Looking for something specific:

Risk Report

Successful management of existing and emerging risks is critical to the long-term success of our business and to the achievement of our strategic objectives. In order to seize market opportunities and leverage the potential for success, risk must be taken to a reasonable degree. Risk management is therefore an integral component of the Group’s corporate governance.

At TUI, managing risk is not limited to identifying only those developments that could jeopardise the companies continued existence, it also includes the active management of all other material risks. Risk management is limited to risks only, short-term opportunities are managed in the controlling process, whereas Group Strategy continuously identifies and monitors mid to long-term opportunities. Legal risks are reported in a separate legal risk report.

Risk Governance

The chart below outlines the Risk Governance at TUI and the roles and responsibilities throughout the Group.

TUI risk management governance

ef37ba31-32b4-481a-ad9b-78f9f91fc6bc.svg

Audit Committee – Oversee & review

The Audit Committee, as a subcommittee of the Supervisory Board, is overseeing the appropriateness and effectiveness of the risk management system. The Head of the Group Risk & Control team reports a minimum of once a year on topics which have been discussed in the Group Risk Oversight Committee, as well as the principal risks and their changes. The Audit Committee considers the adequacy and the effectiveness of the risk management system and reviews and acknowledges the risk appetite on a principal risk level as formulated by the Executive Board.

Executive Board – Direct & assure

With oversight by the Supervisory Board, the Executive Board determines the strategic direction of the Group and agrees the nature and extent of the risks it is willing to take to achieve its strategic objectives.

Ultimate accountability for the Group’s risk management rests with the Executive Board and therefore it has established and maintains a risk management system to identify, assess, manage and monitor risks which could threaten the existence of the company or have a significant impact on the achievement of its strategic objectives: these are referred to as the principal risks of the Group. This risk management system includes an internally-published risk management policy which helps to reinforce the tone set from the top on risk, by instilling an appropriate risk culture in the organisation whereby employees are expected to be risk aware, control minded and to ’do the right thing’.

The Executive Board reports to the Audit Committee of the Supervisory Board on the adherence to the German legal requirements, the overall risk position of the Group, on the individual principal risks and their management, and on the effectiveness of the risk management system as a whole.

Group Risk Oversight Committee – Review & communicate

On behalf of the Executive Board, the Group Risk Oversight Committee (the GROC), ensures on a quarterly basis that business risks are identified, assessed, managed and monitored across the businesses and functions of the Group.

The committee is chaired by the Chief Financial Officer. Senior operational and finance management as well as those central functions which are fulfilling the role as a second line are represented on the committee.

Leaders of central functions as well as senior executives from the Group’s major businesses are invited on a rotational basis to present on their risk and control framework. This allows members of the GROC to ask questions on the processes in place, the risks present in each business or function, as well as any new or evolving risks which may be on their horizon. It also provides an opportunity to seek confirmation that an appropriate risk culture continues to be in place in each of the major businesses and that there are no gaps between risk management at business level and at function level.

The GROC reports bi-annually to the Executive Board to ensure that it is kept abreast of changes in the risk landscape and developments in the management of principal risks, and to facilitate regular quality discussions on risk management at the Executive Board meetings.

Group Risk & Control team – Coordinate, support & report

The Group Risk & Control team ensures that an adequate risk management system is set up and functions effectively and that the risk management policy is implemented appropriately across the Group. The team facilitates the risk management process by providing guidance, support and challenge to management whilst acting as the central point for coordinating, monitoring and reporting on risk across the Group. It also supports the GROC in fulfilling its duties and reporting to both the Executive and Supervisory Board. Additionally, Group Risk & Control team is responsible for the risk and control software that underpins the Group’s risk reporting and risk management process.

Sector Risk & Control – Coordinate, support & report

Sector Risk & Control teams work as the connecting element between businesses and the Group. They facilitate the risk management process in their respective areas by providing guidance, support and reporting. They challenge management in identifying and assessing risks, hence ensuring proper sector governance.

Businesses & functions – Identify, assess & manage

Every business and function in the Group is required to adopt the Group Risk Management policy. They each have their own risk committee or include risk as a regular agenda item at their Board meetings to ensure that it receives the appropriate senior management attention within their business. In addition, the businesses each appoint a Risk Champion, who promotes the implementation of the risk management policy within their business and ensures its effective application. The Risk Champions are in close contact with the Group Risk & Control team and are critical both in ensuring that the risk management system functions effectively, and in implementing a culture of continuous awareness and improvement in risk management and reporting.

