Key risk and description Risk mitigation Opportunities Geopolitical changes Instability and geoeconomic confrontations affecting business could arise from changes in government, military control, war, or tensions between countries. These may lead to regulatory changes, such as protectionist trade policies that affect Epiroc’s industry, supply chain and logistics, or affect Epiroc in geographical markets. Pandemics and resulting political regulations and restrictions could significantly impact Epiroc’s operations – for instance, production and supply of equipment and aftermarket services – while also affecting customers and suppliers. Regular discussions and updates at all business levels about geopolitical situations, footprint, targeted M&A, sales perspective, and responsive actions. Planning for responding activities to identified geopolitical risks gives Epiroc a flexibility to adapt when circumstances change and improves Epiroc’s competitive position. Market and technology innovation Demand for Epiroc’s equipment and services is affected by changes in customers’ investment plans and production levels. These could change due to economic downturns, geopolitical tensions and volatility of mineral commodity prices. Demand also relies on customers’ need for new technologies and consideration of sustainability-related risk. A significant aftermarket requirement over the equipment lifecycle creates a large and resilient service business. A flexible manufacturing setup with a large share of components purchased from suppliers. Opportunity to further develop the aftermarket business and increase customer satisfaction and retention. Lean initiatives in manufacturing enable a more agile setup with enhanced flexibility. Competition The markets are highly competitive in terms of pricing, product design and service quality, the timing of the development and introduction of new products, customer service, and financing terms and conditions. Intense competition from significant competitors and, to a lesser extent but still increasingly, companies operating with lower costs and margins. Consolidation of competitors in our markets, resulting in fewer manufacturers, could affect our market position if Epiroc fails to effectively participate in the consolidation. Continuous analysis and monitoring of market external factors and customer preferences in order to compete successfully and anticipate and respond to evolving market demand, including demand for new products. This also includes a corresponding mergers and acquisitions strategy. Development of high-quality solutions that are in line with customer demand, such as increased productivity, lower total cost of ownership and reduced environmental impact. Opportunities to continuously increase operational efficiency and lower costs of operations and improve competitive position. Acquisitions and divestments Failure to capture synergies as anticipated and integration shortfalls have a negative impact on the business. A clear M&A process and focused project management for integration. Enhancement of the integration process, leading to speed and efficiency of integration and realization of synergies.

