Risk management

Risk management model

Naturgy’s risk management model seeks to ensure that the company’s performance is predictable within an acceptable bounded range. The model quantifies the variability of performance and ensures that it is in line with strategically defined target levels in all aspects that are of importance to its stakeholders.

Core goals of the risk measurement and management model include ensuring that material risk factors are correctly identified, assessed and managed. The final objective is to ensure that the level of risk exposure assumed by Naturgy in the course of its business is consistent with the company’s defined overall risk profile and the attainment of annual and strategic objectives.

The Integrated Risk Management and Control System is structured as follows:

– Risk Appetite: definition of risk tolerance by setting limits for the main risk categories, by risk type and by business, as a function of the targets.
– Risk Assessment: methodology, procedure and process for identifying, assessing and measuring risks.
– Risk Governance & Management: risk governance and management mechanism for all risk classes and all businesses.
– Risk Reporting: regular systematic reporting and monitoring of risk at the various levels of management: Business, Business Units, Chairman’s Office and Board of Directors.

Risk categories

In the 2021 Risk Map, Naturgy defined four risk types: Economic, Financial, Operational, and Reputational/Sustainability.

Types of economic and financial risk

For the types of economic and financial risk, a risk assessment is applied through quantitative modelling.

Categories of economic risk

Risk factors with an impact on the businesses’ EBITDA

 

  • Market/commodity risk, the uncertainty caused by price variability of energy and other commodities that the company uses.
  • Exchange rate risk, the uncertainty associated with changes in the exchange rates of the currencies in which Naturgy’s businesses are denominated during the year.
  • Regulatory risk, the risk associated with reviews of the remuneration frameworks for the regulated businesses and/or updates to the specific remuneration parameters under which Naturgy businesses operate.
  • Volume risk, risk associated with the variation of volumes produced, distributed and/or supplied due to variations in temperature and the macroeconomic or competitive environment with respect to the base scenario considered in the projections.
  • Margin/Price Risk, understood as the price risk not contemplated under market/commodity risk created by changes in competitive pressure or unachieved margin optimization scenarios.
  • Legal risk, related to the eventual outcome of litigation, arbitration or legal claims against Naturgy in the year of analysis.
  • Operational risk, associated with events of force majeure or accidents affecting persons, and with accidents, damage or non-availability of the company’s operating assets, after coverage by Naturgy’s insurance programme.

Financial risk categories

Risk factors impacting the company’s cash flow and balance sheet. 

 

  • Credit risk, unexpected loss due to uncertainty associated with the probability of non-payment of monetary obligations and/or deterioration of the credit quality of the end customers and counterparties with which Naturgy operates.
  • Interest rate risk, variability of the company’s financial expenses caused by interest rate movements in the currencies in which Naturgy’s debt is denominated.
  • Tax risk, associated with the proper application of tax regulations, the complexity of their interpretation, and possible amendments, with a potential economic impact on the company’s accounts.
  • Liquidity, risk associated with a potential increase in the financing needs required to maintain the company’s target rating.
  • Rating, risk of a downgrade of the company’s credit rating, considering that the company targets an anchor BBB rating.
  • Provisions, risk of maintaining an excessive volume of provisions on the balance sheet, resulting in the risk that they may materialize and their effect on cash outflows.

Types of operational and reputational/sustainability risk

For the operational and reputational/sustainability risk typologies, an assessment of the risk position using heat maps is generally applied.

Operational risk categories

Risk factors derived from operating the company’s human and material assets.

 

  • Security risk, understood as the residual risk associated with personal injury or material damage to critical facilities caused intentionally by a third party.
  • Process risk, understood as a loss resulting from a shortcoming or failure in processes, systems or personnel performance with an impact on the company’s efficiency or other risks.
  • Fraud risk, derived from any intentional breach of the law by an employee or a third party to benefit themselves or the company, directly or indirectly, through the improper use of Naturgy resources or assets.
  • Cybersecurity risk, arising from malicious attacks or accidental events with an operational impact that affect data, computer networks or technology.
  • Data protection risk, understood as the risk associated with breach of data protection obligations that may result in an administrative sanction or civil judgement.
  • Environmental risk, associated with the possibility that natural phenomena or human action may result in regulatory environmental limits being exceeded or in damage to ecosystems and biodiversity.
  • Customer satisfaction risk, understood as the risk of not offering the customer a distinctive value proposition that places the company in a privileged position to define new relationship models and address the digital transformation by maximizing the value of new technologies.
  • Health and safety risk, understood as the risk of injury and health impairment for professionals of Naturgy or partner companies in connection with the business.

