Operational risk

By operational risks, we mean risks caused due to insufficient or non-functioning processes, people, equipment, systems or external events (attacks, disruptions in supply chains, tightening regulations). The main goal of operational risk management is to reduce the impact of adverse events. To achieve this goal, the Group keeps developing its internal processes and control systems. We constantly train project teams, improve business processes and monitor results to ensure a high-level of project management in the Group. To ensure a high level of project management in the group, we are constantly training project teams, improving business processes and monitoring results. In order to reduce the risks associated with ever-increasing regulatory requirements, their frequent changes, as well as the interpretation of legislation and contracts, we regularly train the management and create special positions for sectoral specialists. In order to minimize the damage caused by human errors and vices, we have implemented Code of Ethics in the group and organize annual trainings for employees to ensure compliance with ethical standards. In order to reduce the risks associated with external attacks, especially those carried out using ICT tools, we regularly train all personnel, draw attention to the requirements for safe work with devices connected to the network.

Considering the Group’s line of business, continuous improvement and implementation of safety standards and regulations, as well as increased supervision over compliance with environmental requirements, are extremely important in managing operational risks. One of the tools for operational risk management is the introduction of quality and environmental management systems. The occupational safety and environmental risks in our construction operations are assessed and managed in all units of the Group and in all process phases. The Group’s largest construction companies – Merko Ehitus Eesti AS, Tallinna Teede AS, Merks SIA, Merko Statyba UAB and Merko Bygg AS – have implemented the ISO 9001 quality management system and ISO 14001 environmental management system, as well as the ISO 45001 occupational health and safety management system. All these management systems are certified. The task of the Group’s quality specialists is to develop quality, occupational safety and management systems and to ensure their functionality.

Insurance is used to transfer residual risks (human error, external events) remaining after operational risk management activities to a third party, especially in the case of risks for which there are no other options to mitigate. We have all-risk insurance contracts with insurance companies against any unexpected loss events in the construction process. The general policy concluded for one year indemnifies the customer, subcontractors and third parties for damages caused by a Group company or any of its subcontractors. For projects not covered by the annual policy (hydraulic engineering, railway construction, bridges etc.), the risks are additionally mapped and a specific insurance contract is signed for each project. When concluding design contracts, subcontractors are required to have a professional liability insurance contract or an insurance contract is signed to cover losses arising from design and from erroneous measurements, advice and instructions. We use the services of an insurance broker when mapping risks, concluding insurance contracts and handling loss events.

A financial warranty provision has been made to cover the cost of eliminating construction defects that occur during the warranty period. Defects detected during the warranty period in the work done by subcontractors are eliminated by the subcontractors. In the case of critical contracts, the fulfilment of the contractor’s contractual obligations is secured by bank guarantees payable on first demand.

Compliance risk

Due to differences in the interpretation of the agreements, regulations and laws related to the Group’s core business, there is a risk that a customer, contractor or supervisory body may assess the company’s compliance with contractual agreements or legal requirements on a different basis and challenge the legality of the company’s operations.

In order to manage such risks, the group’s companies have created legal services and the positions of sectoral compliance specialists, who keep up-to-date with changes in legislation and their interpretations, supervision and case law, and accordingly update internal standard contract forms, business processes and procedures from the aspect of compliance risks. In order to improve employees’ adherence not only to legal regulations and contracts, but also to additional norms of conduct established in the group in the form of a Code of Ethics, trainings on the Code of Ethics are integrated into trainings and workshops organized by the legal service and compliance specialists.

Upon the emergence of new regulations, atypical contracts and important interpretations applied in practice, the emergence of additional risks is analysed, an overview of the risks and the activities necessary to manage them is presented to the management for approval, and personnel exposed to additional risks are trained.