Enterprise Risk Management in the Netherlands

After the Royal Ahold accounting scandal occurred in 2003, the Dutch government responded by publishing a new Corporate Governance code, often referred to as the “Tabaksblat Code”, updated in 2016. The Code focuses on long-term value creation by emphasizing risk management and accountability and reinforcing the roles and duties of management board, internal audit function, and supervisory board in designing adequate risk management and control systems and in assessing their effectiveness. Differently than the rule-based Anglo-Saxon regulations, the Code is based on best practices provisions and adopts a “comply or explain” approach. Professional bodies are actively supporting their associates in developing skills in current and emerging risk management areas. Despite these efforts, it is worth noting that there are still significant differences on how companies apply the risk management provisions. For instance, in terms of appointing a dedicated manager as Chief Risk Officer (CRO), in the frequency and scope of risk assessment, and in defining the risk appetite of the company.