Risk reporting

Although the process of risk identification, assessment and response is continuous and embedded within the day-to-day operations of the businesses and functions, it is consolidated, reported and reviewed at varying levels throughout the Group on at least a quarterly basis.

Risk identification: Management closest to the risks identify those that are relevant to the pursuit of the strategy within their business area.

A risk owner is assigned to each risk, who has the accountability and authority for ensuring that the risk is appropriately managed.

Risk assessment: The methodology used is to initially assess the gross (or inherent) risk. This is essentially the downside, being the product of the impact together with the likelihood of the risk materialising if there is no mitigation in place to manage or monitor the risk. In line with the Group budgeting horizon, risk assessment is made for a timeframe of one year with longer horizons where necessary, e.g. in the case of longer-term projects. The key benefit of assessing the gross risk is that it highlights the potential risk exposure if mitigation were to fail completely or not be in place at all. Both impact and likelihood are scored using the criteria shown below.
Impact assessment
         
Minor Moderat Significant Major Serious
Impact on Impact on Impact on Impact on Impact on
Financials (sales and / or costs) Financials (sales and / or costs) Financials (sales and / or costs) Financials (sales and / or costs) Financials (sales and / or costs)
Reputation Reputation Reputation Reputation Reputation
Technology reliability Technology reliability Technology reliability Technology reliability Technology reliability
Compliance Compliance Compliance Compliance Compliance
Health & Safety standards Health & Safety standards Health & Safety standards Health & Safety standards Health & Safety standards
Programme delivery Programme delivery Programme delivery Programme delivery Programme delivery
Likelihood assessment
         
Rare Unlikely Possible Likely Almost certain
< 10% 10 – < 30% 30 – < 60% 60 – < 80% ≥ 80%

The next step in the risk reporting process is to assess and document the mitigation currently in place to reduce the likelihood of the risk materialising and / or its impact if it does. Consideration of these then enables the current (or residual) risk score to be assessed, which is essentially the reasonably foreseeable scenario. The key benefit of assessing the current risk score is that it provides an understanding of the current level of risk faced today and the reliance on the mitigation in place.

Risk response: If management is comfortable that the current risk position is within the Group’s appetite, the risk is accepted and monitored to ensure that it remains at an acceptable level. If management assesses that the current risk score is too high, an action plan will be drawn up with the objective of introducing new or stronger mitigation that will further reduce the impact and / or likelihood of the risk to an acceptable level. This is known as the target risk score and is the parameter by which management can ensure the risk is being managed in line with their overall risk appetite. The risk owner will normally be the individual tasked with ensuring that this action plan is implemented within an agreed timetable. Each business and function will continue to review their risk register on an ongoing basis through the mechanism appropriate for their business e. g. local Risk Committee.

This bottom-up risk reporting is considered by the GROC alongside the Group’s principal risks. New risks are added to the Group’s risk register if deemed significant so that the ongoing status and the progression of key action plans can be managed in line with the Group’s targets and expectations.

Ad hoc risk reporting

Whilst there is a formal process in place for reporting on risks on a quarterly basis, the process of risk identification, assessment and response is continuous and risks can be reported to the Executive Board outside of the quarterly process, should events dictate that this is necessary and appropriate. Ideally such ad hoc reporting is performed by the business or function which is closest to the risk, but it can be performed by the Group Risk & Control team if necessary.

Principal risk heat map

ca897ebb-db56-4cf3-9777-da6d1f36366c.svg

Principal risks

The Group maintains a structured approach to risk oversight by clustering individual risks to identify principal risks, which are assessed against our risk appetite and reported separately in this report. In 2025 a thorough review of the risk landscape was carried out by the Group Risk Oversight Committee and Executive Board confirming the principal risks shown in the heat map above. For the principal risks of Climate change, Changing customer preferences, Supply chain dependencies and Business transformation deficiency this review has led to a significant reduction in the overall risk assessment: For Climate change, we anticipate a prolonged timeline for regulatory effects, which has resulted in a lower risk profile within our current planning horizon. We have made a strong start on the transformation agenda, with initial initiatives already successfully implemented, leading to a reduction in the overall business transformation risk compared to last year. The risk assessment related to Changing customer preferences has been lowered, driven by the expansion of dynamically produced products into additional customer segments. Furthermore, the integration of new suppliers within dynamic production processes has mitigated the risk of critical supply chain dependencies. While integration of emerging technologies such as AI remains complex, it is being actively managed as part of our strategic evolution. We recognise the rapid acceleration and growing influence of AI on customer behaviour, operations, and decision-making. Rather than introducing a standalone risk, we have integrated its impact into existing principal risks where it plays a contributing role. The Group remains committed to proactive risk management, supporting resilience, strategic delivery, and long-term value creation.

