Risk management
A globally standardized process

The Straumann Group applies a globally standardized process for identifying and managing possible developments within or outside the Group that could jeopardize the Group’s sustained growth, profitability and objectives.

The management of opportunities and risks is an integral part of corporate governance and sustainability. We are committed to implementing appropriate controls, processes and strategies to identify, assess and manage risks associated with our activities in order to prevent or minimize the impact of unexpected events on our business and our ability to create value.

RESPONSIBILITIES AND ORGANIZATION
Risk monitoring and control are management objectives. At Straumann, the Chief Financial Officer is also the Chief Risk Officer (CRO) and is responsible for risk management. Our risk assessment and management is embedded in a comprehensive internal control framework, which we address through a holistic, disciplined and deliberate approach.

Our approach matches that of the COSO (Committee of Sponsoring Organizations of the Treadway Commission), whose integrated internal control framework is one of the most widely used. For identified risks that arise from  accounting and financial reporting, relevant control measures are defined throughout Straumann’s Internal Control System (ICS) framework.

Various tools and aids are used to assess and manage risks. For instance, foreign exchange risks are managed with an SAP Treasury tool, while external consultants are used on a regular basis to assess insurance coverage risks.

RISK REPORTING
A comprehensive corporate risk assessment report is produced annually (and ad hoc as necessary) and serves as a working document for the coming year. It includes key risks that are critical for the Group’s business.

A specific scenario is developed for each risk topic, including existing and new measures and controls. The risks are ranked and prioritized. Action plans are defined and the implementation of
measures to reduce risk is monitored.

The significance of a risk scenario is estimated in terms of EBIT cumulated over three years. Certain risks are assessed according to qualitative criteria, e.g. risks to the Group’s reputation.

The reporting of key risks is based on fixed value limits. Pressing risks that emerge very rapidly are discussed by the Board at short notice.

INTERNAL AUDIT
The task of Internal Audit is to provide independent assurance to the Board of Directors that key risks of the organization are under control and to support Management in ensuring compliance, operational efficiency and control effectiveness across the Group. Acting in a consulting role, its main tasks are to assess internal processes and controls, propose improvements, and assist in their implementation. The objective is to safeguard the Group’s tangible and intangible assets and to evaluate the effectiveness of its risk management and governance processes.

As of July 2017, KPMG was mandated with the Internal Audit function at Straumann. The CFO/CRO is the administrative contact person. In 2017, four internal audits were performed by KPMG at global and local levels according to the audit program approved by the Audit Committee of the Board of Directors.

RISK ASSESSMENT
STRATEGIC RISK
MARKET ENVIRONMENT

Straumann is active in specialty segments of the dental industry. Based on the aging population, the rising number of professionals trained, and increasing awareness, there are no discernible reasons why these segments should not continue to offer attractive growth prospects in the long term. However, the economic uncertainties seen in recent years might continue for some time and effect the prospects of market growth.

Our future revenues depend on market reach and expansion as well as on our ability to defend and increase our business with existing customers, to enlarge our customer base, to develop innovative solutions that meet customers’ needs and bring them to market in a timely manner.

New market entrants and price pressure from discounters pose a potential threat to established companies like ours. We conduct analyses of competitors based on our own and external market intelligence to counteract such risks and to evaluate our opportunities. One example of managing this risk in 2017 is our continued expansion strategy into the non-premium segment.

OPERATIONAL RISK
LEGAL RISKS
We operate in a competitive market, in which legal compliance, solid agreements and intellectual property rights are of significant importance.

In 2017, the Straumann Group was involved in important IP disputes against Nobel Biocare, which are still ongoing. The Group is also involved in a dispute with Dentsply Sirona regarding a patent infringement action filed in the Federal District Court of Delaware. Straumann successfully initiated an Intellectual Property Right case at the U.S. Patent Trial and Appeal Board, but Dentsply Sirona appealed against the decision in the US Federal Circuit Court of Appeals and the case is still pending.

Our newly acquired company Clear Correct is involved in a patent litigation initiated by Align Technologies as well as a commercial litigation initiated by CapNet, who requests a conversion of its warrants into shares. ClearCorrect is vigorously defending both suits.

