Integrated
Report 2022

Corporate risks

Risk management within the Capital Group is implemented based on the adopted policy, which makes it an integral part of all processes and a major element affecting the decisions made. The basic objective of the policy is to implement mechanisms that will enable the earliest possible risk identification, limitation of its probability as well as the potential consequences representing a threat to the goals of the Capital Group.

  • providing complementary expert knowledge in monitoring and prevention of the negative consequences of risk realisation;
  • caring for continuous improvement of the risk management process at the Capital Group;
  • provision of relevant information to the Management Board and Supervisory Board of Grupa KĘTY S.A. on the threats within the organisation and in its environment.

Risk management is implemented at the level of the Capital Group, the operating segments, and the particular companies. The process covers for example:

  • determination of the maximum acceptable risk;
  • identification of risk areas and assessment of their influence on business decisions;
  • creation, maintenance, and improvement of the processes of risk identification, assessment and monitoring;
  • inclusion of risk management in business and operating processes, as well as decision-making processes;
  • determination of management priorities and effective use of resources;
  • implementation of processes ensuring business continuity in case of extraordinary situations;
  • improvement of project management effectiveness, and creation of risk management framework within the performed projects;
  • assessment of risk related to regulatory environment, and supporting the compliance function in ensuring operations compliant with the binding laws;
  • identification and ensuring control over financial risk areas;
  • implementation of control mechanisms, or blockers, which limit the probability and consequences of risk occurrence.

Responsible for implementation of the risk management system in compliance with the adopted policy as well as monitoring is the Management Board of Grupa KĘTY S.A., supported by the Risk and Compliance Committee. The risk management system is monitored by the Supervisory Board of Grupa KĘTY S.A. The Treasury and Risk Management Director was responsible in 2022 for supervision of the proper functioning of the risk management system. With regard to the ongoing centralisation of functions, starting from 1 January 2023, the person responsible for the process is the Compliance and Risk Management Director.

Risk management takes place at three levels:

  1. the Capital Group (GKK) – refers to strategic and operating risks related to GKK as a whole, and other risks subject to consolidation at GKK level;
  2. Operating Segment – refers to Segment risks and risk directly related to the respective Segment;
  3. Company/Location – refers to specific risks applicable to the respective company or location, which do not apply to the whole areas 1) and 2) described above.

As a result of risk analysis, in 2022 there was prepared a list of major risks for the Capital Group. The applied general risk rating (scale from 1 to 125) is the product of three parameters assessed at the scale of 1 to 5:

  • probability
  • financial impact
  • reputation-related impact

Owing to the fact that the reputation-related impact has been measured at the Company since 2022, the below presented changes in risk levels (2022 vs 2021) are based of financial rating, i.e. the product of probability and financial impact.

The major risks to which the Capital Group was exposed in 2022 are the following:

1.Risk of disturbances or breaks in IT infrastructure operation Risk level: High Risk level change:
Area: IT
The risk of IT systems failures which may result in downtimes or inability to perform tasks by the business units.
Risk-limiting actions:
  • Outsource contract for IT operations
  • Back-up policy
  • IT staff participation in preparing strategic plans and budgets of the Segments
  • HR procedures with regard to staff management
  • Stress tests/socio-technical tests (penetration tests)
  • Data Centre protection in compliance with the best sector practices (independent power supply, UPS, precise air-conditioning, extinguishing systems, monitoring, burglar control and access control systems) 

2.Risk of effective cyber attacks Risk level: High Risk level change:
Area: IT
Rapid growth of cyber threats – increasing number of attack methods by cyber criminals resulting in the risk of IT systems being stopped or destroyed, which may cause downtimes or inability of business units to complete their tasks.
Comment: Higher risk level due to warfare in Ukraine and the resulting increased likelihood of successful cyber attacks targeting Polish businesses.
Risk-limiting actions:
  • Change test procedures
  • Requirement to enter into support and guarantee agreements
  • Staff training
  • Cyber-Edge insurance

3.Risk of the Company profitability loss as a result of financial risks related to instability of financial and commodity markets Risk level: High Risk level change:
Area: Finances
Companies of the Capital Group carry out exports, imports, sales and purchases based on variable prices depending on FX rates (denominated transactions). The prices of base materials, including aluminium for the EPS and the ASS, and petrochemicals for the FPS, undergo changes on the world’s markets, which is translated into changes in the costs of production and finished products prices. The Company indebtedness results in its exposure to interest rates changes, as most of the debt is based on variable market rates.
Comment: Since February 2022, the risk of volatility in financial markets has been increased owing to unstable political situation caused by the war in Ukraine.
Risk-limiting actions:
  • Price formulas in trade contracts
  • Duty to close hedge transactions exceeding FX positions
  • Defining hedge instruments allowed to be used
  • Current effectiveness control, use of derivative instruments based on highly correlated underlying instrument
  • Monitoring the value of interest in total costs, conclusion of loan agreements with fixed interest rates