Oversight over of the risk management system

The Audit Committee receives assurance from Group Audit over a selection of principal risks, processes and business transformation initiatives most critical to the Group’s continued success.

In accordance with Section 317 (4) HGB (German Commercial Code), the external auditor of TUI AG has audited the early detection system for risks, being a part of the Risk Management System. The early detection system is required by Section 91 (2) AktG (German Stock Corporation Act) and the auditor must conclude, if the system can fulfill its duties.

Risk appetite

The Executive Board and Audit Committee, in conjunction with the Group Risk Oversight Committee has reviewed the Group’s risk appetite towards principal risks across four risk types: Strategic, Operational, Financial and Compliance. Principal Risks are categorized into those types and accordingly into the respective Risk Appetite categories being from “low” over “moderate” to “high”.

The heat map diagram is based on the assessment criteria shown in the section Risk reporting.

If the risk details in the subsequent tables do not suggest otherwise, the risks shown below relate to all segments of the Group and may evolve over time due to the dynamic nature of our business.

Risk-bearing capacity / overall assessment

At least once a year, the Group determines its risk-bearing capacity, defined as the cash low-point. The financial impact of individual principal risks and combined risk scenarios is then calculated and compared with the risk-bearing capacity. The analysis indicates that neither individual principal risks nor the considered scenarios pose a threat to the Group’s existence.

Principal risks

(1) Business transformation deficiency

The Group’s transformation agenda is focused on achieving objectives through the acquisition of new customers and the development of innovative products, supported by a scalable business model, competitive cost structure, and an attractive customer experience.

Project implementation efforts are directed towards enhancing business operations and elevating the customer experience by delivering attractive, intuitive, and consistent services across all touchpoints. A key enabler of this is the adoption of advanced technologies, including Artificial Intelligence (AI), which supports operational efficiency, personalisation, and data-driven decision-making across the business.

The Executive Board recognises the risk of ineffective execution, which may arise from factors such as insufficient prioritisation of high-impact initiatives, limited resource availability, cultural misalignment, and challenges in integrating emerging technologies like AI at scale.

Failure to successfully execute the transformation particularly within the Markets & Airline business could adversely affect our competitiveness, hinder our ability to deliver an attractive customer experience, and compromise quality and operational efficiency.

Mitigating factors

  • Strategic initiatives are prioritised for impact and regularly discussed at the GEC, Executive Board and Supervisory Board to ensure focus and alignment.
  • Centralised management structures overseeing the Markets & Airline businesses
  • Allocation of resources to strategic initiatives, including product owners, project teams and budget.
  • The Group is investing in AI technologies to automate processes, enhance decision-making, and personalise customer interactions, supporting scalable and efficient transformation.
  • A dedicated transformation office oversees programme delivery; monitors progress and ensures alignment with strategic objectives.
  • Approval of business cases in line with the Group's Investment Approvals Policy
  • Strategic initiatives and KPIs incorporated into Budget and 3YP process
  • Use of a project reporting tool and monthly Operating and Financial Reviews to monitor strategic KPIs and project progress
  • Phased implementation approach with defined stage gates to manage transition risks and allow for course correction
  • Structured change programmes with regular employee communications to manage change impact and align expectations

(2) Changing customer preferences

While demand for travel and tourism has remained strong in recent years, we recognise that travel spending is discretionary and subject to rapid shifts in customer preferences. The increasing availability of travel options and the transparency offered by online platforms have created a highly competitive and price-sensitive market environment. Modern technology, especially AI, is reshaping how travellers search, book, and personalise holidays driving demand for flexible, tailored options and dynamic pricing via digital channels.

For TUI, there is a risk that we may not effectively communicate the value of pre-packaged holiday products or that we may fail to adapt quickly enough to offer flexible, personalised components that meet evolving expectations.

Additionally, failure to leverage AI to anticipate trends, personalise offerings, and optimise pricing could result in reduced competitiveness and declining demand. We secure competitive pricing and flexibility by pre-contracting guaranteed beds and flight seats before the season begins. Additionally, we operate our own fleet and hotels. This “risk capacity” model enables control over supply but also carries exposure to unfilled capacity if market demand falls short of expectations.

