RISK AND OPPORTUNITY REPORT

Risk report

Risk management system

MLP considers risk management as the use of a comprehensive array of instruments for managing risks in line with the strategy set out by the Executive Board, as well as the risk-bearing ability process. Due to the potential growth and extra earnings they can offer, risks should be addressed and taken in a conscious and controlled manner within the scope of internal control/monitoring procedures.

The operational and organisational structure, the risk management and controlling processes, as well as the special Risk Controlling, Compliance and Internal Audit functions represent key components of the Group-wide risk management system.

Group-wide risk management

Within the scope of risk management, the following companies are incorporated in the Group-wide system of risk management (scope of consolidation pursuant to § 25a of the German Banking Act (KWG) – Germany's "MaRisk" minimum risk management requirements consolidation scope, referred to as "key companies" in the following):

• MLP SE, Wiesloch
• MLP Banking AG, Wiesloch
• MLP Finanzberatung SE, Wiesloch
• MLPdialog GmbH, Wiesloch
• FERI AG, Bad Homburg v. d. Höhe
• FERI Trust GmbH, Bad Homburg v. d. Höhe
• FERI Trust (Luxembourg) S.A., Luxembourg
• DOMCURA AG, Kiel
• NORDVERS GmbH, Kiel

As defined by § 25a (3) of the German Banking Act (KWG) and in conjunction with Section 4.5 of Germany's Minimum Requirements for Risk Management (MaRisk), the Executive Board at MLP Banking AG, which as per Article 11 of the Capital Requirements Regulation (CRR) is the controlling body of the MLP Financial Holding Group (MLP FHG) as the depository institution, ensured appropriate control and monitoring of the significant risks at Group level through suitable processes. This approach encompasses in particular

• defining Group-wide strategies,
• securing the Group's risk-bearing ability,
• establishing structural and organisational regulations for the Group,
• implementing Group-wide risk management and controlling processes
  and
• setting up an Internal Audit department, which will operate throughout the Group.

In the context of the strategy process and the risk inventory MLP Banking AG, acting as a controlling company of MLP FHG, obtains an overview of the risks in the Group on a regular and ad hoc basis. Based on the risks identified in the individual companies and their relative weighting, the "MaRisk scope of consolidation" is formed, which defines the scope of the Group-wide risk management system. In principle, all risks identified as significant within the Group by the controlling company are taken into account. Group-wide regulations and policies for establishing Group-wide risk management at MLP FHG are defined taking into account the type, scope, complexity and risk content, as well as the different application options provided by corporate law on an individual basis.

Risk policies

The Executive Board of the controlling company defines the business strategy, as well as a consistent risk strategy for MLP FHG. The Group-wide risk propensity is derived from the risk strategy, taking into account the risk-bearing ability. On this basis, framework conditions for risk management at MLP FHG are then defined. The readiness to take risks is regularly checked and adjusted as necessary.

The following basic principles are consistent with the business strategy and describe the central framework conditions for the risk management at MLP FHG:

The Executive Board and/or the Managing Directors are responsible for the proper organisation of the business and its further development:

Irrespective of any supplementary internal responsibilities assigned, the Executive Board and/or the Managing Directors are responsible for the proper organisation of the business and its further development at the company. They must introduce necessary measures for drawing up stipulations unless the decision is made by the Supervisory Board. This responsibility includes defining appropriate strategies and setting up appropriate internal control procedures - thereby assuming responsibility for all significant elements of the risk strategy. Responsibility for specifying the business and risk strategy cannot be delegated. It is the responsibility of the Executive Board and/or the Directors to implement the strategy, assess the risks associated with it, as well as to put in place and monitor the necessary measures to ensure that these risks are limited. These also include the development, promotion and integration of an appropriate risk culture. In addition to this, the Executive Board regularly drafts a declaration of the appropriateness of the risk management procedures adopted.

The Executive Board and/or the Managing Directors bear responsibility for the risk strategy:

The Executive Board of the controlling company defines the risk strategy for MLP FHG. The risk strategy reflects the risk propensity or "risk appetite" based on the targeted risk/earnings ratio. The Executive Board at the controlling company and the members of the Executive Board or Managing Directors at the controlled companies ensure that a comprehensive approach, incorporating all key risk types, is integrated in the company and that suitable steps are taken to implement the risk strategy.

MLP promotes a strong awareness of risks and a pronounced risk culture:

An appropriate risk culture is critical for effective risk management. MLP sees its risk culture as the way in which employees handle risks within the scope of performing their duties. Our risk culture promotes the identification and conscious handling of risks and ensures that decision-making processes lead to results that are also balanced in terms of risk criteria. Our risk culture is characterised by the clear commitment of the Executive Board to risk-appropriate conduct, strict observance of the risk appetite communicated by the Executive Board on the part of all employees, as well as facilitation and promotion of transparent and open dialogue on risk-relevant questions within the Group. A strong awareness of risks across all divisions that goes beyond each employee's own area of responsibility and a corresponding risk culture are encouraged through appropriate organisational and incentive structures. The appropriateness of the risk management and controlling system is continuously monitored and any adjustments that become necessary are implemented as quickly as possible. Appropriate quality standards are established and subjected to continuous reviews.

MLP engages in comprehensive risk communication, including risk reporting:

Detected risks are reported to the responsible management levels openly and without restriction. The Executive Board and/or the Managing Directors are informed in a comprehensive and timely manner (if necessary ad hoc) of the risk profile of the relevant risks, as well as the profit and losses at MLP FHG. The Supervisory Board receives the information required to perform its legal obligations. Internal risk communication and risk reporting is supplemented by comprehensive, external publications that cater to the interests of the shareholders of the MLP Group and the capital market and also comply with the supervisory requirements.

Objective

Entrepreneurial activity invariably involves taking risks. For MLP FHG, “risk” means the danger of possible losses or lost profits. This danger can be attributable to internal or external factors. Since it will not be possible to eliminate all risks, a risk that is commensurate with the expected return must be targeted. The aim is to identify risks as early as possible in order to react to them quickly and appropriately.

