Chapter 13

Risk management

We are committed to ensuring all our activities are executed within a defined risk management framework that has been approved by the Managing and Supervisory Boards.

  • Introduction
  • Our sustainability strategy
  • Materiality
  • CSR governance
  • Supply chain and clients
  • Highlights

View All Chapters

We are committed to ensuring all our activities are executed within a defined risk management framework that has been approved by the Managing and Supervisory Boards.

LeasePlan is a Car-as-a-Service company that also operates a retail deposit bank in the Netherlands and Germany, regulated by the Dutch National Bank (DNB). Our risk profile therefore differs from most other financial institutions due to the nature of our business. The largest part of our portfolio consists of operationally leased vehicles, in which we bear the market price risk of used vehicles. This risk constitutes the main difference between our risk profile and most other financial institutions' risk profiles.

Our risk management framework aims to reduce the frequency and consequences of risk, while helping management to evaluate and balance risks and returns relating to our business operations. It doing so, it supports our entities in the realisation of their targets and our overall approach to managing risk in an evolving business environment. We continuously look for ways to enhance its effectiveness.

As its reference model, the LeasePlan framework leverages the principles of the ERM Enterprise Risk Management (ERM) framework and the Committee of Sponsoring Organisations of the Treadway Commission (COSO). The COSO definition of ERM is ‘a process affected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of entity objectives’.

Risk management and control are closely linked to our strategic aims. We consider controlled and balanced risk taking – accommodated by a strong risk organisation and risk governance, and supported by a clear direction from our senior management – to be key elements in driving our strategy. Using COSO ERM as a reference model, we have also introduced a Risk Management Cycle that links the various building blocks of the risk process and risk governance.

Risk management cycle

Image of risk management

Lines of defence

Our risk governance is based on the three lines of defence model supported by investments in information technology and people.

This model distinguishes among functions that own and manage risks (first line), functions that oversee and advise on risk management practices (second line) and functions that provide internal assurance (third line). The following overview outlines the composition and responsibilities of the key parties involved in executing the three lines of defence with the Group:

First line

Local and corporate management are considered the first line of defence. They have full ownership of all risks at entity level and are responsible for complying with Group policies and standards and for the management of risks encountered while performing the business. Risk management activities include identifying and assessing potential risks, taking steps to mitigate negative influences in order to adhere to the applicable risk limits and tolerance levels. Furthermore, local and corporate management is responsible to complete and accurately register all risks, potential incidents and threats in a timely fashion. It also includes maintaining a comprehensive risk management system that covers all risks inherent to the business.

Our Strategic Finance department is responsible for the overall liquidity management and funding strategy. Strategic Finance is considered a first line of defence and as such is responsible for risk management as described above.

Second Line

Group Risk and the independent risk function at entity level, are jointly referred to as Risk function. They challenge and create awareness around risk within LeasePlan and are responsible for coordinating and executing the Risk Management Cycle and the Risk Decision Framework. Group Risk ensures the Managing Board and the Supervisory Board, are made aware of all material risk developments. Within LeasePlan, the risk types as included in the Risk Type Universe, are considered on an integrated basis. The Risk function is responsible for aggregating these risk types and providing an integral view.

Local management, in close consultation with our group risk department and our group privacy and compliance department, ensures the set-up of an independent risk function and an independent privacy compliance function at entity level. These functions are considered as part of the second line of defense, that coordinate, oversee and challenge the execution, management, control and reporting of risks. The Risk Function, which cooperates with all relevant disciplines within Group, is independent from the business functions, and headed by SVP Risk and currently represented by the CFO at the Managing Board level.

Third line

Our Group Audit Department (GAD) provides internal audit services and is the third line of defence. It conducts audits of LeasePlan’s activities and provides independent assurance by assessing the effectiveness of governance, risk management and internal control processes. It also reports its findings to the Managing Board and provides quarterly updates to the Supervisory Board Audit Committee. In addition to the internal lines of defence, LeasePlan also considers the external auditor and regulatory supervisors as components of the overall defence framework.

The three lines of defence

1st line of defence 2nd line of defence 3rd line of defence
Local & Corporate Management Risk Management Group Audit
Strategic Finance Privacy & Compliance

Risk appetite

LeasePlan is committed in ensuring regulatory compliance and maintaining a risk profile within the set risk appetite, this is performed by challenging and assisting the business and promoting risk awareness at all levels within the Group. The Risk Appetite Statement (RAS) represents the overall risk LeasePlan is willing to assume in order to achieve our strategic objectives, defined by quantitative and/or qualitative metrics. Secondly, risk appetite is set for the defined risk types as determined in the risk strategy, by using specific risk tolerance metrics across the risk universe. Subsequently, local entities are assigned local limits that are in line with the Group's overall risk appetite and commensurate with the local entity’s annual plan.

We manage our risk appetite based on the following pillars:

  • Long-term debt rating (stand-alone);
  • Financial return on risk-adjusted capital (i.e. economic return);
  • Diversified share of funding layers.

An institution’s target credit rating is an indication of the overall risk appetite a company may have and the level of capital it will need to hold. In addition, a specific risk appetite has been set for each underlying risk category. The Supervisory Board approves LeasePlan’s risk appetite annually based on the recommendation of the Risk Committee, and approves any changes required throughout the year.