Key risk and description Risk mitigation Opportunities Cyber security and information Epiroc could experience business interruptions caused by cybercrime, disruptions to critical IT services or other breaches of its information systems that could lead to loss of intellectual property. The increase in remote working in recent years has brought additional risk through exposure to more potential attack vectors. If breaches are not detected early and responded to effectively, they can harm Epiroc’s reputation and have an adverse effect on the financial results. Quarterly updates from Group Information Security to Group Management and to the Board on a semi-annual basis. The cyber security program improves the handling of cyber security risks through, e.g., targeted and general security awareness training for all employees, improved protection of Epiroc data to meet regulatory and legislative requirements and increased resilience, i.e., the capability to withstand or recover quickly from adverse events. Improvement of cyber security and resilience goes hand-in-hand with increased customer demand for security and consolidates Epiroc’s competitive position, notably within automation and digitalization. Climate transition Risks associated with the transition to a low-carbon economy include lack of compliance with new product requirements and environmental and climate-related legislation, and failure to develop, launch and market new products or respond to technological development and customer demand for sustainable products. Continuous monitoring of environmental and climate-related legislation and establishment of relevant mechanisms. Improved environmental performance is always an important component of innovation. The Board performs an annual oversight of risks, including environmental and climate related risks. Increasing demand for sustainable equipment is met by developing products and services and/or expanding the offering with a better environmental performance. Battery technologies and connected equipment and other solutions can add value and help drive the transition to low carbon solutions. Implementation of 2030 sustainability goals places the organization on the pathway to halving CO2e emissions in Scopes 1, 2 and 3. Loss of freedom to operate Intellectual property risks include legal costs related to the protection of IP rights, loss of value of an IP asset or associated product revenues as a result of legal findings of invalidity, unenforceability, or non-infringement, or challenges to title or ownership, which could cause loss of freedom to operate. An Epiroc Intellectual Property Rights process covering risk assessment and relevant tools, such as a freedom-to-operate search and training of employees. Alignment of Intellectual Property (IP) Protection with R&D projects and M&A processes. Protection of intellectual property contributes to business stability and improves Epiroc’s competitive position. Recruitment and retention of key personnel Failure to attract and retain key teams and employees poses a risk of Epiroc losing its leading position on the market. If Epiroc fails to monitor its need for employees or is unable to continue to attract and retain highly qualified management and other skilled employees on acceptable terms, the company may experience difficulties in sustaining or further developing parts of its business. Recruitment can take place both externally and internally. Internal recruitment and job rotation are facilitated by the internal job market. Epiroc strives to maintain good relationships with unions and universities. An employee survey is carried out every year and followed up actively. Proactive performance management and development of employees with their managers. Employer branding activities and solid onboarding programs. Ambitious targets for employees and managers, aligned with business targets, with accountability for results and in an environment of trust and individual responsibility. The 2030 sustainability goals leads and encourages the organization towards improved safety and increased diversity. Allowing remote working (depending on position) and encouraging virtual cooperation. Fostering internal mobility within the company through an internal job market. Training and development programs. Parental leave policy granting a minimum of 12 weeks of paid parental leave across the global organization. Supply chain Incorrect deliveries, failure to fulfill delivery obligations or inadequate capacity at suppliers could cause delays or failures in deliveries, which in turn may cause reduced sales and a decline in customer confidence. Supply disruptions could arise from shortages of raw materials, labor disputes, weather conditions, transportation disruptions or other factors beyond Epiroc’s control. Risk of Epiroc’s business partners not sharing the values expressed in the Epiroc Business Partner Code of Conduct. Selection and evaluation of business partners based on objective factors, including quality, delivery, price, and reliability, as well as commitment to environmental and social performance. Screening of selected business partners. Inventory control and establishment of a global network of sub-suppliers, to avoid supplier dependency. Provision of timely and sufficient information to suppliers enabling them to manage changes in volumes. Requirement for business partners to sign the Business Partner Code of Conduct. Increased business agility and cost reductions as a result of improved supplier inventory management in response to changes in demand. Continued position as a preferred business partner, promoting efficiency, sustainability, and safety. Reduction of the risk of corruption and conflicts by promotion of human rights and work on improved labor conditions. Opportunity to strengthen customer relationships by readiness to support customers affected by the Dodd Frank legislation on conflict minerals. Product development and quality Several markets are characterized by technological advances and changes in customer preferences. Risks arise from failure to develop, launch and market new products in response to customer demand for productivity, circularity and sustainability. Product development is affected by legislation on matters such as emissions, noise, vibrations, pollution and recycling. This may increase the risk of competition in emerging markets where such legislation is sometimes less strict. There is also a risk of substitution of existing Epiroc products and services with lower-emission options from competitors. Any defective products will impose a risk of product liability and damage to third party property or causing bodily injury. Continuous investments in research and development to develop products in line with customer demand and expectations. Design of products with a lifecycle and circular perspective. Design of products with reduced emissions, vibrations or noise and increased recycling potential to meet legislative requirements. Ongoing standardization of process for quality control (test, verification and validation). Ensuring that supplier management has the same level of quality assurance on vendors and suppliers. Substantial opportunities to strengthen competitive edge by innovating high quality, sustainable products and creating an integrated value proposition for customers as well as meeting external environmental risks. Implementation of the 2030 sustainability goals leads the organization towards halving CO2e emissions in operations, transport and use of products. Promotion of the integration of the Sustainable Development Goals into operations. Targeted activities contribute to limiting Epiroc’s exposures. In addition, quality assured products can increase customer retention, improve reputation and increase people safety Safety and health Inadequate adherence to safety and health principles and regulations can lead to accidents causing harm to people, productivity and the Epiroc brand. Health and safety laws and regulations are becoming more complex and potentially costly. Assessment and management of safety and health risks in operations is standard procedure. All necessary safety wear is provided for employees who need to be in production or in the field. All major units are certified in accordance with the ISO45001 standard. Development of a culture with safety first in mind is key, and activities to highlight this, such as the “SafeStart-program”, “Live Work Elimination” and Epiroc Safety Day, are organized throughout the Group alongside a strong Safety Management System. Business partners are offered training in Epiroc’s policies including health and safety Improved safety and health increases productivity and employee and business partner satisfaction. Implementation of the 2030 sustainability goals lead the organization towards improved health and safety Diversity and inclusion Improper inclusion can lead to lack of innovation, poor efficiency, and loss of business opportunity. Potential claims, depending on the region, can lead to increased costs and a bad reputation. Ensuring a diverse talent pool in Epiroc by having professional recruitment processes with talent acquisition specialists. Promoting a culture towards safety leadership. Epiroc’s whistleblowing function Speak Up and compliance processes support transparency in matters where advice is sought, or concerns are raised about a potential ethical or legal violation by employees or business partners. Varied perspectives foster creativity and innovation. Better problem-solving and decision-making due to varied experiences and viewpoints. Higher employee satisfaction and engagement, leading to better performance Easier to attracting talent from a wider range of backgrounds, enhancing competitive edge. Production Epiroc’s entities may face disruptions caused by events such as weather extremes, machinery breakdowns or a major fire leading to business interruption and loss of business income as well as reputational risks Global implementation of Epiroc Loss Prevention Standard focusing on people safety and business continuity. Entities, including newly acquired companies, are measured against our standard. The outcome provides an overview of improvement areas and recommended actions in order of priority Business continuity planning prepares managers and the Epiroc business on how to act in response to disruptions. Recovery is an essential factor in the case of disruption in order to keep commitments to suppliers, customers and employees and limit our exposure to financial loss.

