Risk Management and Risk Factors
RISK MANAGEMENT FRAMEWORK
As a global Company, Eimskip is exposed to multiple risks in its daily business. Active management of risks plays a vital role in the Company to ensure stable operations and earnings. The Board of Directors is responsible for establishing and overseeing Eimskips’ risk management framework.
Eimskip’s internal control and risk management procedures regarding financial processes are designed to minimize the risk of material misstatements in financial reporting. The Company does not have an internal audit function but uses internal control systems that are monitored by management and the Audit Committee.
An independent auditing firm is elected at the Annual General Meeting each year. The auditors are tasked with reviewing Eimskip’s accounting records and material related to the Company’s operations and financial position. As such, they have access to the Company’s books and documents. They must examine the Company’s Consolidated Financial Statements in accordance with International Standards on Auditing (ISAs). Significant findings regarding accounting and internal control deficiencies are reported to the Board of Directors through the Audit Committee. Independent auditors are not allowed to own shares in the Company.
The Company goes through a detailed strategic and budgeting process each year and a strategy and budget report is prepared, which is then approved by The Board of Directors. Deviations from the strategy and budget are carefully monitored monthly.
ENTERPRISE RISK GOVERNANCE
The Board of Directors governs risk management within the Company, while the Audit Committee is responsible for regularly overseeing Enterprise Risk Management’s (ERM) framework and effectiveness. The Board of Directors periodically communicates with the CEO regarding the identification of, description of, and response to risks that the Company could face. The Executive Management is responsible for identifying material risks and developing the Company’s risk management strategy, tolerance, and appetite. Members of the Executive Management manage their Risk Portfolio; ensure that the registers are complete, accurate, and current; and ensure appropriate controls are identified and effective. All risks get an owner, which is important to ensure action and accountability.
The Company’s risk exposure is discussed at Executive Management meetings and Audit Committee meetings, and risk management and risk factors are outlined in the Annual Report. The Company’s ERM structure, roles, and responsibilities are below.
Board of Directors
Governs risk management within the Company
Audit Committee
Oversees the framework and effectiveness of ERM within the Company
Review the risk register
Enterprise risk manager
Oversee the ERM process, review the risk assessment and ensure policy compliance
Risk coordinator
Coordinates the Company’s ERM activities
Risk portfolio managers
Maintain ERM register within their Risk Portfolio
Ensure all risks are identified, accurately described and accurately scored
Executive management
Oversees the framework and effectiveness of ERM with the Company
Risk owners
Owns and manages risks that have been assigned to them
ENTERPRISE RISK MANAGEMENT
The Company has in 2023 implemented a holistic Enterprise Risk Management (ERM) framework to identify and manage risks for the Company. ERM aims to identify potential events that may affect the Company’s ability to achieve its goals and to protect and create value for the Company and its shareholders. Furthermore, it ensures risk awareness throughout the Company.
The Company regularly identifies risks through interviews with members of Executive Management and with workshops where risk owners and other stakeholders participate. Following those, likelihood and impact are assessed and relevant controls are identified. Risks are divided into 4 main Portfolios: Human Resource and Communications, IT and Data Security, Finance, and Operational.
By taking ownership of the risks, the appointed owner, responsible for managing the risk, identifies appropriate controls and ensures regular monitoring based on the risk score. Comprehensive risk management oversight is conducted through regular ERM Forum meetings.
Risk Management
HUMAN RESOURCE RISKS
Human resource risks refer to potential employee-related challenges that could impact the Company’s performance. These challenges range from employee turnover and lowered engagement to limited opportunities for learning and development or vocational training resources, decreased performance, workplace bullying, and knowledge transfer gaps. To address these risks, Eimskip has implemented various proactive strategies. These initiatives include regular employee satisfaction surveys to uncover and address underlying issues, offering competitive compensation and benefits, providing training and opportunities for professional development and career advancement, and cultivating an inclusive and positive work culture across the organization. These measures aim to enhance employee well-being and satisfaction, retention, productivity, and organizational resilience.
There are various risks related to brand and reputation. These are risks that can potentially cause damage to the Company’s brand image or perception in the eyes of stakeholders, including customers, employees, investors, and the public. These risks can come from miscellaneous sources, e.g. negative publicity, ethical misconduct, legal issues, competitive actions or actions of management or employees. Managing and mitigating these risks is crucial to maintain trust, credibility, and good will towards the Company. Eimskip does that by having clear work processes, policies, and guidelines and offering regular training to employees. There is a special crisis management team operated within the Company that comes together in case of crisis, ensuring a proactive and strategic approach to managing risks and protecting the organization’s reputation and stakeholders.
IT AND DATA SECURITY RISKS
Eimskip has identified IT and data security risks and has taken steps to mitigate the risks. Eimskip is, like any other company a target for a cyber attack and is aware of the fact that cyber attacks have become increasingly prevalent in recent years and more common to have a high impact on business continuity.
OPERATIONAL RISK
Eimskip’s operations are dependent upon many factors, e.g. access to terminals, IT systems, operation and ownership of vessels, supply of and demand for fuel, international and EU regulations on lower sulfur emissions, inflation, the reputation of the Company, and its ability to retain key personnel and customer contracts. Furthermore, refugees, stowaways, and incidents involving significant damage, loss, or environmental pollution are risk factors for the Company. Changes in the legislative, political, governmental, and economic framework may have a material impact on the Company’s business. The Company is dependent on various licenses relating to its operations and is subject to contractual risk about its obligations to fulfil multiple provisions of its contracts.