Depending on the risk metric, compliance with the risk appetite statement is monitored on a daily, monthly or quarterly basis and non-compliance is reported to the risk committees, the Managing Board and the Risk Committee of the Supervisory Board. The principal financial risks inherent to our business activities are discussed further in the Financial Risk Management section of the Financial Statements.

Principle risks and uncertainties

We recognize ten main risk management areas, which are broadly categorized as strategic risk, operational risk, financial risk and other risk. Financial risk includes credit risk, asset risk, treasury risk and insurance risk. Treasury risk is further broken down into risks related to liquidity, interest and currency. Some of our other notable risks include information risk, reputational risk, legal risk and compliance risk. Based on our ten main risk management areas, we consider asset risk, operational risk and liquidity risk (which is part of treasury risk) to be our primary risks. LeasePlan believes these are the risk categories which could hinder the company in achieving its strategic and financial business objectives. This may, however, not include all the risks that may ultimately affect LeasePlan. For further analysis regarding asset risk, treasury risk, credit risk, operational risk and motor insurance risk, please refer to the Financial Risk Management section of the financial statements.

We have various projects which are focused on managing or mitigating each of these categories of risk and certain subcategories. For asset risk, mitigants include interim adjustments and end-of contract fees, as well as multi-channel and cross-border sales. For operational risk, focus is on data management, information security and internal and external fraud are examples of mitigants. For liquidity risk, we have matched funding, our diversified funding platform and healthy liquidity buffers as mitigants. For credit risk, mitigants include risk modelling, debtor management and default monitoring.

In addition to the above risks, we have begun assessing the risks to LeasePlan and its stakeholders that are associated with the transition to zero emissions mobility. To this end, we are putting together a cross-functional team that will look at these risks and at following the recommendations of the Task Force on Climate-related Financial Disclosure (TCFD) set up by the Financial Stability Board (FSB).

Strategic Risk

Strategic risk definition

Strategic risk is defined as the current or prospective risk to earnings and capital arising from changes in the business environment, lack of responsiveness to changes in the business environment, from adverse business decisions or improper implementation of decisions.

The Group recognises three types of strategic risk:

  • Macro environment risks - the current or prospective risk to earnings and capital arising from uncontrollable external forces affecting the Group;
  • Micro environment risks - the current or prospective risk to earnings and capital arising from factors or elements directly in the Group's immediate area of operations affecting its performance and decision-making processes;
  • Corporate governance risk - the current or prospective risk to earnings and capital arising from the manner in which the Group's governance structure is set, communicated, implemented and reviewed.

Strategic risk management structure and organisation

As part of the risk strategy process, the Group identifies and assesses the risks it is exposed to on an annual basis. This strategic risk assessment considers the current business, external trends and emerging developments. Furthermore, the risk is assessed considering the possible impact for the upcoming 12 months.

Senior leadership is aware of the effects that potential changes in the economy, consumer behaviour and technology can have on the future of the Group’s business. Although the future impact and development of many of these forces cannot as yet be quantified, senior leadership is taking focused actions as articulated in ’The Power of One LeasePlan’ and ’Digital LeasePlan’ to prepare the company for the future.

Information Risk

Information risk definition

The Group defines Information Risk as ‘the risk of breaching confidentiality, integrity or availability of information, due to human error or misbehaviour, inadequate processes or failing technology, leading to losses, financial misstatements, reputational damage or regulatory sanctions’. Information risk is to support the overall vision and strategy of the Risk Function by continuing to support a risk taking in a consistent and transparent manner, so that the business remains in control over the exposure that fits their (information) risk appetite.

Information risk management structure and organisation

Our security function is divided into two separate departments. The Chief Information Security Officer (CISO) and team are positioned in the first line of defence, being responsible for implementing (generic) security solutions an Information Risk Management (IRM) department responsible in defining the framework, policies and standards for the Group, and monitors the adherence to it by both second line and most importantly, first line of defence (business and IT). Information risk is included in the generic governance, as described in the Risk Charter.

IRM monitors that local Information Security Officers can operate independently from their own first line of defence and supports them with the communication and roll-out of our policies and control test framework. In general, and similar to other risk functions, IRM aims to ensure that business opportunities are carefully balanced against the associated risks and supports the first line of defence in taking well-informed decisions.

Information risk management policy

The Group has a policy house, a virtual cabinet with all Managing Board endorsed policies, standards and guidelines that applies to all Group entities. This includes a policy and standards for Information Risk, which have to be read and understood by all Group employees and contingent workers. Where Information Risk Management is responsible for establishing the policies, standards and guidance, local management in the 1st line of defence is responsible for complying with these policies. Their local Information Security Officer is there to not only guide them, but also challenge them.

Our Information Risk Management Standard is based on ISO 27002 and COBIT framework.

Information risk measurement

All information risk or security incidents need to be registered in our Governance, Risk and Compliance (GRC) tool.

Any financial impact of security incidents is considered in the overall operational risk results.

Furthermore, there is a regular control test cycle where the key controls for information risks are tested on design and operating effectiveness, as well as on COBIT maturity level. Any deviations are addressed in Security Action Plans, which describes if, how and by when the deviation will be remediated. A choice to not remediate has to be accepted by the appropriate risk owner.

Other risks

For Reputation risk, legal risk and compliance risk reference is made to the Group's Pillar 3 report. A general reference is made to the LeasePlan Group's Pillar 3 report for additional risk related disclosures in accordance with the disclosure requirements of Regulation (EU) 575/2013 part eight.