Key risk and description Risk mitigation Opportunities Compliance, data privacy, fraud and corruption Violation of laws on anti-corruption, anti-money-laundering, trade compliance, competition law compliance and data privacy may result in fines, claims for compensation and other financial damages as well as impairing Epiroc's reputation. Inadequate internal controls could result in Epiroc becoming more vulnerable in relation to individual employees acting in breach of the applicable legal framework, either by mistake or intentionally. Deficiencies in internal control could also cause investors and other third parties to lose confidence in Epiroc’s reported financial information. Mandatory training in Epiroc CoC for all employees with a requirement to sign a CoC statement, and advanced training for certain employee categories. Support for entities from in-house lawyers providing advice on corruption laws and regulations. Epiroc’s internal policies and guidelines are published in the Epiroc Way. Training and digital tools to ensure that Epiroc and its employees around the world have the right knowledge for correct decision making. The Compliance Board´s mission is to ensure that Epiroc’s CoC is implemented and complied with. The CoC and Group policies on how companies should conduct business responsibly will help ensure the trust of our stakeholders. Compliance with legal norms and laws minimizes costs. Implementation of the 2030 sustainability goals supports compliance with the CoC.

Key risk and description Risk mitigation Opportunities Currency, financial reporting and trade receivables Risk areas include currency, credit and counterparty, hedging, commodity price, tax reporting, and the risk of Epiroc encountering difficulties in repaying its debts and financing its operations. Reporting risks are risks that financial reports will not give a fair view of Epiroc´s financial position and performance. There is also a risk that impairment of goodwill or other intangible assets will adversely affect the financial results. Epiroc policies are available in the Epiroc Way. The Group manages the risks via the Financial Risk Management Committee (FRMC) with a mandate given by the Board. Group Treasury has operational responsibility for financial risk management in the Group and reports to the FRMC, which reports to the Audit Committee. A proven process for risk management for financial risks contributes to compliance with financial laws, agility and trust and hence strengthens the position for Epiroc as a trusted business partner.