4.Risk of limitations in natural gas consumption Risk level: High Risk level change:
Area: Production and quality systems
Risk of gas supply limitation based on the binding legal regulations (Regulation of the Council of Ministers of 17 February 2021 on the methods and modes of imposing gas consumption limitations), and the resulting plans of limiting gas supply.
Comment: Higher risk is related to the conflict in Ukraine and the resulting potential and actual sanctions imposed on Russia, which will limit gas purchase from that country.
Risk-limiting actions:
  • Monitoring of natural gas consumption limitations
  • Procedures to limit gas consumption
  • Supervision of the current power and its adjustment to the limitation degrees
  • The system of natural gas consumption monitoring per device/plant (‘power guardian’)
  • Verification of the possibility of including certain recipients in the group of ‘protected recipients’
  • Appointment of persons responsible for contacts with natural gas distributor/seller
  • Analysis of contracted power vs production plans

5.Risk of statutory limitation of electric energy consumption Risk level: High Risk level change:
Area: Production and quality systems
Risk of electric energy supply limitation based on the binding legal regulations (Regulation on the detailed principles and methods of imposing limitations in fossil fuels sales as well as supply and consumption of electric energy and heat).
Comment: Higher risk is related to the conflict in Ukraine and the resulting potential and actual sanctions imposed on Russia, which will limit coal purchases and may indirectly affect the availability of electric energy in Poland.
Risk-limiting actions:
  • Monitoring of electric energy consumption limitation by the appointed persons
  • Procedures to limit electric energy consumption
  • Supervision of the currently used power and its adjustment to the limitation degrees
  • Verification of excessive consumption on 15-minutes’ basis
  • The system of electric energy consumption monitoring (‘power guardian’)
  • Appointment of persons responsible for contacts with electric energy distributor/seller
  • Analysis of contracted power vs production plans

6.Risk of lower sales resulting in budget and strategic plans non-performance Risk level: High Risk level change:
Area: Sales & marketing
The risk that budget assumptions, and in consequence the result/profit will not be achieved, drop in the number of active customers, threat to strategies and planned projects performance.
Comment: Higher risk resulting from unstable political situation which may result in reduced demand for the Group products.
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Customers and credit limits verification for the particular Segment
  • Extension of cooperation with the existing customers
  • Offering new products in response to market requirements and customer expectations
  • Current analysis of customer satisfaction level
  • Monitoring of the competitor’s actions
  • Current control of margin levels

7.Risk of IT infrastructure engineering condition being inadequate to the needs and strategy of the Group Risk level: High Risk level change:
Area: IT
Risk of IT infrastructure adequacy for strategic goals
Risk-limiting actions:
  • IT staff participation in creation strategic plans and budgets of the Segments
  • IT Council operation

8.Risk of the Company activities non-compliance with the legal regulations, and that incomplete, outdated or inconsistent internal regulation will result in ineffective staff work or work that is non-compliant with the objectives and strategy of the Company (missing effective compliance system) Risk level: High Risk level change:
Area: All companies of the Capital Group
Failure to abide by acts of law, regulations, legal provisions or adopted internal standards, policies and codes of conduct, which result in the risk of paying fines.
Risk-limiting actions:
  • Compliance management system
  • Regulatory environment monitoring system
  • Periodical staff training
  • Periodical management staff training, management staff engagement in the compliance management system
  • Cooperation with speciality law firms, operation of internal control and internal audit areas

9.Risk of non-compliance with the MAR regulation, resulting in imposing fines Risk level: High Risk level change:
Area: Communication
Possible imposition of fines for non-compliance with disclosure obligations and/or lack of relevant documents.
Imposition of fines for disclosure or use of confidential information by an employee of the Company before the information is officially published.
Risk-limiting actions:
  • Creation of a regulated system of information flow
  • Periodical training

