4. Risk, opportunity and forecast report

The risk and opportunity policy of the United Internet Group is based on the objective of maintaining and sustainably enhancing the Company’s values by utilizing opportunities while at the same time recognizing and managing risks from an early stage in their development. A risk and opportunity management system which is “lived” ensures that the United Internet Group (“United Internet”) can exercise its business activities in a controlled company environment. The risk and opportunity management system regulates the responsible handling of those uncertainties which are always involved with economic activity.

4.1 Risk report

Risk management

The concept, organization, and task of United Internet’s risk management system are defined by the Management Board and Supervisory Board of United Internet AG, and documented in a risk management strategy and risk management manual which is valid for and available to all members of the Group. These requirements are regularly adapted to changing legal conditions and continuously developed. Corporate Risk Management coordinates the implementation and ongoing development of the risk management system and is responsible for the centrally managed risk management process on behalf of the Management Board. The risk management system covers only the Group’s risks, while responsibility for the early and ongoing identification, evaluation, and management of opportunities lies directly with the Group Management Board and the operating management levels of the respective segments.

Corporate Risk Management is supported by the risk management teams of the respective segments (Company Risk Management). In order to support Company Risk Management, additional local risk managers have been installed in business fields of particular importance for the Company’s business success (such as the areas “Technology & Development”). In order to facilitate the Group-wide exchange and comparison of risk information, regular Risk Manager Meetings are held between the various risk managers and also with the Company-wide, cross-functional managers.

The Corporate Audit department regularly examines the functioning and efficiency of the risk management system. As part of his statutory auditing obligations for the Annual Financial Statements and Consolidated Financial Statements, the external auditor also examines whether the risk early recognition system is generally suitable for the early identification of risks and developments which might endanger the Company so that suitable countermeasures can be swiftly introduced. The system complies with statutory requirements regarding risk early recognition systems, as well as with the version of the German Corporate Governance Code valid at the time of the last Declaration of Conformity of United Internet AG. Its design is based on the specifications of the international ISO standard ISO/IEC 31000:2018. In accordance with the regulations of the German Stock Corporation Act, the Supervisory Board also examines the efficacy of the risk management system.

Methods and objectives of risk management

The risk management system comprises those measures which enable United Internet to identify, classify in terms of money and scenario, steer, and monitor from an early stage all possible risks for the attainment of its corporate objectives with the aid of assessments and early warning systems. The aim of the Group-wide and IT-supported risk management system is to provide maximum transparency for management regarding the actual risk situation, its changes, and the available options for action so that a conscious decision can be taken to accept or avoid such risks. Risks endangering the Company must be avoided as a matter of principle. There is always an established indirect connection to central Group-wide risk management via the regular reporting channels throughout the Group and a direct connection for all major divisions. This ensures the completeness of registered risks in the risk management system.

The current status of the main risks is communicated to the Management Board and Supervisory Board four times per year. Identified important risks with an immediate impact or significant changes in the risk situation trigger an ad-hoc reporting obligation. The respective risk is then communicated immediately to the CFO of United Internet AG, who in turn reports it to the Supervisory Board where necessary. In this way, significant risks can be addressed as quickly as possible.

Risks are assessed with their net impact, i.e., effects from mitigating (corrective) measures are only considered in the risk assessment after implementation.

Risks for the United Internet Group

The assessment of the overall risk situation is the result of a consolidated examination of all known material risks. Of the total risks identified for the Group, the following sections describe the main risk categories from the Company’s point of view.

The starting point for assessing the materiality of risks is provided by the characteristics “probability of occurrence” and “potential damage”. The potential damage comprises the potential loss of revenue, as well as potential external and internal expenses. Based on the combination of probability of occurrence and potential damage, the risks are assigned as follows to one of three risk categories: „significant“, „moderate“, and „low“ risks.