Key risk and description Risk mitigation Opportunities Insurance Epiroc insurance policies may provide insufficient protection. Global insurance programs, arranged by Group Risk Management and Insurance, lead to adequacy and cost-efficiency via optimization of risk transfer levels and support for the business in understanding insurance applicability. Cost-efficiency and control, enabling business and to meet customer and supplier commitments. Reputation The risk of harm to Epiroc’s reputation and a negative impact on business results may arise from various sources: customers’ loss of confidence in the safety and quality of the products and services provided, deterioration of the quality of the products and services offered by Epiroc, including timing of delivery or product quality and availability, whether due to a mistake by Epiroc or a third party, failure on the part of Epiroc, or indirectly through business partners or customers, to comply with laws, regulations, ethical, social, product, labor, health and safety, environmental or other standards, or related political considerations. Epiroc may be subject to complaints and lawsuits from customers, employees, suppliers and other third parties, with allegations of product damage, health, environmental, safety, data protection, antitrust, corruption, money laundering, export restrictions or operational concerns, nuisance, negligence or failure to comply with applicable laws and regulations. Testing and quality-assurance of all products. Monitoring of product labeling and regular communications training. Epiroc has a clear, well-known brand. The Group actively engages in stakeholder dialogue. Mandatory CoC training includes the annual signing of a CoC Compliance Statement. Reporting of ethical and legal violations via the whistleblower system (or functions), Speak Up, is encouraged via various communication channels including physical posters at our locations. Quality-assured products improve customer satisfaction and promote recurring business. Stakeholder engagement can increase the awareness and credibility of Epiroc’s brand through collaboration and adoptability . Increased access to new and emerging markets. The CoC with principles for how companies should conduct business responsibly helps Epiroc to safeguard its reputation and the trust of stakeholders. A high social and environmental profile is particularly important since Epiroc is present in many regions where the impacts from climate change may be severe and resilience low. Implementation of the 2030 sustainability goals helps to ensure compliance with applicable legislation. Product quality and product liability Any defective products will pose a risk of product liability and damage to third party property or causing bodily injury. Ongoing standardization of the process for quality control (testing, verification and validation). Ensuring that supplier management has the same level of quality assurance on vendors and suppliers. Targeted activities contribute to limiting Epiroc’s exposures. In addition, quality assured products can increase customer retention, improve reputation and increase people safety

Risk overview

Epiroc has customers in around 150 countries, which implies both risks and opportunities. Effective risk management not only reduces the risk in the business but also contributes to profitable growth for Epiroc

In the model below our key risks, as identified in Enterprise Risk Management assessment process, are presented. These have the greatest risk factor, by negative impact, and the closer to the middle they are, the more probable. Other risks, such as insurance, reputation as well as product quality and liability cover all four areas. Our mitigating actions and opportunity per key risk are described for each area in the information below.

The Code of Conduct describes who we are as a company and what we stand for. It outlines the appropriate business conduct and expected behaviors we all must follow to live up to the high ethical standards and integrity we hold ourselves to. Financial results are important and a measurement of success, but just as important is how we achieve these results

For Epiroc, conducting business in a responsible manner is of great importance. Epiroc chooses to work with business partners who stand behind the quality of the goods and services they provide and act in accordance with high ethical standards and integrity

Key risks, risk mitigation and opportunities

We have divided the risks into following areas Strategic risks, Business risks, Compliance risk, Financial risk and other risks. Please click on each area below to see the details.