Identification, assessment, control, monitoring and communication of the key risks is guaranteed with the help of and on the basis of Group-wide risk management at MLP. Risk management is a key component of the value-driven management and planning system at MLP FHG. Moreover, the Group's risk culture is continuously consolidated and efforts are made to communicate information relevant to risk across all business segments.

Risk capital management, liquidity management and stress tests

Risk capital management - risk-bearing ability

Risk capital management is an integral part of the Group management system at MLP FHG. Active control to provide sufficient financial capital, in compliance with supervisory requirements, ensures that risk-taking is always in line with capital backing.

Risks are only accepted within limits derived from aspects of the risk-bearing ability to achieve adequate returns, taking into account risk/earning factors. This particularly prevents risks that could threaten the continuity of the business model.

The Executive Board defines the risk capital based on business policy targets and controls the risk profile taking into account the risk coverage fund. The focus is on the key risks for MLP FHG, which are identified at least once a year within the scope of a risk inventory (risk profile) performed throughout the Group. The Group-wide risk profile represents the basis for both risk capital management and the risk management and controlling processes.

The key risk types of counterparty default, market price, liquidity and operational risks are particularly quantified within the scope of the risk-bearing ability. The general business risks and reputation risks (other risks) also represent significant risk types, although they are currently not quantified. Amongst other things, these are considered when calculating the risk-bearing ability in the form of additional buffers.

In addition to managing the financial risk capital, the minimum regulatory capital adequacy requirements (as per the Capital Requirements Regulation (CRR)) represent supplementary conditions which must be strictly adhered to.

Pursuant to the minimum risk management requirements of the German Federal Financial Supervisory Authority ("MaRisk"), we primarily pursue the objective of safeguarding the continued existence of MLP FHG in the normal scenario (going-concern approach) in our internal process for securing our risk bearing ability. Alongside this, protection of providers of debt capital and owners is assessed from an economic perspective within the scope of the liquidation approach. Among other things, this is applied in the form of stress scenarios.

Furthermore, MLP implemented a process for planning future capital requirements. The instrument supports MLP in identifying and planning future capital requirements, as well as in implementing suitable measures to cover requirements. Unlike the one-year review period of the risk-bearing capacity concept, this is based on a multi-year time frame. This component, which stretches further into the future, is intended to supplement the risk-bearing capacity concept in a sensible way to secure early identification of any necessary capital increases.

At 41.0%, the banking segment allocates the largest portion of the risk coverage fund at MLP FHG. This is due to the risk inherent to the banking business.

Liquidity capacity

Securing appropriate liquidity capacity is based on the notion of establishing an appropriate risk-return structure, while at the same time ensuring solvency of the companies in the MLP Financial Holding Group at all times. The concept of and compliance with the liquidity capacity is also derived from Pillar 2 of the Basel Accord.

Concentration of risk

Risk concentrations can occur, regardless of the risk type. Alongside unilaterally aligned structures with regard to debtors or the investment structure, these can also be caused by unilateral focussing on individual products (earnings concentrations) or risk types. Potential risk concentrations are in particular analysed within the scope of the stress tests that are to be performed regularly. MLP's clear business focus with the client business continues to be on the target group of academics. The continuous and focussed further development of individual client groups by definition leads to concentration on individual products, such as medical practice financing. However, appropriate diversification and limitation are pursued within this framework.

Focussing on the target group facilitates an attractive risk/return ratio, particularly when taking into account cross-selling effects from the holistic consulting approach, which reduces the earnings concentrations in the Group.

By pre-emptively reducing the emergence of risk concentrations in proprietary trading, the best possible diversification is pursued - among other things via minimum ratings, the tradability of the shares, as well as via issuer and sector limits and a corresponding maturity structure. To this end, capital investment directives are implemented at the key companies.

In addition to this, a maturity-congruent strategy is adopted for balance sheet items where possible so as to minimise the market price and liquidity risk.

Insofar as possible and likely economically beneficial from a risk and opportunity perspective, operational risks that can cause serious damage are covered to the greatest extent possible.

The risk concentrations are regularly monitored and considered in the stress scenarios and reported.

Stress tests

Stress tests are also performed on a regular and ad hoc basis for special analysis of the effects of unusual yet still plausible events. Their potential effects are also reflected when assessing the risk-bearing ability. Comprehensive analyses have therefore been implemented, both at the level of the individual risk types and across all risk types. The market value effects on the financial situation, the liquidity situation and the results of operations as well as the concentration of risks are also investigated in this connection.

Organisation

The Executive Board is responsible for establishing an appropriate and effective system of risk management at MLP FHG. Set against this background, operational and organisational precautions are put in place.

Functional separation

Our risk management concept follows clearly defined basic principles that are applied as binding throughout the entire Group and whose compliance is continuously checked. A crucial element of these principles is a clear organisational and operational distinction between the individual functions and activities of risk management.

The operational and organisational structure is regularly checked and assessed through internal audits and adapted to internal and external developments as they happen.

Group Risk Manager

As a member of the management, the Group Risk Manager is responsible for the risk monitoring and control activities at MLP FHG. He is kept continuously informed of the risk situation at MLP FHG and gives regular reports on this to the entire Executive Board and Supervisory Board.

Risk controlling function

To be able to address risk topics early on and sustainably throughout the Group, while also increasing risk awareness, an independent risk controlling function has been set up at MLP. This function is responsible for the independent monitoring and communication of risks.

Risk management and controlling processes

Risk management at MLP FHG and its local operating implementation in the business units is performed on the basis of the risk strategy. The units responsible for risk management reach decisions for conscious acceptance, reduction, transfer or avoidance of risks, observing the framework conditions specified centrally.

The Risk Management unit in particular is responsible for the identification and assessment of risks, as well as for the monitoring of defined limits. This is accompanied by reporting the risks to the Executive Board and the business units that control the risks. Early detection systems support risk monitoring, identify potential problems early on and thereby enable the prompt planning of measures.

