Risk Management

As a listed company operating worldwide in the global semiconductor market, we manage and monitor risks related to the volatility and complexity of our industry.

In 2020, the unprecedented situation of the COVID-19 pandemic highlighted our resilience in highly challenging conditions.

In January 2020, we triggered our crisis management and business continuity protocols, focusing on two overarching priorities:

first, maximizing measures to prevent infection and supporting our employees and their families
second, executing our business continuity plans, closely monitoring the situation across our whole supply chain, and working with our customers, suppliers and partners

These priorities have remained unchanged throughout the pandemic (see Focus).

Focus

Facing the pandemic

Our Corporate Crisis Team (CCT), directly reporting to ST’s Executive Committee, orchestrated our global response to the COVID-19 pandemic, driving our network of Crisis Teams at regional, country and site levels to address the complexity of local conditions. In addition, we set up dedicated taskforces, for domains such as supply chain and information technology.

The CCT coordinated our response across all relevant areas, including:

monitoring international developments
global travel and health and safety management (including psychological support)
monitoring the ST-specific situation and the deployment of measures in ST regions/sites
monitoring our business, supply chain and manufacturing
internal and external communications
support function continuity management

Our rapid response and action-focused approach not only confirmed the effectiveness of our crisis management model, but also its ability to build trust and confidence in addressing crisis situations.

Enterprise Risk Management (ERM)

Our approach to ERM is formalized in a specific policy and is aligned with ISO 31000. It enables us to perform systemic identification, evaluation and treatment of risk scenarios, allowing us to set our Company strategy, manage our performance, and capitalize on opportunities.

ERM process aligned with

ISO 31000

The ERM approach is embedded in all ST organizations and key processes. It takes a holistic view, combining both ‘top-down’ and ‘bottom-up’ perspectives, to ensure that risk identification, evaluation, and management are performed at the right level.

Managing risk according to our risk appetite

Our risk appetite depends on the nature of the risk. We regularly determine the amount of risk we are willing to eliminate, mitigate, pursue or retain, depending on the expected rewards, opportunities and costs.

Throughout 2020, we refreshed our Company risk assessment with executive management. The output from this exercise was a risk map linked to our strategic objectives, including 13 ‘priority 1’ risk areas.

Risk owners (members of senior management) were appointed for each priority risk area to develop risk response plans and enhance monitoring and reporting capabilities. The risk plans are regularly reviewed by senior management and periodically discussed with the Supervisory Board and Audit Committee.

Each organization throughout the Company, including Marketing and Sales regions, Product Groups, Manufacturing and Technology, corporate functions and large transformation initiatives, also completed its own risk assessment.

Extending our improvement roadmap

The three-year improvement roadmap we defined in 2018 was further rolled out in 2020. This included deploying our ERM framework. Designed to consider the interests of all stakeholders and explicitly address uncertainty, the ERM framework is practical and tailored to our needs. Based on the best available information, it supports our decision-making.

ST’s ERM framework
Governance, organization and culture	Risk oversight and governance
	Risk culture
	Risk appetite
	Risk functions and communities
Managing risk and opportunity	Risk and opportunity response and monitoring (enabling strategy and performance)
ERM enablers	Risk reference documentation (policies and procedures)
	Risk processes (definition and methodologies)
	Risk tools

Resilience management

Since 2018, our ERM approach has been extended to explicitly address resilience topics. This led us to set up a ‘corporate resilience competence center’ in 2019 to drive a global network of resilience champions in our main sites and critical functions.

Business continuity

We have implemented a business continuity management system (BCMS) across our main sites and selected organizations. It provides a consistent methodology to address potential business disruptions that may affect our supply chain and operations through scenarios such as:

site unavailability
people unavailability
IT system disruptions (e.g. cyber-attacks)
facilities disruptions
critical sourcing disruptions
logistics/transportation disruptions
security violations

Business continuity

ISO 22301 certified

As such, our approach encompasses potential disasters due to natural hazards (such as earthquakes, floods, snowstorms, volcanic eruptions or tsunamis), industrial accidents (such as fires and explosions), and major impacts related to human activities (such as terrorism, strikes or pandemics).

In 2019, ST obtained its ISO 22301 recertification for three years. Throughout 2020, surveillance audits from the certification body and internal audits were performed and those audits will continue in 2021.

Franck Freymond

Chief Audit and Risk Executive

The COVID-19 pandemic has been a global challenge that required the continuous mobilization of our management and our dedicated crisis teams to provide our people with a safe working environment and maintain business continuity. Our efforts were effective as we put in place the most stringent health and safety measures, kept all our manufacturing sites operational and mitigated the impact of the crisis on our business and that of our customers.”

Sustainability risks

The identification of our priority sustainability risks (and opportunities) is formalized through a regular multi-stakeholder materiality exercise, which was renewed in 2020 (see Sustainability strategy).

Company-level sustainability risks are then fully integrated into our ERM program.

At an operational level, our approach to sustainability risks is transversal across the different sustainability domains we cover. It comprises an overall environmental and social due diligence process that considers any potential and actual adverse impacts we may generate, either through our own operations or through our supply chain. By identifying these risks and mitigating them through dedicated programs, we can reduce our environmental and social footprint and find new opportunities to create positive value for our Company and our community.

This includes:

adopting reference standards such as ISO 45001 for safety, ISO 14001 for the environment, and the Responsible Business Alliance (RBA) standard for corporate social responsibility, and cascading them throughout our supply chain
defining policies that include risk identification and risk mitigation strategies with concrete actions
controlling both our own and our suppliers’ performance, and correcting deviations

More specifically, we are committed to reducing our impact on climate change and therefore we pay particular attention to climate-related risks (see Energy and Climate Change).

Annual risk

assessment of tier 1 supply chain

We conduct an annual risk assessment of our entire tier 1 supply chain, to determine the risks related to Labor and Human Rights; Environment, Health and Safety; and Ethics (see Responsible Supply Chain).

In 2020, we also launched a ‘supply chain risks’ taskforce to improve the consistency of our approach to supply chain risks in the different domains we manage (Quality, Business Continuity, Ethics and Sustainability) and better integrate them in our procurement and supplier monitoring strategy.