Covid-19

The global economy and our business will most likely adversely affected by the recent outbreak of Covid-19. In response to this outbreak, numerous governments have imposed various levels of restrictions on personal movement and closed large sections of the economy. This crisis could impact LeasePlan through the disruption of the global vehicle and parts supply chain, financial strain on our customers and suppliers, decreased demand for new vehicles, decreasing asset values, increasing credit losses, potential impact on our employees’ health and productivity, and disruption of capital markets. The implementation of 100% work-from-home policy creates increased concurrent usage on the IT infrastructure and introduces additional cyber-security complexity.

To mitigate these risks, LeasePlan is minimising cash expenditures and maximizing use of existing assets through vehicle extensions, delaying certain non-critical investment and expenditure, minimising working capital and foregoing a portion of 2019 dividend payout. We are carefully monitoring the capital markets, and will leverage the strength and resilience of our business, including our diversified funding platform, to adapt to further developments. We are also carefully monitoring customer payment behaviour. We have extended licenses, IT infrastructure capacity and are proactively scanning the IT landscape for cyber-attacks. Given the evolving uncertainty, it is too early at this stage too assess the financial effect of the Covid-19 crisis on LeasePlan.

Total risk exposure amount (TREA)

To determine risk-weighting, the Group applies the Advanced Internal Ratings Based (AIRB) approach for the corporate portfolio and for the trade receivables and for the retail portfolios in the United Kingdom and the Netherlands. For the exposures related to governments, banks and other retail clients, the Group applies the Standardised Approach of the CRR/CRD IV framework which prescribes fixed percentages for risk weighting depending on characteristics and conditions of the exposure. For the calculation of risk-weighting of other balance sheet and off-balance sheet exposures, the standardised approaches as described in the CRR/CRD IV framework are used.

LeasePlan has further investigated alternative approaches in 2019 and proposed to apply the Standardized Approach (STD) as of 2020 to determine the own funds requirement for operational risk. In December 2019, LeasePlan formally asked approval from DNB regarding the shift from AMA to the STD approach. DNB approved the proposal in December 2019, meaning that as of January 2020 LeasePlan will apply the standardized approach to determine the own funds requirement for operational risk. The decision to move to the STD approach is also made knowing that AMA will be replaced by the STD in the near future for all institutions with a banking license.

Highlights 2019

  • We continued to update our monitoring systems, sharing of best practices, staff training and the development of our statistical techniques. We put local technical pricing committees in place for matrix pricing. The residual value risk balance (net of the average level of effective residual value pricing and the average level of effective residual value risk mitigation) is used as a monitoring and measurement system for pricing and risk mitigation, while the LeasePlan Group Risk Committee defines the limits (RAS) at the beginning of the year.
  • In 2019, we surpassed a balance sheet total of EUR 30 billion at the regulatory consolidated level. By exceeding this threshold, we will most likely qualify as a ‘significant institution’ in the foreseeable future and our supervision may consequently be transferred from DNB to the ECB. At this point in time, the exact timing of such transfer is unknown and subject to the relevant assessments and decisions to be made by the ECB and DNB
  • LeasePlan met the liquidity survival horizon at a minimum of nine months at all times. Prudent liquidity management and controls are in place to ensure compliance with regulatory requirements. Based on the 2019 Internal Liquidity Adequacy Assessment Process (ILAAP), we concluded that we are adequately funded and that our liquidity buffer is more than sufficient to meet internal and prudential requirements.
  • We are currently aligning the definition of the term ‘default’ applied by us with the CRR and the EBA guidelines and RTS. As a result of this, we are currently updating related policies, including the processes and procedures in place for all our local entities, our AIRB models, the relevant IT systems, and our IFRS 9 ‘expected credit loss’ models. We are not expecting any impact on capital as reported on 31 December 2019.
  • In May 2019, we issued EUR 500 million of AT1 capital securities which further strengthened our regulatory Tier 1 and total capital position. We are continuously monitoring and reviewing our regulatory capital position under the applicable regulatory framework in light of our strategic objectives.
  • Prudent capital management and controls are in place to ensure compliance with regulatory requirements. Based on the 2019 Internal Capital Adequacy Assessment Process (ICAAP), we concluded that we are adequately capitalised. In 2019 the Total Risk Exposure amount showed a stable development and increased by EUR 1,816 million to EUR 18,389 million. The Common Equity Tier 1 capital increased in 2019 by EUR 230 million to EUR 3.3 billion resulting in a Common Equity Tier 1 ratio at year-end of 17.7%.
  • We have maintained a solid platform of diversified funding sources that include financing through debt capital markets, securitisation, bank credit lines and an internet savings bank in the Netherlands and Germany. With this as an underlying strategy, we ensured the availability of funding to meet our ongoing liquidity needs and match our asset profile. Our liquidity position complied with CRR/CRD IV requirements. The changing requirements arising from CRR/CRD IV related to the reform thereof will be taken into account in a timely way, and developments and changes will be monitored to ensure that we are well prepared for future regulatory changes. With changes to reporting requirements arising from CRR/CRD IV, we have also continued to focus on improving data quality.
  • The DNB has given LeasePlan permission to discontinue the application of the Advanced Measurement Approach (AMA) and use The Standardised Approach (TSA) for calculating its minimum capital requirements for operational risk.
  • The UK’s exit from the EU inevitably creates uncertainties and we continue to monitor the associated risks. The fact that the UK will now leave the EU under an orderly Brexit means that there will be fewer issues from LeasePlan’s perspective and the transition period will give us sufficient time to prepare for any future trade deal, between the UK and EU. Our Brexit working group has developed plans for a range of scenarios to ensure LeasePlan as a whole is well placed to navigate any effects of Brexit. We are working with our supply chain to ensure that we understand the different scenarios for importing and exporting vehicles and components from and to the UK.
  • Our infrastructure relates to public networks, which introduces a constant threat of cybercrime. Examples of such threats are virus infection, computer hacking, denial of service attacks, fake emails (phishing) and malicious software (malware, ransomware), the frequency and intensity of which are increasing on a global scale. We continue to enhance our cybersecurity framework to protect, detect and respond to potential cybercrime threats. In relation to our Digital strategy, we are performing an in-depth analysis of our complete IT landscape and will make any adjustments to assure we are future proof.