Appropriate guidelines and an effective monitoring process also ensure that the regulatory requirements for risk management and controlling are met by the principal Group companies of MLP FHG.

The methods used at MLP FHG to assess risks are aligned with practices in the banking sector, as well as recommendations of the supervisory authorities and international standard-setting bodies, whilst taking into account the principle of proportionality. The results determined through the risk models for controlling the risks, as well as the underlying quantification methods are subject to regular reviews. However, despite careful model development and regular checks, it is conceivable for circumstances to occur that could lead to greater losses than those predicted by the risk models.

Controlling monitors earnings trends

Controlling is responsible for planning processes and continuously monitoring trends in earnings. The planning process is broken down into short-term and mid-term planning horizons with varying degrees of detail.

To monitor planned and target variables, the revenue and earnings figures actually achieved are compared to the corresponding plan figures within the scope of daily, weekly and monthly reporting. This provides continuous transparency for the Management.

Internal controlling system in the accounting process

With regard to the accounting and management reporting processes, the Internal Control System (ICS) is used to provide an accurate picture of actual conditions in terms of the net assets, financial position and results of operations at MLP Banking AG and the MLP Group. The objective of the ICS is to secure complete and accurate recording, processing and documentation of all business transactions in accordance with the regulations, standards and guidelines of applicable legislation and the company's Articles of Association.

The units involved in the accounting process are particularly subject to the quantitative and qualitative requirements, which MLP meets through a clear organisational, corporate and control structure. To this end, employees tasked with performing the accounting process receive regular training. Group Accounting is the central point of contact for all questions in connection with accounting issues.

The checks in the accounting process aim to ensure that individual financial statements and consolidated financial statements are drawn up in line with the provisions of German commercial law and International Financial Reporting Standards (IFRS), as well as proper and timely internal and external financial reporting. The scope of the checks and responsibilities integrated into the procedures is clearly regulated.

In addition, financial and risk data, which itself is also subject to the internal monitoring system, is incorporated into the management report.

Functional separation, system-based monitoring, the dual-control principle, as well as the audit activities of the Internal Audit department represent key control instruments for all important accounting-related processes. The key processes of the accounting-based ICS are documented and specified in work instructions that are regularly updated and published in the organisation manual.

The bank's separate financial statements, as well as the consolidated financial statements, are generally drawn up using standard software. Group Accounting secures the completeness and accuracy of the relevant disclosures based on the information provided.

The adequacy and effectiveness of the accounting-based ICS are regularly checked and monitored.

Compliance function

A compliance office has been set up at the controlling institution to counter, as per the minimum risk management requirements (MaRisk), the risks which can result from non-compliance with the essential legal provisions and stipulations for MLP FHG. These in particular include supervisory provisions on avoiding money laundering, the financing of terrorist activities and other criminal conduct, or relating to financial sanctions, embargoes and the account screening procedure (in the following referred to as prevention of money laundering & fraud), the prevention of insider trading, the securities business, protection of client assets, data and consumer protection, as well as all institute-specific provisions, whose non-compliance could put assets at risk or lead to a significant reputation risk. Compliance plays a key role in identifying risk potential through the proactive monitoring of insider information and rules of conduct, as well as within the scope of management of conflicts of interest.

Internal Audit

The regular audits performed by the Internal Audit department, which is independent of the operating units in terms of both organisation and function, represent another key aspect when monitoring the quality of our risks. Above all, compliance with relevant guidelines is checked, paying particular attention to legal provisions.

The Internal Audit department, which operates throughout the Group, also performs regular process and system audits in all sections of the Group and monitors the correction of any issues detected during the respective audits. This also includes the auditing of IT systems. The Internal Audit department adopts a risk-oriented approach to auditing. It is independent and falls under the direct responsibility of the Chief Financial Officer at MLP Banking AG. Global reports on the audits performed are drafted and presented to the managers responsible. Based on the respective risk content, elimination of the identified deficiencies is monitored either immediately or in quarterly follow-ups. The Internal Audit department performs regular, Group-wide reporting to the management bodies at the individual companies.

Risk reporting

A substantial risk reporting scheme forms the basis for appropriate and successful corporate management. This is complemented by an extensive system of internal reporting, which provides the key decision-makers with prompt information on the current risk situation. Risk reports are generated at fixed intervals (monthly or quarterly) or produced ad-hoc, if and when necessary. In addition, planning, simulation and control instruments show possible positive and negative developments to the most important value and controlling parameters of the business model and their effect on the net assets, financial position and results of operations.

Risk reports are submitted to the controlling units, the Executive Board and the Supervisory Board. Prompt and comprehensive information is provided on any changes to relevant influential factors.

The key risk types in the respective segments are presented below:

Counterparty default risks

The counterparty default risk is the risk of a loss due to the defaulting of or deterioration in creditworthiness of a business partner. Alongside the credit risk, the counterparty risk comprises the counterparty risk (replacement risk, as well as advance performance and settlement risk), the issuer's risk, the specific country-related risk, as well as risks resulting from securitisations and investments.

Counterparty default risks are included in the proprietary and client business positions. The key companies for this risk type are to be identified within the scope of the materiality classification. The maximum default risk is expressed as the carrying amounts (after write-downs) of the financial instruments recognised in the balance sheet (especially originated loans and receivables), as well as derivative financial instruments with positive market value. There are no significant risks related to specific countries, since the majority of lending (more than 95%) is limited to borrowers domiciled in the Federal Republic of Germany.

The client credit business, with the target group of upper mid-size market and the core market in Germany, essentially focuses on medical practice and mortgage financing, as well as loans with fixed interest rates for 5 or 10 years, which are predominantly collateralised through wealth deposit accounts at MLP Banking AG or hedged through redemption values/share assets in life insurance/unit-linked policies (premium loans) and the bulk business. In terms of strengthening new client acquisition and keeping existing clients loyal, the main focus is on issuing overdraft facilities to the holders of the MLP account and providing credit limits in connection with the MLP Card. Moreover, the plan is also to increase the volume of loans - particularly among the target group of physicians, yet also mortgage lending and premium loans for target group clients.

