Risk management

Framework

Our approach to risk management

Given the complexity of worldwide operations in various markets and jurisdictions, Corbion needs to ensure timely identification and effective management of all significant risks inherent to the execution of our strategy to support the realization of our objectives. Corbion has an enterprise-wide risk management (ERM) program in place to preserve our reputation, assets, competitive edge, and profits, including the impacts of climate change and other sustainability impacts. ERM is the process of systematically identifying, analyzing, evaluating, and addressing risks that may impact the achievement of Corbion’s objectives.

Our approach to risk management aims to achieve a reasonable level of assurance to realize our objectives, in line with the Enterprise Risk Management framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Our approach aims to embed risk awareness and risk management at all levels of Corbion to ensure that decisions are taken with due consideration of the inherent risks in relation to the risk appetite. Risk management is an integral part of running the business and therefore owned by line management (first line). Our risk management approach covers strategic, operations, compliance, and reporting risks, as illustrated below.

The implementation of the main COSO framework elements is explained in the illustration.

Control environment

The control environment is the combination of standards, processes, culture, and structures that provide the basis for carrying out internal control across the organization. The Executive Committee sets the tone at the top as to the importance of internal control including expected standards of conduct. An important principle of the control environment is the commitment of the Executive Committee to integrity and ethical values, which is demonstrated by the programs mentioned below.

Business conduct and compliance

Business Conduct Program and Governance

Corbion’s Business Conduct Program combines the legal requirements of the countries where we operate and international standards, resulting in a framework that regulates how all Corbion employees interact with colleagues, business partners, governments, and communities. We translate these legal requirements and standards into our Code of Business Conduct, internal policies, and procedures to make them accessible to everyone. Often, we go beyond what is required by local legislation to create a single global integrity approach within Corbion.

The three lines model used in Corbion also applies to business conduct:

The Executive Committee has overall responsibility for the Business Conduct Program and oversees its execution. To this end, they drive awareness (tone at the top), establish an effective global business conduct governance framework to ensure compliance with applicable laws, our Code of Business Conduct and underlying policies across the entire company, and ensure allocation of appropriate resources for the upkeep and further development of the Business Conduct Program. The business is in the first line and is responsible for identifying and managing risks within their own areas. This includes implementing internal controls, adhering to policies and procedures, and ensuring compliance with regulatory requirements.

As the second line, Corbion’s Legal and Compliance department sets the strategic directions, develops policies, monitors, and supports the execution of the Business Conduct Program. The Legal and Compliance department works closely with other departments (e.g., Risk Management, Internal Audit, HR, Finance, Customer Service, Procurement, and Communications) and external stakeholders (e.g., law firms, consultants, and compliance software providers) to enable the proper rollout of the Business Conduct Program throughout the organization.

Internal audit (third line) provides independent assurance on specific business conduct aspects.

Each year, Corbion’s Compliance Officer reports to the Audit Committee of the Supervisory Board on the status of the Business Conduct Program. In the event of significant incidents, the Audit Committee is immediately informed by the Executive Committee.

Business Conduct Lifecycle

An effective business conduct program consists of several core elements that operate to prevent, detect, and correct misconduct. The Business Conduct Lifecycle is a process to continuously apply these core elements in order to further improve the Business Conduct Program.

The six-step framework outlined below has the advantage of integrating rules and controls into a larger whole that includes communications, awareness, training, and support.

These critical elements form the backbone of our comprehensive Business Conduct Program:

Risk assessment: Collaborating with business owners and Risk Management, we continuously monitor upcoming legislation that may impact our activities (e.g., artificial intelligence regulation, new sanctions as a result of a conflict). Our goal is to identify and address compliance risks most relevant to Corbion’s business.
Policies, procedures, and tools: We ensure that appropriate policies, manuals, procedures, templates, and software tools are in place, accessible, and up to date.
Business Conduct Network: We establish a network to support ongoing business conduct processes. Our Business Conduct Coordinators play a supporting role in embedding Corbion’s policies within the organization.
Communication, information, and awareness: Working closely with management and Communications, we facilitate regular communication regarding Business Conduct initiatives. We keep the Business Conduct and Privacy pages on our company intranet updated with resources which are relevant to employees and other internal stakeholders. Additionally, information relevant to our external stakeholders – such as our external Speak Up platform and privacy policies – is readily accessible on our website (new window).
Training and advice: We develop and roll out regular training sessions on business conduct matters to employees. We maintain various channels to ensure our colleagues, business partners and other external stakeholders have easy communication channels with the business conduct function about various business conduct matters. We continuously support our colleagues with ongoing business conduct matters, including advice on contract negotiation, due diligence requirements, and impact assessments.
Monitoring/auditing: In collaboration with Internal Audit, we audit specific high-risk processes and take remediation measures if needed.