Specific assessments of the Company’s Management Board regarding the Group’s risk situation, as well as the probability of occurrence, potential damage, and resulting categorization of the risks described below are provided at the end of this Risk Report.

Strategy

Shareholdings and investments

The acquisition and holding of shares in other companies and the making of strategic investments represent a key success factor for United Internet AG. In addition to improved access to existing and new growth markets, as well as to new technologies and know-how, investments also serve to exploit synergy and growth potential. However, these opportunities involve risks. For example, there is a risk that the targeted potential cannot be exploited as forecast or that acquired shareholdings will not develop as expected (non-scheduled write-downs/impairments, disposal losses, absence of dividend, or reduction of hidden reserves).

All investments are therefore subject to a continuous monitoring process by the Investment Management and are supported promptly if required. This risk is largely without relevance for EBITDA as, in the event of an incident, predominantly non-cash-effective impairments are incurred. The value of investments is continuously monitored by management and the Controlling division.

Business development and innovations

A further key success factor for United Internet is the development of new and constantly improved products and services in order to enhance sales and earnings, attract new customers, and expand existing customer relationships. There is always a risk, however, that new developments might be launched too late on the market or not be accepted by the target group as expected.

United Internet counters such risks by constantly and closely observing market, product, and competition trends, as well as by undertaking product development which constantly responds to customer feedback.

As part of its efforts to diversify the business model or expand its value chain, United Internet enters certain new, upstream or downstream markets. On January 24, 2019, the management board of 1&1 AG, a subsidiary of United Internet AG, decided with the approval of its supervisory board to apply for admission to the auction on the allocation of mobile frequencies in the 2 GHz and 3.6 GHz frequency bands and, in the event of a successful acquisition of spectrum at the auction, to establish and operate a 5G mobile network. At present, the company's mobile offerings are based on the use of third-party networks. Following its admission by the Federal Network Agency (“Bundesnetzagentur”) on February 25, 2019, the 5G spectrum auction began on March 19, 2019. 1&1 successfully completed its participation in the 5G spectrum auction on June 12, 2019 and purchased two frequency blocks of 2 x 5 MHz in the 2 GHz band and five frequency blocks of 10 MHz in the 3.6 GHz band. The total auction price amounted to € 1.07 billion. By acquiring these frequencies, the company plans to gradually develop its own powerful mobile communications network, to further expand its value added in mobile communications, and to tap new business fields. With the conclusion of the national roaming agreement with Telefónica on May 27, 2021, a further step was taken toward the Group’s own network. In August 2021, 1&1 was also able to gain the Japanese technology group and acclaimed OpenRAN expert Rakuten as its partner for the rollout of its mobile communications network. There are still risks that the network rollout will not progress at the expected speed. A delay could be caused by delivery problems with the necessary hardware or delays in the search for sites. Meanwhile, established and leading companies in Europe for radio tower infrastructure have also been found as partners for the passive technology. 1&1 will be able to benefit from their existing infrastructure.

In addition to the opportunities resulting from diversification, such an entrepreneurial decision also entails risks. These may include, for example, the risk areas “technical plant operation”, “procurement market”, “financing”, and “liquidity”. The Company attempts to minimize these risks by, among other things, cooperating with specialized partner companies as well as by preparing detailed and long-term plans in the risk areas “financing” and “liquidity”. On September 5, 2019, for example, 1&1 signed an agreement with the German Federal Ministry of Transport and Digital Infrastructure (BMVI) and the German Federal Ministry of Finance (BMF) regarding the construction of mobile communication sites in so-called “not-spots”. 1&1 is thus helping to close existing supply gaps and improve the provision of mobile communications in rural regions by building hundreds of base stations. In return, 1&1 is allowed to pay the license fees to the German government for the 5G spectrum in installments, spread over the period up to 2030.

Cooperation and outsourcing

Some operating divisions of United Internet work together with specialized cooperation and outsourcing partners in certain areas of the Company. The focus here is on objectives such as focusing on the actual core business, reducing costs, or leveraging the expertise of partners. These opportunities also involve risks in the form of dependencies on external service providers, as well as contractual and default risks.