Mitigating factors

  • Our position as a globally operating tourism group, supported by a strong brand and integrated business model, enables us to respond effectively to evolving customer expectations and competitive pressures.
  • The Group continuously develops new and differentiated holiday experiences and services aligned with customer preferences, supporting the identification of emerging trends and the design of exclusive offerings in collaboration with key hotel partners.
  • Beyond traditional package tours, we increasingly offer flexible, personalised travel solutions through dynamic packaging and modular travel options including flights, accommodation, car hire, insurance, and destination experiences.
  • Leveraging our scale helps maintain cost efficiency and competitive pricing. AI contributes to dynamic pricing strategies and demand forecasting.
  • Our broad portfolio of source markets provides resilience against external shocks, enabling a balancing effect across regions.
  • We actively promote the security and peace of mind that comes with booking through a globally established tour operator with comprehensive customer support. AI-powered service tools and chatbots improve responsiveness throughout the customer journey.
  • Our asset right strategy to hotel investments combines ownership, leasing, and partnership arrangements to secure destination capacity while optimising investments.
  • We regularly evaluate the leisure travel landscape, incorporating consumer insights, supply trends, innovation, sustainability, and resource availability into strategic planning.

(3) Seasonal cash flow

Tourism is inherently seasonal with the majority of business undertaken and profits earned in the European summer months. Cash flows are similarly seasonal, peaking in early summer as advance payments and final balances are received from customers, and dipping in winter as liabilities are settled with many suppliers after the summer season. (“The touristic swing”).

There is the risk that if we do not adequately manage cash balances through the winter low period this could impact on the Group’s liquidity and ability to settle liabilities as they fall due whilst ensuring that financial covenants are maintained.

Mitigating factors

  • The Executive Board has continued to place significant focus on the review of the Group’s cash flow position.
  • With the further positive development of cash and cash equivalents in 2025, the Executive Board believes that, despite the existing risks, the TUI Group currently has and will continue to have sufficient funds resulting both from the borrowing and from operating cash flows to meet its payment obligations and to continue as a going concern.
  • Our focus on holiday experiences is helping to reduce the seasonality risk, as hotels, cruises and destination experiences have a more evenly distributed profit and cash profile across the year.
  • As our business is spread across a number of markets, there are some counter-cyclical features e. g. winter is a more important season for the Nordic and Canadian market. Some brands, such as the UK ski brand Crystal Ski, have a different seasonality profile which helps to counter-balance the overall profile.
  • The business regularly produces both short term and long term cash forecasts during the year, which the Corporate Finance department uses to manage cash resources effectively. We continue to maintain high-quality relationships with the Group’s key financiers. TUI AG’s RCF credit line is subject to compliance with certain financial target values (covenants) for debt coverage, the review of which is carried out based on the last four reported quarters at the end of the financial year or the half-year of a financial year. As of 30 September 2025, TUI complied with the financial covenants.

(4) Cyber security

Protecting the confidentiality, integrity, and availability of our digital systems and data entrusted to us by customers, employees, and business partners is fundamental to TUI Group's operations and reputation.

The cyber security risk landscape continues to evolve rapidly, driven by increasing digitalisation, complex supply chains, emerging technologies such as AI, and increasing threats from sophisticated global state-run or private cyber-crime activity. The cyber regulatory landscape applicable to TUI continues to grow in complexity, for example EU GDPR; EU AI Act; EU NIS 2 Directive, creating additional compliance obligations and potential for sanctions. Our consolidation under the TUI brand and increasing dependence on digital sales and customer care increases our exposure and the potential worst-case impact of a successful cyber-attack and/or data breach.

If we do not ensure we have the appropriate level of security controls in place across the Group, this could have a significant negative impact on our key stakeholders, with associated reputational damage and financial consequences including regulatory penalties and operational disruption.

Mitigating factors

  • The Executive Board actively supports initiatives that ensure IT systems are secure by design, resilient to denial-of-service attacks, protected against vulnerabilities, and monitored for appropriate user access. Security is embedded in everything we do.
  • TUI’s Information Security Management System ensures a coordinated, standards based, proactive approach to the identification and management of information security risk across the Group.
  • We promote digital safety through targeted training and awareness campaigns. TUI invests in modern authentication and protects the digital identities of both customers and colleagues.
  • Security is integrated into our software development and release processes to identify and remediate vulnerabilities before deployment.
  • Our security risk assessment methodology, controls, policy, and guidelines address emerging technologies, including specific provisions for the assessment and secure use of AI.
  • We continue to increase the maturity and coverage of our Security Operations Centre and platform to anticipate, detect and respond to cyber-attacks and information security incidents.
  • Continuous improvement through lessons learned from real or simulated cyber incidents.

