Risk management

A business must take risks to create value. Having a risk management policy allows a company to take risks in a managed and controlled manner. Within Q-Park strategic, operational, financial, and reputational risks are made controllable by carefully weighing risks and returns against each other. Effective risk management is integrated into its daily operations.

Q-Park deploys a top-down risk management policy in which strategic risk management is executed at corporate level. Responsibility for operational risk management lies primarily with local management of the countries in which the Group operates. The Executive Board however bears ultimate responsibility for managing the risks the company faces.

Risk management and internal control

Ongoing identification and assessment of risks is part of our governance and periodic business review. Our Enterprise Risk Management (ERM) policy is designed to provide management with an understanding of the key business risks the company faces. It also provides methods and processes to manage the risks that might hamper the business achieving key objectives and to initiate actions required to mitigate these risks.

As part of the ERM framework a separate compliance function was introduced in 2018 in order to develop and implement a Q-Park Compliance Programme. In 2018 this compliance programme was communicated to local management within the Group. The risk management mechanism ensures:

  • Top-down awareness of the importance to manage compliance areas;
  • A structured follow up of compliance action plans.

The focus areas identified for 2018 (and continuing in 2019) include information security, ethics & integrity, GDPR and PCI-DSS.

The Executive Board and key management periodically review the risks and the related mitigation controls and procedures from the ERM process. Furthermore, they provide complementary insights into existing and emerging risks that are subsequently included in the policy. The ERM policy influences the formation of controls and procedures, and the focus of business planning and performance process.

Risk appetite

Factors which determine the risk appetite include the international spread of the business, the robustness of the balance sheet, long-term duration of contracts, strength of cash flows and a commitment to conservative financial management. Our risk appetite varies per objective and risk category:

  • Strategic: Taking strategic risks is an inherent part of how we do business. In pursuing growth as a strategic ambition, we are prepared to take risks in a responsible way, taking account of our stakeholders' interests.
  • Operational: Depending on the type of operational risk, we take a cautious to averse approach. We give the highest priority to ensuring the safety of our employees and customers, to delivering the highest level of service, and to protecting the company's reputation.
  • Financial: We pursue a conservative financial strategy, including a balanced combination of self-insurance and commercial insurance coverage.
  • Compliance: We are averse to the risk of non-compliance with relevant laws or regulations, or non-compliance with our own codes, contractual agreements, and covenants.
  • Fraudulent and unethical behaviour: We are committed to act with honesty, integrity, and respect. We are fully averse to risks relating to fraudulent behaviour and apply a zero-tolerance policy.

Main risks

The following risk overview highlights the main risks which might prevent us in achieving our strategic, operational, and financial objectives. The risks described are not an exhaustive list of the risks. There may be additional risks which do not constitute a direct threat in the short-term, or risks which management deems immaterial or otherwise common to most companies, but which could at some time have a material adverse effect on our financial position, results, operations, or liquidity.

Strategic

Download XLS

Risk description

Risk management measures

Regulatory changes to inner-city parking

National or local governments could implement measures which are potentially unfavourable to the parking sector; for instance, as a result of pressure from public opinion, pressure groups, or election results. For example, the debate on banning traffic within city boundaries could adversely affect inner-city parking, resulting in lower revenue, and diminished profitability.

  • Cooperate with governments, NGOs, and businesses.
  • Ensure geographic diversification of Q-Park's portfolio in the different countries and a further spread across multiple indirect markets.
  • Invest extensively in online platforms and value-added services to become a proactive business partner for local authorities.

Economic environment

Factors that potentially influence parking prices include pressure from the general public and retailers, political changes, or a long-term fall in GDP. Lower parking prices would significantly impact Q-Park’s profitability and cash flows.

  • Cooperate with governments, NGOs, and other businesses.
  • Highlight the relevance of regulated and paid parking to society.
  • Use calculation models to set different parking tariff schemes. Simulate the effects of changing these schemes to align prices with the local circumstances and market situation.
  • Strengthen the commercial, customer, and market intelligence organisation.

Competitive environment and economic conditions

The parking market is characterised by intense competition between existing players. Competition from new technologies is also disrupting the current parking market, resulting in an increased focus on ICT developments.

  • Invest extensively in online platforms and PMSs to prepare the organisation for more efficient access and payment solutions.
  • Closely monitor developments in payment services and by parking service providers.
  • Ensure geographic diversification of Q-Park's portfolio and a further spread across multiple indirect markets.

Dependency on other businesses and local developments

A car parking service is an indirect service which depends on external factors (e.g. offices, shopping centres, leisure amenities). New consumer behaviour (e.g. online shopping, working from home) or changes in the popularity of certain stores or locations pose a risk of a significant decrease in parking demand and, hence, a decrease in Q-Park’s business and revenue.