Overall, the lending policy at MLP is characterised by only accepting risks that are both known and also appear reasonable in terms of their volume. Bad debts are written down accordingly. We are anticipating a moderate rise in the level of loan loss provisions due to the planned increase in loan volumes. We are also anticipating a rise in the average default rate due to deteriorations of credit ratings in connection with the coronavirus, as well as accompanying rises in impairments.

The non-performing loan (NPL) quota is the ratio of bad loans relative to the total volume of loans and credits, including deposits at banks and central banks. For the supervisory scope of consolidation, the NPL quota as of 31 December 2020 is 0.5% (previous year: 0.2%). Non-performing loans, which are identified at MLP, are transferred to specialist departments, where they are individually managed by experts.

Credit management

The responsibilities in the credit business - application, authorisation, completion, and the periodic monitoring with regular creditworthiness analyses - have been defined and documented in the organisational policies. The decision-making authority is laid down in the authority regulations, which themselves are based on the risk content and the processes of the transactions. Land charges in particular serve as collateral for MLP when issuing client loans. A process that is scaled based on volume and employs external support is established for measuring this collateral.

The provision of loans in the client credit business takes the form of credit limits being granted for the individual borrower or borrower unit. Individual credit decisions are reached by specialist employees in accordance with clearly defined authorities based on the size, creditworthiness, and collateral of the respective borrower. A special scoring process allows fast decisions to be made, especially for credit cards and accounts in the retail lending business, while also securing a consistently high quality.

The various types of credit are measured regularly during the portfolio monitoring of the client credit business. As part of the internal monitoring procedures, the privileged mortgages on residential and commercial property are compared to the loan portfolios in the individual field of mortgage lending, lombard loans, premium loans and medical practice financing. Further types of collateral are included as a way of hedging credit commitments, although these are not currently considered in the internal system of risk management.

Calculations are based on the various supervisory methods of calculation as per the rating status.

For the positions rated internally using the VR rating system, the risks are calculated using the IRB method. For debtors that have not been rated internally but do have an external rating, a mapping table is used to convert and assess this external rating to the VR rating that MLP uses as the master scale. Based on the probability of default determined in this way and a dedicated assessment of qualitative aspects such as balance sheet KPIs, sector-specific findings and so on, externally rated debtors are treated the same as internally rated debtors and assessed using the IRB method.

The standardised approach to credit risks based on the supervisory formulae as per the Capital Requirements Regulation (CRR) is used for all other unrated debtors.

In addition to this, potential default risks are continuously measured and evaluated by comparing allowances for bad debts with the credit volumes subject to risk. You can find detailed information on the measurement process, as well as development of loan loss provisions in the notes.

There are also issuer's risks within the scope of proprietary trading that go beyond the risks described above. In the light of the current market trend, risks in investment management, particularly those resulting from defaults of issuers, are also limited through the high credit standards set out in the capital investment directives. The capital investment directives stipulate restrictions applying to the investment of available funds regarding the various investment categories and products with the corresponding maturities, and also in general regarding investments in various sectors.

The documented competencies and further provisions must always be taken into account when making investment decisions.

Market price risks

MLP FHG understands market price risks as the uncertainty regarding changes in market prices and rates (including interest rates, share prices, exchange rates and raw material prices), the correlations between them and their volatility. Alongside interest rate and share price risks, there are spread risks on proprietary investments. The investment currency is generally the euro.

At MLP FHG, market risks essentially comprise the incomplete congruency of interest rate agreements between loans granted by MLP and their refinancing. In addition to this, there are market price risks within the scope of proprietary trading activities. There are currently only very minor open risk items in foreign currency in the portfolio.

The possible effects of different interest development scenarios at Group level are portrayed via planning and simulation calculations. The basis of this is our interest management tool, which makes risks and their effects transparent in complex interest scenarios.

In this context, cash value changes of all items in the interest ledger are shown in relation to the equity, with the application of the changes in interest rates prescribed by the Federal Financial Supervisory Authority. The simulation is performed by automated means for all the interest-bearing and interest-sensitive items. It is in this manner that the controlling of the interest risk is ensured. It also determines whether the change in value is always below the threshold of 20% of equity.

Interest rate risks of the MLP Financial Holding Group

in %	Interest rate shock/parallel shift
	Change in value + 200 BP		Change in value - 200 BP
	2020	2019	2020	2019
Total	5.8	-0.6	-0.6	-0.9

Liquidity risks

MLP FHG understands liquidity risks to mean uncertainty in terms of the availability of funds to meet payment obligations or reduce risk items which are either insufficient or which can only be secured by accepting higher rates. Key components of the liquidity risk include both the insolvency risk (operational liquidity risk) and the refinancing risk (structural liquidity risk).

Operational liquidity control

Within the scope of strategic or short-term liquidity control at Group level, the liquidity risk is assessed and controlled in particular using the KPI from the Liquidity Directive and the Liquidity Coverage Ratio (LCR). In addition, the liquidity at risk (LaR) describes the anticipated net funding requirement from all payments, which will not be exceeded at a defined level of probability. Additionally, an expected shortfall is monitored for the assessment of any outliers. Short-term liquidity requirements were covered by sufficient funds at all times.

Structural liquidity control

Structural (mid-to-long-term) liquidity control of the Group is performed on the basis of liquidity gap analyses, which highlight the anticipated development of liquidity over various time horizons (up to three years). In this connection, all assets and liabilities relevant for the refinancing profile are taken into account in accordance with their term. The funding matrix compares a surplus or shortfall of financing means with refinancing potential (liquidity reserve) for each time horizon. To this end, the assets that are available for sale in the short-term and mid-term and not tied up in operational liquidity control are compiled and assigned to classes on the basis of their speed of sale.

The net stable funding ratio (NSFR) compares the available refinancing with the stable refinancing required. This performance indicator serves as a key balance sheet ratio.