(5) Sustainable tourism

For the Group, economic, environmental and social sustainability is a fundamental management principle and a cornerstone of our strategy for continually enhancing the value of our Company. This is the way we create the conditions for long-term economic success and assume responsibility for sustainable transformation in the tourism sector.

We aim to reduce our environmental footprint and promote responsible social policies and outcomes, both within our operations and through our influence on supply chain partners.

If we do not maximise our positive impact on destinations and on our supply chain partners and minimise the negative impact to the extent that our stakeholders expect, this could result in a decline in stakeholder confidence, reputational damage and reduction in demand for our products and services.

Mitigating factors1

  • The TUI Sustainability Agenda purpose is to set and drive industry standards, ambitious goals and develop transformation roadmaps for all parts of the business. This means to actively engage colleagues, partners and customers, bringing sustainability to life in a tangible and emotional way.
  • The Group Sustainability department sets clear goals, priorities, and the framework to deliver the Sustainability Agenda.
  • Operating one of the most carbon efficient airlines in Europe with continued investment in new, more efficient aircraft and cruise ships.
  • Our ambition is to achieve net-zero emissions across our operations and supply chain by 2050 at the latest.
  • Science-based targets have been set for our airline, hotel and cruise operations by 2030, validated by the Science Based Targets initiative (SBTi).
  • Development and implementation of emission reduction roadmaps for airlines, cruises and hotels to significantly reduce emissions.
  • Adhering to increasingly supply chain focused regulations (e. g. German Supply Chain Act, EU Supply chain due diligence directive) rolling out new processes and structure with a strong focus on procurement.
  • Implemented environmental management systems covering TUI Airline and TUI Cruise business having achieved ISO 14001 certification.
  • Driving up social and environmental standards through accommodation suppliers achieving certifications recognised by the Global Sustainable Tourism Council (GSTC) and applying the GSTC Criteria to TUI experiences.

(6) Supply chain dependencies

Holiday and travel service providers face an inherent risk of critical supplier failure, particularly among key providers of hotels, aircraft, and cruise ships. This risk is heightened by industry practices requiring substantial prepayments to hoteliers to secure accommodation capacity for upcoming seasons, and in situations where essential products or services are sourced from a single supplier.

There is a risk that failure of key suppliers could significantly disrupt our ability to maintain core operations, potentially impacting service delivery, customer experience, and financial performance.

Mitigating factors

  • Partnering with financially stable and in terms of service, reliable suppliers, especially for single-source arrangements.
  • Implementing regular supplier performance reviews against contractual terms and conditions, with structured service meetings to address operational challenges proactively.
  • Maintaining strong working relationships with key suppliers to ensure open communication channels and early identification of potential issues.
  • Operating a substantial portfolio of owned and joint venture hotels, reducing third-party accommodation dependency.
  • Enforcing strict authorisation processes that limit financial exposure and ensure advances are only made to credit-worthy partners.
  • Dynamic production is driving the expansion of the flight and hotel portfolio while reducing dependency on individual critical suppliers.
  • Using customer experience metrics to identify service gaps and drive targeted supplier enhancements.

(7) Operational disruption

As a global tourism company, TUI Group is inherently exposed to potential external events and disruptions in operational areas including geopolitical issues, terrorism, natural disasters, pandemic or supplier issues in destination countries.

These events can require operational adjustments such as customer repatriation, service suspensions, and asset redeployment, potentially resulting in additional costs and short-term profitability impacts. Additionally, geopolitical tensions can rapidly escalate, potentially rendering key destinations unsafe or undesirable for travellers with little warning. Such disruptions not only impact immediate operations but can have lasting effects on consumer confidence and destination preferences, requiring adaptability in our product portfolio and market approach.The unpredictable nature of these events makes them particularly challenging to mitigate, requiring our robust crisis management capabilities and operational flexibility.

Mitigating factors

  • Our Group Security, Health, Safety & Crisis centre of excellence maintains a comprehensive framework with standardised incident monitoring, managing, escalation and business resilience systems and communication protocols to ensure consistent response capabilities enabled by expert Crisis & Business Continuity professionals.
  • We implement well-tested emergency response and business continuity plans that activate immediately when incidents occur, prioritising customer safety and security while minimising operational disruption reducing risk to our brand and financial integrity.
  • Our extensive global presence enables us to quickly offer alternative destinations to affected customers and adjust our destination portfolio in response to emerging risks, providing resilience against geopolitical events while maintaining business resilience.

(8) Climate change2

Climate change is a complex issue and there is significant uncertainty surrounding the climate system, as well as how the world will respond to mitigate the effects of climate change. However, physical and financial effects are already being felt today and are predicted to worsen, and we’re seeing increasing climate action.