CYBER SECURITY RISK
Reliable, correct and safe handling of information is essential to our business. IT risk and security management are therefore an integral part of the Group’s IT strategy. The main objectives are:

  • To achieve business goals while reducing IT risks through security controls and by creating awareness among employees and management.
  • To safeguard sensitive data and to protect and guarantee the integrity of the Group’s digital assets and infrastructure worldwide. 
  • To ensure the availability of IT services (applications and systems) as required by business processes and stakeholders.
The Group has established an IT risk and security management framework derived from widelyused industry standards, such as GMP, COBIT and ISO/IEC 27000 series, to manage cyber and IT security risks, threats and controls, taking ethical, legal, economic and social principles into consideration.
 
The IT risk and security management committee approves and adopts the information security strategy as well as essential business critical implementations. The committee meets three times a year and includes the CFO/CRO, the Head of Corporate Process Excellence and Applications (CPEA), the Head of Corporate Information and Communication Technologies (ICT), and the IT Risk & Security Manager, who is responsible for
  • Assessing IT security threats and their business value
  • Mitigating IT risks (incl. data loss and corruption)
  • Evaluating IT service continuity plans criticality
  • Verifying the effectiveness and efficiency of IT security controls and hardening IT assets security
  • Improving IT security awareness for all employees
  • Maintaining security policies, procedures and supporting standards in alignment with (core) business processes and establishing IT security key performance indicators and reporting structures.

MANUFACTURING AND SUPPLIER RISK
The Group has spread its manufacturing risk by establishing production centers for key products on different continents. The significant expansion of Neodent’s production facilities in South America in 2017 as well as the establishment of two CADCAM facilities in Asia helps to mitigate this risk.

With regard to suppliers, we pursue a second source strategy, which offers a high degree of independence from single suppliers. Both Straumann and Neodent production facilities keep about a year’s stock of titanium, the key material for our implant systems, to avoid any bottleneck in the supply/demand chain.

ETHICAL SUPPLY CHAIN
Adherence to ethical behavior (through our Code of Conduct) is not only expected from our employees. Our ‘Code of Conduct for Suppliers’, which was revised in 2016, refers to working conditions, human rights protection, business ethics, legal compliance, and environmental protection in the supply chain. A signed copy of the Code is requested especially in instances where a potential conflict has been identified, e.g. for raw material suppliers in countries where child labor might be an issue. Almost all of our principal raw material suppliers have signed the Code.

PRODUCT RISK AND TREATMENT OUTCOME
We seek to minimize product risks by using state-of-the-art techniques for product risk management and always conduct long-term product surveillance. These processes are frequently reviewed by regulatory agencies to confirm that they meet internationally recognized standards. Furthermore, we conduct large-scale trials under real-life conditions, followed by controlled, selective introductions wherever appropriate. We also offer a comprehensive range of education courses at all levels in all countries where our products are sold.

FINANCIAL RISK (SEE ALSO FINANCIAL REPORT)
EXCHANGE RATE RISK
As the majority of our business is international – and because we prepare our financial statements in Swiss francs, fluctuations in exchange rates affect both the Group’s operating results and the reported values of its assets and liabilities.

Straumann’s Corporate Treasury is responsible for managing the risks created by currency fluctuations within the Group, following the scope of the policy approved by the Executive Management Board and the Audit Committee of the Board of Directors.

The major foreign currencies in Straumann’s business are the euro, the US dollar, the Brazilian real, the Chinese renminbi and the Japanese yen. Straumann invoices its subsidiaries in local currencies and its distributors mainly in euros and US dollars. Each subsidiary invoices its local third-party customers in the local currency. Applying this concept, the major foreign currency risk is at headquarters.

The Group is exposed to transactional and translation risks. Hedging decisions are taken by the Corporate Treasury with subsidiaries being co-responsible for identifying currency exposures and informing headquarters.
The key objective is to limit the foreign currency transactional exposure of the Group. Transactional risk arises when the currency structure of the Group’s costs and liabilities deviates to some extent from the currency structure of the sales proceeds and assets, as well as from imbalances in the payment streams between the various currencies. Straumann hedges these risks by means of spot, forward transactions and in rare cases with options based on the principles stated in the Treasury Policy. The limitation and management of the translation exposure is a secondary priority.

The Group’s gross transactional booked exposure (TBE) at year-end is presented in the table on the right.