LeasePlan will continue to allocate the necessary time, resources and investment to maintain and further strengthen its risk management framework, and support its business ambitions and regulatory compliance. To see a comprehensive overview of our risk management framework, including details on key risks inherent to our business activities, please refer to the Financial Risk Management section of the Financial Statements and the Pillar III Disclosures, which are available at www.leaseplan.com/corporate

Key non-financial risks

Within our overall risk management categories, we recognise a number of key non-financial risks pertaining to our supply chain, environmental impact, employees, and social issues such as labour rights, human rights and corruption. These risks, as well as others that could emerge in the future, could hinder the company in achieving its strategic and financial objectives. Below we outline some of the most material non-financial risks to our business and performance, along with the main steps we have taken to manage them, while in ‘Statement: Task Force on Climate-related Financial Disclosures (TCFD)’, we further consider our main climate-related risks and opportunities.

  • Supply chain
  • Enviromental
  • Social
  • employees

Risks

We rely on third-party suppliers to provide, acquire and service our fleet. As a result, we may suffer from adverse developments resulting from the quality of their products and services of our suppliers, and be impacted by environmental and social risks in the supply chain. These risks could have a material adverse effect on our reputation, business, financial condition and results of operations.

Vehicle emissions, while heavily regulated, pose environmental risks. The Volkswagen emissions scandal of 2015, in which so-called ‘defeat devices’ were used to fraudulently pass US emissions tests, raised awareness levels about higher levels of pollution emitted in real-world driving conditions by diesel-powered vehicles from a wide range of car makers. This resulted in lower demand for new and used diesel vehicles, as well as regulatory efforts at a local level to curtail the use of older diesel models within urban areas.

Electric vehicle batteries require certain materials, especially cobalt and lithium, that have been associated with poor mining practices and human rights abuses. A failure to ensure satisfactory labour conditions and protect human rights in this supply chain could materially affect our own demand and our customers’ demand for electric vehicles and therefore inhibit our ability to offer sustainable electric solutions.

Response

We expect our suppliers to abide by the standards of corporate responsibility that are outlines in our Supplier Code of Conduct (SCoC) when working with, for, or on behalf of LeasePlan. Although the SCoC cannot address every conceivable situation, it does contain the main principles of ethical business conduct with regards to environmental and social practices. The SCoC is embedded in our contractual agreements with our suppliers, and currently covers 90% of our spend.

In 2019, LeasePlan began screening the top 20 suppliers on ESG performance. Through the EcoVadis assessment tool, suppliers were asked to share their scorecard and be transparent on their performance with respect to environment, labour, ethics and sustainable procurement. This would allow for an ongoing dialogue on topics relevant to the industry and to work on corrective action plans. The process and results of this initial screening will be reviewed in Q1 2020.

In addition, we aim to establish ongoing dialogues with our key suppliers, so as to gain a better understanding of their sustainability targets and ambition, and to identify areas of potential collaboration.

Due to the relatively fast turnover of our fleet, we ensure that we have the latest and cleanest technology in our fleet. In 2019, we saw the proportion of new diesel orders declining significantly, while orders for electric vehicles steadily increased. In addition, the diesels in our fleet continue to be limited to the latest and cleanest diesel Euro VI models, which are not currently subject to any legislative restrictions and still offer customers cost of ownership benefits relative to other powertrains.

Through our participation in the Global Battery Alliance,  convened by the World Economic Forum (we are a founding member of its Battery Passport Initiative), and in cooperation with key supply chain participants, we are in discussion on how best to ensure human rights abuses do not occur going forward, and that sustainable mining practices and traceability are embedded in battery manufacture.

Risks

Our customers are looking to operate more responsibly and sustainably across their entire value chains, which is why we have committed to helping them transition to low and zero emission vehicles. The success of our business therefore increasingly depends on our ability to provide environmentally sustainable solutions to our customers. Failure to improve the environmental sustainability of our products and services to our customers, and to reduce the environmental impact of our overall business, could have a materially adverse effect on our reputation, business, financial condition and results.

The main risks and opportunities we see associated with climate change and the long-term transition of our fleet to electric vehicles are outlined in our Task Force on Climate-related Financial Disclosures (TCFD) statement on page 84.
There is a potential reputational risk of failing to reduce the environmental impact of our office buildings globally.

Response

We actively promote cleaner, low-emission vehicles and the infrastructure required to make them a viable option for our customers and employees. In this context, we have set ourselves the goal of achieving net zero tailpipe CO2 emissions from our funded fleet by 2030.