10.Risk of ineffective receivables management policy, affecting financial liquidity or financial results of the Company Risk level: High Risk level change:
Area: Finances
Risk of losing receivables of significant value, necessity of recognising provisions as a result of, for example, high sales concentration, faulty customer analysis, insufficient security.
Risk-limiting actions:
  • Determination of the maximum value of the unsecured part of receivables
  • Verification of information at business intelligence companies
  • Appointment of persons responsible for debt-collection supervision
  • Current monitoring of overdue receivables
  • Receivables insurance
  • Other forms of securing receivables

11.Risk of non-performance or lack of update of strategy in the sustainable development (social responsibility) area, resulting in non-compliance with new legal and business requirements Risk level:
Medium		 Risk level change:
Area: CSR
Risk of damage to the Company’s reputation as one operating in compliance with the idea of sustainable development and, thus, inability to cooperate with companies for which the idea is major in their operations policy. Simultaneous risk of legal and financial consequences.
Risk-limiting actions:
  • Steering Committee for Sustainable Development and Corporate Social Responsibility
  • Defined ESG strategic goals
  • Key indicators monitoring
  • Speciality knowledge outsourcing
  • Systems and equipment to monitor environmental factors excesses
  • Compliance system
  • Speciality training, improvement of professional qualifications

12.Risk of inadequate or insufficient staff, resulting in non-performance of the adopted strategic and operating goals Risk level: Medium Risk level change:
Area: HR
Risk of staff shortages which may result in a failure to secure business areas with regard to the performance of strategic and operating goals, a failure to comply with legal requirements or customers expectations, or production downtimes and gaps in sales.
Risk-limiting actions:
  • Speciality training, improvement of professional qualifications
  • Payroll reports, payroll analyses
  • Information collected in recruitment processes, exit interviews
  • Meetings with Labour Unions, reports for the Works Council
  • Additional pay for shift work and hard working conditions
  • Suggestions systems (possibility to improve work, bonuses for inventors)
  • Zero accidents programme
  • Automation of processes
  • Medical care, insurance\Knowledge base, back-up staff, delegation of tasks

13.Risk of missing effective supply chain, which results in delays or stoppages in production/sales order performance Risk level: Medium Risk level change:
Area: Purchases
Risk of discontinuity of supplies resulting in shortages of materials/production goods/sales goods.
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Suppliers diversification
  • Adequate warehouse stocks at selected suppliers and own inventories
  • Suppliers trustworthiness verification
  • Purchase/delivery plans
  • Cooperation agreements
  • Inventory reports and analyses
  • Geopolitical situation monitoring
  • Alternative geographic destinations for deliveries

14.Risk of environment pollution as a result of operations, resulting in the plant closure and high administrative penalties Risk level: Medium Risk level change:
Area: Production and quality systems
Events related to operations, resulting in water, air or soil pollution with substances or radiation in quantities or in the form which may threaten human life or health, or cause water, air or soil quality deterioration, or significant damage to fauna or flora.
Risk-limiting actions:
  • Environmental permits and decisions, including conditions and limits for using systems Inspections by authorities (Provincial Environmental Protection Inspectorate, National Sanitary Inspectorate, etc.)
  • Supervision of legal requirements and environmental permits with regard to the allowed emissions, monitoring and tests
  • Regulations regarding the use of best available technology (BAT)
  • Supervision of environmental protection and pollution reduction infrastructure and emitters, as well as the technical condition of the sources of emissions, machines and systems using hazardous substances, waste treatment plants, etc.
  • Current identification and assessment of the conditions of applying, approving for use, and contents analysis of hazardous substances and mixtures Keeping documentation (Material Safety Data Sheet Register)
  • Training in environmental protection
  • Solutions preventing release of hazardous substances as well as fire and explosion protection systems and equipment
  • Waste recipients verification, agreements on waste collection/treatment
  • Legal regulations regarding environmental protection – current monitoring and use of information tools

15.Risk of being unprepared to continuity loss resulting in long-term suspension of the key part of production (over 1 month) Risk level: Medium Risk level change:
Area: Production and quality systems
Risk of being unprepared for continuity loss resulting in long-term operations suspension, including inability to use a production or warehouse building, lack of resources (e.g. semi-products), shortage of human resources, long-term failures and engineering downtimes.
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Continuity plans
  • Risk Team activities
  • Regular monitoring of the market of raw materials and utilities
  • Diversification of suppliers and recipients
  • Technical inspection
  • Adjustment of machines and equipment to the changing regulations
  • List of machines and equipment subject to special supervision
  • Diversification of location for some production processes
  • All risks insurance including business interruption (BI) cover, and insurance of selected property, plant and equipment against damage

