Risk management
A business must take risks to create value. Having a risk management assessment in place allows a company to take risks in a managed and controlled manner. Strategic, operational, financial, and reputational risks are made manageable by carefully weighing risks and returns against each other. Effective risk management is integrated into our daily operations.
Q-Park deploys a top-down risk management assessment in which strategic risk management is executed at corporate level. Responsibility for operational risk management lies primarily with local country management. The Management Board and key management bear ultimate responsibility for managing the risks the Group faces.
Risk management and internal control
Ongoing identification and assessment of risks is part of our governance and periodic business review. Our Enterprise Risk Management (ERM) assessment and Compliance Programme are designed to provide management with an understanding of the key business risks. These also provide methods and processes to manage risks that might hamper the business in delivering on our strategy.
Q-Park is averse to the risk of non-compliance with relevant laws and regulations, our own codes, contractual agreements and financial covenants. As legislation and other formal guidelines cover various functional areas and can be very extensive (even country specific), we manage compliance in a structured way. Our Compliance Programme covers most relevant compliance areas for Q-Park, ensuring:
the tone at the top regarding the importance of compliance;
that the actions per step of the risk control cycle are executed based on a clearly defined plan with clear roles and responsibilities;
that implementation of relevant legislation and internal guidelines within the organisation is assured.
The Management Board and key management periodically review the risks and related mitigation controls and procedures of the ERM assessment and our Compliance Programme, and reconsider the identified focus areas. Furthermore, they provide complementary insights into existing and emerging risks that are subsequently included in the policy. The ERM assessment and Compliance Programme determine the formation of controls and procedures, as well as the focus of business planning and performance process.
In 2023, the most significant developments in risk focus areas centred on:
Monitoring our financial structure in light of economic circumstances and the Group's performance while preparing for refinancing the issued 2025 notes. Preparations for the refinancing were completed in December 2023 and the actual refinancing was executed in January 2024 as also disclosed in note 14 ‘Events after balance sheet date’ of the annual accounts.
Further implementation of the information security programme which covers ‘people’, ‘process’ and ‘technology’ angles to bring our information security maturity to a higher level. After consolidating our ICT infrastructure (hosting platform, connectivity platform, end-user equipment), ICT organisation and processes, we shifted focus towards proactive end-to-end security so we can better anticipate, identify, protect, detect and respond to threats and vulnerabilities. As part of this approach, we identified three priority tracks which were further rolled out in 2023 and will continue into 2024:
Asset Management: to monitor relevant information security aspects of assets attached to our network;
Segmentation: to be able to isolate parking facilities in our network in the event of a security incident (e.g. malware infections);
Security awareness: to improve employee awareness regarding cyber and information security by continuous training via interactive modules, phishing campaigns and assessments.
Risk appetite
Factors determining our risk appetite include the international footprint of the business, the robustness of the balance sheet, long-term duration of contracts, strength of cash flows, and our commitment to conservative financial management. Our risk appetite varies per objective and risk category:
Strategic: Taking strategic risks is an inherent part of how we do business. In pursuing growth as a strategic ambition, we are prepared to take risks in a responsible way, taking account of our stakeholders' interests.
Operational: Depending on the type of operational risk, we take a cautious to averse approach. We give the highest priority to ensuring the safety of our employees and customers, to delivering the desired level of service, and to protecting the Group's reputation.
Financial: We pursue a conservative financial strategy, including a balanced combination of self-insurance and commercial insurance coverage.
Compliance: We are averse to the risk of non-compliance with relevant laws or regulations (e.g. GDPR), or non-compliance with internal codes, contractual agreements, and financial covenants. A dedicated compliance function monitors relevant compliance areas and steers the execution of the Compliance Programme.
Fraudulent and unethical behaviour: We are committed to act with honesty, integrity, and respect. We apply a zero-tolerance policy to fraudulent behaviour. Integrity training is a focus point of our Ethics & Integrity compliance area.