The general aim when examining the liquidity risk within the scope of the risk-bearing ability is to determine the additional costs that occur in the context of the structural refinancing requirements. To determine the additional refinancing costs, the liquidity value-at-risk (LVaR) is established for the capital requirements, themselves determined based on the funding matrix. To this end, the additional costs accrued across all refinancing instruments are added together. Alongside the compressed LVaR key performance indicator, the distribution of the capital requirements across the refinancing instruments and their utilisation is also presented.

In addition to this, the effects of various scenarios on cash flows and thereby also on MLP's liquidity situation are analysed using the funding matrix. The additional monitoring metrics (AMM) serve as supplementary information here.

When determining the LVaR as of 31 December 2020, net cash inflows for the year were in line with forecasts and no additional refinancing costs are thus expected to occur.

If, contrary to expectations, net cash outflows should occur, sufficient cash reserves are available. The liquidity risk at MLP FHG results primarily from MLP Banking AG as the deposit-taking bank. The refinancing structure is based largely on client deposits. Appropriate short and medium-term credit lines have also been agreed to safeguard against a possible short-term liquidity shortfall.

Alongside the assumed development in standard scenarios, we have also defined stress scenarios to simulate potential increases in liquidity requirements as a result of a negative change in the market environment. These enable us to introduce any countermeasures deemed necessary in good time.

MLP Banking AG has established a simple allocation system to allow the internal assignment of the respective liquidity costs, liquidity benefits and liquidity risks to be monitored and controlled.

Operational risks

The management of operational risks is based on the definition of Article 4 of the Capital Requirements Regulation (CRR). As such, operational risk is the risk of losses caused by inadequacy or failure of internal procedures and systems, people or by external events. This definition includes legal risks.

Throughout the Group, operational risks are identified and assessed at local level in the individual organisational units at the main companies in the form of self-assessments and damage data pools. The information is compiled within the scope of risk controlling at MLP Banking AG. Within this framework, the risk assessments performed at the individual companies are each summarised to create an overall assessment for MLP FHG. Irrespective of the specific risk profile, the following core statements apply to all companies in the MLP FHG:

• All key operational risks are to be identified and continuously analysed in terms of their anticipated or incurred damage, as well as their anticipated or incurred frequency.
• For risks whose occurrence is unlikely but which exhibit a high or very high damage potential, the option to perform a risk transfer should be considered, in particular with corresponding insurance programmes.
• Process improvements, adjustments to the IT system landscape, employee training and similar measures should be particularly identified for risks with a high likelihood of occurrence but low damage potential with the objective of reducing errors.
• Suitable risk prevention measures should be implemented immediately for risks with a high likelihood of occurrence and high damage potential for the MLP FHG, if necessary incorporating business continuity management.
• The efficiency of all risk management measures should be reviewed from a cost/benefit perspective.

Reduction of the operational risk and with this a reduction in the frequency and level of associated losses is primarily to be achieved through implementation of continuous improvements, such as digitalisation of business processes. Further safeguarding measures include risk transfer by concluding insurance policies and consciously avoiding high-risk products. Moreover, contingency plans are in place for critical business processes to secure continuation of business operations.

Risks from internal procedures

MLP uses both internal and external employees, as well as buildings and technical equipment to perform its administrative and organisational activities. We protect ourselves against damage claims and a potential liability risk through comprehensive insurance cover, which is subject to ongoing monitoring.

Business impact analyses (BIA) are used to identify critical company processes whose disruption or failure can have a significant impact on the Group's business activities. To this end, suitable measures are defined in the form of alternative actions. In the event of an emergency, these measures allow business operations to continue, albeit with reduced performance. The critical processes and the effectiveness of the defined measures are subject to regular monitoring and continuous development. BCM documentation is available for the business units and employees.

A possible error in client consulting, investment and acquisition brokerage or finance portfolio management and associated claims for damages can present a consulting and liability risk. The potential consulting risk is minimised by securing continuously high-quality consulting which, among other things, is backed up by IT-supported tools. Consultations with clients and the results of these are documented in accordance with legal requirements.

Within the scope of defined adjustment processes in the event of changes to operational processes or structures, acquisitions and mergers, as well as the process for introducing new products – or rather when expanding activities to include new markets or via new sales channels – safeguards are in place to ensure that all affected staff at MLP are involved, potential key risks are identified, and a corresponding concept is drawn up prior to the implementation of planned measures.

Risks from human errors and employee availability

The adequacy of staffing levels and sufficient qualification/training of employees at MLP are ensured by the responsible specialist departments. The adequacy of staffing in terms of type, level and planned Group development is checked regularly, at the very least during the annual planning process. In this context, key positions have been identified and defined with the objective of further reducing staffing risks with the implementation of appropriate risk control measures. The requirements regarding the qualification of all employees, but particularly those tasked with working in the loans and commercial business, are set out in differentiated job descriptions in the organisation manual.

As part of their responsibilities, those employees tasked with assuming, controlling and monitoring risks, as well as their substitutes, have comprehensive product know-how, as well as expertise in the commercial, valuation and control techniques employed. This applies especially to the Heads of the functions Audit, Compliance and Risk Controlling in accordance with Germany's "MaRisk" minimum risk management requirements. Generally speaking, the available personnel capacities are structured in such a way that necessary procedures are still securely maintained, even when employees are unexpectedly unavailable for work.

Demographic changes and their effects on the workforce structure are systematically reviewed by MLP. A dynamisation of the age curve, as well as an increasing average age of the workforce can be observed here. To counter this trend and continue thriving in the face of increasing competition, the material and non-material framework conditions are continuously optimised for the employees. The aim is to further strengthen the profile as a family-friendly employer offering flexible models in terms of working hours and places of work, as well as family-friendly conditions and fringe benefits. To counteract the predicted skills shortage, MLP has established a dedicated junior staff development programme and a management development programme. Alongside this, MLP traditionally invests in the sustainable recruiting of talented young employees and, alongside various training professions, also offers a university of cooperative education degree programme with many different fields of specialisation.