Code of Business Conduct and underlying policies

At the heart of our Business Conduct Program is the Code of Business Conduct (new window). Our Code states the values and principles that guide our work at Corbion and sets out the expected standard of behavior for everyone working for Corbion. Our Code applies to all activities we perform on behalf of Corbion wherever they take place and to everyone working for our company.

Guided by the principles of the UN Global Compact and the OECD Guidelines for Multinational Enterprises, our Code of Business Conduct articulates the values that steer our actions at Corbion and outlines principles with respect to personal and business conduct, asset protection, employment standards, and our commitment to sustainability.

Our Code is available in the six most used languages within the company. Our Code serves as an umbrella for underlying policies. These policies address critical areas such as competition law, anti-bribery, anti-retaliation, conflicts of interest, privacy, economic sanctions, and insider trading.

To ensure effective implementation, Corbion maintains a network of regional Business Conduct Coordinators who help embed the Code of Business Conduct and the underlying policies into local operations. Additionally, they serve as a local point of contact for management and employees.

Speak Up channels and Anti-Retaliation Policy

^{ⓘ This chapter includes disclosures related to}^{ESRS S1-3} (new window)^.

Under our Speak Up Policy (new window), which has been revised to comply with the requirements of the EU Whistleblower Directive and its implementing national laws, Corbion employees – whether permanent staff, contingent workers or interns – have multiple channels to report misconduct and (potential) violations of laws, the Code of Business Conduct, and underlying policies. They can reach out to their manager, local HR contact, or the regional Business Conduct Coordinator.

Additionally, the 24/7/365 Corbion Speak Up platform enables direct reporting to the Business Conduct Committee. Anonymity is preserved for those who choose to report without identification. The Business Conduct Committee is composed of the Chief Human Resources Officer, the VP Legal and Compliance, and the Senior Director Internal Audit. Our Speak Up platform includes a toll-free phone number and a global web service, which are operated by an independent service provider to ensure the confidentiality of the report.

In 2019, Corbion introduced the external Speak Up platform, extending the existing reporting platform to our external stakeholders, including customers, suppliers, communities, distributors, and agents. The external Speak Up platform can be used to raise concerns about (suspected) violations of the Corbion Code of Business Conduct, Corbion’s Supplier Code, Corbion’s Cane Sugar Code, or any applicable laws.

In 2023, both the internal and external Speak Up Policies underwent review, and a dedicated Anti-Retaliation Policy was introduced to align with the requirements of the new EU Whistleblower Directive and its national implementing laws in Europe.

Reports from both internal and external Speak Up platforms flow directly to the Business Conduct Committee. This Committee ensures that each report is properly investigated by qualified individuals (internal or external) and that the investigation process and any disciplinary measures are applied in accordance with applicable laws and in a consistent manner across the company.

Breaches of the Code of Business Conduct may result in disciplinary actions, including termination of employment. The outcome of the investigations as well as any disciplinary measures taken are documented and reported bi-annually to the Executive Committee and Audit Committee.

Corbion does not tolerate retaliation against those who report misconduct or support investigations into such behavior.

Code of Business Conduct training

Every year, all Corbion employees – including permanent staff, interns, and contingent workers with a contract of three or more months – are required to participate in a mandatory training on our Code of Business Conduct. Employees receive training in their local language through an e-learning course or by attending a live classroom session. Course materials are updated annually, considering the most relevant risks at the time of the release and the topics that were brought up in Speak Up reports in the previous year. Corbion has a strict policy on attendance to the Code of Business Conduct training.

In addition, selected groups of employees need to follow mandatory e-learning trainings every two years with respect to anti-corruption and competition law.

