The global COVID-19 crisis and the resulting state of emergency dominated the last few weeks of the business year 2019/20.
Pandemic, COVID-19 crisis
In the business year just ended, the novel coronavirus and its direct effects forced the voestalpine Group—as well as many other companies—into crisis mode within a very short time. This worldwide pandemic, as the World Health Organization (WHO) has classified it, has led to an unprecedented (in modern times) medical, economic, and social state of emergency that continues unabated. In order to mitigate the spread of the disease as quickly as possible, many countries have put rigorous measures into place based on national pandemic plans and laws. voestalpine immediately implemented statutory and governmental requirements with the Group’s full support. Above and beyond mandatory requirements, numerous measures were put in place as required and/or feasible, given local needs and capabilities, to protect employees and their families and support them as best as possible. These steps include supplementary safety measures regarding people’s health and hygiene in different production areas, working from home (teleworking) to the extent possible, and allowing leaves of absence for caregiving duties.
As part of Group-wide crisis management, crisis teams were established at three decision-making levels (Group, divisions, companies) that are tasked with ensuring rapid and coordinated approaches at all of the Group’s sites. This includes implementing emergency and crisis plans, subject to applicable local conditions, that help to protect employees and—where necessary and possible—to maintain operations as best as possible and ensure the organization’s stability. For example, the steps taken to manage the crisis encompass measures to secure liquidity; short time work; reduction of time credits; early annual plant/office closings; adjustment and limitation of production activities in keeping with the given supply chains; and/or temporary production shutdowns. This is complemented by the regular sharing of information with our key clients and suppliers. Emergency and crisis plans that have been put into practice as well as other implemented measures are evaluated at regular intervals during the crisis and are adjusted as necessary in the light of new information.
AVAILABILITY OF RAW MATERIALS AND ENERGY SUPPLIES
In order to ensure the supply of raw materials and energy in the required quantities and quality in the long term, the voestalpine Group has for some years already pursued a diversified procurement strategy that is appropriate to the heightened political and economic risks of this globalized market. Long-term supply relationships, expansion of the supplier portfolio as well as development of the Group’s self-sufficiency are the core elements of this strategy, which remain as important as before given the volatility of the raw materials markets (for details, see the “” chapter of this Annual Report). As far as energy supplies are concerned, the Group is continually on the look-out for alternative energy resources.
On the whole, the pandemic is disrupting global supply chains. This may trigger limitations that are imposed by suppliers and/or customers or arise from disruptions in transportation routes.
GUIDELINE FOR HEDGING RAW MATERIALS PRICE RISK
An internal guideline defines objectives, principles, and responsibilities as well as methodologies, procedures, and decision-making processes in connection with the handling of raw materials risks. Based thereon and taking into account individual specificities of the respective Group company’s business model, prices are hedged by means of delivery contracts containing fixed price agreements or by means of derivative financial instruments. Financial derivatives are deployed to hedge raw materials procurement contracts.
FAILURE OF PRODUCTION FACILITIES
In order to minimize the risk of critical facilities breaking down, ongoing targeted and comprehensive investments are made to optimize sensitive units technologically. Supplementary measures encompass consistent preventive maintenance, risk-oriented storage of spare parts as well as appropriate employee training.
FAILURE OF IT SYSTEMS
At the majority of the Group’s sites, business and production processes, which are largely based on complex information technology (IT) systems, are serviced by voestalpine Group-IT GmbH, a company that specializes in IT and is wholly owned by the Group holding company, voestalpine AG. Given the importance of IT security and in order to continue minimizing possible IT breakdown and security risks, minimum IT security standards that also encompass guidance on business continuity management were developed in the past. These minimum standards are regularly revised and adapted to new circumstances; compliance with these new standards is reviewed annually by way of an audit. Additional periodic penetration tests are carried out to further reduce the risk of unauthorized access to IT systems and applications. Broad online campaigns aimed at further sensitizing our employees to security issues were carried out yet again in the business year just ended. Increasingly, attention is being paid also to the topic of cyber security as part of these online campaigns. A working group collects evidence of potential cyber fraud attacks (such as social engineering, CEO fraud, man-in-the-middle attacks related to payments and deliveries), develops preventive measures, and reviews and adjusts existent measures as necessary. In addition, extensive online campaigns are carried out and initiatives launched with respect to special e-learning programs to both prevent potential cyber fraud attacks and further sensitize our employees to these risks.