Strategic risks

Key risk and description	Risk mitigation	Opportunities
Geopolitical changes
Instability and geoeconomic confrontations affecting business could arise from changes in government, military control, war, or tensions between countries. These may lead to regulatory changes, such as protectionist trade policies that affect Epiroc’s industry, supply chain and logistics, or affect Epiroc in geographical markets. Pandemics and resulting political regulations and restrictions could significantly impact Epiroc’s operations – for instance, production and supply of equipment and aftermarket services – while also affecting customers and suppliers.	Regular discussions and updates at all business levels about geopolitical situations, footprint, targeted M&A, sales perspective, and responsive actions.	Planning for responding activities to identified geopolitical risks gives Epiroc a flexibility to adapt when circumstances change and improves Epiroc’s competitive position.
Market and technology innovation
Demand for Epiroc’s equipment and services is affected by changes in customers’ investment plans and production levels. These could change due to economic downturns, geopolitical tensions and volatility of mineral commodity prices. Demand also relies on customers’ need for new technologies and consideration of sustainability-related risk.	A significant aftermarket requirement over the equipment lifecycle creates a large and resilient service business. A flexible manufacturing setup with a large share of components purchased from suppliers.	Opportunity to further develop the aftermarket business and increase customer satisfaction and retention. Lean initiatives in manufacturing enable a more agile setup with enhanced flexibility.
Competition
The markets are highly competitive in terms of pricing, product design and service quality, the timing of the development and introduction of new products, customer service, and financing terms and conditions. Intense competition from significant competitors and, to a lesser extent but still increasingly, companies operating with lower costs and margins. Consolidation of competitors in our markets, resulting in fewer manufacturers, could affect our market position if Epiroc fails to effectively participate in the consolidation.	Continuous analysis and monitoring of market external factors and customer preferences in order to compete successfully and anticipate and respond to evolving market demand, including demand for new products. This also includes a corresponding mergers and acquisitions strategy.	Development of high-quality solutions that are in line with customer demand, such as increased productivity, lower total cost of ownership and reduced environmental impact. Opportunities to continuously increase operational efficiency and lower costs of operations and improve competitive position.
Acquisitions and divestments
Failure to capture synergies as anticipated and integration shortfalls have a negative impact on the business.	A clear M&A process and focused project management for integration.	Enhancement of the integration process, leading to speed and efficiency of integration and realization of synergies.