Compliance statement

Every year, during the annual Code of Business Conduct training, employees confirm their compliance with the Code and underlying policies by signing a compliance statement.

In terms of our onboarding program, our standard employment contracts contain a clause with respect to adherence to the Code of Business Conduct. New hires, including interns and contingency workers, are introduced to our Code as soon as they join Corbion and are required to complete the Code of Business Conduct training in the first six weeks of employment.

Conflict of Interest Policy

The purpose of our Conflict of Interest Policy is to provide guidance in identifying and handling potential, perceived, and actual conflicts of interest within Corbion. Conflicts of interest arise when our personal activities or relationships influence or appear to influence our business decisions on behalf of Corbion. Conflicts of interest endanger the relationship Corbion has with its business partners and other stakeholders; they could harm the credibility of Corbion, and even lead to loss of business and reputation.

In January of every year, the Supervisory Board, Executive Committee, and direct reports of the Executive Committee confirm their compliance with the Conflict of Interest Policy by signing a compliance statement. They also fill out a questionnaire with respect to related-party transactions.

Anti-bribery and anti-corruption

As a listed company operating worldwide, compliance with anti-bribery and anti-corruption laws is vital. Given its importance, compliance with our policy is overseen by the Executive Committee. Our policy with respect to anti-bribery and anti-corruption is laid down in our Gifts, Entertainment, and Third-Party Payments Policy. This policy is available in six languages and covers (i) the prohibition of offering, authorizing, or accepting bribes; (ii) rules on how to deal with giving and receiving gifts and entertainment; and (iii) rules on how to deal with third-party payments (e.g., agents and distributors, facilitation payments, sponsorships, or political contributions).

All Corbion colleagues as well as our agents, distributors, and other representatives are prohibited from offering, authorizing, or accepting bribes of any kind. Any gifts and entertainment must be for legitimate business purposes, of reasonable value, appropriate to the business relationship, and be given or accepted at an appropriate time. If the nominal value of a gift exceeds a certain threshold, prior approval of the employee’s manager is required. Prior management approval is always required for entertainment (with the exception of business meals), travel, and overnight accommodation.

Corbion has an anti-bribery and anti-corruption procedure in place to screen prospective agents and distributors, who are required to complete due-diligence questionnaires to be assessed by the Legal and Compliance department and, in some cases, by an external party. Furthermore, higher-management approval is required prior to engagement. The agent or distributor is required to sign an agency or distribution agreement and accept the Corbion anti-corruption and anti-bribery clauses contained therein.

Economic sanctions

Corbion is committed to complying with economic sanctions, laws, and regulations. According to the Corbion Economic Sanctions Policy, prior to onboarding, each prospective business partner is subject to screening against applicable lists of restricted parties and sanctioned countries to ensure compliance with economic sanctions laws and regulations.

Alongside this prescreening of business partners, Corbion employs appropriate tools to continuously screen all active business partners and to prevent shipment of our products to embargoed countries and regions. The list of embargoed countries and regions is reviewed every year and whenever a significant geopolitical event takes place.

Competition Law Policy

Corbion is committed to complying with competition laws. The Corbion Competition Law Policy provides an overview of the main competition rules and establishes procedures and guidelines that must be followed in dealings where competition laws may apply (e.g., contacts with competitors, either direct or through trade associations, and relationships with suppliers, distributors, and customers). The policy prohibits cartels, abuse of a dominant position, and the exchange of sensitive information with competitors.

Corbion has a procedure in place requiring sales colleagues to obtain prior approval from higher management and the Legal and Compliance department for exclusivity/non-compete agreements with customers and distributors.

Insider Trading Policy

As a listed company, compliance with insider trading laws is vital. Insider trading conflicts with the basic principle that everyone dealing on the stock exchange should simultaneously have access to the same information. The Corbion Insider Trading Policy contains rules to ensure that all Corbion employees as well as members of the Executive Committee and Supervisory Board comply with regulations with respect to insider trading. It prohibits trading, among others, in Corbion shares if one has so-called inside information and it contains an approval process before one can trade in Corbion shares.