Policy, legal and technology

Increased costs due to the introduction of new, or extension of existing, carbon pricing mechanisms (including pass-through of higher costs by suppliers), and new energy and emissions regulations.

Increasing regulations and restrictions targeting the airline and cruise industry, leading to reduced revenue and / or stranded assets

Costly or unavailable future fuels and technologies resulting in higher costs, or preventing further decarbonisation and compliance with regulation

Mitigating factors
  • TUI is committed to decarbonising its business, and has set ambitious near-term science-based emissions reduction targets with the SBTi.
  • To achieve these, TUI airlines procure state-of-the-art aircraft, implements operational efficiencies (including route optimisation), and will increase the use of SAF. TUI already has cooperation agreements in place to promote the production and supply of SAF.
  • TUI Cruises invests in energy efficiency at ship operations, fuel-saving route optimisation, shore power in ports and alternative fuels, such as sustainable biofuels, bio-LNG and green methanol. Future newbuilds coming into the fleet will not use heavy fuel oil. Mein Schiff 7 which entered service in 2024 and runs on lower-emission marine diesel and is equipped with catalytic converters and a shore power connection. In addition, the ship is also able to run on green methanol in the future. The two additional ships from the new InTUItion class will use LNG as main fuel. Mein Schiff Relax was delivered in 2025 and Mein Schiff Flow will follow in 2026. LNG serves as a bridging technology, it is planned to blend in also bio-or e-LNG as it becomes available, which is produced either from biological sources or synthetically from renewable energy. The first bio-LNG bunkering was already completed in July 2025. The InTUItion class is also equipped with shore power connection and advanced catalytic converters that comply with the EURO 6 standard in port. TUI Cruises operate under the IMO greenhouse gas strategy framework as well as under MARPOL compliance. Further, TUI Cruises are signatories to Cruise Line International Association adopting enhanced environmental operational requirements
  • TUI Hotels & Resorts is focused on renewable energy and resource-saving operational practices to reduce hotel emissions as far as possible.

Market

Decline of travelers due to shifts in consumer preferences and behaviour, and increasing negative public sentiment towards travel, resulting in loss of revenue

Decline of overall customer demand as the price for our products will increase to reflect higher capital expenditures and operational expenses to offer carbon low products

Difficulties in obtaining access to financing and increasing cost of capital due to the inability to reduce emissions in line with market expectations

Mitigating factors
  • Managing both market and reputational risks depends on the successful implementation of our emissions reduction initiatives. Accordingly, we have roadmaps in place to deliver on our science-based targets.
  • Whilst the cost for flights is very likely to increase, all markets participants have to roll-over this “green inflation”. With our state-of-the-art efficient fleet, it is likely that our cost increase is competitive. Further, the share of extra cost from low-carbon flying is lower in a package and hence we believe that we can effectively transfer cost additions.
  • TUI has set science-based emissions reduction targets for 2030 and a net zero target for 2050. TUI continues to notice a wide range of financiers due to TUI Group’s financial performance and is continuing to develop relationships with new sources of finance and monitor development of the market. TUI is in a continuing education process with lessors and the financial community to maintain confidence in the strategy.

Acute physical risks

Physical damage to assets and business disruption due to extreme weather-related events

Mitigating factors
  • This risk is managed at the asset-level.
  • We manage the overarching risk through insurance and a large and regional spread hotels & resorts portfolio, diversifying the risk of asset impairment.
  • We hold relatively short-duration lease contracts, enabling flexibility in case of changes in insurability.

Extreme weather events disrupting transport hubs, resulting in delays and cancellations, and increased costs

Mitigating factors
  • The risk of airport disruption was found to be low in the physical risk analysis. Nonetheless, TUI works closely with airports in case of disruption and will continue to evaluate the risk profile of its material airports.
  • Whilst docking is already considered a resilient activity, the risk is further mitigated by the flexibility to adjust cruise itineraries.

Chronic physical risks

Physical damage to assets and business disruption due to longer-term shifts in climate patterns

Mitigating factors
  • Whilst the scenario analysis indicate higher probability of extreme weather events, none of the locations where our hotels & resorts are located are vulnerable to a rising sea level during the time frame of our climate scenario analysis.
  • This risk is managed with insurance and TUI Hotels & Resorts’ renewable energy strategy.

Changing weather patterns decreasing suitability for tourism and / or making source markets more attractive, impacting tourism demand

Mitigating factors
  • Climate-related factors are considered in the expansion of TUI’s Hotels & Resorts business segment.