We acknowledge the need to reduce the environmental footprint of LeasePlan buildings. We are in the process of developing global policies, plans and targets that will help us reduce our environmental impact, and have already established clear guidelines to help us standardise our sustainability activities across the company. To measure our progress in this area, we have begun reporting our CO2 emissions, energy usage and share of renewable energy from LeasePlan buildings on an annual basis.

Risks

Due to the nature of LeasePlan’s business, LeasePlan faces relatively low social risks within its core operations (outside the supply chain). Even so, potential risk areas such as community relations, human rights, bribery and corruption could have an impact on our reputation, business, financial condition and results.

Bribery is considered a compliance risk and is determined by different risk factors. The first factor is geography or country risk, which we determine through Transparency International’s Corruption Perception Index (CPI), which measures perceptions of bribery and corruption in each country, and the World Bank Governance Indicators. The second risk factor is sector risk, whereby certain business sectors are associated with higher levels of bribery risk than others. Bribery risks also increase where payments (not only financial) are required. For example, charitable donations or sponsorships, sign-on bonuses, discounts, rebates, and kickback payments, hiring, gifts and entertainment. In addition, activities with high value or critical significance and complexity can create an incentive for bribery.

Response

We recognise our responsibility to apply high standards in our personal conduct and day-to-day business decisions. We therefore work to ensure our values and ethics are embedded in our behaviour, processes and actions.

Our values and ethics are defined by the LeasePlan Code of Conduct, which also explains the way we deal with each other, customers, suppliers, society at large, government authorities, regulators, investors and business partners. All LeasePlan employees agree to comply with the Code of Conduct through an annual declaration process. We have also implemented our Supplier Code of Conduct to help ensure that high ethical standards are maintained across our supply chain.

Furthermore, we recognise that human rights are fundamental and universal and aim to respect human rights, as described in the United Nations’ Universal Declaration of Human Rights and the principles of the International Labour Organisation. We therefore avoid being complicit in human rights abuses of any kind, and condemn the use of forced labour, compulsory labour and child labour. Respect for human rights is also a key feature of our Supplier Code of Conduct.

Bribery is considered one our top compliance risks, and we perform an bi-annual compliance risk assessment globally in which inherent and residual risks are taken into account.

To mitigate bribery risks, we have a standard set of measures (e.g., anti-bribery clauses in our contracts) and an ongoing Anti Bribery programme. Where the bribery risk is deemed higher, we take additional measures. All employees sign our Code of Conduct, which features Anti-bribery clauses, and each year they are asked to declare that they have acted in line with the Code of Conduct. Next to that, all new joiners have to follow and successfully pass an anti-bribery e-learning.

In 2019, we reviewed our Anti-Bribery & Anti-Corruption Policy. The new policy introduced the obligation to have all charitable donations and sponsorships approved by the Chief Corporate Affairs Officer and Group Compliance Officer. Charitable donations and sponsorships are all incorporated in the LeasePlan Charitable Donations & Sponsorship Register. We also have a gifts & entertainment process in place, which is monitored on a periodic basis.

In 2020, LeasePlan will conduct an in depth global bribery risk assessment. The outcomes of the assessment will determine whether further mitigating measures are necessary within the entities. Corruption and Bribery prevention also features within our Supplier Code of Conduct.

Risks

Our operations are to a significant extent dependent on our ability to attract and retain key management personnel and high-quality staff, including highly skilled and qualified personnel with specialised know-how relevant for our business such as IT. Should we encounter any difficulty in attracting and retaining senior management and other key personnel with the appropriate level of experience, knowledge and relationships, this may have a material adverse effect on our business, financial condition and results of operations.

Response

We recognise that the sustainability of our business comes directly from the talents and efforts of our people. As a result, in addition to recognising their fundamental human rights, we place emphasis on attracting and retaining talented personnel and invest in extensive training and development across our operations for our employees. The LeasePlan People Strategy aims to achieve this by giving our people opportunities to develop their potential and creating a tolerant and inclusive environment in which they can thrive.

Statement: Taskforce on Climate-related Financial Disclosures (TCFD)

In 2017, LeasePlan signed an international business declaration in support of the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). The Task Force was set up in 2015 by the G20’s Financial Stability Board and has outlined a set of recommendations for companies to disclose information on how they oversee and manage the main risks and opportunities associated with climate change.

The Task Force divides climate-related risks into two major categories: i) risks related to the transition to a lower-carbon economy and; ii) risks related to the physical impacts of climate change. Given the nature of our business, the risks we face in our transition to a low carbon economy are the main focus of this statement. These risks, which fall within our main Financial, Operational, Strategic and Other risk categories, are linked to our shift away from internal combustion engines (ICE) vehicles in our fleet, in favour of low and zero emission alternatives. By contrast, potential physical risks resulting from changing weather patterns and severe weather events are deemed to be relatively limited.

LeasePlan has summarised the main climate-related risks and opportunities we see below. We also provide an overview of the governance structures that identify, assess and manage these risks, as well as relevant metrics and targets. For more information see our Sustainability Strategy.

Governance

Group Risk is responsible for the oversight and management of all risks, including climate-related risks as they relate to LeasePlan. This ensures the Managing Board has an integral view of the risks that are inherent to the execution of our strategy to transition to a low carbon economy by helping to shape the future of low emission mobility.