In order to reduce these risks, detailed market analyses and due diligence reviews are carried out before major contracts are concluded with external service providers, and close and cooperative relationships are maintained with the cooperation and outsourcing partners after the contracts have been concluded.

Organizational structure and decision-making

The choice of the appropriate organizational structure is essential for the efficiency and success of the Company. In addition to the organizational structure, business success depends to a large extent on making the right decisions. The basis for such decisions can be negatively influenced by various factors, such as limited flexibility offered by existing business processes and structures, or misunderstandings caused by ambiguities in the definition of key figures. If efficiency is jeopardized by one or several factors, this represents a strategic risk for United Internet which should be avoided wherever it makes economic sense.

Due to the high degree of agility within the organization, United Internet considers itself to be generally well positioned in this respect and undertakes a number of measures to standardize and optimize processes, structures, and key figures.

Personnel development and retention

Highly skilled and well trained employees form the basis for the economic success of United Internet. In addition to the successful recruitment of qualified personnel (see also the “personnel recruitment” risk), personnel development and the long-term retention of top performers within the Company are strategically important. If the Company fails to develop and retain executives and employees with specialist or technological knowledge, there is the danger that United Internet may not be able to effectively conduct its business and achieve its growth targets. The concentrated accumulation of strategic knowledge and skills (so-called head monopoly) can have a considerable impact on the performance of the Company if the corresponding employee is no longer available.

United Internet counteracts this risk by continuously nurturing employee and management skills. For example, it offers targeted measures for professional development, mentoring and coaching programs, as well as special offers for high potentials geared to talent development and retention and leadership skills.

For further information on topics such as “HR Strategy and HR Organization“, “Training and Education”, “Diversity and Equal Opportunities”, as well as “Occupational Health and Safety”, please refer to the chapter “United Internet as an Employer” in the Sustainability Report 2021 of United Internet AG, which will be published in April 2022 (at https://www.united-internet.de/en/investor-relations/publications/reports.html).

Market

Sales market and competition

The markets in which United Internet operates are characterized by strong and sustained competition. Depending on the strategy of the parties involved in the market, different effects may occur which may lead also involve adjustments to the Company’s own business models or pricing policy. The entry of new competitors might also jeopardize market shares, growth targets, or margins. In addition, United Internet itself occasionally enters new, additional markets with large competitors. Such an entrepreneurial decision is always associated with new risks.

United Internet attempts to minimize these risks by means of detailed planning based on internal experience and external market studies, as well as by constantly monitoring the market and the competition.

Procurement market

A gap in the procurement or delivery of resources required for business operations may also lead to bottlenecks or outages at United Internet. This applies both to the purchase of hardware and the purchase of wholesale services. Increases in the price of purchased products and services represent a risk for the targeted margins. Planned positive effects from contractually fixed price adjustment rounds can become a risk for the achievement of the Company's periodic targets due to time delays.

United Internet counters these risks by cooperating with several long-term service providers and suppliers, contractual obligations, and – where it makes economic sense – by expanding its own value chain.

Financial market

United Internet’s activities are fundamentally exposed to risks on the financial market. In particular, these include risks from changes in interest rates and exchange rates.

Interest

The Company is exposed to interest risks as the major share of its borrowing bears variable interest rates with varying terms. As part of its liquidity planning, the Company constantly monitors the various investment possibilities and debt conditions. Any borrowing requirements are met by using suitable instruments to manage liquidity. Surplus cash is invested on the money market to achieve the best possible return. Due to developments on the global finance markets, the interest risk remained largely unchanged. Market interest rate changes might have an adverse effect on the interest result and are included in our calculation of sensitive factors affecting earnings. In order to present market risks, United Internet has developed a sensitivity analysis which shows the impact of hypothetical changes to relevant risk variables on pre-tax earnings. The reporting period effects are illustrated by applying these hypothetical changes in risk variables to the stock of financial instruments as of the balance sheet date.