Main risks
The following risk overview highlights the main risks which might prevent us from achieving our strategic, operational, and financial objectives. This list is not exhaustive and there may be additional risks that do not constitute a direct threat in the short-term that management deems immaterial or otherwise common to most companies in the parking sector, however additional unmentioned risks could at some time have a material adverse effect on our financial position, results, operations, or liquidity.
Strategic
Download dataRisk description | Q-Park risk management measures |
Regulatory changes | |
National or local governments could implement measures which could potentially be unfavourable to the parking sector (e.g. introduction of low-emission zones, electric vehicle charging requirements and banning of traffic within inner-city boundaries). |
|
Economic environment | |
Factors that potentially influence parking revenues (prices and/or mobility) include pressure from the general public and retailers, political changes, high inflation or a material decrease in GDP. Lower parking revenues could significantly impact Q-Park’s profitability and cash flows, particularly in situations where lower parking prices will not result in more transactions. |
|
Competitive environment and economic conditions | |
The parking market (new business) is characterised by competition between a relatively limited number of mostly existing players. In addition, technology is used increasingly in the parking market which results in new competitors. |
|
Dependency on other businesses and local developments | |
Car parking is an indirect service which depends on external factors (e.g. offices, shopping centres, leisure amenities). New customer behaviour (e.g. online shopping, working from home) or changes in the popularity of certain stores, locations or areas pose a risk of a decrease in parking demand and, hence, a decrease in Q-Park’s business and revenue. |
|
Operational
Download dataRisk description | Risk management measures |
Pandemic outbreaks A pandemic outbreak in combination with government measures that restrict mobility of people can significantly impact our business and financial results as we are dependent on the availability and accessibility of the amenities in the vicinity of our parking facilities. |
|
Safety and liability The safety of our customers and employees is a top priority. If an employee or a customer sustains injury while at work or while visiting one of the Q-Park parking facilities, this could also impact our reputation. |
|
Dependency risks, interruptions, and business continuity | |
Continuity of the Company and its business is crucial. Continuity depends on a number of factors, including suppliers. We are potentially vulnerable to Parking Management Systems (PMS), ICT, and infrastructure which are to a large extent provided by third-party suppliers. |
|
Staffing and retention | |
Good, experienced, and knowledgeable people are the foundation of our Company and its success. The Group must ensure that it is able to employ and retain the right people. |
|
Ethics and integrity | |
Ethics and integrity are important conditions for confidence in the Company. Behaviour deemed to be unethical could lead to loss of revenue and reputation. |
|
Financial
Risk description | Risk management measures |
Valuation of fixed assets and goodwill | |
The Company owns a considerable amount of property and goodwill. If the economic climate deteriorates this could result in a permanent reduction in the value of assets. If potential impairment indicators are not identified, determined, or communicated in a timely fashion, the Company could incur reputational and financial damage. |
|
Financing | |
Given that the nature of the business is capital-intensive, access to external financing is crucial for continuity. A liquidity risk could arise if external financing is not available to the Company when refinancing is required. |
|
Interest rate risks | |
The external debts can be subject to variable interest rates, thereby exposing the Company to fluctuations in interest rates. A significant increase in variable interest rates would have a negative impact on results. |
|
Currency risk | |
The Company's functional currency is the euro. Given that the Group also operates in the United Kingdom and Denmark, we are exposed to fluctuations in the GBP and DKK exchange rates. |
|
Compliance and reporting
Download dataRisk description | Risk management measures |
Financial statement does not give a true and fair view | |
If misstatements are made such that the financial statements do not give a true and fair view of the Company's financial position, financial performance, and cash flows, users of the financial statements would be incorrectly informed. |
|
ICT and information security | |
Given the increasing use of online communication and the professionalism of cybercriminals, the Group must focus constantly on continuity of ICT systems and on ensuring the security of crucial information and sensitive customer data (e.g. payment card details, passwords). A successful attack or hack by cybercriminals could cause reputational and financial damage and impact business continuity. |
|
Non-compliance with European and national laws | |
Changes in the legal and regulatory environment tend to increase the risk of non-compliance with local, national, and international laws and regulations, as well as tax legislation. Failure to comply with applicable regulations could lead to fines, claims, and reputational damage. |
|