16.Risk of faulty inventory management policy resulting in production delays or downtimes Risk level: Medium Risk level change:
Area: Production and quality systems
Lack of proper inventory management policy poses a hazard for the continuity of production and timely order completion, consequently leading to the negative financial results and loss of customer trust.
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Production management systems Consignment store, warehouse stock at suppliers
  • Safe warehouse stock based on forecast consumption and orders on the go
  • Forecasts for supplier in order to book their production capacity at a certain time
  • Production planning systems, monitoring and recording of the production process, inventories monitoring
  • Diversification of raw materials suppliers (also with regard to the geographic aspect)
  • Regular verification of demand for production components

17.Risk of incidents regarding personal data protection (e.g. due to non-compliance with GDPR), resulting in fines and reputation tarnishing Risk level:
Medium		 Risk level change:
Area: HR
Risk of improper personal data securing.
Risk-limiting actions:
  • Personal Data Officer’s opinions
  • Regular audits, including by the Personal Data Officer
  • Compliance management system
  • Employee declarations
  • Access verification by the Personal Data Officer
  • Verification of access to electronic databases
  • Access procedures for employees and visitors
  • Staff training
  • Ban on installing software without IT authorisation, training in systems use, access control

18. Risk of fire, flood or other disaster, resulting in losing operating facilities (plant, warehouse), resulting in limiting or stopping production processes and incurring financial losses on that account Risk level:
Medium		 Risk level change:
Area: Production and quality systems
Risk of operations disturbance or break as a result of losses originating from an extraordinary event (e.g. fire, hurricane, wirlwind, rockburst, building catastrophe, lightning stroke, earthquake, motor vehicle impact, aircraft crash, explosion, meteorite fall), or natural disaster (e.g. fire, drought, heavy snowfall, extreme heat or frost, storm, flood, hail).
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Systematic technical inspections
  • Fire detection system in certain areas
  • Staff training in fire protection measures
  • Development of procedures and instructions in liaison with third parties as regards hot works
  • Internal OHS and fire protection inspections
  • Smoking ban apart from set out places
  • Periodical verification of fire systems efficient functioning (alarms and extinguishers)
  • Evacuation trainings
  • Plants security service
  • Insurance against accidents and natural disasters (including BI cover)
  • Lightning protection systems

19. Risk of malfeasance, understood as actions or omissions in breach of the generally binding laws Risk level:
Medium		 Risk level change:
Area: All companies of the Capital Group
Purposeful actions or omissions in breach of the generally binding laws, as a result of which the perpetrator obtains illegal gains, causing losses or failure to attain the assumed results (fraud, theft, misuse, etc.).
Risk-limiting actions:
  • Anti-corruption Policy
  • Generally binding laws
  • Internal audit and internal control
  • Compliance management system
  • Regular staff training, information campaigns in Intranet
  • Articles of Association, by-laws, regulations
  • Code of Ethics

20. Risk of credibility loss by the Company due to rejection from stock listing by the Management Board of the Warsaw Stock Exchange Risk level: Medium Risk level change:
Area: Communication
Adoption of a resolution by the Management Board of the Warsaw Stock Exchange to delist the Company shares as a result of violation of the Warsaw Stock Exchange regulations, including disclosure obligations, lack of transactions in the Company shares for a period of three months, undertaking by the Company of activities prohibited by the binding regulations, which may result in civil claims against the Company and its managers for acting to the detriment of the Company or shareholders, increased costs of finance as a result of the Company reputation tarnishing, or penalties imposed by the Management Board of the Stock Exchange.
Risk-limiting actions:
  • Interim reports: multi-stage verification of the report contents
  • Current reports: multi-stage verification of the report contents
  • Active communication policy as regards the investors
  • Legal environment monitoring by people responsible for the particular areas of the Company operations, compliance management system