Currency

The currency risk mainly results from operations (if revenue and/or expenses are in a currency other than the Group’s functional currency) and its net investments in foreign subsidiaries.

Personnel recruitment

It is therefore essential that human resources are effectively controlled so that the Company can ensure its short- and long-term needs for staff and the requisite expertise. If United Internet is not able to attract managers and employees with specialist and technological knowledge, it would not be able to effectively conduct its business and achieve its growth targets.

As an attractive employer, the United Internet believes it is well placed to hire highly skilled specialists and managers with the potential to drive its business success in the future. This was confirmed in the past years by the Top Employers Institute, which awarded United Internet the accolade “Top Employer 2021”.

For further information on topics such as “HR Strategy and HR Organization“, “Training and Education”, “Diversity and Equal Opportunities”, as well as “Occupational Health and Safety”, please refer to the chapter “United Internet as an Employer” in the Sustainability Report 2021 of United Internet AG, which will be published in April 2022 (at https://www.united-internet.de/en/investor-relations/publications/reports.html).

Provision of services

Work processes

In view of the ever-increasing complexity and interoperability of the products offered, there are steadily growing demands placed on the development of internal work processes. This also involves an ever-higher degree of coordination The particular challenge is to ensure quality standards especially in view of fast-changing market events – and on numerous differing domestic and foreign markets.

The Company counters these risks by continuously developing and enhancing its internal processes, pooling and retaining its experts and key personnel, and continuously optimizing its organizational structures.

Information security

United Internet generates its commercial success largely in the telecommunications market and within the environment of the internet. In order to provide products and services, the Company uses information and telecommunication technologies (data centers, transmission systems, connection nodes, etc.) in its business processes which are closely networked with the internet and whose availability may be endangered by threats from the internet.

In order to continue to deal with such risks quickly, the existing monitoring, building access, and alarm system, together with the necessary processes and documentation, is continuously optimized.

There is also the risk of hacker attacks with the aim of stealing or deleting customer data, or using services fraudulently. In the fiscal year 2021, an increasing professionalization of the attackers and their attack methods was observed once again. According to the German Federal Office for Information Security (BSI), the number of known new malicious program variants amounted to around 144 million in the period June 1, 2020 to May 31, 2021.

United Internet counters this risk with the aid of virus scanners, firewalling concepts, self-initiated tests, and various technical monitoring mechanisms.

The threat potential of the internet is one of the largest threat groups for United Internet with regard to its effects, which are all monitored by numerous technical and organizational measures. Of particular relevance in this respect are the operation and continuous improvement of the security management system and the steady enhancement of system resilience.

Capacity bottlenecks

Due to temporary or permanent shortages of technical resources, e.g., due to the temporary overloading of systems or a lack of resources to operate data centers, existing capacities might be exceeded and consequently the planned provision of services could be jeopardized, threatening a corresponding loss of sales. Risks from the procurement of resources, such as products or services on the market, are not taken into account here.

In order to counter these risks, several internal stores are maintained. In addition, the Company is in close contact with energy suppliers, for example, in order to coordinate emergency concepts regarding the data centers. In the case of outages, these can be compensated for at short notice by implementing the aforementioned measures.

Projects

The classic project objectives of quality, time, and budget are defined before or at the start of a project and are thus the subject of entrepreneurial planning. If potential risks already become apparent in the course of planning or project design (e.g., in the case of the planned construction of the Company’s own mobile communications network) or if negative deviations from these plans become apparent in the course of a project’s implementation, these are recorded as risks. Moreover, projects may also involve risks that do not affect the project itself but arise after the project has been completed (e.g., security vulnerabilities in new software code).

