Risks and Opportunities

As an international oil, gas, and chemicals company with operations extending from hydrocarbon exploration and production to the trading and marketing of mineral oil products, chemical products, and natural gas, the OMV Group is exposed to a variety of risks – including market and financial risks, operational risks, and strategic risks. The Group’s risk management processes focus on the identification, assessment, and evaluation of such risks and their impact on the Group’s financial stability and profitability. The purpose of these activities is to actively manage risks in the context of the Group’s risk appetite and defined risk tolerance levels in order to achieve the OMV Group’s long-term strategic goals.

Enterprise-Wide Risk Management

Financial and non-financial risks are regularly identified, assessed, and reported through the Group’s Enterprise-Wide Risk Management (EWRM) process. The main purpose of the OMV Group’s EWRM process is to deliver value through risk-based management and decision-making, which is ensured by applying a “three lines of defense” model (1. business management, 2. risk management and oversight functions, 3. internal audit). The OMV Group is continually enhancing the EWRM process based on internal and external requirements, for instance developing new ESG reporting standards and frameworks. The process is facilitated by a Group-wide IT system that supports the established individual process steps, guided by the ISO 31000 risk management framework. The process also includes companies that are not fully consolidated.

Governance

OMV recognizes the dynamic and evolving nature of its business landscape. Effective risk governance is crucial for successfully navigating uncertainties inherent in the nature of OMV’s operations.

As an integral part of the Supervisory Board, the Audit Committee diligently oversees the implementation and efficacy of our risk management processes. By leveraging the expertise within the Audit Committee and remaining adaptive through ongoing education, the Supervisory Board reinforces its commitment to robust risk governance.

The Executive Board takes a proactive stance in overseeing and enhancing OMV’s risk management processes, as well as ensuring a strong risk culture across the OMV Group. A cross-functional committee chaired by the OMV Group CFO with senior management members of the OMV Group – the Risk Committee – ensures that the risk management process effectively captures and manages material risks across the OMV Group. OMV has an effective independent Corporate Risk Management function within the CFO area that reports directly to the Executive Board and is independent from the business lines. OMV’s Executive Board members regularly discuss current and upcoming environmental, climate, and energy-related policies and regulations, related developments in the fuels, chemicals, and gas markets, the financial implications of carbon emissions trading obligations, the status of innovation project implementation, and progress on achieving sustainability-related targets.

The Group Risk Committee meets at least four times a year, ensuring that risk awareness and prevention are firmly integrated into decision-making processes. The Committee validates the key non-financial and financial risks identified with respect to OMV’s short- to mid- (up to three to five years) and long-term (more than five years) objectives. For more information, see the Annual Report.

OMV focuses on assessing the potential vulnerabilities of the Company to climate change (e.g., water scarcity, droughts, floods, and landslides), the impact of the Company on the environment, and the mitigation actions that will ensure a successful transition to a low-carbon environment (e.g., reduction of carbon emissions and compliance with new regulatory requirements). The short- and mid-term physical vulnerabilities related to climate change are identified and reported in the EWRM process and do not exceed OMV’s reporting threshold.

The OMV Group conducts a robust, site-specific physical climate risk and vulnerability assessment in accordance with the EU taxonomy to determine the resilience of each asset to future climate change and the associated physical climate-related risks. Acute and chronic risks related to temperature, wind, water, and solid mass are first screened based on business specificity and potential impact on OMV. The two-fold approach used is in line with the EWRM approach.

Based on the preselected acute and chronic risks, all OMV Group sites where EU taxonomy-eligible activities occur are prioritized. This exercise is performed with the support of a risk intelligence consultant using a set of indexes specifically aimed at providing a robust understanding of the changes in future environmental conditions for the respective locations and businesses.

All assets with medium, high, or extreme exposure to one or more acute or chronic physical climate risks are analyzed further. Physical hazard modeling is applied, consisting of the processing and analysis of atmospheric data related to temperature, precipitation, drought, and wildfires, as well as other data related to coastal flooding, tropical cyclones, water stress, and fluvial flooding, in order to provide a rigorous estimate of risk. The analysis incorporates scenarios based on the Representative Concentration Pathways (RCPs) from the Intergovernmental Panel on Climate Change (IPCC). The four RCPs (2.6, 4.5, 6.0, and 8.5) included in the IPCC AR5 are used in this exercise and applied to various time horizons that align with the OMV Strategy. Once the financial impact of the respective risks is estimated, potential mitigation strategies are discussed with management in order to ensure that appropriate adaptation measures are considered.