FINANCIAL RISK
Eimskip is exposed to financial risk factors, including currency risk, risk related to availability of funding, interest rate risk, liquidity risk, credit risk, tax risk, and fuel price risk.
Eimskip monitors its financial risk factors, and the Board of Directors has approved a Treasury Policy that sets acceptable risk limits and stipulates how to identify, measure, and manage financial risk exposure. The Company has a financial reporting and internal control manual to which the group entities must adhere.
Currency Risk
Eimskip is exposed to currency risk on sales, purchases, and borrowings that are denominated in currencies other than the respective functional currencies of the Group entities.
Most of the Company’s revenue and assets, obligations, and interest-bearing debt are denominated in currencies other than the Icelandic krona. Subsidiaries use the local currency as their functional reporting currency where they are based, except Eimskip Ísland ehf. and the parent company Eimskipafélag Íslands hf., where the functional currency is the EUR.
As seen from the graphs below, Eimskip’s revenue and expenses provide a natural currency hedge to a certain degree. The genuine currency balance of the Company operations provides hedging and the company further utilizes hedging instruments , such as derivatives to mitigate risk.
Assets and liabilities in the balance sheet are primarily denominated in EUR or the relevant operating currency of the entities. The mismatch of other non-operating currencies on the balance sheet is mainly related to the US dollar, as is shown in a table under note 21 in the Consolidated Financial Statements 2023
Funding and Refinancing Risk
Eimskip is exposed to risks related to the availability of funding. To some extent, the Company is dependent on access to sufficient funding at acceptable terms. It may not be able to secure new sources of liquidity or funding should projected or actual liquidity fall below the required levels. These factors could also impact Eimskip’s shareholders’ ability to provide liquidity, and there can be no assurance that the Company could obtain additional shareholder funding. To manage this risk factor, the Company seeks long-term borrowings where applicable, maintains a healthy and stable current ratio, and regularly produces internal short-term cash flow forecasts. In 2019, the Company introduced a target capital structure to keep an equity ratio of around 40% and a leverage ratio of two to three times net interest-bearing debt to EBITDA.
Interest Rate Risk
Interest rate risk is the risk borne by an interest-bearing liability, such as a loan or a bond, due to the variability of interest rates. Eimskip’s interest rate risk exposure is due to its debt and lease liabilities, mainly in EUR and USD. The Company’s long-term debt is primarily based on floating interest rates, and consequently, Eimskip is exposed to fluctuations in the general level of interest rates.
Eimskip can use the debt structure and interest rate swaps to fix interest rates on its long-term borrowings, where a certain proportion of interest rates are to be fixed according to the Group’s Treasury Policy.
The interest rate exposure is carefully monitored and reviewed in line with interest rate developments in financial markets. For further information on Eimskip’s nominal interest rates, a reference is made to note 18 in the Consolidated Financial Statements 2023.
Liquidity Risk
Liquidity risk refers to the potential difficulty Eimskip may face in meeting its financial obligations, particularly those settled through cash or other financial assets. Eimskip’s approach to liquidity management is designed to ensure it consistently maintains sufficient reserves to fulfill its obligations promptly, even in adverse conditions, without incurring unacceptable losses or risking damage to the Company’s reputation. For further information on liquidity status, reference is made to note 21 in the Consolidated Financial Statements 2023.
Credit Risk
Credit risk is the risk of financial loss if a customer or counterparty in a financial instrument fails to meet its contractual obligations and arises principally from the Company’s receivables from customers and its investment in securities.
Eimskip’s exposure to credit risk is influenced mainly by the individual characteristics of each customer. Each customer accounts no more than 10% of Eimskip’s total revenue.
Eimskip has established a Credit Policy under which each new customer is individually analyzed for creditworthiness before the Company’s standard payment and delivery terms and conditions are offered. The Company’s review includes external ratings when available and, in some cases, bank references. Customers who fail to meet the Company’s benchmark may only transact business with the Company on a pre-payment basis.
Shipped or transported goods may be withheld until payment for service rendered has been received. Eimskip usually does not require collateral concerning trade and other receivables.
Despite these precautionary measures, a general downturn in financial markets and economic activity may result in a higher volume of late payments and outstanding receivables. Eimskip’s sales will depend on the financial position of its counterparties, and there can be no guarantee that the financial position of the Company’s customers and other contract parties will be sufficient to honor their obligations under their contracts with the Company. Even though the Company seeks to recover all outstanding receivables, the write-off amount may increase. Eimskip’s trade and other receivables amounted to EUR 129.9 million at the end of 2023, representing 15.7% of the Company’s revenue.
Fuel Price Risk
Fuel supply and demand are unpredictable, and price fluctuations are based on events outside Eimskip’s control. Therefore, the Company cannot accurately predict the future availability or price of fuel. Several issues, including geopolitical developments, supply of and oil demand, actions by the Organization of Petroleum Exporting Countries (OPEC) and other oil producers, war and unrest in oil-producing countries and regions, regional production patterns, environmental concerns, and other unpredictable events can affect the availability and price of fuel. That may result in future fuel supply shortages and price increases.
Fuel costs accounted for 7.3% of Eimskip’s expenses in 2023. The Company is exposed to fluctuations in crude oil and oil product prices. To minimize its exposure to fluctuations in oil prices, the Company adds a surcharge to its prices, commonly referred to as the Bunker Adjustment Factor (BAF) and the Bunker Adjustment Trucking (BAT), depending on the oil prices at the time of transport. However, significant increases in oil prices could lead to downward pressure on the Company’s tariffs from its customers. The Company is constantly monitoring its exposure to oil price changes and may utilize hedging instruments to limit residual risk.