Active project management ensures that risk-reducing measures are already implemented during the project. In addition to maintaining the current professional project management, the Company reduces the aforementioned risks by holding regular specialist project management training courses, in order to improve such aspects as security or data privacy requirements. Project objectives are also closely monitored by management and the Controlling division

Technical plant operation

United Internet’s products and related business processes are based on a complex technical infrastructure and a number of success-critical software systems (servers, customer relationship databases, and statistics systems, etc.). Constantly adapting this infrastructure to changing customer needs leads to greater complexity and regular changes. In addition to major events, like the migration of databases, this may lead to various disruptions or defects. Should this affect our business systems or their databases, for example, daily account debiting may be delayed or no longer possible. Should this affect our performance systems, for example, United Internet may not be able to provide its customers with the promised service, on a temporary or longer-term basis.

The Company meets these risks by making targeted adjustments to the architecture, introducing quality assurance measures, and establishing spatially separated (geo-redundant) core functionalities.

For the operation of systems, there is a risk of targeted attacks from inside and outside the Company, e.g., from hackers or manipulation by staff with access rights, which may result in non-availability or a deterioration of services.

In order to counter this risk, the Company takes a wide variety of software- and hardware-based safety precautions to protect the infrastructure and its availability. By dividing responsibilities, the Company has made sure that activities or business transactions involving risks are not carried out by single employees but on the basis of the “double-check principle”. Manual and technical access restrictions also ensure that employees may only operate within their particular area of responsibility. As an additional precautionary measure against data loss, all data are regularly backed up and stored in separate, i.e., geo-redundant, data centers.

Compliance

Data privacy

It can never be fully ruled out that data privacy regulations may be contravened, e.g., by human error or technical weaknesses. In such cases, United Internet faces fines and the loss of customer confidence.

United Internet stores the data of its customers on servers according to international security standards at its own and at rented data centers. The handling of these data is subject to extensive legal regulations.

The Company is aware of this great responsibility and attaches a high degree of importance and care to data privacy. By using state-of-the-art technologies, continuously monitoring all data-privacy and other legal regulations, providing extensive staff training on data protection regulations, and involving data protection aspects and requirements as early as possible in product development, United Internet continuously invests in improving the standard of its data privacy.

The new rules of the EU General Data Protection Regulation (GDPR) came into force in May 2018. Due to increased sanctions for breaches of duty, data protection risks have increased. In addition to higher sanctions, GDPR also includes new regulations regarding consent declarations, as well as new obligations for reporting to authorities and those affected in the case of data loss. With the Telecommunications Telemedia Data Protection Act (“Telekommunikation-Telemedien-Datenschutz-Gesetz” - TTDSG), the data protection regulations of the Telecommunications Act (“Telekommunikationsgesetz” - TKG) and Telemedia Act (“Telemediengesetz” - TMG) have been transferred to a separate law as of December 1, 2021.

Misconduct and irregularities

Non-compliance or non-observance of social norms, trends, and peculiarities can lead to misconduct and wrong decisions and thus to a loss of revenue. As an internationally operating company, United Internet also faces the challenge of countering such negative factors through adequate management in the area of internal processes and procedures. Not every decision or business practice that is unobjectionable from a legal point of view is also acceptable in the respective cultural, ethical, or social context.

United Internet counters the risks arising from misconduct and breaches of rules with its “culture of togetherness”, the provision of a Code of Conduct, country-specific management, and compliance as an integral part of corporate culture.

United Internet is not aware of any significant risks in this field at present.

Legislation and regulation

Changes in existing legislation, the enactment of new laws, and changes in government regulation issues may have unexpected negative effects on the business models pursued by United Internet and their further development. In the Consumer Access segment in particular, the decisions of the Federal Network Agency and the Federal Cartel Office have an influence on network access and the pricing of internet access tariffs. Price increases of network providers from whom United Internet purchases pre-services for its own customers can have a negative impact on the profitability of tariffs. In the same way, there is also the possibility that a lack of regulation may lead to a deterioration of market circumstances for United Internet.