(9) Security, health and safety

The safety and security of customers and colleagues is of paramount importance to any holiday and travel service provider.

There is an inherent risk of accidents, incidents or events occurring causing illness, injury or death to customers or colleagues whilst on a TUI holiday or whilst using a TUI operated / provided activity or service.

In addition to the harm caused to the affected individual(s), such incidents could result in disruption to operational activities, reputational damage to the business and / or financial liabilities through loss of earnings, lack of demand and / or legal claims being brought by the affected parties.

Mitigating factors

  • The established Group Security, Health, Safety & Crisis (Group SHSC) centre of excellence oversees safety and security risk management activities, delivering alignment and consistency across the TUI Group.
  • Group SHSC operational responsibilities include TUI Tour Operations, TUI Hotels & Resorts and TUI Musement (including Intercruises). Operational safety and security risk management activities for Airline and Cruise operations are managed from within the respective business units.
  • Data-led, risk-based Safety and Security Risk Management systems are in place and are subject to continuous review/improvement.
  • Safety and Security Risk Management clauses are included in supplier contracts.
  • Appropriate insurance policies are in place to mitigate any financial losses.

(10) Joint venture partnerships

We use joint venture partnerships, particularly within our Hotels & Resorts and Cruises businesses, to leverage local market expertise and support our asset-right strategy. These partnerships, while not directly controlled by TUI, are integral to the Group’s operations and financial performance.

For details on our strategy, please refer to the section TUI Group strategy.

There is a risk that if relationships with key partners are not effectively maintained, the strategic objectives of the ventures may diverge from those of the Group. This misalignment could lead to operational challenges and hinder the achievement of financial targets.

Mitigating factors

  • Good working relationships exist and are maintained through ongoing communications with all of our main partners.
  • We seek to align the Joint venture partners and the decision making in the Joint Ventures with the TUI Groups strategy.
  • Joint ventures are invited to participate in Group functions and policies to enhance consistency and avoid duplicative structures.

Key features of the internal control and risk management system in relation to the (Group) accounting process (sections 289 (4) and 315 (4) of the German Commercial Code)

Conceptual framework and governance

The internationally recognised framework created by COSO (Committee of Sponsoring Organizations of the Treadway Commission) forms the conceptual basis for TUI Group’s accounting-related internal control system.

On the basis of section 107 (3) of the German Stock Corporation Act, the Audit Committee of the Supervisory Board of TUI AG reviews the auditing of the annual financial statements, monitoring the accounting process and the effectiveness of the internal control and risk management systems. The reliability of financial reporting and the monitoring of the financial accounting process as well as the effectiveness of the internal control and risk management systems are described in the Audit Committee Report. This also takes account of the effectiveness of the accounting-related internal control and risk management system.

Also see Audit Committee report

The Group’s auditors gain insight into TUI Group’s established control environment and control measures. The accounting-related audits by the auditor are complemented by an assessment of selected controls. The audit of the consolidated financial statements by the Group auditor and the audit of the individual financial statements of Group companies included in the consolidated financial statements, in particular, constitute a key non-process-related monitoring measure in relation to Group accounting.

In Group accounting, the risk management system, implemented as a component of the internal control system in the form of an Enterprise Risk Management (ERM) System, also addresses the risk of misstatements in Group bookkeeping and external reporting. A more detailed explanation of the risk management system is provided in the section on Risk Governance in the Risk report.

Use of IT systems

Bookkeeping transactions are captured in the individual financial statements of TUI AG and of the subsidiaries of TUI AG through local accounting systems, above all supplied by SAP. When preparing TUI AG’s consolidated financial statements, the subsidiaries complement their individual financial statements by setting up standardised reporting packages in the Oracle Hyperion Financial Management (HFM) reporting system. HFM is used as the uniform reporting and consolidation system throughout the Group and hence no additional interfaces are involved in preparing the consolidated financial statements.

All consolidation processes used to prepare the consolidated financial statements of TUI AG, e. g. capital consolidation, the consolidation of assets and liabilities and the elimination of expenses and income and at equity measurement, are generated and fully documented in HFM. Virtually all elements of TUI AG’s consolidated financial statements, including the disclosures in the Notes, are developed from and validated by the HFM consolidation system. HFM also provides various modules for evaluation purposes in order to present complementary information to explain TUI AG’s consolidated financial statements.

The HFM reporting and consolidation system has an in-built workflow process whereby, when the reporting companies capture their data packages within the system, they are then locked out from making any further changes to that data. This ensures data integrity within the system. This workflow process has been checked and validated by the TUI AG Group Audit department on several occasions since the system was introduced.