KNOWLEDGE MANAGEMENT / PROJECT MANAGEMENT
In order to sustainably safeguard the Group’s knowledge—in particular, to prevent the loss of its know-how—complex projects initiated in the past are consistently and continually refined. Besides permanently documenting all available knowledge, new findings from key projects as well as lessons learned as the result of unplanned events are implemented as appropriate. Detailed process documentation, especially in IT-supported areas, also contributes to securing the available knowledge.
A diverse range of project management tools and suitable project monitoring are used to counteract any project risks (e.g., investments, the project business). Insights gained from earlier activities are also collected in the sense of lessons learned and form the basis of the ongoing enhancement of already available tools to ensure that they are consistently applied in connection with future projects.
Compliance violations (e.g., antitrust and corruption violations) represent a significant risk and may have adverse effects in that they may trigger both financial losses and damage to the Group’s reputation. A Group-wide Compliance management system is designed particularly to counteract antitrust and corruption violations. Regarding antitrust proceedings and allegations, see in the Notes.
RISKS OF NONCOMPLIANCE WITH DATA PROTECTION REQUIREMENTS
Violations of requirements under data protection laws may have adverse financial effects and lead to reputational damage. A data protection unit was established on the basis of the data protection requirements that apply throughout the Group. It serves to help the management of Group companies carry out their responsibilities regarding compliance with statutory and intra-Group data protection requirements.
RISKS FROM THE FINANCIAL SECTOR
Financial risk management is organized centrally with respect to policy-making power, strategy determination, and target definition. The existing policies include targets, principles, duties, and responsibilities for both Group Treasury and the financial departments of the individual Group companies. Financial risks are monitored continuously and hedged where feasible. In particular, this strategy is aimed at natural hedges and at reducing the fluctuations in both cash flow and income. Market risks are largely hedged through derivative financial instruments that are used exclusively in connection with an underlying transaction.
Specifically, financing risks are hedged using the following measures:
Liquidity risks generally consist of a company being potentially unable to raise the funds necessary to meet its financial obligations. Existing liquidity reserves enable the company to meet its obligations even in times of crisis. Furthermore, a precise financial plan that is prepared on a revolving, quarterly basis is the primary instrument for controlling liquidity risk. Group Treasury centrally determines the need for financing and bank credit lines based on the consolidated operating results.
Group Treasury conducted additional reviews in order to take current conditions resulting from the COVID-19 crisis into account. The planned liquidity needs for the next 12 months are to be covered by a liquidity reserve.
Credit risk refers to financial losses that may occur due to non-fulfillment of contractual obligations by individual business partners. The credit risk of the underlying transactions is minimized to a large degree through a large number of credit insurance policies and bankable securities (guarantees, letters of credit). The default risk related to the Group’s remaining own risk is managed by way of defined credit assessment, risk evaluation, risk classification, and credit monitoring processes. As of March 31, 2020, 81% of the company’s trade receivables were covered by credit insurance. The pandemic may trigger both a tightening of credit limits on the part of loan insurers and greater charge-offs of receivables. Counterparty credit risk in financial contracts is managed by way of daily monitoring of the ratings and any changes in the counterparties’ credit default swap (CDS) levels.
Foreign currency risk
The primary objective of foreign currency risk management is to create a natural hedge (cross-currency netting) within the Group by bundling the cash flows. In this connection, hedges are implemented centrally by Group Treasury based on derivative hedging instruments. voestalpine AG hedges the budgeted foreign currency payments (net) for the next 12 months. Longer-term hedging is carried out only in connection with contracted project business. The hedging ratio is between 25% and 100% of the budgeted cash flows within the next 12 months.
Interest rate risk
voestalpine AG conducts the interest rate risk assessment centrally for the entire Group. In particular, this entails managing cash flow risks (i.e., the risk that interest expense or interest income may undergo an adverse change). As of the March 31, 2020, reporting date, any increase in the interest rate by one percentage point would result in an increase of the net interest expense by EUR 10.9 million in the next business year. However, this is a reporting date assessment that may be subject to fluctuations over time.
voestalpine AG also assesses price risk, primarily using scenario analyses for the purpose of quantifying interest and currency risks.