United Internet attempts to counter this tendency toward an increasing regulation risk by cooperating with various pre-service providers and by actively participating in the activities of industry associations.

Litigation

United Internet is currently involved in various legal disputes and arbitration proceedings arising from its normal business activities. The outcome is by definition uncertain and thus represents a risk. Insofar as the size of the obligation can be reliably estimated, accruals are formed for such risks from litigation, where permissible.

In 2019, an advance service provider filed claims in the low three-digit million range (for the purposes of internal classification, amounts of up to € 333 million are defined as being in the low three-digit million range, and the claims filed do not exceed this amount in total).

Tax risks

As an internationally operating company, United Internet is subject to the tax laws applicable in the respective countries. Risks may arise from changes in tax laws and double taxation agreements, or case law, as well as from differences in the interpretation of existing regulations.

United Internet counters these risks by continuously expanding its existing tax management system.

Finance

Financing

The main financial liabilities incurred by United Internet AG for the financing of its activities include bank loans, overdraft facilities, and other financial liabilities. United Internet AG holds various financial assets which result directly from its business activities. They consist mainly of shares in affiliated companies and investments, as well as receivables from affiliated companies. As of the balance sheet date, the Company almost exclusively held primary financial instruments.

The aim of financial risk management is to limit risks through ongoing operating and financial activities.

Fraud and credit default

In order to meet the requirements of dynamic customer growth and provide services as quickly as possible in the interests of its customers, United Internet has largely automated its order and provision processes – as have many other companies in such mass market businesses. The nature of such automated processes provides possibilities for attacks from fraudsters. Due to the strong appeal of the products and services offered, not only the number of customers is increasing but also the number of non-payers and fraudsters. Consequently, the amount of credit default has risen.

United Internet attempts to prevent such fraud attacks – or at least to recognize and end them at an early stage – by permanently expanding its fraud management capabilities, working closely with pre-service providers, and taking account of such risks in the design of its products.

Liquidity

The general liquidity risk of United Internet AG consists of the possibility that the Company may not be able to meet its financial obligations, such as the redemption of financial debts. The Company’s objective is to continuously cover its financial needs and secure flexibility, for example by using overdraft facilities and loans.

Group-wide cash requirements and surpluses are managed centrally by the cash management system. By netting these cash requirements and surpluses within the Group, the amount of external bank transactions can be minimized. This is managed, e.g., by using cash pooling processes. The Company has established standardized processes and systems to manage its bank accounts and internal netting accounts, as well as for the execution of automated payment transactions. In addition to operating liquidity, United Internet AG also holds other liquidity reserves, which are available at short notice.

Acts of God

External events such as natural disasters (earthquakes, floods, tsunamis, etc.), personnel crises (pandemics, strikes, etc.), infrastructure crises (power outages, road damage, etc.), or violent incidents (rampage, terrorist attacks, war, etc.) may affect United Internet's operations.

United Internet counters these risks as far as possible with a variety of measures. Examples include the establishment of building access restrictions, the operation of georedundant data centers, or (as in the current case of the coronavirus) hygiene precautions, location-independent workplaces, the use of modern communication media to avoid travel, and the elaboration of emergency concepts.

Additional disclosures on risks, financial instruments, and financial risk management

Further details on risks, financial instruments, and financial risk management are provided in note 43 “Objectives and methods of financial risk management“ in the Notes to the Consolidated Financial Statements.

Management Board’s overall assessment of the Group’s risk position

The assessment of the overall level of risk is based on a consolidated view of all significant risk fields and individual risks, also taking account of their interdependencies.