In line with the requirements regarding pay systems, such as the Ordinance on the Supervisory Requirements for Institutions' Pay Systems (InstitutsVergV), they are set out in such a way that negative incentives that could otherwise encourage managers and employees to enter into disproportionately high risk positions, are avoided. To circumvent incentives of this kind for employees, in particular those holding positions of responsibility, attention is paid when setting out such pay and incentive systems to ensure that these do not contradict the objectives defined in the strategies and that any risk of conflicts of interest is ruled out. Any change in strategy triggers a simultaneous review and, where necessary, adaptation of pay and incentive systems.

In terms of variable pay components, safeguards are in place to ensure that these are not based on short-term but rather mid-term and long-term success. Moreover, the pay system is established such that employees with variable compensation components are also affected by the negative development of business initiated by them and that employees in departments arranged downstream of the initiating departments are also compensated appropriately based on their responsibility.

The Supervisory Board is responsible for the pay and incentive systems at management level, while the management team is responsible for the system used for employees. The pay systems are reviewed on an annual basis by the Legal department and any necessary amendments are implemented.

Nevertheless, human error cannot be completely ruled out. Based on the core values of performance and trust, we employ an open culture of constructive criticism with the objective of detecting mistakes early on, continuously improving our processes and strengthening our innovative capacity. The risk of staff shortages is reduced through personnel planning and targeted personnel marketing measures. Employees working with confidential information undertake to observe the respective regulations and handle the information responsibly. A clear separation of management and control functions restricts the risk of breaching internal and external regulations. Defined deputisation regulations secure our business and decision-making processes.

IT risks

MLP FHG pursues an IT strategy to effectively minimise potential IT risks. When selecting IT systems, the primary focus is on sector-specific software. If necessary, business-specific proprietary IT applications are developed by qualified internal and external specialists. The correct functioning of IT systems is secured by performing comprehensive system tests and pilot phases before they are commissioned. Databases are protected from a potential data loss by conventional means by outsourcing data centre operations to external service providers with various locations, back-up systems and mirror databases, as well as the establishment of a defined contingency plan. The access and authorisation concept, extensive virus protection, as well as other comprehensive security measures protect the access and IT systems. Virtually all employees are now able to work from home securely, making use of communication via video conferencing systems, including a video conferencing solution that has been made available for online consultations. Minimum standards with regard to information security are stipulated throughout the Group. Digital innovations are developed in a laboratory environment as a way of keeping risks to a minimum during the development phase.

Risks from external events

The trend towards industrialisation and a reduced vertical range of manufacture has increased in the financial services sector. More than ever before, companies are focussing on their core skills, i.e. production of financial services products, support and information services, specialist consulting expertise and sales expertise. In this market environment, MLP makes use of external partners for activities that are not part of its core business. Based on Germany's "MaRisk" minimum risk management requirements, key outsourcing activities at MLP FHG are incorporated into risk management within the standard scope of risk controlling and management processes with continuous risk identification, assessment, control and reporting. MLP has clearly regulated the responsibility for outsourced processes and installed a central system of outsourcing management. This ensures that any potential organisational, structural or process-based risks that may occur due to outsourced business activities are closely controlled.

In addition to this, a range of insurance policies have been concluded to minimise risks from external events such as fraud, burglary, theft or damage due to force majeure.

Internal security measures are also set up in such a way that any attempts at fraud, burglary or theft are prevented upfront. To prevent external cyber risks, such as hacker attacks and viruses, standard approaches such as firewalls, virus scanners, as well as active patch and vulnerability management for systems are operated.

To ensure the maintenance of critical processes in all cases, the potential consequences of external events are assessed within the scope of the Business Continuity Management (BCM) system and corresponding plans of action drawn up.

Potential risks arising for the institutes of MLP FHG from fraudulent or other criminal conduct are identified and regularly assessed within the scope of the risk analysis performed to identify potential hazards caused by criminal conduct (both internally and externally). Both the risk assessment and the individual measures implemented to avoid criminal conduct are performed by the relevant section at the respective central office pursuant to § 25h of the German Banking Act (KWG) and are also incorporated into the operational risk inventory process.

Legal risks

Our legal department controls legal risks. In addition to consulting on corporate decisions and designing business processes, its tasks include following and assessing current legal disputes. Possible legal risks are detected at an early stage and possible solutions for minimising, limiting or preventing such risks are shown. The legal department coordinates the commissioning and integration of external lawyers. Within the scope of risk mitigation, the legal department checks and monitors the existing insurance coverage for economic loss in cooperation with the product management and initiates any adjustments which may be necessary. According to our review, the pending or threatening legal proceedings against MLP FHG do not represent risks which could endanger the Group's continued existence.

By means of its authorisation to conduct banking and financial service businesses, MLP FHG is subject to special risks in connection with potential non-compliance with supervisory regulations. This also applies to legal capital adequacy regulations, which require shareholders’ equity backing. Comprehensive guidelines and workflows have been implemented to comply with supervisory regulations and for the functions Compliance, Money Laundering and Fraud Prevention, as well as Data and Consumer Protection. The objective of these guidelines and workflows is to secure compliance with and monitor the legally stipulated requirements by the specialist departments and staff units responsible.

The Executive Board has also set up a compliance function, the duties of which include the identification and monitoring of key legal provisions and requirements. Non-compliance can potentially jeopardise the assets of MLP FHG and can lead to significant reputation risks. The compliance function advises and supports management, as well as the responsible specialist departments. It works towards the implementation of effective procedures ensuring compliance with substantive provisions and internal regulations as well as corresponding control measures performed by responsible units. It also provides regular reports, including ad-hoc reports on its activities to both management and the Supervisory Board when and where necessary. The compliance function also promotes and strengthens the Group-wide risk culture.

Active knowledge management in the specialist departments and, at the same time, the continuous observation of legal developments by our Legal and Compliance departments ensure that any potential regulatory changes can be detected early on. As part of our audit management, the implementation of new legal requirements and findings of external auditors are controlled through our Group-wide "MaRisk Steering Committee", tasks are assigned to relevant functions and their progress regularly and actively tracked. Particularly those issues that have significant effects on the MLP Group and involve multiple specialist departments are assigned to this programme.