Risk Management Process

The risk management process combines an intensive bottom-up and top-down approach, with every single employee responsible for implementing the most appropriate mitigation strategies for the risks within their sphere of responsibilities. Identified and assessed risks are controlled and mitigated at all organizational levels thanks to clearly defined risk policies and responsibilities. Strategic risks and opportunities (e.g., related to climate change or water stress) are assessed in a top-down process, while a bottom-up process with a standardized methodology is used to assess factors such as environmental aspects, impacts, and risks in our operations, including legal and compliance risks.

ESG risks are identified using a double materiality approach and a selection of the appropriate risk identification techniques, such as interviews, workshops, surveys, and analyses of historical losses, as well as information on risks documented in risk registers or loss databases. For example, environmental risks are identified using an approach such as a standardized environmental risk assessment methodology, always applying a double materiality approach whenever possible. Environmental risks and opportunities include regulatory, operational, reputational, and financial drivers, and specifically relate to issues such as climate change, availability and quality of water used for operations, and the impact of energy, climate, and water policies. Such risks are then analyzed against a short-term horizon (less than 3 years), medium-term horizon (3–5 years), or long-term perspective (>10 years), including their possible quantitative impact as a deviation of cash flow from the plan and the likelihood of such an impact. Heat maps or risk matrices are used to support the assessment process and serve to identify probability ranges and the related consequences if risks were to materialize. Digital technologies are used in monitoring and managing environmental risks through a special risk management IT tool that integrates environmental risk scenarios with operational and business risks.

For the purpose of identifying such risks, we continuously monitor OMV’s internal and external environment and conduct interviews with senior management, subject matter experts, and Executive Board members. This process complements the bottom-up approach and captures the risks inherent in the strategy. We collect information on root causes, consequences, corresponding risk mitigation actions and their effectiveness, and changes in internal and external factors influencing likelihood. These are assessed in working sessions with senior management and subject matter experts.

All risks exceeding a certain threshold at Group level are included in the Group Risk Report and considered to be substantive irrespective of their probability. However, the threshold can vary depending on the management focus for that specific risk management measure. In addition, risks are regarded as substantive if they are seen as such by relevant stakeholders, including local communities, government authorities, employees, or suppliers, even when the financial impact is not considerable.

Bottom-up and top-down perspectives are combined to provide a comprehensive risk profile of the organization, which is taken into consideration when the OMV strategy is developed or updated. The results of an intensive reporting exercise are discussed at the OMV Executive Board level through the Group Risk Report and further presented to the OMV Audit Committee.

Risk Taxonomy

Paying attention to every single risk makes risk management a holistic process. We use common risk terminology and language across OMV to facilitate effective risk communication. ESG risks are a key element in the OMV risk taxonomy.

The full spectrum of risks relating to OMV’s business, including economic, environmental, and social issues, is analyzed using either a semi-qualitative or quantitative approach and documented in a centralized risk repository. The resulting corporate risk profile provides a holistic view of issues that could affect the Company’s medium- and long-term performance. The profile is therefore integrated into OMV’s decision-making processes.

According to the OMV risk taxonomy, the following risk categories are considered based on key risk drivers:

• Financial risks, including market price risks, foreign exchange risks, and risks arising from (European) Emission Allowances. Market price risks are monitored and analyzed centrally with respect to their potential cash flow impact using a specific risk analysis model that considers portfolio effects. Such market price risks also cover the impact of volatile prices for European Emission Allowances, where typical mitigation activities like spot, forward, or futures transactions are applied to ensure a balanced position of emission allowances by selling the surplus or covering the gap.
• Operational risks, including all risks related to physical assets, production risks, project risks, personnel risks, IT risks, as well as HSSE, climate change, and regulatory/compliance risks, are analyzed, monitored, and managed by following the Group’s defined risk management process.
• Strategic risks arising, for example, from changes in technology, climate change, risks to reputation, or political uncertainties, including sanctions.

For reporting purposes, this taxonomy is mapped to various other risk classifications such as NaDiVeG¹ The Austrian Sustainability and Diversity Improvement Act (NaDiVeG) defines risk as a potential negative effect on sustainability originating from a company’s operations, its supply chain, or its products/services. For OMV, a risk represents uncertainty regarding Company objectives measured by combining the likelihood or frequency of an event and its consequences, which can result in opportunities or threats to the success of the Company’s sustainable business performance. and TCFD. Additional information on the OMV Group’s EWRM governance and processes as well as major financial and non-financial risks are included in the Risk Management chapter in the Annual Report 2023.