  • From the current perspective, the main challenges are the risk fields “Legislation & regulation”, “Litigation”, and “Information security”.
  • The conclusion of the national roaming agreement between 1&1 and Telefónica Germany in 2021 (after the acquisition of the necessary 5G spectrum in 2019) laid the foundation for the transformation of 1&1’s business model from a virtual mobile communications network operator to a real mobile communications network operator. The expansion of the value chain and the tapping of this business field involves significant risks, which are typical for a network operator. The most significant current risk in this connection is in the risk field “Legislation & regulation”, which rose from Moderate to Significant in the fiscal year 2021. Among other things, this is because the Federal Network Agency may consider postponing its scheduled low-band spectrum awarding (800 MHz) or prolonging the corresponding spectrum allocations. The lack of access to low-band spectrum as of 2026 would represent a significant risk for 1&1 AG and thus also for United Internet AG. Due to their physical properties, low-band frequencies have a longer range and better penetration (than high-band frequencies) and thus enable cost-effective coverage in rural areas with widely spaced cell towers, while also improving reception inside buildings.
  • The risk assessment of the risk field “Business development & innovations” was reduced from Significant to Moderate due to the progress of measures taken.
  • Otherwise, the risk classifications of the risk fields of United Internet AG as at December 31, 2021 were unchanged from December 31, 2020.

The continuous expansion of its risk management system enables the United Internet Group to limit risks to a minimum, where economically sensible, by implementing specific measures.

Compared to the previous year, the overall risk has risen in total. This is due to the update regarding the transformation of 1&1 AG to a mobile communications network operator and the risks associated with the construction of its own high-performance mobile communications network, which are accompanied by appropriate risk-reducing measures.

In the assessment of the overall risk situation, the existing opportunities in the United Internet Group were not taken into consideration. There were no risks which directly jeopardized the continued existence of the United Internet Group in the fiscal year 2021, nor as of the preparation date for this Management Report, neither from individual risk positions nor from the overall risk situation.

Probability of occurrence, potential damage, and the classification of risks from the Group's perspective and their relevance for the various segments/divisions:

Main segment
relevance

Probability of occurrence

Potential damage

Risk classification

Change over previous year

Risks in the field of “Strategy"

Shareholdings & investments

Corporate

Low

Low

Moderate

🢂

Business development & innovations

Consumer Access

Low

Low

Moderate

🡾

Cooperation & outsourcing

Business Applications

Low

Very low

Low

🢂

Organizational structure & decision-making

Business Applications

Low

Very low

Low

🢂

Personnel development & retention

Business Applications

High

Low

Moderate

🢂

Risks in the field of “Market”

Sales market & competition

Consumer Applications
Business Applications

Low

High

Moderate

🢂

Procurement market

Business Access

Low

High

Moderate

🢂

Financial market

Business Applications

Very high

Very low

Low

🢂

Personnel recruitment

Business Access
Business Applications

High

Very low

Low

🢂

Risks in the field of “Service Provision”

Work processes

Business Applications

Low

Low

Moderate

🢂

Information security

Business Applications

Very low

Extremely high

Significant

🢂

Capacity bottlenecks

Business Applications

High

Very low

Low

🢂

Projects

Consumer Access

Low

High

Moderate

🢂

Technical plant operation

Business Applications
Corporate

Very low

Very high

Moderate

🢂

Risks in the field of “Compliance”

Data privacy

Consumer Applications

Low

Very high

Moderate

🢂

Misconduct & irregularities

Currently no significant risks

Low

🢂

Legislation & regulation

Consumer Access

Low

Extremely high

Significant

🡽

Litigation

Consumer Access

Low

Extremely high

Significant

🢂

Tax risks

Business Applications

High

Very low

Low

🢂

Risks in the field of “Finance"

Financing

Business Applications

Very low

Very low

Low

🢂

Fraud & credit default

Consumer Access

Very high

Low

Moderate

🢂

Liquidity

Business Applications

High

Very low

Low

🢂

Risks in the field of “Acts of God”

🢂

Acts of God

Consumer Access

Low

High

Moderate

🢂

Legende: 🡾 improved 🢂 unchanged 🡽 worsened