21. Risk of ineffective ownership supervision over GKK financial assets, resulting in impairment, liquidation or disposal of high-value assets Risk level: Medium Risk level change:
Area: All companies of the Capital Group
Risk of high-value assets loss (liquidation, disposal), necessity to recognise assets impairment as a result of:
  1. decrease in the market value of assets as a result of ineffective management, failure to respond adequately to changes in the market environment – increased competition/new products/substitutes/innovations, inefficient organisation and management, legal regulations, increase in the entity’s indebtedness (inefficient investments/acquisitions, inadequate supervision of commercial and debt-collection departments, etc.);
  2. lack of supervision resulting, for example, in ineffective management of post-acquisition/establishment of entities (lack or delay in post-acquisition integration, failure to implement the strategy envisaged at the time of adoption, staff shortages/problems).
Risk-limiting actions:
  • Entries in corporate documents (articles, company deeds, memoranda of association) regarding:
    • the duty to approve strategies and budgets (including investment budgets) by supervising authorities;
    • the duty to approve by supervising authorities the principles of voting in General Meetings of companies in which the Company holds at least 20% shares, for example, approving annual budgets;
    • regular (at least once a quarter) Supervisory Board meetings;
    • the duty of approving by supervising authorities some liabilities or incurring financial liabilities if they exceed the set out amounts;
    • the duty to approve by supervising authorities the principles of voting in General Meetings of companies in which the Company holds at least 20% shares, for example, assuming some liabilities.
  • Procedures regarding companies take-overs or establishing companies, which introduce, for example, the necessity of:
    • reporting acquisition plans at the moment of budgets creation;
    • reporting acquisition plans to GKK Management Board;
    • notifying GKK about projects exceeding the agreed values;
    • preparing analysis, including NPV measurements for development projects.

22. Risk of non-compliance with tax regulations, resulting in high administrative penalties Risk level: Medium Risk level change:
Area: Accounting
The risk of penalties/fines imposed by the Tax Office (PIT, CIT, VAT) or City Council (tax on real estate).
Risk-limiting actions:
  • Training in tax changes
  • Monitoring of tax changes and current practices in that regard
  • Analysis of the possible tax consequences and conditions for planned one-off transactions
  • Bookkeeping system with an option of updating for legal changes
  • Contractors verification, monitoring of the ‘White List’ of taxpayers

23. Risk of making faulty decisions based on inaccurate or untimely reporting Risk level: Medium Risk level change:
Area: Controlling
Making faulty decisions based on inaccurate or untimely reporting, manipulation, or data leakage.
Risk-limiting actions:
  • Building back-ups in key areas
  • Integrated financial and accounting system
  • Reports automation, human-error risk mitigation

24. Risk of illegal use of liability securities Risk level: Medium Risk level change:
Area: Finances
GKK companies liabilities on account of bank loans are secured in the form of registered pledge or mortgage. Unjustified security enforcement may lead to a loss of production capacity.
Liabilities related to carried out high-value contracts are secured, for example, in the form of bank guarantees (frequently unconditional), or security deposits. Financial problems at the beneficiaries or unjustified claims may lead to illegal cashing of their securities.
Risk-limiting actions:
  • Procedure of bank ranking verification
  • Legal verification of guarantee provisions
  • Compliance with pari-passu principles in credit contracts
  • Verification of the beneficiary’s financial standing
  • Diversification of the sources of finance

25. Risk of ineffective OHS policy, which may result in fatal accidents or permanent health impairment, as well as staff shortages difficult to back up Risk level:
Medium		 Risk level change:
Area: Production and quality systems
In case of an employee’s accident at work or while commuting to or from work.
Risk-limiting actions:
Adjustment of the particular actions to the specifics of the Segments. These include on a standard basis:
  • Regular technical inspection, maintenance and repair of plants and equipment
  • Regular tests and measurements at workplace
  • Occupational risk assessment
  • Casings and protections on machines
  • OHS warning signs
  • Selection and purchase of personal protection equipment
  • Staff training in OHS, fire protection measures, and first aid
  • Fire alarm systems
  • Extinguishing systems

26. Risk of non-compliance with the principles of ethics, resulting in non-ethical culture at the organisation and claims on account of breaching the Code of Ethics Risk level: Medium Risk level change:
Area: CSR
Risk of tarnishing the Company’s reputation as one operating in compliance with ethical business principle and, thus, inability to cooperate with companies for which the ethical values are major in their operations policy. Consequent possible claims against the Company or tarnished reputation.
Risk-limiting actions:
  • Training, including e-learning
  • Communication of ethical issues in the Intranet, the corporate newsletter, on information boards at production departments, information on TV screens
  • CSR Policy
  • Respect for Human Rights Policy
  • Code of Ethics
  • Steering Committee for Sustainable Development and Corporate Social Responsibility
  • Compliance system

Legend: 
Risk level increase Risk level unchanged Risk level decrease

Below presented are two risk charts comprising solely the financial impact and reputation-related impact.

Details concerning financial risk management are presented in notes 36 and 37 to the consolidated financial statements of the Capital Group of Grupa KĘTY S.A. for the year 2022.

Diversity Policy with regard to the managing and supervisory bodies
Related to ESG