2.8 CORPORATE RISK MANAGEMENT WITHIN THE
POŠTA SLOVENIJE GROUP
2.8.1 Overview of risk management within the Pošta Slovenije Group
Pošta Slovenije Group is aware that the identification and management of risks is a key factor to its performance in a rapidly changing and uncertain environment. We manage these risks in the scope of the comprehensive corporate risk management system (hereinafter: CRM), which in terms of organisation is positioned under the Controlling OU. The system is verified and updated constantly with the aim of ensuring that the significant risks to which the Pošta Slovenije Group is exposed are identified in a timely manner, assessed and appropriately managed.
On the basis of an analysis, the CRM Committee enters risks significant for the Group’s operations in a register of risks. In the register, risks are evaluated and defined in terms of timing and assigned so-called risk administrators. The risk management methodology, measures and indicators are also defined.
In accordance with the methodology, an annual assessment of risk exposure is drawn up when the Group’s business-financial plan is drafted. That assessment is updated throughout the year. Based on the annual assessment of exposure, reports on corporate risk management at the Pošta Slovenije Group are drafted quarterly and annually, and include an assessment of management for the specific risks in the risk register report. Risk management assessments range from less successful to reasonably successful and successful, or an entry is made indicating that a risk was not realised.
2.8.2 Risk management in 2020 within the Pošta Slovenije Group
The Pošta Slovenije Group was exposed to numerous risks in 2020, singling out the risks associated with the COVID-19 pandemic, which among other things required a revised business-financial plan for 2020. Given the revised business-financial plan for 2020, we assess that risk management was successful according to the applied assessment methodology.
The Pošta Slovenije Group was exposed to the following categories of risk in 2020:
purchasing and sales risks (loss of market share, securing of resources);
business risks (strategic links and investments, real estate management, development risk);
operational risks (functioning of the postal network and the IT infrastructure, human resource risks and security risks);
financial risks (credit and interest-rate risk); and
legislative and regulatory risks.
Purchasing and sales risks
Purchasing and sales risks include the risk of the loss of market share (the macroeconomic situation, the general decline in traditional services, the operations of the competition and failure to achieve planned growth in operations, the COVID-19 pandemic) and risks associated with securing resources. We believe that we successfully managed sales risks, Pošta Slovenije responded rapidly to the circumstances created by the COVID-19 pandemic, and despite often very difficult conditions we succeeded in ensuring the smooth flow of postal, parcel and other services. The loss in sales revenue amounted to ca, EUR 9 million during the first wave of the pandemic, as the coronavirus slowed economic growth. However, during the second wave of the pandemic, the decline was also nullified at the end of the year through the measures for the containment of COVID-19. Due to the measures employed to contain the pandemic (closure of stores with non-essential goods) and the accelerated transition to e-substitutes, the Letters Division saw a decline, while the impact of the decline on other services was lower and did not have such a significant impact on the Company’s performance. High growth in revenue as a result of the pandemic was seen in parcel services, where revenue increased during the first wave of the pandemic due to measures employed to contain the pandemic and the resulting increase in online purchases (B2C segment). Growth then slowed gradually but rose again significantly during the second wave. Growth in revenues from parcel services was sufficiently high to cover the entire loss in revenues in all other business segments at the end of the year. Purchase risks were successfully managed, as realisation was below the planned figure. The Intereuropa Group and other Pošta Slovenije Group subsidiaries, which successfully managed the negative impact of COVID-19 on their operations, were equally successful with their response to the situation caused by COVID-19.
Business risks include risks associated with strategic links and investments, real estate management and development-related risks. Pošta Slovenije faces a number of challenges in the area of strategic links. For this reason, several organisational, sales-related and optimisation measures were adopted in this area. The implementation of investments in the planned value represents a challenge every year. We optimised the portfolio of projects set out in the Strategic Development Programme, reset the priorities of individual projects and kicked-off certain new projects. Other subsidiaries disclosed the largest exposures in the area of investment goals, primarily due to the delay associated with planned investments.
Managing operational risks is important for the smooth functioning and successful development of the Company. In the scope of operational risks, we monitor the functioning of the postal network and the IT infrastructure, human resource risks and security risks.
The greatest risk regarding the postal network is the failure to ensure the level of the quality prescribed for the delivery of postal items in domestic and international mail as set out in the General Act on the Quality of Provision of Universal Postal Services, which is defined by the Rules on the Quality and Method of Provision of Universal Postal Services. This risk is managed through the daily monitoring of the process and flow of mail items, from collection to delivery. The quality of domestic postal item deliveries is measured in line with the requirements of the relevant standard. Despite problems securing human resources and scope of work, the achieved level of quality was appropriate.
Due to the large number of employees, Pošta Slovenije is highly exposed to human resource risks that are linked to qualifications and errors in work processes and procedures, abuse and fraud by employees, the unavailability of employees due to sick leave, high employee turnover rate and strikes. The risk of a strike was successfully managed in 2020 through social dialogue and through the consistent fulfilment of commitments from the agreements concluded in 2019 and 2020. Exposure to human resource risks at other Group companies is low given their number of employees.
A great deal of attention is given to security risks due to the nature of operations (e.g. cash operations, the scope of operations, the number of employees and the size of the IT infrastructure). We organised numerous employee training events in this area and adopted various measures such as physical and technical security measures, self-protection practices for employees, the functioning of an internal control centre, etc. In the area of information security, internal and external audits of specific segments of the information system were carried out in line with legal requirements and at the Company’s own initiative. We implemented other measures such as the centralised allocation of the necessary rights, separate domains (e.g. development, test and production environments), the recording of incidents, multi-layered firewalls, and the use of a centralised control and management system. The Intereuropa Group was most exposed to the risk of fraud by the Executive Management of its subsidiaries, which it effectively managed and reduced the level of exposure through the measures it adopted.
Special attention is devoted to credit risk due to the situation caused by COVID-19. The Pošta Slovenije Group actively managed trade receivables again in 2020, and assesses that credit risk is appropriately managed. The Pošta Slovenije Group is in a more favourable position in this regard owing to the nature of products, the activities of major customers, its highly dispersed customer base and the active collection of receivables. The Intereuropa Group manages risks in connection with late payments and default through defined control limits and mechanisms for approving exposure to credit risk for major customers.
Similar to all postal service providers, Pošta Slovenije is involved in international postal transactions. Nevertheless, the majority of its cash flows are in EURos. The volume of transactions in foreign currencies is insignificant. Exposure to currency risk at Pošta Slovenije is thus negligible. Exposure to the aforementioned risk increased with the integration of Intereuropa, as the exposure to that risk has been assessed as moderate at Intereuropa. Exposure to interest-rate risk, which represents the risk of changes in interest rates on deposits and loans, was successfully managed and the risk was not realised. Intereuropa successfully refinanced all of its financial liabilities at the beginning of 2020.
Exposure to liquidity risk, which derives from maturity mismatches between the Company’s assets and liabilities that could result in insolvency, is low and is successfully managed. The aforementioned risk is managed through the prudent planning of cash flows (investment expenditure, bank guarantees, loan drawdown, the management of credit risk and current operations).
Legislative and regulatory risks
Legislative risks were successfully managed and were not realised. Exposure to this risk was low upon the amendment to the Minimum Wage Act. We were actively engaged in managing regulatory risks and communicated regularly with AKOS, filing a request to raise the prices of USO services, which was approved, and cooperated with the competent ministry. The Intereuropa Group was highly exposed to the risk of the loss of customs terminal status at two of its subsidiaries, which it effectively managed and reduced the level of exposure through the measures it implemented.