Taxation risks

Changes that emerge in the tax and accounting law are continually checked and reviewed with regard to the potential effects they may have on the Group. The company's compliance with fiscal requirements is checked by internal and external experts in accordance with the tax regulations and the documents pertaining to these issued by the tax authority. Corresponding provisions are formed for subsequent payments to be anticipated. Developments in the accounting law are monitored and implemented in the respective specialist departments.

Capital charge according to the basic indicator approach

In 2020, MLP FHG employed the basic indicator approach in line with Section 315 and 316 of the Capital Requirements Regulation (CRR). On this basis, the capital charge is 15% of the average gross proceeds of the last three financial years, whereby only positive gross proceeds are taken into consideration.

Other risks

Other risks include reputation risks, as well as general business risks (including strategic risks). These also include potential step-in risks for a non-consolidated company, insofar as the support is provided without contractual obligation.

Reputation risks

Reputation is defined as the reputation of MLP as a whole or of individual Group companies in terms of expertise, integrity and trustworthiness that results from the perception of different stakeholder groups. The stakeholders, for example, include clients, employees, consultants and office managers, shareholders and creditors, other institutes, ratings agencies, the press and the world of politics. Reputation risk is understood to mean an existing or future risk regarding income, equity or liquidity as a result of reputation damage.

Management of reputation risks at MLP FHG is always performed decentrally within the scope of a defined regulatory cycle following the principle of managing operational risks. Alongside reactive control directly after the occurrence of an event of damage, preventive risk management is particularly important here.

The potential risk of mistakes made while providing consulting services to our clients also impacting our reputation, is minimised by securing continuously high-quality consulting. The instruments used to secure this high level of consulting include IT-based consulting tools.

General business risks

General business risks are those risks that arise as a result of altered framework conditions. These, for example, include the market environment, client behaviour, sustainability risks or technical progress. Achieving the planned results can potentially be jeopardised due to an inadequate alignment of the company to the respective business environment, which may have changed abruptly. The necessary alignment, for example with individual products or a special client segment, also bears the risk of making the operating results excessively dependent on the earnings contribution of these products or this client group. Risks due to earnings concentrations can potentially occur as a result of changes in the market. Strategic risks can particularly result from an inadequate strategic decision-making process, unforeseeable discontinuities in the market, products and services that have not been properly matched to the market or poor implementation of the chosen strategy.

We consider sustainability risks to include events or conditions resulting from the environment, social issues or corporate governance, whose occurrence can have actually or potentially significantly negative effects on MLP's net assets, financial position and results of operations, as well as its reputation. This also includes climate-related risks in the form of physical risks and transition risks. Alongside general business risks, sustainability risks can also manifest themselves in all risk types, which is why we do not rate them as a dedicated risk type, but rather based on issues encountered within the scope of the respective relevant risk type.

General business risks for MLP FHG are predominantly controlled by the Controlling department. Within the scope of environmental analyses, regular checks are also performed to detect and analyse all changes to economic factors or the industry and competitive situation. This results in impulses for strategic alignment of MLP FHG.

Overall economic risks

Changes in economic and political factors can affect the business model and performance of MLP. Both national and international developments in the political, economic and regulatory arenas, as well as business developments and other requirements in the financial services market are therefore monitored. The knowledge bundled at FERI Trust offers us support in this regard.

Corporate strategy risks

Corporate strategy risks largely consist in the erroneous assessment of market trends and, as a consequence, the erroneous alignment of business activities. Strategic risks also emanate from unexpected changes in market and environmental conditions as well as the shareholder structure with negative effects on the results of operations.

Corporate strategy control at MLP is primarily the responsibility of the Executive Board. Changes and developments in both the national and international markets, as well as the business environment are analysed based on the intensive observation of the competitive environment. Measures are then derived with the objective of ensuring the Group's long-term corporate success.

All key value drivers in MLP's business model are subject to the continuous analysis and active management via a comprehensive system of central and local controlling. The Group strategy and the measures it involves, all of which are set out by the Executive Board, are reflected within the scope of budget and long-term planning as a way of analysing their effects on the business situation. Key developments of internal value drivers, as well as external framework conditions are also modelled using planning and simulation instruments and are then subjected to various scenarios to determine their earnings sensitivity.

Continuous reporting is performed to record the anticipated course of business, so that action can be taken quickly in the event of any negative deviations.

No quantification of other risks is currently performed within the scope of internal risk management. To cater to the risks resulting from this, a corresponding buffer is maintained in the risk-bearing ability. This is regularly validated within the scope of back testing and adjusted as and when necessary.

Special measures relating to the corona pandemic

The following key measures have been implemented to combat the corona pandemic.

Organisation

In March 2020, the crisis teams were assembled per segment under the leadership of the respective risk manager in accordance with the emergency organisation. Group-wide coordination is performed by the managing directors and members of the Executive Board during regular telephone or video conferences. These events are used to secure joint assessments of the situation, as well as to discuss business developments and how to make effective use of synergies in responding to the crisis.

Establishing crisis mode

When it became clear that COVID-19 had the potential to deliver serious health and economic impacts, comprehensive measures were initiated. The objective was to protect employees, consultants, clients and service providers, as well as to secure operations as a way of assuming social responsibility and helping contain this pandemic.

Reduction of contact

Thanks to flexible technical equipment, most employees are able to work from home. Over the course of the year, the percentage of employees working from home varied on the basis of legal requirements and infection rates. Staff were and still are only expected to be physically present at their workplace when this was/is deemed absolutely essential for operations. Comprehensive security measures have been implemented at the locations to reduce the risk of infection. These measures primarily target compliance with the recommended minimum social distancing and hygiene rules.

Securing process-based and operational stability

Process-based and operational challenges had to be overcome in the transition from working in the office, through hybrid models, all the way up to staff spending most of their working hours at home.