LeasePlan also operates a dedicated Corporate Social Responsibility (CSR) governance structure that reports to the Managing Board. CSR is responsible for coordinating the roll-out of our Sustainability Strategy, and for making sure our material topics are adequately addressed.

In addition, the risks and opportunities arising from our transition to EVs, such as new products and services, are assessed by a cross-functional Product Approval and Review Committee (PARC). The PARC oversees the development of new offerings and reviews our existing ones in accordance with our commercial strategy, the interest of our customers, our risk appetite, policies and applicable laws and regulations. The Committee comprises members from Commerce, CSR, Finance, Legal and Risk.

Strategy, risks and opportunities

We are taking a leading role in our industry’s transition to electric driving. We actively support the effective implementation of the Paris Agreement of 2016 and climate-related Sustainable Development goals, and as a founding member of the EV100 initiative, are committed to achieving net zero tailpipe emissions from our funded fleet by 2030 (Scopes 1 and 3 emissions). Consequently, our assessments do not, at present, link to specific climate-related scenarios. Instead, they consider the overall resilience of our strategy in this transition, and our ability to deliver on our goals by providing cleaner, low-emission vehicles and the infrastructure required to make them an attractive option for our customers and employees. Furthermore, they consider the potential physical risks that changing weather patterns and severe weather events could have on our business, customers and drivers.

We identify the following three main areas of risks and opportunities in this transition: business model, market dynamics and technology, which are outlined in more detail below.

Business model

The transition of our fleet to electric vehicles could impact aspects of our business model, which is predominantly based on the procurement, management and disposal of ICE vehicles. In some cases, the profitability of parts of our value chain could be affected, both adversely and to our benefit. We are currently working on quantifying the impact of this risk on our business model.

For example, revenues from our Repair, Maintenance and Tyres (RMT) business may be impacted by a higher portion of electric and hybrid vehicles – which generally have lower RMT services costs compared to ICE vehicles – and the extent to which we qualify for supplier rebates and bonuses. Similarly, depreciation of the average EV is greater than that of other types of vehicles, which may lead us to reconfigure our business model. The provision of EVs also entails new customer requirements for home and office charging, for which we will need to develop additional services.

We are continually assessing the impact of EVs on our business model to determine how to develop our service offering, protect our profitability and create new revenues streams. Where necessary, we redesign our propositions based on our experiences in leading EV countries. In those markets, we are advancing our understanding of how certain risks may materialise or change over time, what best practices we can adopt to manage them, and the implications they may have on our pricing, propositions and positioning.

Our business model may also by adversely affected by risks related to the physical impacts of climate change and extreme weather conditions. As the risk of flooding, wildfires, storms or hail increases it could become more difficult for LeasePlan to offer affordable insurance protection and may impact our pricing of these products. These could also impact our RMT services if more vehicles in our fleet are damaged or require more frequent servicing as a result of changing weather patterns. Finally, there is the possibility that extreme weather events will impact our business continuity at certain locations, if our employees are unable to reach their places of work or if office locations and delivery stores are physically damaged.

Beyond these risks, we view the global shift to low and zero emission drivetrains as a strong opportunity to grow our market presence and strengthen our position. We are a first mover in our industry, offering end-to-end solutions that include the vehicle, implementation advice, services and charging. Our approach is supported by the fact that we are the only agile and independent Car-as-a-Service company of scale, enabling us to invest in and develop innovative service offerings without conflicting priorities. Demand for electric vehicles is rising rapidly, and EVs now account for 10% of new orders in Q4 2019.

Rising demand for EVs is also creating the need for new services, such as electric charging cards, while in the longer term, we believe there will be other opportunities for LeasePlan. These may include, for example, the potential for separation of financing of the battery from the car (facilitating technology upgrades) and energy management. The transition to EVs has also enabled us to further diversity our funding strategy and tap new investments pools. In March we launched our first-ever Green Bond (EUR 500 million) to help fund our EV ambitions. The bond attracted EUR 3.5 billion of demand through the participation of 250 investors.

Furthermore, we believe our efforts to reduce energy consumption at LeasePlan locations worldwide (Scope 2 emissions), while increasing our use of clean energy sources, can lead to significant cost and operational efficiencies over time.

Market dynamics

Unforeseen fluctuations in demand for EV solutions, or in our ability to supply them, could have a material adverse effect on our operations and results.

Compared to the relatively mature fleet market for ICE vehicles, demand levels for EVs are more difficult to forecast, and depend on a wide range of factors we cannot influence. These include, but are not limited to, oil and renewable energy prices, the expansion of public transport infrastructure, availability of popular EV models, local urban policies affecting personal car use, changes in government policies and the imposition of carbon taxes, and other regulatory measures to address climate change, pollution or other negative impacts.

Developments in these and other external factors may affect customers’ use of EVs and therefore, our EV transition goals. These may have a material adverse effect on the market prices of certain vehicle types in certain jurisdictions, which in turn could have a material adverse effect on our business, financial condition and results of operations. Sudden changes in the market can also make it harder for LeasePlan to have the right resources, people, stock in place to meet demand.

To help anticipate developments in the EV market, we closely follow trends among OEMs, suppliers and customers, which generally offer a good indication of short to medium-term changes. Additionally, each year we publish the LeasePlan EV Readiness Index to assess the EV preparedness of 22 European countries. We base this analysis on the maturity of each local market, the availability of charging infrastructure, government incentives that are in place, and the ability of our local organisation to deliver comprehensive end-to-end EV solutions to more customers.