CREDIT RISK
Credit risks refer to the ability of our customers to settle their obligations as agreed. There are no significant concentrations of credit risk within the Group.

COUNTERPARTY RISK
Counterparty risk encompasses issuer risk on marketable securities, settlement risk on derivative and money-market contracts, and credit risk on cash and time deposits. Exposure to these is closely monitored and kept within predetermined parameters.

Further information on financial risk management is provided in Notes 29 (on financial risk management objectives and policies) and 30 (on financial instruments) of the consolidated financial statements.

INSURANCE POLICIES
The Group covers its inherent key business risks in the same way that it covers product or employer liability risks and property loss through corresponding insurance policies held with reputable companies.

PENSION LIABILITY RISKS
The Group offers its staff competitive pensions. The pension funds are managed locally and invested by independent financial institutions. The investment strategy of the Swiss pension fund, which represents the largest pension plan of the Group, is determined by the Group’s Pension Fund Commission and is executed by the financial institution. Neither Straumann nor the trustees are allowed to influence the specific investment decisions. The pension funds  publish regular reports for all members.

COMPLIANCE RISK
It is essential for Straumann to ensure that the company in general and its employees individually conduct business in a legal, ethical and responsible manner. To this end, we implemented a Code of Conduct in 2006.

All employees are required to report any breach of this internal policy to the Compliance Officer by e-mail or telephone. Infringements of the Code are tracked and appropriate measures are taken against cases of non-compliance.

LEGAL COMPLIANCE
We monitor laws and revisions and adapt our internal processes to cover new legal requirements. We fully comply with the ‘Sunshine’ legislation in the United States and France, not least through implementing a data collection system and corresponding policies and guidelines.

REGULATORY AND QUALITY COMPLIANCE
Companies in the medical device industry face growing scrutiny from regulators around the world and increasing requirements for documented evidence in order to demonstrate compliance. To avoid the risks associated with regulatory compliance for Medical Devices, we have a qualified team of specialists in regulatory and quality assurance.

Focused quality objectives, supported by key performance indicators and comprehensive internal as well as supplier-related quality audit programs, assured our status of substantial compliance and helped to identify opportunities for improvement. We run a continuing education program to streamline processes. In 2017, Straumann subsidiaries in the US, Canada, China and Japan were inspected by the local authorities. No major observations were identified. We also passed all Notified Body audits at our manufacturing and design/development sites, which are required to maintain the certification status of the quality and environmental management systems. Overall, there were no critical issues with any authorities. 

We were challenged by unannounced audits at Biora in Malmö and Institut Straumann in Basel, with only one minor observation for each. 

We consolidated our ‘One Quality Management System’ (for design centers and manufacturing sites) after a successful recertification of the quality system.

We continue to challenge our quality by mock FDA inspections at the FDA-registered establishments. To ensure the readiness of our people and processes at our certified sites, we have also conducted unannounced internal audits and dedicated audits of our technical files.

Straumann continues to collaborate with Neodent in the area of quality compliance and regulatory affairs. Neodent products have received approvals in various markets outside Brazil, including the US, Europe and APAC.

Several regulatory authorities continue to inspect manufacturers in foreign countries. We are prepared for this and have built up experienced teams of regulatory and compliance specialists in Basel, the US, China, Japan, Korea and Brazil. As a consequence, successful registrations of our BLT implant portfolio (world-wide), ceramic implant, n!ce, collagen membranes and bone grafts (in various countries) were based on excellent collaboration of our experts in Basel with our colleagues in different regions.

The new Medical Device Regulation issued in Europe means greater surveillance, more involvement of competent authorities for higher-class products, longer approval times, access to technical documentation, tests on products, and unannounced audits. Notified Bodies have declined in number and their control has increased. Stricter requirements and regulations are also expected in smaller markets, which will increase the need for enhanced compliance and safe and efficient products. The Group has already initiated a project about compliance to the new European Regulation for Medical Devices.

REPUTATION RISK
Like other leading manufacturers, the Group is exposed to the risk of damaged public perception of dental implants by third parties, which might be the result of poor implant placement, competitor’s inferior implant quality, or unethical business practices. Many Straumann country organizations are members of associations of manufacturers of medical/dental products, such as FASMED in Switzerland, Comident in France and ABIMO in Brazil (Neodent). These associations are dedicated to the advancement of medical technology and its safe and effective use.