In a first step, the contingency plans were reviewed to determine their suitability for use at home and preparations for the switchover were made. Working from home places greater stress on both the IT and telephone systems. However, measures to stabilise this were implemented quickly.

Client proximity and impact for clients

Our clients required more information and advisory services due to the special circumstances. MLP consultants working from home are also capable of offering client consultations, whereby online consultations via the Flexperto application have been offered since the start of 2020. Due to the general focus at MLP Banking AG on the target group of academics, with a particular emphasis on physicians, the financial impact on our (banking) clients associated with the effects of the corona pandemic is generally less severe when compared with the market as a whole. Increases in exposure and the granting of development loans happened only to a limited extent.

Assessment of the risk and liquidity position

The pandemic is having a particular influence on the counterparty default risks of MLP Banking AG, as well as the operational and general business risks of the Group.

Due to MLP's specific target group, counterparty default risks only increased moderately and the increase in value adjustments was largely influenced by individual measures in the proprietary trading portfolio.

In terms of operational risks, particular attention is paid to scenarios relating to personnel shortages and IT operations, as well as process-based challenges resulting from the necessary adaptations to enable a large proportion of the workforce to work mainly from home.

The risk of major personnel shortages has been addressed by enabling staff to work from home. The illness rate is also subject to continuous monitoring. Operations have been maintained without any major restrictions.

In particular, process-based challenges had to be overcome during the transition period of working in the office, using hybrid working arrangements, through to working entirely from home. Early indicators, such as the number of complaints, displayed an increase at the end of March. However, this was attributable to the volatile markets and difficulties in reaching a service provider.

IT operations remain stable thanks to the measures described above.

The cases of damage recorded in the Group in the financial year 2020 were well below the level we had anticipated.

The risk-bearing ability is essentially influenced by the counterparty default risks. To cater for the risks that have generally increased due to the pandemic, the Executive Board already reached a decision back in March to increase the capital made available to cover risks. Even without this measure, the risk-bearing ability was still secured at all times.

The liquidity situation at MLP remains good. In a precautionary measure implemented at short notice, the buffer for operational liquidity control was increased by 18%. However, cash outflows remained at a normal level.

In summary, all supervisory KPIs were met without having to make use of any optional relief options on the part of the supervisory authorities.

Risk-bearing ability & capital requirements

The risk-bearing capacity concept ensures that the risks incurred are offset against sufficient risk coverage potential at all times. Within the scope of the risk-bearing capacity concept, MLP FHG primarily pursues a going-concern approach with a confidence level of 97% when controlling risks. This is based on protecting the minimum capital backing required by law and thereby continuing the business operations of MLP FHG. Free equity capital that is available after meeting the regulatory ratios for minimum capitalisation and an additional buffer are in place to serve as risk coverage potential.

By 27 March 2020, the Executive Board made a risk coverage fund available based on the risk coverage potential up to an upper threshold of € 105 million. A further € 10 million was then approved to secure flexible coverage of risks in connection with the coronavirus crisis. The risk coverage fund is used to cover the risk types classified as significant by MLP. These are the counterparty default risk, the market price risk, the liquidity risk, as well as operational and other risks.

With a share of 54.0% and 31.3% respectively, counterparty default risks and operational risks take up the majority of the risk coverage fund available.

The risks incurred are covered by the assigned limits in line with the respective risk coverage potential. Consistent surplus coverage is in place.

Risk-bearing ability of the MLP Financial Holding Group

Risk bearing ability	2020 Utilisation (in %)	2019 Utilisation (in %)
Risk and capital commitment	78.3	77.4
thereof:
Counterparty default risk	78.1	78.7
Market price risk	77.3	61.4
Operational risk	82.6	82.1
Liquidity risk	0.0	0.0

Capital adequacy requirements under banking supervisory law

A consistent minimum ratio of 4.5% continues to be required for the backing of risk assets with eligible own funds for Tier 1 common capital. As in the previous year, these requirements have not changed during the financial year 2020.

As per Article 25 et seq. of the CRR, the Group's Tier 1 common capital includes the following equity items of IFRS capital: share capital, capital reserves, statutory reserve and retained earnings. Among other factors, intangible assets and good will reduce Tier 1 common capital.

As in the previous year, MLP FHG has fulfilled all legal requirements relating to the minimum core capital backing during the financial year 2020. The relationship between the risk assets and equity capital on the balance sheet date is illustrated below.

Supervisory KPIs

Shareholders’ equity (in € million)	2020	2019
Tier 1 common capital	301.2	289.6
Tier 1 additional capital	–	–
Tier 2 capital	–	–
Eligible own funds	301.2	289.6
Capital adequacy requirements for counterparty default risks	89.6	89.5
Capital adequacy requirements for operational risk	23.5	31.1
Core capital ratio (in %)	21.32	19.21
Tier 1 common capital ratio (in %)	21.32	19.21

Summary

MLP's business development is essentially influenced by financial risks, operational risks, reputation and general business risks. We use our risk management system for the identification, assessment, control, monitoring and communication of our key risks in terms of both current and future developments. The information provided ensured prompt introduction and prioritisation of risk management measures without exception.

Both MLP FHG as a whole as well as the business segments always acted within the scope of their financial risk-bearing ability in 2020.

Our Business Continuity Management also ensures regulated business operations in the event of any disruptions. Our risk monitoring and control systems and the consistent alignment of our business model to our risk-bearing ability enable us to ensure that the risks taken in our business activities are backed with adequate risk capital.

The risk management system is subject to continuous further development, in particular with regard to developing the volume and complexity of our business. The effectiveness of our risk management system and its supervisory implementation are also checked cyclically by both external and internal auditors.

The above-mentioned risks, and such risks which are not yet known to us or are currently considered insignificant, could have a negative impact on our forecasts detailed in the outlook.

There are currently no discernible risks that could threaten MLP's continued existence, and we do not anticipate any negative development for the coming year. No appreciable risks which could have a significant influence on the continued existence of the MLP Financial Holding Group occurred at MLP FHG after the balance sheet date.