Business risks

Key risk and description	Risk mitigation	Opportunities
Cyber security and information
Epiroc could experience business interruptions caused by cybercrime, disruptions to critical IT services or other breaches of its information systems that could lead to loss of intellectual property. The increase in remote working in recent years has brought additional risk through exposure to more potential attack vectors. If breaches are not detected early and responded to effectively, they can harm Epiroc’s reputation and have an adverse effect on the financial results.	Quarterly updates from Group Information Security to Group Management and to the Board on a semi-annual basis. The cyber security program improves the handling of cyber security risks through, e.g., targeted and general security awareness training for all employees, improved protection of Epiroc data to meet regulatory and legislative requirements and increased resilience, i.e., the capability to withstand or recover quickly from adverse events.	Improvement of cyber security and resilience goes hand-in-hand with increased customer demand for security and consolidates Epiroc’s competitive position, notably within automation and digitalization.
Climate transition
Risks associated with the transition to a low-carbon economy include lack of compliance with new product requirements and environmental and climate-related legislation, and failure to develop, launch and market new products or respond to technological development and customer demand for sustainable products.	Continuous monitoring of environmental and climate-related legislation and establishment of relevant mechanisms. Improved environmental performance is always an important component of innovation. The Board performs an annual oversight of risks, including environmental and climate related risks.	Increasing demand for sustainable equipment is met by developing products and services and/or expanding the offering with a better environmental performance. Battery technologies and connected equipment and other solutions can add value and help drive the transition to low carbon solutions. Implementation of 2030 sustainability goals places the organization on the pathway to halving CO2e emissions in Scopes 1, 2 and 3.
Loss of freedom to operate
Intellectual property risks include legal costs related to the protection of IP rights, loss of value of an IP asset or associated product revenues as a result of legal findings of invalidity, unenforceability, or non-infringement, or challenges to title or ownership, which could cause loss of freedom to operate.	An Epiroc Intellectual Property Rights process covering risk assessment and relevant tools, such as a freedom-to-operate search and training of employees. Alignment of Intellectual Property (IP) Protection with R&D projects and M&A processes.	Protection of intellectual property contributes to business stability and improves Epiroc’s competitive position.
Recruitment and retention of key personnel
Failure to attract and retain key teams and employees poses a risk of Epiroc losing its leading position on the market. If Epiroc fails to monitor its need for employees or is unable to continue to attract and retain highly qualified management and other skilled employees on acceptable terms, the company may experience difficulties in sustaining or further developing parts of its business.	Recruitment can take place both externally and internally. Internal recruitment and job rotation are facilitated by the internal job market. Epiroc strives to maintain good relationships with unions and universities. An employee survey is carried out every year and followed up actively. Proactive performance management and development of employees with their managers.	Employer branding activities and solid onboarding programs. Ambitious targets for employees and managers, aligned with business targets, with accountability for results and in an environment of trust and individual responsibility. The 2030 sustainability goals leads and encourages the organization towards improved safety and increased diversity. Allowing remote working (depending on position) and encouraging virtual cooperation. Fostering internal mobility within the company through an internal job market. Training and development programs. Parental leave policy granting a minimum of 12 weeks of paid parental leave across the global organization.
Supply chain
Incorrect deliveries, failure to fulfill delivery obligations or inadequate capacity at suppliers could cause delays or failures in deliveries, which in turn may cause reduced sales and a decline in customer confidence. Supply disruptions could arise from shortages of raw materials, labor disputes, weather conditions, transportation disruptions or other factors beyond Epiroc’s control. Risk of Epiroc’s business partners not sharing the values expressed in the Epiroc Business Partner Code of Conduct.	Selection and evaluation of business partners based on objective factors, including quality, delivery, price, and reliability, as well as commitment to environmental and social performance. Screening of selected business partners. Inventory control and establishment of a global network of sub-suppliers, to avoid supplier dependency. Provision of timely and sufficient information to suppliers enabling them to manage changes in volumes. Requirement for business partners to sign the Business Partner Code of Conduct.	Increased business agility and cost reductions as a result of improved supplier inventory management in response to changes in demand. Continued position as a preferred business partner, promoting efficiency, sustainability, and safety. Reduction of the risk of corruption and conflicts by promotion of human rights and work on improved labor conditions. Opportunity to strengthen customer relationships by readiness to support customers affected by the Dodd Frank legislation on conflict minerals.