Privacy and data protection

In light of the EU’s General Data Protection Regulation (GDPR), Corbion has created a robust privacy program in 2018. Following its initial implementation, Corbion has further developed and localized our privacy program to reflect newly enacted privacy regulations in the countries where we operate, such as the CCPA/CPRA in California, the LGPD in Brazil, the PDPA in Thailand, and the PIPL in China.

AI Governance

In response to the recent technological developments in the field, creating an effective artificial intelligence governance framework is essential to navigate the complex legal and regulatory landscape of artificial intelligence. AI governance refers to the guardrails that ensure AI tools and systems to guide AI systems use, deployment and development.

In 2023, the Corbion Responsible AI Use Policy was approved, and several awareness sessions were held with early adopter teams and senior management. In 2024, Corbion’s AI governance program was discussed with the Executive Committee and the Corbion AI Responsible Deployment Policy has been adopted.

Enforcement actions

Corbion has not been the subject of any investigation into business conduct violations (e.g., competition, privacy, bribery) by competent governmental authorities to date.

Risk appetite

Part of the control environment is defining the risk appetite of the company by the Executive Committee. Our risk appetite is the level of risk we are willing to accept to achieve our strategic goals. This requires adequate understanding and awareness of potential risks and their impact on the company. The level of risk appetite is set by the Executive Committee. Our risk appetite can be summarized as follows.

Our risk appetite

A 1% change in net sales, costs, profit, or currency rates can have the following impact on EBITDA (in millions of euros).

million EUR	Changes	Approx. EBITDA impact
Net sales¹	+1%	5.6
Gross profit	+1%	3.7
Operating costs (= selling expenses + R&D costs + G&A expenses)	+1%	-2.0
USD²	+1%	-2.3
JPY²	+1%	-0.2
THB²	+1%	0.5
BRL²	+1%	0.0

1 Calculation based on continued operations in 2024

2 +1% meaning 1% appreciation of currency against Euro

Risk assessment

As an integral part of the strategy review, the Executive Committee annually performs an entity-wide risk assessment to assess the strategic risks, with a mid-year update for significant changes. Furthermore, risk assessment is an integral part of the project stage-gate methodology applied at Corbion for strategic initiatives and related investments.

Based on the strategic risks, the Executive Committee selects a number of key management activities with an increased focus on further strengthening our control framework. This is discussed with the Audit Committee and the Supervisory Board.

Operations, reporting, and compliance risks are considered throughout the organization, with ownership lying with the business (first line). Risk committees have been established to monitor specific risks to stay within Corbion’s risk appetite (Treasury Risk Committee, Commodity Pricing Risk Committee, and Sustainability Reporting Committee).

The financial reporting risks are assessed on a regular basis and the outcome of these assessments forms the input for the Corbion internal control framework for financial reporting, see section Internal control systems. For more information on financial risk management and financial instruments, see Note 26 of the Financial statements.

Key risk areas

The table that follows summarizes the top risks that have the focused attention of the Executive Committee to support the realization of the strategic targets. For each risk, the table lists the potential impact as well as a summary of mitigation measures taken to minimize the risk. There may be other risks currently unknown to Corbion, or currently believed not to be material, which could ultimately have a major impact on Corbion’s business, objectives, revenues, income, assets, liquidity, or capital resources.

