Internal control systems

Corbion applies the three-lines model for the internal control systems. The first line (line management) is responsible for the operational effectiveness of the internal control framework. The second line coordinates, advises, and monitors line management regarding their responsibilities for internal control. The third line is represented by the Internal Audit department, which independently reviews the risk and control framework.

Our internal control framework is not limited to the elements outlined below, as these are a summary of the controls implemented at local and corporate levels. We apply an integrated control approach, in which the effectiveness is self-assessed or monitored by the second and third line.

Business control framework

Business controls cover a broad range of policies, procedures, systems, and other measures. They provide reasonable assurance on the effectiveness and efficiency of our operational processes and ensure the output is as expected to support the realization of the company strategy and objectives. On an entity level, important elements of the framework are the business planning process and management review.

Business planning, budgeting, and management review

Based on Corbion’s strategy and plans, targets are set for the annual budget. After determining these budgets, the targets are rolled out to the responsibility areas (e.g., business units and operations) within Corbion.

Quarterly updated estimates are made based on a forecast until the end of the year. Forecasts are specifically discussed between responsibility area leaders and the Executive Committee during quarterly business review meetings. The Executive Committee monitors business performance on a monthly and quarterly basis using a defined set of key performance indicators and reviews of actual results versus budgets, quarterly estimates, and the previous year.

Local entities are visited frequently. Operational management meets at least once a month to discuss business activities and related risks, the actual performance versus budget, and other significant matters in their respective areas.

Legal and regulatory review

Local management is responsible for compliance with laws and regulations. The Legal and Compliance department is consulted by local management on an ongoing basis. Every six months, local management reports the main open legal issues with a potential gross exposure of each exceeding € 100,000 to Corporate Legal and Corporate Finance.

Regulatory Affairs is monitoring changes in regulations surrounding our products continuously and works with the first line to ensure compliance with the regulations in the markets we serve. Regulatory Affairs is reviewing compliance in several stages of Corbion's stage-gate process for product development.

Tax governance

Within the governance framework, the conduct of the group’s tax affairs and the management of tax risks are delegated to the group’s tax department with support and assistance from the group and local finance departments. Corbion considers paying taxes an important part of our corporate social responsibility. Group’s tax affairs are carried out in line with the Corbion values, the Corbion Code of Business Conduct, and the Corbion Tax Policy. Potential ethical issues related to tax are covered by the Code of Business Conduct and the related annual training programs and can be addressed under the Corbion Speak Up Policy. The Audit Committee supervises the activities of the Board of Management with respect to the tax governance framework.

We have adopted the following tax principles. These principles deal with all different types of taxes that we are obliged to report and pay in the jurisdictions in which we operate, including taxes on profits, value added taxes, wage taxes, duties, and various other taxes.

Tax strategy

Corbion’s tax strategy follows from and is aligned with the Corbion business strategy and objectives and the Corbion values. The tax strategy is an integral part of the Corbion Tax Policy, which is updated annually and reviewed and approved by the Board of Management. Furthermore, implementation and execution of the tax strategy is monitored by the Audit Committee of the Supervisory Board and discussed during regular meetings with the Audit Committee.

Business rationale and arm’s length principle

We aim to pay the appropriate amount of tax depending on where value is created in each of the jurisdictions we operate in, following the normal course of commercial activity and in accordance with domestic and international rules and standards. All our intercompany transfer pricing and policies are based on the “arm’s length principle.” Corbion abstains from setting up structures in countries on the EU list of non-cooperative tax jurisdictions or in countries that have been designated as uncooperative tax havens by the OECD Committee on Fiscal Affairs.

Relationship with tax authorities

We seek to develop mutually respectful relationships with the various national tax authorities based on trust and transparency. To accomplish this, we aim for an open and constructive dialogue with the various tax authorities on the basis of disclosure of all relevant facts and circumstances. Within this context, Corbion may apply for advance tax rulings or advance pricing agreements on the tax treatment of specific transactions in order to obtain advance certainty on the relevant tax consequences. In the Netherlands, we concluded a so-called tax covenant ('horizontal monitoring') with the Dutch tax authorities. Such covenant entails that the tax authorities can rely on Corbion to provide upfront disclosure of all relevant information, while it allows Corbion to get upfront confirmation of applicable tax treatment.

Compliance

We aim to act at all times in accordance with the letter and the spirit of all applicable tax laws, in which we are guided by the relevant local and international standards. Compliance is monitored within a global tax control framework. Corbion complies with its statutory obligations and aims to file all required tax-relevant information with the appropriate tax authorities in a timely, transparent, and complete manner. Tax-related disclosures are made in accordance with the relevant domestic regulations, as well as applicable reporting requirements under IFRS.

Insurance

Insurance is an integral part of our risk management approach, as it is an instrument to manage the financial consequences of risks. The choice to obtain external insurance cover depends on the cost efficiency of the instrument. The coverage of insurances is monitored and benchmarked regularly.