  • Ensure geographic diversification of Q-Park's portfolio and a further spread across multiple indirect markets.
  • Manage portfolio with focus on large multifunctional inner-city locations.

Operational

Download XLS

Risk description

Risk management measures

Safety and liability

The safety of our customers and employees is our top priority. If an employee or a customer sustains injury while at work or while visiting one of the Q-Park parking facilities, this could impact our reputation.

  • Adhere to health and safety procedures relating to employees and customers.
  • Invest in maintenance to ensure clean and safe parking facilities with proper instructions for visitors.
  • Training and development to focus on personal safety and safety measures in and around our parking facilities.

Dependency risks, interruptions, and business continuity

Continuity of the company and its business is crucial. Continuity depends on a number of factors, including suppliers. We are particularly vulnerable regarding PMSs, ICT, and infrastructure.

  • Use different systems from independent suppliers where operational efficiency remains the primary objective.
  • Conduct preventive maintenance and make targeted investments.
  • Connect the QCR to parking facilities to assist in the event of business interruptions.
  • Operate 24-hour service desk.

Staffing and retention

Good, experienced, and knowledgeable people are the foundation of our company and its success. The company must ensure that it is able to employ and retain the right people.

  • Maintain a system for performance measurement and annual reviews.
  • Ensure effective employer branding and communication to the labour market.
  • Develop training and development opportunities for employees.

Ethics and integrity

Ethics and integrity are important conditions for confidence in the company. Behaviour deemed to be unethical could lead to loss of revenue and reputation.

  • Maintain a code of ethics and whistle-blower policy.
  • Ensure Executive Board and management demonstrate ‘tone at the top’.
  • Apply a zero-tolerance strategy.
  • Encourage non-cash payments and hire external parties for cash collection.

Financial

Download XLS

Risk description

Risk management measures

Valuation of fixed assets and goodwill

The company owns a considerable amount of property and goodwill. If the economic climate deteriorates and potential impairments are not identified, determined, or communicated in a timely fashion, the company could incur reputational damage.

  • Evaluate the existence of impairment indicators on an annual basis.
  • Monitor performance against business plans to identify risk areas and act timely.
  • Employ an independent valuation expert to conduct periodic valuations when necessary.

Financing

Given that the nature of the business is capital-intensive, access to external financing is crucial for continuity. A liquidity risk could arise if external financing is not available to the company when refinancing is required.

  • Adopt a financing policy.
  • Strict monitoring of covenants.
  • Consult regularly with external debt providers to discuss the ongoing business, results, and strategy.

Interest rate risks

The external debts are subject to variable interest rates, thereby exposing the company to fluctuations in interest rates. A significant increase in variable interest rates would have a negative impact on results.

  • Seek a mix of fixed and variable interest rates for financing operations, combined with the use of interest rate instruments.
  • Adopt an interest rate policy in which part of the bank debt is covered by interest rate derivatives (interest rate swaps and interest caps).

Currency risk

The company's functional currency is the euro. Given that the company also operates in countries with a different functional currency, we are exposed to fluctuations in those currencies.

  • Monitor and report periodically on currency risk exposure.
  • Optimise currency risk through natural hedges (external debt in foreign currency equal to the exposure).

Compliance and reporting

Download XLS

Risk description

Risk management measures

Financial statement does not give a true and fair view

If misstatements are made such that the financial statements do not give a true and fair view of the company's financial position, financial performance, and cash flows, users of the financial statements would be incorrectly informed.

  • Maintain common accounting policies, reporting processes, and standard chart of accounts.
  • Monitor critical access and segregation of duties and perform compensating controls if necessary.
  • Actively involve all stakeholders.

ICT and information security

Given the increasing use of mobile communication and the professionalism of cybercriminals, the company must focus constantly on continuity of ICT systems and on ensuring the security of crucial information and sensitive customer data (e.g. payment card details, passwords). The theft of crucial or sensitive data could result in reputation damage, information leakage to competitors, as well as claims against the company.

  • Focus area of the introduced compliance programme with the aim to further improve compliance with standards (e.g. PCI DSS, GDPR).
  • Invest in ICT platform and the set-up of a related security policy to secure confidentiality and integrity of data, including continuity measures in conjunction with outsourcing partners.
  • Further centralisation of ICT systems allowing central enforcement of security measures.

Non-compliance with European and national laws

Changes in the legal and regulatory environment tend to increase the risk of non-compliance with local, national, and international laws and regulations, as well as tax legislation. Failure to comply with applicable regulations could lead to fines, claims, and reputational damage.

  • Introduction of a compliance function and related compliance program.
  • Establish corporate functions to monitor local risks and challenges from a Group perspective (e.g. compliance, tax, finance, and legal).
  • Involve external specialists where necessary.