Corbion top risks

Risk event	Cause and potential impact	Mitigation actions
Strategic risks
Production capacity	Demand is inherently uncertain in specific markets Corbion is operating in, especially when in an early stage of development. Due to the time it takes to build or increase capacity, investment decisions have to be based on long-term volume forecasts. Mismatches between actual demand and supply could result in temporary short or excess capacity.	With sophisticated demand forecasting and sales and operations planning, Corbion optimizes the allocation of products to ensure we can meet our customers’ needs. Long-term sales and operations planning is used to support capacity decisions. Based on the strategic planning process, an investment program has been embarked on to support our business growth. Corbion continuously reviews the (pace of the) investment program in light of market developments. Our global footprint with multiple production locations enables us to optimize our supply and demand balance. In addition, contract manufacturers are used for temporary imbalances.
Competition	With global imbalances of lactic acid demand versus supply, the likelihood of new market entrants (in case of under capacity) or price competition (in case of overcapacity) increases.	By investing in R&D, Corbion intends to keep its competitive edge. The new circular lactic acid production technology underscores the innovative strength of Corbion. In 2020, Corbion made the decision to build the first industrial-scale plant using this new technology in Thailand, resulting in optimized production costs. Supported by R&D and application development, we focus on delivering sustainable solutions to customers and hence reducing the risk of competing on price only.
Climate change	Climate change could affect Corbion in all areas of business through transition and physical risks. Transition risks include, among others, carbon pricing, changing consumer behavior, and changing regulations; while physical risks manifest through increased intensity and frequency of extreme weather events and chronic climate changes. Climate risk has an increasing impact on the likelihood of several other risks (e.g., business continuity, raw material availability and price volatility, regulations, and customer behavior).	Transitional risks are addressed through our strategy development process, using scenario analysis and monitoring developments and emerging risks and opportunities. Physical risks are addressed through mitigating actions as mentioned in this table for the relevant risk affected by climate change.
Geopolitical tension	Geopolitical tension could result in less favorable market conditions (e.g., due to import tariffs) and high inflation impacting sales and margins, although the sensitivity depends on the different markets Corbion serves. In addition, geopolitical tension could be a driver for increased supply disruption risk, see section Operations risk.	Corbion is diversified by being present in different regions and industries, having a strong position in both low-cost-in-use as well as premium solutions and investing in innovative solutions, to continuously meet our customers evolving needs. Corbion closely monitors market developments and strictly manages spend to protect margins.
Inability to find, develop, and retain skilled talent	To execute the Advance 2025 strategy and investment program, Corbion requires a pool of skilled talent. In today’s international labor market, if Corbion is not able to attract and retain skilled talent, the execution of the strategy may be delayed.	Corbion has robust talent acquisition processes, promoting the company’s values and sustainability strategy, which is attractive to potential candidates. Corbion offers competitive compensation packages and has comprehensive talent management processes in place including performance management and succession planning to ensure a strong pool of talent for key positions.
Operations risks
Supply chain disruption	Due to the global footprint of Corbion, we are vulnerable to supply chain disruptions. The risk of disruption is elevated by geopolitical tension, for example in the Red Sea region and climate-related events such as flooding causing transportation routes to be blocked. In addition, climate-related events can have an impact on the supply of utilities, for example the water supply used in our production processes.	To improve assurance on availability, we have implemented a multiple-supplier sourcing policy for our most critical raw materials. Raw material risks are mitigated by actively taking longer-term contract positions where necessary, by sourcing key raw materials from different locations, and in the longer run, by considering alternative or second- generation feedstocks. We use the WRI Aqueduct Water Risk Atlas to identify the water stress and risk levels of our production locations and key (agricultural) raw materials, in addition to the use of scenario analysis in line with the TCFD recommendations.
Raw material, energy, and carbon price volatility	Failure to manage the price volatility risk of raw materials, chemicals, energy, and carbon, which cannot be directly passed on to customers due to market conditions or lack of contractual enforcement, may result in adversely impacted profitability and gross margins. The volatility is increased by geopolitical tension. Climate change-related events may cause more volatility in respect of our key raw material components (e.g., sugar and corn) and carbon pricing, in addition to a potential impact on water supply used in our production processes.	Our global procurement organization, with dedicated finance support, has developed adequate measures to secure contract positions and obtain financial instruments to minimize or delay exposure to cost fluctuations due to changing raw material prices that might negatively impact our profitability and margins. These measures include early warnings of possible impact on our organization and our customers. Also, the trade in and availability of CO₂ emission rights are actively managed. Various measures are applied to actively manage our profitability and margins (e.g., through the inclusion of price formulas in sales contracts, most notably for the Lactic Acid to PLA sales).
