing ESG reporting standards and frameworks. The process is facilitated by a Group-wide IT system supporting the established individual process steps, guided by the ISO 31000 risk management framework. The process also includes companies that are not fully consolidated.

Governance

The Executive Board is responsible for risk oversight, ensuring that management has put in place a rigorous process for identifying, prioritizing, managing, and monitoring the critical risks affecting the Company. The Executive Board sets, communicates, and implements our risk management culture throughout the OMV Group. OMV Executive Board members regularly (at least quarterly) discuss current and upcoming environmental, climate, and energy-related policies and regulations; related developments in the fuels and gas market; the financial implications of carbon emissions trading obligations; the status of innovation project implementation; and progress on achieving sustainability-related targets. OMV focuses on assessing the potential vulnerabilities of the Company to climate change (e.g., water scarcity, droughts, floods, and landslides), the impact of the Company on the environment, and the mitigation actions that will ensure a successful transition to a low-carbon environment (reduction of carbon emissions, compliance with new regulatory requirements, etc.). The mid-term physical vulnerabilities related to climate change are identified and reported in the EWRM process and do not exceed OMV’s reporting threshold.

The Group Risk Committee, which is composed of the OMV Group CFO and members of senior management, meets at least four times a year, ensuring that risk awareness and prevention are deeply integrated into decision-making processes. The Committee validates the key non-financial and financial risks identified with respect to OMV’s medium- and long-term objectives. (For more information, see the Annual Report.)

Risk Management Process

The risk management process combines an intensive bottom-up and top-down approach, with every single employee responsible for implementing the most appropriate mitigation strategies for the risks within their sphere of responsibilities. Identified and assessed risks are controlled and mitigated at all organizational levels thanks to clearly defined risk policies and responsibilities. Strategic risks and opportunities (e.g., related to climate change or water stress) are assessed in a top-down process, while a bottom-up process with a standardized methodology is used to assess, for example, environmental aspects, impacts, and risks in our operations, including legal and compliance risks.

Risks are identified using a selection of the appropriate risk identification techniques like interviews, workshops, surveys, and analyses of historical losses, but also information on risks documented in risk registers or loss databases. ESG risks are identified using a double materiality approach. For example, environmental risks are identified by using approaches such as a standardized environmental risk assessment methodology applying a double materiality approach whenever possible. Environmental risks and opportunities include regulatory, operational, reputational, and financial drivers and specifically relate to issues such as climate change, availability and quality of water used for operations, and the impact of energy, climate, and water policies.

Such risks are then analyzed against a short-term horizon of three years, medium-term horizon of three to five years or the long-term perspective (more than ten years), including their possible quantitative impact as a deviation of cash flow from the plan and the likelihood of such an impact. Heat maps or risk matrices are used to support the assessment process and serve to identify probability ranges and the related consequences if risks were to materialize. Digital technologies are used in monitoring and managing environmental risks through a special risk management IT tool integrating environmental risk scenarios with operational and business risks.

In order to identify such risks, we continuously monitor OMV’s internal and external environment and conduct interviews with senior management, subject-matter experts, and Executive Board members. This process complements the bottom-up approach and captures the risks inherent in the strategy. We collect information on root causes, consequences, corresponding risk mitigation actions and their effectiveness, and changes in internal and external factors influencing likelihood. These are assessed in working sessions with senior management and subject-matter experts.

All risks exceeding a certain threshold at Group level are included in the Group Risk Report and considered to be substantive irrespective of their probability. However, the threshold can vary depending on the management focus for that specific risk management measure. In addition, risks are considered to be substantive if they are seen as such by relevant stakeholders, including local communities, governmental authorities, employees, or suppliers, even when the financial impact is not significant.

Bottom-up and top-down perspectives are combined to provide a comprehensive risk profile of the organization, which is taken into consideration when the OMV strategy is developed or updated.

The results of an intensive reporting exercise are discussed at OMV Executive Board level through the Group Risk Report and presented further to the OMV Audit Committee.

Risk Taxonomy

Paying attention to every single risk makes risk management a holistic process. We use common risk terminology and language across OMV to facilitate effective risk communication. ESG risks are a key element in the OMV risk taxonomy.

The full spectrum of risks relating to OMV’s business, including economic, environmental, and social issues, is analyzed using either a semi-qualitative or quantitative approach and documented in a centralized risk repository. The resulting corporate risk profile provides a holistic view of issues that could affect the Company’s medium- and long-term performance. The profile is therefore integrated into OMV’s decision-making process.

According to the OMV risk taxonomy, the following risk categories are considered based on key risk drivers:

• Financial risks, including market price risks, foreign exchange risks, and risks arising from (European) Emission Allowances: The market price risks are monitored and analyzed centrally in respect of their potential cash flow impact using a specific risk analysis model that considers portfolio effects. Such market price risks also cover impacts of volatile prices for European Emission Allowances, where typical mitigation activities like spot, forward, or futures transactions are applied to ensure a balanced position of emission allowances by selling the surplus or covering the gap.
• Operational risks, including all risks related to physical assets, production risks, project risks, personnel risks, IT risks, HSSE, climate change, and regulatory/compliance risks, are analyzed, monitored, and treated following the Group’s defined risk management process.
• Strategic risks arising, for example, from changes in technology, climate change, risks to reputation, or political uncertainties, including sanctions

For reporting purposes, this taxonomy is mapped to various other risk classifications such as NaDiVeG¹ The Austrian Sustainability and Diversity Improvement Act (NaDiVeG) defines risk as a potential negative effect on sustainability originating from a company’s operations, its supply chain, or its products/services. For OMV, a risk represents uncertainty regarding Company objectives measured by combining the likelihood or frequency of an event and its consequences, which can result in opportunities or threats to the success of the Company’s sustainable business performance. and TCFD. Additional information on major financial and non-financial risks is included in the Annual Report 2021.