While still a relatively small part of global vehicle sales, the adoption of BEVs and plug-in hybrids is rising rapidly. An estimated two million EVs were sold worldwide in 2018, which is a major increase on the few thousand sold in 2010. This growth trend is expected to continue as costs of ownership fall, with annual passenger EV sales forecast to reach some 10 million in 2025, 28 million in 2030 and 56 million by 2040. Some of the fastest growth is likely to take place in markets in which LeasePlan is active.

To meet this demand, we are partnering with OEMs to help ensure we can offer EVs at competitive prices, and target our customers with full package end-to-end solutions. These include configuration and customisation, finance, insurance, fleet management, RMT, remarketing services, home and office charging, and access to a network of more than 129,000 public charging points through our partnership with Allego.

Technology

While EVs have emerged as an increasingly popular vehicle type, the sales proceeds of currently sold used EVs could be challenged by uncertainties in battery life and future developments in battery technology that offer higher range and lower costs. We believe rapid advancements of this type have the potential to increase residual market value risks around certain EV models, particularly if customer preferences shift quickly towards models offering an improved battery performance and a higher range. We mitigate this risk by closely monitoring developments in new battery technology. Given the relatively long lead times that would be required to scale up and bring innovations to market, we believe LeasePlan would have sufficient time to adjust the configuration of its funded fleet within its three to four year turnaround cycle.

Main targets and metrics

We use various metrics to monitor and manage our transition to a lower-carbon economy, and to measure our progress against the targets we have set. Of these, the most important metric we monitor is our scope 3 emissions (1.9 million serviced fleet). Within this context, we disclose the portion of new EV orders. This is the clearest indication we have of how customer demand is trending and how our funded fleet will change in the near future (Scope 3 emissions). New EV orders in 2019 were 7.4%. In addition, we monitor and disclose the average CO2 g/km per vehicle in our funded fleet, as well as the percentage of EVs in our overall fleet. We also disclose the average CO2 g/km per vehicle in our fleet. Since 2017, LeasePlan has offset all remaining CO2 tailpipe emissions from its employee fleet to zero (2019: 6.98 tonnes offset) with the support of the Land Life Company.

Although only a small element of our footprint, we have begun to track our total CO2 emissions per KG/M2 and the portion of renewable energy share at LeasePlan buildings (Scope 2 emissions). Furthermore, we continue to enhance the level and depth of our contributions to the Carbon Disclosure Project (CDP), in which we have participated since 2010.

Privacy and compliance

LeasePlan operates in a complex regulatory environment in which trust and confidence are crucial.

Only by conducting our business based on high ethical standards and in compliance with applicable laws, directives and regulations will we win and retain trust, and succeed in our mission. By setting high standards, LeasePlan gives its clients, suppliers and business partners the confidence to work with LeasePlan. It is therefore essential to ensure the effective management of privacy and compliance risks.

Management and mitigation

The Managing Board is responsible for privacy and compliance risks, while Group Privacy & Compliance coordinates, oversees, controls and reports on these risks. As part of the Risk Management domain, Privacy & Compliance aims to support LeasePlan’s strategy by enabling controlled risk taking, and helping to make risk everyone’s responsibility under the banner ‘Just do the right thing!’

Privacy & Compliance safeguards LeasePlan’s integrity and reputation and helps protect against financial loss and reputational damage. This is achieved by integrating privacy and compliance in daily business activities and strategic planning within the set risk appetite, as well as challenging and assisting the business and promoting awareness at all levels.

This requires us to:

  • Support LeasePlan to ensure a proper control environment is in place for complying with applicable laws, rules, regulations and LeasePlan’s internal standards
  • Support the business with managing day-to-day Compliance Risks
  • Help to maintain the integrity of the products and services offered and received

The basis for mitigating compliance and privacy risks is the Privacy & Compliance Charter and Framework.

The Privacy & Compliance Function - with a central team and privacy and compliance officers in all entities - operates within the context of LeasePlan’s broader risk management framework. It is responsible for (parts of) the effective management of four related areas:

  • Counterparty and external conduct, for risks of money laundering, terrorist financing and sanctions;
  • Employee conduct and internal culture, for risks of internal fraud and bribery;
  • Products and services, for risks of insufficient duty of care
  • Organisation, for risks of breach of privacy or personal data protection

Our compliance risk appetite is set on a yearly basis (low in 2019) and an overall compliance risk assessment is executed twice a year. On that basis, we formulate further mitigating actions and key risk and key performance indicators for each area.

Integrated reports on the main risks, incidents and other important developments within Privacy & Compliance are provided to the Managing Board, the Supervisory Board and our external auditor on a quarterly basis.

Focus areas in 2019

Privacy

Main target for this year was to increase the quality of the important privacy processes for which the foundation was laid in 2018, to increase the awareness of employees, and to make sure that employees are able to identify and assess privacy risks in business as usual. To achieve this key focus areas of Group Privacy Office (GPO) and results consisted of:

  • Enhancement of privacy governance framework, strengthening relationship with the local privacy officers community in the entities, filing updated binding corporate rules with the Dutch regulator for GDPR purposes
  • Enhancement of GDPR key requirements determined in 2018, including a global training and awareness campaign this in addition to the regular e-learning. And further utilisation of privacy management tooling to automate privacy assessments and data processing register;
  • Active involvement in privacy compliance workstreams to further embed privacy by design; with an integrated approach steered out of Digital;
  • Providing guidance and advice in several projects and product development in relation to privacy requirements.

