Risk management

UPM regards risk management as a systematic and proactive means to analyse and manage the opportunities and threats related to its business operations. This includes also risks avoided by careful planning and evaluation of future projects and business environment. The company’s risk management objectives and operating principles are defined in the Risk Management Policy approved by the Board of Directors.


The management of financial risks is based on the Group Treasury Policy, confirmed by the Board of Directors. The Board has also confirmed the Treasury Policy for Subsidiaries and Business Units. Group Treasury is centrally responsible for funding, liquidity management, debt investor relations, and also for management of financial risks in co-operation with the Risk Management Function.

Risk management responsibilities

Risk management is an integral part of UPM’s management system as risk taking is a normal part of business operations. While executing strategies, UPM and its business areas, functions and manufacturing units are exposed to a number of risk and opportunities. Each business area, function and unit is responsible for identifying, assessing and managing risks related to its own operations, and for reporting on risk exposures, risk management activities and results to their management team and to the Risk Management Function.

UPM’s Risk Management Function is responsible for:

  • communicating and enforcing the Risk Management Policy and risk limits
  • developing group-wide risk management procedures and guidelines
  • measuring and monitoring risk management performance
  • aggregating and reporting the risk management information collected from the business areas, functions and manufacturing units to the Risk Management Committee and the Audit Committee.

The Risk Management Committee, chaired by the CFO, is responsible for recommending risk tolerances and profile to the President and CEO and the Group Executive Team. The Group Executive Team is responsible for defining risk management priorities and tolerance, and aligning business and risk management strategies and policies.

The Audit Committee monitors the efficiency of the company’s risk management systems and oversees that risk management activities are aligned with the Risk Management Policy and that risk assessments are used to focus internal audit activities. The Board of Directors oversees the assessment and management of risks related to the company’s strategy and operations.

Risk factors

At UPM, risk factors are classified as strategic risks, operational risks, financial risks and hazard risks. The main risk factors that can materially affect the company’s business and financial results are presented in the Report of the Board of Directors on pages 84–86 of the Annual Report 2015. Near-term risks and uncertainties are described in the interim reports issued by the company quarterly. A description of the financial risks and financial risk management is available in the Notes to the consolidated financial statements on pages 100–102 of the Annual Report 2015.

Risk management pertaining to financial reporting

The company’s risk management pertaining to financial reporting is also based on the Risk Management Policy approved by the Board of Directors, and on the principles, roles, responsibilities and risk management processes set out in the policy. Risk management pertaining to financial reporting is described in the Corporate Governance Statements issued by the company annually.