Safety incidents	Inherent health and safety hazards in our operations and insufficient awareness of unsafe operational conditions can lead to injuries, casualties, and potentially, a temporary plant shutdown.	Corbion fosters an open and transparent culture by encouraging all employees to report, among others, all near misses and events in order to continuously improve our safety and environmental performance. Safety is an integral part of new design and changes in production processes and product formulations. In 2024, the Safety Excellence Program continued to be rolled out to the sites, including a Process Safety Management System, a Behavior-Based Safety program, and full implementation of ISO 45001 safety standards for all sites. The Safety Excellence Program is monitored monthly by the Safety Excellence Steering Committee, chaired by the COO, and quarterly by the Executive EHS Committee, chaired by the CEO.
Food safety	Food safety is of utmost importance to Corbion. Customers need to fully trust the safety of our products. Any issue can have a significant impact on the reputation of the company and result in significant costs (for example, in case of a major recall).	Corbion has comprehensive quality assurance and control processes in place to ensure food safety and to track and trace our products in case of any issue. All significant food manufacturing sites are certified for food safety. Where possible, liability caps are included in contracts. Product liability insurance is in place to cover part of the risk.
Business interruption	An external hazardous event (e.g., flood or fire) or internal disruption (e.g., process breakdowns) may result in a significant period of plant shutdown or disruption and hence in delayed/non-delivery of our products to internal and/or external customers, ultimately leading to adverse financial and reputational consequences.	Business continuity and crisis management plans have been established for all our production locations, contract manufacturing, and logistics, including security of supply plans. These initiatives are part of an ongoing process that involves annual evaluation, incorporating assessment of any new credible high-impact incident (CHII) and further strengthening of measures for already identified CHIIs for each site. Moreover, efforts are underway to establish an integrated Business Continuity Management system, which encompasses a comprehensive business continuity/crisis training program for management. Moving forward, we will continue building on this foundation to ensure the resilience and effectiveness of our operations. Climate change (e.g., extreme weather events) is considered in the CHII scenario analysis with the support of an external climate risk analysis tool. Furthermore, appropriate customer and supplier agreements are in place to limit exposure while leveraging supplies. Finally, residual risks are adequately insured including assets and business continuity risks.
Cybersecurity breach	A breach of our information technology (IT) security might lead to loss of information, business disruption, or unauthorized access to or corruption of our data and systems. From time to time, our security infrastructure prevents cybersecurity attacks on our information technology systems, and the techniques used for such attacks are increasingly becoming more sophisticated.	We have implemented an IT governance structure including a dedicated Corporate Information Security department and an Information Security Governance Board. The IT general control framework has been updated to include amended IT policies. On a frequent basis we perform penetration tests, helping us to identify and correct potential IT security weaknesses. The outcome of these tests helps us to further strengthen our IT security levels. In addition, we reduce our risk exposure by continuously raising IT security awareness with our people (e.g., through e-learning and communications). In 2024, our IT control environment remained strong, focusing on timely application of patches, system access through multi-factor authentication, running a Security Operating Center, implementing sophisticated endpoint detection and response software, and segmentation of Corbion’s IT network.
Compliance risks
Non-compliance with legislative and regulatory environment	Failure to comply with (changing) laws and regulations in the markets we operate in and/or lack of insight into and/or awareness of relevant laws and regulations and their requirements may result in suspension of activities, reputational damage, and exposure to criminal and financial lawsuits.	Global legal and regulatory compliance programs are in place, including related awareness training, and we monitor, review, and report on changes in laws and regulations. We seek the advice of external experts in compliance matters. Considering the importance of regulatory affairs, Corbion has a Global Regulatory Affairs department in place ensuring compliance with regulations.
Reporting risks
Financial and sustainability reporting	In addition to the top business risks, the external reporting risks remain important as misinformation to our stakeholders can have a significant impact on our reputation. For sustainability reporting, the number of new, existing, and emerging regulations concerning climate change and other sustainability-related disclosures increases. These regulations and initiatives can be either voluntary or obligatory and can be aimed at investors or required by governing bodies. This includes, but is not limited to the CSRD, EU Taxonomy, Task Force on Climate-Related Financial Disclosures, Taskforce on Nature-related Financial Disclosures, IFRS/ISSB, science-based targets, and CDP.	For financial reporting, we have a mature Internal Control Framework in place, explained in the next paragraph. For sustainability reporting, we are constantly monitoring developments in this field to anticipate upcoming regulations. Through timely integration of standards and collection of data we are able to keep up with the required disclosures and provide investors and other stakeholders with the information they need. In 2024, we continued the Sustainability Reporting Committee composed of cross-functional disciplines to actively address these developments.