Sustainability and Reputational risk categories

Risk factors associated with behaviors that constitute a departure from good practices in the area of reputation, ESG commitment, compliance, people and climate change.

 

  • Reputational and ESG risk, uncertainty in the evolution of stakeholders’ perception of the company’s reputation and its capacity to engage in business sustainably from an environmental, social and governance point of view.
  • Compliance risk, understood as the risk of sanctions, financial losses or loss of reputation that Naturgy could suffer as a result of non-compliance with both legal obligations and standards, policies and other internal regulations applicable to its activities.
  • Energy transition and climate change risk, arising from the energy transition (regulation, markets, technologies, etc.) and the physical impacts of climate change (acute and chronic).

Main risks

Risk typeDescriptionManagement approachMetricTrend
Commodity prices GasVolatility in the international markets that determine the gas price.Physical and financial hedges. Portfolio managementStochasticMismatch between long-term contracts and hub prices.
Commodity prices ElectricityVolatility in electricity markets.Physical and financial hedges.
Optimisation of the generation fleet.
StochasticPenetration by renewables with zero marginal cost and intermittent production.
Risk typeDescriptionManagement approachMetricTrend
Exchange rateVolatility in international currency markets.Geographic diversification. Hedging via local-currency funding and derivatives.
Monitoring the net position.
StochasticUncertainty about growth prospects in Latin America.
Risk typeDescriptionManagement approachMetricTrend
RegulatoryExposure to reviews of criteria and returns recognised for regulated activities.Step up communication with regulators. Adjust efficiency and capital expenditure to recognised rates.ScenariosPressure from regulators, as a function of the situation of the country/industry.
Risk typeDescriptionManagement approachMetricTrend
Volume GasMismatch between gas supply and demand.Optimisation of contracts and assets worldwide.Deterministic/
Stochastic
Aggregate demand pressure.
Volume ElectricityReduction of the available thermal gap.
Uncertainty as to renewable production volume.
Optimisation of the supply-generation balance.StochasticAggregate demand pressure.
Risk typeDescriptionManagement approachMetricTrend
Margin/priceRisk created by changes in competitive pressure or unachieved margin optimisation scenarios.Portfolio management by adapting long-term purchase and sale formulas.ScenariosReviews of long-term gas contracts
Risk typeDescriptionManagement approachMetricTrend
LegalUncertainty as to the eventual outcome of litigation, arbitration or legal claims.Analysis and mitigation of legal risk affecting the company's operations and corporate governance.
Engagement of top-level law firms.
Recognition of provisions on a prudential basis.
ScenariosDifferent business units are affected by different laws in each country.
Risk typeDescriptionManagement approachMetricTrend
Insurable risksAccidents, damage or non-availability of Naturgy assets.Continuous improvement plans.
Optimisation of the total cost of risk and hedges.
StochasticGrowing tension in the insurance market in the face of the rising frequency of extreme weather events.
Risk typeDescriptionManagement approachMetricTrend
CreditUncertainty associated with the probability of non-payment of monetary obligations and/or deterioration of the credit quality of the end customers and counterparties with which Naturgy operates.Analysis of customer solvency in order to define specific contractual conditions.
Debt collection process.
StochasticTransitory effect of the post-COVID-19 recovery.
Risk typeDescriptionManagement approachMetricTrend
Interest rates and credit spreadsVolatility in funding rates.Financial hedges.
Diversification of funding sources.
StochasticUncertainty about interest rate scenarios.
Risk typeDescriptionManagement approachMetricTrend
TaxAmbiguity or subjectivity in the interpretation of current tax regulations, or material amendments to same.Queries to independent expert bodies.
Engagement of top-level advisory firms.
Adoption of the Code of Good Tax Practices.
Recognition of provisions on a prudential basis.
ScenariosDifferent business units are affected by different taxes.
Risk typeDescriptionManagement approachMetricTrend
Liquidity, rating and provision risksFinancial risks associated with maintaining the company's rating, derived from liquidity conditions or other causes.
Risks associated with excessive use of resources due to maintaining provisions.
Establishment of a target rating and ensuring sufficient liquidity to maintain it in the event of a potential adverse scenario.ScenariosRatification of the target of an investment grade rating in the Business Plan 2021-2025
Risk typeDescriptionManagement approachMetricTrend