Specific risks related to (Group) Accounting

Specific risks related to (Group) accounting may arise, for example, from unusual or complex business transactions, in particular at critical times towards the end of the financial year. Business transactions not routinely processed also entail special risks. The discretion necessarily granted to employees for the recognition and measurement of assets and liabilities may result in further (Group) accounting-related risks. The outsourcing and transfer of accounting-specific tasks to service companies may also give rise to specific risks.

Key regulation and control activities to ensure proper and reliable (Group) Accounting

The internal control measures aimed at securing proper and reliable (Group) accounting ensure that business transactions are fully recorded in a timely manner in accordance with legal requirements and the Articles of Association. This also should ensure that assets and liabilities are properly recognised, measured and presented in the financial statements and the consolidated financial statements. The control operations should also ensure that bookkeeping records provide reliable and comprehensive information.

Controls implemented to secure proper and reliable accounting include, for instance, analysis of facts and developments on the basis of specific indicators. Separation of administrative, execution, settlement and authorisation functions and the implementation of these functions by different persons reduces the potential for fraudulent operations. Organisational measures also aim to capture any corporate or Groupwide restructuring or changes in sector business operations rapidly and appropriately in (Group) accounting. They also should ensure, for instance, that bookkeeping transactions are correctly recognised in the period in which they occur in the event of changes in the IT systems used by the accounting departments of Group companies. The internal control system likewise should ensure that changes in the TUI Group’s economic or legal environment are mapped and that new or amended accounting standards are correctly applied.

To safeguard financial processes, there is a Group-wide framework under which all major companies included in the consolidated financial statements as fully consolidated companies are required to report the nature of their controls and their implementation for financial reporting, fraud prevention and detection and effectiveness of working capital management in relation to defined risks from financial processes to the Group Risk & Controls function with system support and to assess their effectiveness on a quarterly basis. The Group Risk & Controls function reviews these reports on a sample basis and provides advice on how to improve efficiency and effectiveness. Where financial processes are carried out in the Group's own Shared Service Center, this function provides support for the further development of the process and control framework. Based on the feedback received, Internal Audit selects companies for an in-depth review of the control measures in accordance with its own risk assessment.

The TUI Group’s accounting policies together with the International Financial Reporting Standards (IFRS) in compliance with EU legislation, govern the uniform accounting and measurement principles for the German and foreign companies included in TUI’s consolidated financial statements. They include general accounting principles and methods, policies concerning the statement of financial position, income statement, notes, management report and cash flow statement.

The TUI Group’s accounting policies also govern specific formal requirements for the consolidated financial statements. Besides defining the group of consolidated companies, they include detailed guidance on the reporting of financial information by those companies via the group reporting system HFM on a monthly, quarterly and year end basis. TUI’s accounting policies also include, for instance, specific instructions on the initiating, reconciling, accounting for and settlement of transactions between group companies or determination of the fair value of certain assets, especially goodwill. At Group level, specific controls to ensure proper and reliable (Group) accounting include the analysis and, where necessary, correction of the individual financial statements submitted by the Group companies, taking account of the reports prepared by the auditors and meetings to discuss the financial statements which involve both the auditors and local management. Any further content that requires adjusting can be isolated and processed downstream. The control mechanisms already established in the HFM consolidation system minimise the risk of processing erroneous financial statements. Certain parameters are determined at Group level and have to be applied by Group companies. This includes parameters applicable to the measurement of pension provisions or other provisions and the interest rates to be applied when cash flow models are used to calculate the fair value of certain assets. The central implementation of impairment tests for goodwill recognised in the financial statements should secure the application of uniform and standardized evaluation criteria.

Disclaimer

With the organisational, control and monitoring structures established by the TUI Group, the internal control and risk management system enables company-specific facts to be captured, processed and recognised in full and properly presented in the Group’s accounts.

However, it lies in the very nature of the matter that discretionary decision-making, faulty checks, criminal acts and other circumstances, in particular, cannot be ruled out and will restrict the efficiency and reliability of the internal control and risk management systems, so that even Group-wide application of the systems cannot guarantee with absolute certainty the accurate, complete and timely recording of facts in the Group’s accounts.

Any statements made relate exclusively to TUI AG and to subsidiaries according to IFRS 10 included in TUI AG’s consolidated financial statements.

1 The mitigating factors of this section are disclosures according to ESRS E1-3 Risk mitigation.
2 The mitigating factors of this section are disclosures according to ESRS E1-3 Risk mitigation
Previous page Corporate Profile Next page Overall Assessment of the Executive Board and Report on expected Developments