A discussion of the key risks and control actions again took place during the Supervisory Board meeting in October 2013. Compliance risks have grown since 2012. In addition to noise emission and environmental standards, key risk areas now also include safety and security, environmental, competition, tendering and privacy/information security legislation.
The 'risk resilience' of Schiphol Group was also discussed during this meeting. The ongoing financial crisis has shown us that different risks can occur simultaneously and can actually reinforce each other. Schiphol Group remains aware of this multiplier effect. Our risk management system aims to limit the adverse effects of individual risks at the outset. The relative robustness of our business with respect to temporary disruptions, negative economic developments and emergencies was also discussed. It is the individual or combined risks potentially affecting our business at the system level that form the greatest threat, e.g. in the form of reduced traffic volumes, a drop in prices or consumer spending, reduced occupancy rates in our real estate portfolio, or rising costs. One of the greatest risks in this regard is our dependence on a small number of major users that are of key importance to our destinations network. In addition to actions aimed at preventing risks, Schiphol also has measures in place to mitigate their impact, such as corporate emergency plans, conservative financing, modular investment plans, and flexibility created by outsourcing various business processes. In the event of a structural impact on our business, there are actions that can be taken to minimise the effects, such as cost reductions, rationalisation or cancellation of investments, staff reductions, and the decommissioning of operational assets.
Compliance was a significant risk management topic in 2013. Compliance governance is allocated to the Risk & Compliance Committee, which was expanded in 2013 to include a Corporate Compliance Officer. The objective of our compliance policy is to identify and manage compliance risks, and to integrate compliance into the risk-management process. An internal communication campaign will be launched in 2014, with the aim of raising awareness of compliance, and to emphasise the importance of integrity.
In addition to compliance, there is also a major focus on information security risks relating to the availability, integrity and confidentiality of information used in business processes. In 2013, a study was conducted among the managers responsible for the various business processes in order to assess awareness of information security risks. The results showed that the process owners took too little consideration of these risks in the risk-management process. In 2014, extra attention will be devoted to integrating these risks into the risk-management process among line managers.