We monitor and handle requests submitted by data subjects in relation to personal data handled by LeasePlan in our privacy management tooling. We have seen a slight increase on the number of request submitted, which was also to be expected given the attention this right was given by regulators and media. We have also seen an increase in internal reported incidents involving personal data. None of the personal data breaches that we had to report to, the relevant data protection authorities resulted in further investigations, penalties or formal warnings.

Integrity program

The main objective of LeasePlan’s integrity program is to embed integrity in such a way that it forms an integral part of LeasePlan’s conduct and business so that the organisation and its employees are able to JUST DO THE RIGHT THING!

Although there have been multiple initiatives to measure the employee perception of the culture for integrity, to create awareness and to steer the culture for integrity, none of these initiatives have been part of a structured program. A structured approach of integrity management will increase its effectiveness and will allow for “doing the right thing” to get into LP’s DNA.

The integrity program has:

  • Improved the quality of the input used for assessing the level of integrity in LP
  • Directed our future actions for improving LP’s culture for integrity more effectively and efficiently

To better understand the employees` perception of the culture for integrity and to help management to more effectively manage the culture for integrity the following has been done:

  • Implemented new tooling for the Global Integrity Survey and new survey questions that provide a better understanding of the employee perception of the LP’s culture for integrity
  • Analyzed the results and shared and discussed the results with all LP entities and in Corp
  • Given guidance to the LP entities; helping them to interpret and use the results
  • Set up and roll out of new root cause analyses template for all entities as an integrated part of compliance incident handling

Anti-Money Laundering and Counter Terrorism

In order to ensure compliance with the Dutch law on the Prevention of Money Laundering and Terrorist Financing Wwft across all LP entities LeasePlan set up an AML, CTF & Sanctions program.

The program resulted in amongst others:

  • A new AML, CTF and Sanctions policy and standard
  • A specific AML risk analysis
  • Several AML learning and awareness sessions
  • Improvements in CDD tools
  • Additional guidance for alert handling

The new AML, CTF and Sanctions Policy and standard replace the Counterparty Due Diligence Policy and standard and provide what the entire group is required to do to comply with and to mitigate the money laundering, terrorist financing and sanctions risks.

Main changes in both documents include: a risk-based approach to counterparties based on the total sum of the risk categories (LeasePlan product risk, counterparty risk and country risk); three different CDD processes based on the risk-based approach (e.g. simplified, normal and enhanced due diligence); identification and verification of the (Pseudo) Ultimate Beneficial Owners(s) (UBOs) and a stringent approach to Politically Exposed Persons (PEPs).

Throughout 2019 LeasePlan has made several improvements in their tooling to streamline the CDD process and the align the process with the new policy requirements.

Anti-bribery and corruption

LeasePlan is committed to carrying out business in a responsible manner, based on sound business ethics and with respect for our stakeholders and society. We act in accordance with applicable laws and regulations, our Code of Conduct and all related internal policies and standards.

As such LeasePlan relaunched its Anti-Bribery programme, and reviewed its Anti-Bribery and Anti-Corruption Policy, among other measures. Following that review a number of changes have been made to how LeasePlan approaches charitable donations and sponsorships across the company. The new Policy has been implemented and raised awareness on bribery and corruption in general and the new policy more specific. In 2019, zero cases of bribery were detected.

Insurance Distribution Directive

The Insurance Distribution Directive (IDD) 2016/97/EU took effect in most of LeasePlan’s European markets in late 2018. The Directive introduces new rules in relation to the distribution of insurance, particularly in the areas of training, transparency and business conduct. The Directive primarily aims to increase levels of consumer protection. LeasePlan’s insurance intermediaries implemented these changes, including increased transparency to their clients and new national training requirements.

Legal

The Legal Function, reporting directly to the CEO, has continued to evolve rapidly to keep pace with the changing needs of the business by becoming a strategic partner and business enabler. Legal is working to ensure its team members have the necessary tools and skills to manage the transition from being the sole source of legal services to one in which they are managing an ecosystem of legal service providers. These services will be underpinned by innovative technology processes and solutions.

Recent developments in the global legal function include:

  • The launch and ongoing development of several legal tech solutions, such as a global Litigation Tracking tool, a global One Contract SharePoint site, a new global Corporate Housekeeping tool, e-signing capabilities, smart contracting and One On One legal SharePoint site.
  • New IP/IT team dedicated to digital, technology and intellectual property providing focused support on all technology and intellectual property initiatives and supporting digital with the implementation of the Customer Journeys across the LeasePlan group and the Next Generation Digital Architecture.
  • Cross jurisdictional (EU) harmonisation of contract terms such as NDAs and general terms and conditions for operational leasing.
  • Updating various policies and charters, including Outsourcing Policy & Standard to new EBA Guidelines, Competition Compliance Policy and Regulations Signing Authorities.
  • Strengthening of the legal finance team providing dedicated support to the Strategic Finance and Treasury Teams with the 144A Programme, the EMTN Programme (including Green Bonds), the Bumper Securitisation transactions, the AT1 transaction, bank lines and other products.
  • Dedicated in house labour law specialist supporting Group HR with legal support on topics such as dismissals, employment conditions, remuneration and employee co-determination.

End of

Risk Management

Next

Leadership Team

Go back