Internal control framework for financial reporting

General

Corbion is committed to maintaining high-quality, reliable financial reporting and a good control environment. All reporting entities assess the operating effectiveness of their financial closing and reporting processes, at mid-year and end-of-year, confirming compliance with the relevant guidelines and IFRS.

During 2024, our main legal entities performed quarterly self-assessments of the design and implementation of their key financial process controls. Special attention was paid to entities that migrated to the new ERP system. For these entities, the control set was redesigned, including a detailed review of proper segregation of duties in the system and a shift from manual controls to automated controls where possible. Self-assessment also includes tax governance and treasury internal controls. Improvement recommendations based on audit and self-assessment findings are followed up by local management, the status of which is monitored regularly by the Executive Committee.

Together with the Letters of Representation, this provides reasonable assurance on the integrity of our financial reporting.

Letters of Representation

Every six months, managing directors and finance directors of each reporting entity or, where applicable, other senior staff, provide a Letter of Representation to the Board of Management. This letter represents compliance with financial reporting and internal controls.

Internal control framework for sustainability reporting

^{ⓘ This chapter includes disclosures related to}^{ESRS 2 and GOV5} (new window)^.

Corbion is committed to complying with the Corporate Sustainability Reporting Directive (CSRD) framework, ensuring transparency and accountability in reporting.

Corbion reports on key sustainability metrics, including climate change, circular economy, biodiversity, water, human rights in the supply chain, consumer health and product safety, and health and safety. This reporting aligns with corporate sustainability goals and industry benchmarks.

Annual risk assessments evaluating both qualitative and quantitative impacts are conducted, through which we identify various sustainability-related risks which may materially affect reporting. A cross-departmental team evaluates potential sustainability risks, by evaluating the impacts, risks, and opportunities of identified material themes. Stakeholder feedback is also collected through surveys and incorporated into risk management strategies. Risk and controls matrices have been developed for key material sustainability metrics.

Internal controls are maintained over the data collection process by using a centralized data management system, with the data submitted by each department subjected to a multi review process. For each KPI, data reporters and data reviewers are designated at either site or corporate level. The data reporter is responsible for the annual reporting of the data via the central reporting systems and for document retention and record keeping related to this data. The data reviewer (from Finance) is responsible for the validation of the reported data. Site-specific data is consolidated and reviewed at the corporate level by Finance and the Sustainability teams.

The review includes a comparison to data from previous years and a review of changes that could have impacted the results, such as improvement projects. In case of uncertainties, data estimation may be required; this is validated as part of the review process. We strive to continuously improve our data collection process and the reliability of the data. Significant changes that impact comparability, including changes in measurement methods, are explained in footnotes.

Every year, training sessions are held for employees involved in sustainability reporting; these help to enhance their understanding of internal controls and data accuracy. Guidelines and best practices for sustainability reporting are maintained in a shared internal resource hub.

At Corbion, we constantly evaluate our risk management process and make improvements wherever possible. To address identified weaknesses, an action plan is developed based on audit findings and stakeholder feedback, with these findings reported semi-annually to the Sustainability Reporting Committee.

IT general control framework

An information technology general control (ITGC) framework is in place to ensure the proper management of IT governance in general, projects and programs, computer operations, and access management.

From an IT security perspective, the Information Security Board (composed of representatives from the Executive Committee and senior management) sets the IT security roadmap. Risk-reducing initiatives in the past years included, among others, a company-wide security awareness program, phishing tests, multi-factor authentication, penetration tests, yearly disaster recovery plan testing for selected systems, and implementation of a security policy, and a Security Operating Center. In addition, Corbion continued to strengthen its network segmentation, identify and remove vulnerabilities, and minimize external exposure. In case of data security incidents, the Data Breach Security Committee is notified to ensure proper action and communication with authorities.

Audit

Internal Audit

Internal Audit supports Corbion in accomplishing our objectives by providing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of our internal control and governance processes. Internal Audit operates according to the professional standards of the Institute of Internal Auditors. Compliance with the standards is assessed externally every five years. The Internal Audit Charter is approved by the Executive Committee and the Audit Committee. Internal Audit evaluates the implemented risks and control systems. Internal Audit supports continuous improvements by identifying best practices and recommending improvement opportunities to management. The audit plan is prepared, discussed, and agreed with relevant stakeholders including the Executive Committee and the Audit Committee. The audit plan is approved annually by the Board of Management and Supervisory Board. The plan has a rolling character so changes in priorities may be applied. Changes are discussed with the Audit Committee. A summary of all audit reports and the follow-up of open internal audit items are reported to and discussed with the Executive Committee and Audit Committee on a regular basis.

External audit and assurance

Our external financial audit engagement assesses whether our Financial statements (new window) give a true and fair view of our financial position as at year-end and of our result and cash flows for the year then ended. In 2024, the external auditor reviewed the Sustainability statements that were prepared in accordance with ESRS. Contrary to the audit of our Financial statements, this sustainability review is only aimed at obtaining a limited level of assurance.