Risk management

Risk description

Q-Park risk management measures

National or local governments could implement measures which are potentially unfavourable to the parking sector (e.g. introduction of low emission zones or banning of traffic within inner-city boundaries).

• Create sufficient substance in cities and regions to have a seat at the table and cooperate with governments, NGOs, and businesses.

• Ensure geographic diversification of Q-Park's portfolio in the different countries but also within cities to avoid large dependencies on specific regions or locations.

• Invest extensively in online platforms and value-added services to become a proactive business partner for local authorities and help them to think in (mobility) solutions.

Factors that potentially influence parking revenues (prices and/or mobility) include pressure from the general public and retailers, political changes, or a long-term fall in GDP. Lower parking revenues could significantly impact Q-Park’s profitability and cash flows, definitely in situations where lower parking prices will not result in more transactions.

• Cooperate with governments, NGOs, and other businesses.

• Highlight the relevance of regulated and paid parking to society by clear communication.

• Implement a separate centralised pricing function within the Group that uses calculation models to analyse different tariff schemes, to simulate the effects of changes, and to align prices with the local circumstances and market situation.

• Strengthen the commercial, customer, and market intelligence organisation by establishing Group-wide teams and actively sharing knowledge and experiences.

The parking market (new business) is characterised by competition between a limited number of existing players. In addition, technology is used increasingly in the parking market and results in new competitors with a possible negative impact on Q-Park's financial results.

• Ensure geographic diversification with sufficient substance in different regions and cities to ensure efficiency in operations and to be competitive in tenders.

• Invest in ICT developments (online platforms and PMSs) to be competitive in changing to a more digitally-oriented parking market and to prepare the organisation for more efficient access and payment solutions.

• Closely monitor developments in digital solutions created by existing and new competitors.­

­

A car parking service is an indirect service which depends on external factors (e.g. offices, shopping centres, leisure amenities). New customer behaviour (e.g. online shopping, working from home) or changes in the popularity of certain stores or locations pose a risk of a significant decrease in parking demand and, hence, a decrease in Q-Park’s business and revenue.

• Ensure geographic diversification of Q-Park's portfolio and a further spread across multiple indirect markets.

• Manage a portfolio with focus on large multifunctional locations instead of mono functional locations which are dependent on just one purpose.

Risk description

Risk management measures

The safety of our customers and employees is our top priority. If an employee or a customer sustains injury while at work or while visiting one of the Q-Park parking facilities, this could impact our reputation.

• Adhere to health and safety procedures relating to employees and customers.

• Invest in maintenance and security tools (i.e. CCTV oversight) to ensure clean and safe parking facilities with proper instructions for visitors.

• Encourage non-cash payments and outsourcing of cash handling to specialised third parties.

• Provide training and development focusing on personal safety and safety measures in and around our parking facilities.

Continuity of the company and its business is crucial. Continuity depends on a number of factors, including suppliers. We are particularly vulnerable regarding PMSs, ICT, and infrastructure.

• Business Continuity and Data Recovery is an important component of our Information Security Programme.

• Use different systems from independent suppliers where operational efficiency remains the primary objective.

• Conduct preventive maintenance and conclude SLAs with suppliers to ensure corrective interventions within agreed time frames.

• Connect the QCR to parking facilities to assist in the event of business interruptions and operate a 24-hour service desk.

­

­

Good, experienced, and knowledgeable people are the foundation of our company and its success. The company must ensure that it is able to employ and retain the right people.

• Maintain a system for performance measurement and annual reviews.

• Continuously work on employer branding in the 'labour' market and have competitive employment conditions.

• Develop training and development opportunities for employees.

Ethics and integrity are important conditions for confidence in the company. Behaviour deemed to be unethical could lead to loss of revenue and reputation.

• Maintain a code of ethics and whistle-blower policy with periodic training to ensure awareness.

• Ensure Executive Board and management demonstrate ‘tone at the top’.

• Apply a zero-tolerance strategy.

Risk description

Risk management measures

The company owns a considerable amount of property and goodwill. If the economic climate deteriorates and potential impairments are not identified, determined, or communicated in a timely fashion, the company could incur reputational damage.

• Evaluate the existence of impairment indicators on an annual basis.

• Monitor performance against business plans to identify risk areas and act timely.

• Employ an independent valuation expert to conduct periodic valuations when necessary.

Given that the nature of the business is capital-intensive, access to external financing is crucial for continuity. A liquidity risk could arise if external financing is not available to the company when refinancing is required.

• Strict monitoring of financial covenants.

• Consult regularly with external debt providers to discuss the ongoing business, results, and strategy.

• Periodic evaluation of the appropriateness of the financing structure and adjust if needed.

The external debts can be subject to variable interest rates, thereby exposing the company to fluctuations in interest rates. A significant increase in variable interest rates would have a negative impact on results.

• Include a mix of fixed and variable interest rates for financing operations, combined with the use of interest rate instruments.

• Adopt an interest rate policy in which part of the bank debt is covered by interest rate derivatives (interest rate swaps and interest caps).

­

­

The company's functional currency is the euro. Given that the company also operates in countries with a different functional currency, we are exposed to fluctuations in those currencies.

• Monitor and report periodically on currency risk exposure.

• Optimise currency risk through natural hedges (revenue and costs in local same currencies, external debt in foreign currency).

Risk description

Risk management measures

If misstatements are made such that the financial statements do not give a true and fair view of the company's financial position, financial performance, and cash flows, users of the financial statements would be incorrectly informed.

• Maintain common and consistent accounting policies, reporting processes, and standard chart of accounts.

• Monitor critical access and segregation of duties and perform compensating controls if necessary.

• Actively involve all stakeholders.

Given the increasing use of online communication and the professionalism of cyber criminals, the company must focus constantly on continuity of ICT systems and on ensuring the security of crucial information and sensitive customer data (e.g. payment card details, passwords). A successful attack or hack by cyber criminals could cause reputational and financial damage and impact business continuity.

• Implementation of the Q-Park Information Security Programme based on a Cyber Maturity Assessment and executed in accordance with a formal governance structure. Important components of this programme include:

  • Reconsider our information security policies to secure confidentiality and integrity of data, including continuity measures in conjunction with outsourcing partners.

  • Improve user awareness and behaviour to reduce cyber security risks.

  • Manage IT Asset risks in a proactive and reactive way (monitoring).

  • Improve incident response, disaster recovery and business continuity.

  • Further comply to common standards such as PCI DSS, GDPR and ISO 27001.

  • Implement cyber security solutions to detect cyber attacks and have remediation procedures in place.

  • Centralisation of ICT systems allowing central enforcement of security measures.

  • Initiate a Secure Software Development life cycle programme for our applications in collaboration with our supplier.

• An Information Security officer has been appointed to coordinate the execution of the Information Security programme and to manage operational cyber security risks.

Changes in the legal and regulatory environment tend to increase the risk of non-compliance with local, national, and international laws and regulations, as well as tax legislation. Failure to comply with applicable regulations could lead to fines, claims, and reputational damage.

• Implement the Compliance Programme.

• Establish corporate functions to monitor local risks and challenges from a Group perspective (e.g. compliance, tax, finance, and legal).

• Involve external specialists where necessary.