SecurityResidual risk associated with personal injury or material damage to critical facilities caused intentionally by a third party.Corporate positioning through the Security Policy, defining a specific protection model for Critical Infrastructures (CI).
Engagement with the businesses, Centro Nacional para la Protección de Infraestructuras Críticas (CNPIC), Instituto Nacional de Ciberseguridad (INCIBE-CERT) and other public- and private-sector bodies involved in CI security.
Heatmap/ScenariosCertification audits by the regulator (CNPIC) of critical operators, in which technology is of great importance.
Risk typeDescriptionManagement approachMetricTrend
ProcessesUncertainty resulting from a shortcoming or failure in processes, systems or personnel performance with an impact on the company's efficiency or other risks.Annual internal audit plan Weakness detection. Implementation of improvement actions (recommendations). Audit and Control Committee.Heatmap/ScenariosIncrease in the percentage of material recommendations that are implemented.
Risk typeDescriptionManagement approachMetricTrend
FraudRisk derived from any intentional breach of the law by an employee or a third party to benefit themselves or the company, directly or indirectly, through the improper use of Naturgy resources or assets.Control mechanisms through the Global Policy of the Internal Control System for Financial Information. Arrangement of hedges in the insurance marketScenariosMaintain low levels of fraud at Naturgy
Risk typeDescriptionManagement approachMetricTrend
CybersecurityMalicious attacks or accidental events that affect data, computer networks or technology.Implementation of security measures; Event analysis and remediation measures; Training.Scenarios/HeatmapsThe cybernetic situation is becoming more demanding.Threat protection plan to mitigate the likelihood of these risks and their associated impact.
Risk typeDescriptionManagement approachMetricTrend
Data protectionUncertainty associated with breaches of data protection obligations that may result in an administrative sanction or civil judgement.Action Plan by business area to mitigate the risk associated with each obligation based on priority and criticality. The company conforms to the requirements of the General Data Protection Regulation (GDPR).Internal audit plan for periodic review of compliance.Heatmap/ScenariosUncertainty and tightening regulatory requirements.
Risk typeDescriptionManagement approachMetricTrend
EnvironmentPossibility that natural phenomena or human action may result in regulatory environmental limits being exceeded or in damage to ecosystems or biodiversity.Emergency plans at facilities with risk of environmental accident.
Specific insurance policies.
End-to-end environmental management.
Scenarios/HeatmapsImplementation of an Integrated Management System certified and audited each year by AENOR.
Risk typeDescriptionManagement approachMetricTrend
Health and safetyRisk of injury and health impairment for professionals of Naturgy or partner companies in connection with the business.Health and safety management system. Safety plan aimed at controlling the six most critical risk factors in terms of accident frequency and severity: confined spaces, work at heights, electrical risk, tree felling and pruning, cargo handling, and road safety.Heatmap/ScenariosAccident rates at partner firms.
Risk typeDescriptionManagement approachMetricTrend
Image and reputationImpairment of stakeholders' perception of Naturgy.Identification and tracking of potential reputation events.
Transparency.
Scenarios/HeatmapsStabilisation of MERCO index score.
Risk typeDescriptionManagement approachMetricTrend
Reputational and criminal riskAdministrative and criminal sanctions. Deterioration of Naturgy's reputational image.Criminal prevention model, Code of Ethics and Anticorruption Policy.Heatmap/ScenariosCommission of criminal offenses, sanctions, financial, reputational, contract and client losses.
Counterparty riskAdministrative and criminal sanctions. Damage arising from breach of contract.Counterparty Due Diligence Procedure.
Risk typeDescriptionManagement approachMetricTrend
Climate change and energy transitionUncertainty arising from the energy transition (regulation, markets, technologies, etc.) and the physical impacts of climate change.Corporate positioning via the Global Environmental Policy and Environment Plan, which strengthen governance in climate issues and set emission reduction targets.Stochastic/
Scenarios/Heatmaps
Regulatory uncertainty.

Metrics used:
   

  • Stochastic: production of trend lines for the main magnitudes, taking the maximum deviation from the benchmark scenario to be the risk, within a pre-set confidence interval. Those magnitudes are generally EBITDA, earnings after taxes, cash flow and value.
  • Scenarios: analysis of the impact, with respect to the benchmark scenario, of a limited number of possible incidents.
  • Heatmap: the main risk factors for each risk category are assessed to quantify the impact and probability of the identified risks