Product development and quality
Several markets are characterized by technological advances and changes in customer preferences. Risks arise from failure to develop, launch and market new products in response to customer demand for productivity, circularity and sustainability. Product development is affected by legislation on matters such as emissions, noise, vibrations, pollution and recycling. This may increase the risk of competition in emerging markets where such legislation is sometimes less strict. There is also a risk of substitution of existing Epiroc products and services with lower-emission options from competitors. Any defective products will impose a risk of product liability and damage to third party property or causing bodily injury.	Continuous investments in research and development to develop products in line with customer demand and expectations. Design of products with a lifecycle and circular perspective. Design of products with reduced emissions, vibrations or noise and increased recycling potential to meet legislative requirements. Ongoing standardization of process for quality control (test, verification and validation). Ensuring that supplier management has the same level of quality assurance on vendors and suppliers.	Substantial opportunities to strengthen competitive edge by innovating high quality, sustainable products and creating an integrated value proposition for customers as well as meeting external environmental risks. Implementation of the 2030 sustainability goals leads the organization towards halving CO2e emissions in operations, transport and use of products. Promotion of the integration of the Sustainable Development Goals into operations. Targeted activities contribute to limiting Epiroc’s exposures. In addition, quality assured products can increase customer retention, improve reputation and increase people safety
Safety and health
Inadequate adherence to safety and health principles and regulations can lead to accidents causing harm to people, productivity and the Epiroc brand. Health and safety laws and regulations are becoming more complex and potentially costly.	Assessment and management of safety and health risks in operations is standard procedure. All necessary safety wear is provided for employees who need to be in production or in the field. All major units are certified in accordance with the ISO45001 standard. Development of a culture with safety first in mind is key, and activities to highlight this, such as the “SafeStart-program”, “Live Work Elimination” and Epiroc Safety Day, are organized throughout the Group alongside a strong Safety Management System. Business partners are offered training in Epiroc’s policies including health and safety	Improved safety and health increases productivity and employee and business partner satisfaction. Implementation of the 2030 sustainability goals lead the organization towards improved health and safety
Diversity and inclusion
Improper inclusion can lead to lack of innovation, poor efficiency, and loss of business opportunity. Potential claims, depending on the region, can lead to increased costs and a bad reputation.	Ensuring a diverse talent pool in Epiroc by having professional recruitment processes with talent acquisition specialists. Promoting a culture towards safety leadership. Epiroc’s whistleblowing function Speak Up and compliance processes support transparency in matters where advice is sought, or concerns are raised about a potential ethical or legal violation by employees or business partners.	Varied perspectives foster creativity and innovation. Better problem-solving and decision-making due to varied experiences and viewpoints. Higher employee satisfaction and engagement, leading to better performance Easier to attracting talent from a wider range of backgrounds, enhancing competitive edge.
Production
Epiroc’s entities may face disruptions caused by events such as weather extremes, machinery breakdowns or a major fire leading to business interruption and loss of business income as well as reputational risks	Global implementation of Epiroc Loss Prevention Standard focusing on people safety and business continuity. Entities, including newly acquired companies, are measured against our standard. The outcome provides an overview of improvement areas and recommended actions in order of priority	Business continuity planning prepares managers and the Epiroc business on how to act in response to disruptions. Recovery is an essential factor in the case of disruption in order to keep commitments to suppliers, customers and employees and limit our exposure to financial loss.

