The Group-wide risk management system is designed to identify risks that could jeopardise the company as a going concern at an early stage and to initiate suitable measures to limit or avoid them. The risk management system is applicable to all companies and functional areas of the Group, and is continuously developed further. The system is centred on four core components: risk identification, risk assessment, risk reporting and risk management.

Structure of the risk management system of the Uzin Utz Group

The risk management system of the Uzin Utz Group is clearly structured and integrated into the organisational and decision-making processes of the Group. It ensures that risks are identified early on, evaluated and controlled by implementing suitable measures, while also leveraging opportunities in a targeted manner. At present, there is no independent, systematically organised opportunity management system in place. Potential opportunities are taken into account as part of the operational management and decision-making processes and in connection with the implementation of risk management measures, without a separate management system being established for this purpose.

Supervisory Board

The Supervisory Board's remit includes the monitoring of the Group's risk management system and the provision of support to the Management Board in the early identification and mitigation of risks that could jeopardise the continued existence of the company. It regularly reviews the appropriateness and effectiveness of the system and ensures that risks and opportunities are handled in line with the corporate strategy.

Management Board

The Management Board of Uzin Utz SE is responsible for the effective management of risk. It ensures that the appropriateness, effectiveness and further development of the system are guaranteed and creates the organisational conditions for its implementation in all Group companies. The Management Board is required to submit a comprehensive report to the Supervisory Board at least twice a year. This report must include an assessment of the current risk and opportunity situation, as well as an evaluation of the system's functioning and results.

Risk Manager

The Risk Manager, who reports directly to the Chief Financial Officer, is responsible for the operational organisation, coordination and ongoing development of the system worldwide. He consolidates the risk reports from all companies, assesses them at local and Group level, and determines whether there are any risks or significant opportunities that could jeopardise the company as a going concern. On this basis, it prepares regular reports for both the Management Board and the Supervisory Board.

Country subsidiaries

It is the responsibility of the respective companies to identify, assess and report on risks. They record their risks using the Group-wide risk catalogue and document measures to reduce or avoid negative effects. Concurrently, these measures are regarded as opportunities in terms of an integrated approach if they are expected to increase efficiency, improve processes or enhance earnings. The local managing directors are responsible for checking and confirming the reports before they are sent to the risk manager. This approach ensures that company management is aware of the respective risk and opportunity situation and actively manages it.

Process of the risk management system

The risk management system of the Uzin Utz Group serves the early identification, evaluation and control of all significant risks that could have an impact on the Group's business development. The objective is to identify potential negative developments in a timely manner and to mitigate or prevent them through the implementation of appropriate measures.

The risk early warning system, as outlined in Section 91 (2) of the German Stock Corporation Act (AktG), enables the identification of potential threats to the continued existence of the company as a going concern in a timely manner, thus allowing the implementation of appropriate countermeasures. Uniform framework conditions and standards ensure the comparability of risk identification throughout the Group. The principles, guidelines, processes and responsibilities of the internal risk management system are clearly defined and established.

Risks are identified on a decentralised basis in the companies by the respective risk owners, who document and regularly update their risks in the Group-wide system. The probability of occurrence, extent of damage and early warning indicators are recorded, as are measures to avoid or reduce risks. It is evident that many of these measures have a positive impact on efficiency, quality and earnings. Consequently, they are also viewed as opportunities. The consolidated assessment and prioritisation of risks, as well as the monitoring of measures, is carried out centrally by Group Risk Management. Regular reporting to the Management and Supervisory Boards ensures that significant risks and opportunities are incorporated into decision-making processes in a transparent and timely manner.

The system is subject to continuous review and development to ensure both the transparency of risks and the systematic recording of opportunities. The objective is twofold: firstly, to ensure the Group's risk-bearing capacity, and secondly, to leverage potential to enhance the company's performance. The risk management system is comprised of the following risk groups:

In addition to risk-specific management measures, safety-orientated, commercially prudent corporate management, appropriate insurance cover and company-wide guidelines and instructions form the basis for risk-conscious action.

A special weighting system is used to categorise risks identified in accordance with their severity. The following risk categories have been identified:

• Insignificant risk
• Low risk
• Medium risk
• High risk
• Risk threatening the existence of the company

The weighting system applied is made up of various characteristics of the risks, such as the probability of occurrence, the extent of damage and qualitative criteria such as the measures taken to reduce the risks, an early warning indicator or the frequency with which the risk is reviewed. As outlined above, the risks are categorised in accordance with this qualitative weighting system. The Management Board is then informed of these categorisations. The financial risks are also assessed based on the risk-bearing capacity of the Uzin Utz Group.

Process-independent monitoring

The auditor of the Uzin Utz Group, as an independent external body within the framework of the audit of the annual financial statements, reviews the early risk detection system in accordance with Section 91 (2) AktG to determine whether it is suitable for recognising developments that could jeopardise the company's existence at an early stage. Furthermore, an analytical review of the risk queries and the risk-bearing capacity calculation based on them is carried out internally. This audit measure is designed to facilitate the identification of potential irregularities at an early stage. It also enables the evaluation of the effectiveness of the implemented risk management strategies, ensuring that risks are addressed in a manner consistent with the company's objectives.