Compliance risks

Key risk and description	Risk mitigation	Opportunities
Compliance, data privacy, fraud and corruption
Violation of laws on anti-corruption, anti-money-laundering, trade compliance, competition law compliance and data privacy may result in fines, claims for compensation and other financial damages as well as impairing Epiroc's reputation. Inadequate internal controls could result in Epiroc becoming more vulnerable in relation to individual employees acting in breach of the applicable legal framework, either by mistake or intentionally. Deficiencies in internal control could also cause investors and other third parties to lose confidence in Epiroc’s reported financial information.	Mandatory training in Epiroc CoC for all employees with a requirement to sign a CoC statement, and advanced training for certain employee categories. Support for entities from in-house lawyers providing advice on corruption laws and regulations. Epiroc’s internal policies and guidelines are published in the Epiroc Way. Training and digital tools to ensure that Epiroc and its employees around the world have the right knowledge for correct decision making. The Compliance Board´s mission is to ensure that Epiroc’s CoC is implemented and complied with.	The CoC and Group policies on how companies should conduct business responsibly will help ensure the trust of our stakeholders. Compliance with legal norms and laws minimizes costs. Implementation of the 2030 sustainability goals supports compliance with the CoC.

Financial risks

Key risk and description	Risk mitigation	Opportunities
Currency, financial reporting and trade receivables
Risk areas include currency, credit and counterparty, hedging, commodity price, tax reporting, and the risk of Epiroc encountering difficulties in repaying its debts and financing its operations. Reporting risks are risks that financial reports will not give a fair view of Epiroc´s financial position and performance. There is also a risk that impairment of goodwill or other intangible assets will adversely affect the financial results.	Epiroc policies are available in the Epiroc Way. The Group manages the risks via the Financial Risk Management Committee (FRMC) with a mandate given by the Board. Group Treasury has operational responsibility for financial risk management in the Group and reports to the FRMC, which reports to the Audit Committee.	A proven process for risk management for financial risks contributes to compliance with financial laws, agility and trust and hence strengthens the position for Epiroc as a trusted business partner.

Other risks

Key risk and description	Risk mitigation	Opportunities
Insurance
Epiroc insurance policies may provide insufficient protection.	Global insurance programs, arranged by Group Risk Management and Insurance, lead to adequacy and cost-efficiency via optimization of risk transfer levels and support for the business in understanding insurance applicability.	Cost-efficiency and control, enabling business and to meet customer and supplier commitments.
Reputation
The risk of harm to Epiroc’s reputation and a negative impact on business results may arise from various sources: customers’ loss of confidence in the safety and quality of the products and services provided, deterioration of the quality of the products and services offered by Epiroc, including timing of delivery or product quality and availability, whether due to a mistake by Epiroc or a third party, failure on the part of Epiroc, or indirectly through business partners or customers, to comply with laws, regulations, ethical, social, product, labor, health and safety, environmental or other standards, or related political considerations. Epiroc may be subject to complaints and lawsuits from customers, employees, suppliers and other third parties, with allegations of product damage, health, environmental, safety, data protection, antitrust, corruption, money laundering, export restrictions or operational concerns, nuisance, negligence or failure to comply with applicable laws and regulations.	Testing and quality-assurance of all products. Monitoring of product labeling and regular communications training. Epiroc has a clear, well-known brand. The Group actively engages in stakeholder dialogue. Mandatory CoC training includes the annual signing of a CoC Compliance Statement. Reporting of ethical and legal violations via the whistleblower system (or functions), Speak Up, is encouraged via various communication channels including physical posters at our locations.	Quality-assured products improve customer satisfaction and promote recurring business. Stakeholder engagement can increase the awareness and credibility of Epiroc’s brand through collaboration and adoptability . Increased access to new and emerging markets. The CoC with principles for how companies should conduct business responsibly helps Epiroc to safeguard its reputation and the trust of stakeholders. A high social and environmental profile is particularly important since Epiroc is present in many regions where the impacts from climate change may be severe and resilience low. Implementation of the 2030 sustainability goals helps to ensure compliance with applicable legislation.
Product quality and product liability
Any defective products will pose a risk of product liability and damage to third party property or causing bodily injury.	Ongoing standardization of the process for quality control (testing, verification and validation). Ensuring that supplier management has the same level of quality assurance on vendors and suppliers.	Targeted activities contribute to limiting Epiroc’s exposures. In addition, quality assured products can increase customer retention, improve reputation and increase people safety

Enterprise Risk Management

Epiroc has a methodology for enterprise risk assessment covering all divisions. Risks are identified based on Epiroc Risk Universe, with the overall goal to evaluate risks and remove or mitigate their effects by having the necessary control measures in place. The purpose is to identify, understand and visualize potential risks before they occur, provide a safer and healthier working environment for our employees, and strengthen business continuity. In more detail, clarification is provided on the probability of risks materializing, their impact, causes and possible consequences, the effectiveness of existing controls and any further actions needed. The consolidated outcome of the Enterprise Risk Management risk assessment is reported to both Group Management and the Board, who monitor risk management annually.

Epiroc’s Enterprise Risk Management risk assessment capture risks in five risk areas:

Strategic: Emerging and macro development risks.
Business: Common industry risks and risks related to the Epiroc business model, including operational risks.
Financial: Financial reporting risks.
Compliance: Focus on avoiding breaches of applicable legislation or regulations.
Sustainability: Capturing potential risks not already identified in the other areas.