Risk Management

Corporate Risk Management, which includes a set of practices for the identification, measurement, processing and reporting of key risks, is an integral part of the management style required by the Group for its employees, in line with good international risk governance practices, in accordance with legal and regulatory requirements and meeting the expectations and demands of the Group's internal and external Stakeholders.

The deployment of an effective risk management policy seeks: 

  • To contribute to the constant creation of value for the company, by meeting the expectations of internal and external Stakeholders.
  • To adopt a position of leadership in this area in line with the vision, values and commitments expressed by the EDP Group;
  • To ensure that internal and external requirements are met in the area of corporate governance, control and reporting.

To this end, the EDP Group seeks to maintain a risk management culture in all decision making and at all functional and management levels. The implementation of Corporate Risk Management is supported by a set of principles, structure and processes that enable:

  • The identification, analysis and evaluation of risks and their processing, which may lead to the adoption of one or more of the following options: accepting the risk, increasing exposure in order to take advantage of an opportunity, avoiding the risk, reducing its probability or impact and/or sharing the risk (using hedging operations or through insurance, for example);
  • Reporting, reviewing and continuous improvement in risk management;
  • Including risk management responsibilities in overall management. 

This policy establishes the risk management principles, structure, governance and responsibilities in the EDP Group. 

EDP Group risk management policy principles 

  • Risk management is an integral part of standard business practice and is the responsibility of everyone, from the Executive Board to the individual employee. Everybody is responsible for understanding the risks in their area of operation and for managing them as an integral part of their delegated duties, skills and responsibilities; 
  • EDP manages its significant risks as a portfolio, through optimization of the risk/return ratio cutting across all business areas, in light of the value creation and distinction of the Group in its markets of operation; 
  • EDP seeks to ensure that risk management constantly improves in order to reflect EDP's changing needs over time and to remain compliant with best international risk management practices; 
  • EDP promotes timely and systematic risk management that is fully integrated in its most important business and decision-making processes, particularly as an element of strategic development, investment decisions, the business plan and operations management, in order to ensure stability of results and the development of optimized response capabilities and changes in context and opportunity. Assessment of risks and the adoption of measures for their management and control are based on the availability of better information on the date of the decision-making process; 
  • EDP's risk management is transparent and involves all internal and external Stakeholders, to ensure input into decisions taken from all levels of responsibility in the organisation, ensuring compliance and building a climate of trust; 
  • Local and/or functional risk management policies and procedures will be consistent with this corporate policy. Furthermore, all local and/or functional policies and procedures shall facilitate the aggregation, consolidation and revision at corporate level of all significant risks; 
  • The executive management bodies of the EDP Group companies are responsible for establishing the risk tolerance applicable to their scale, business and functions, always in line with the risk profile defined for the Group by the Executive Board at strategic level, which expresses the appetite for risk, and at tactical level, by setting overall aggregate risk tolerance levels. 

This policy was approved by the Executive Board of Directors (EBD) on January 31st 2023.

The EDP Group follows a risk governance model based on the concept of 3 internal lines of defence to the organization, complemented by a fourth external line of defence, in the figure of external audit and regulation/supervision.

 
1st Line: Business(responsibility for risk)
2nd Line: Risk(support in risk analysis & monitoring) 
3rd Line: Audit(independent supersivion)
4th Line: External Supervision
Mission
Daily business conduct, including proactive risk management,in line with the established risk policies
Support in risk identification, analysis, strategy and monitoring (to support business)
Carrying out and coordinating audits, with a view to improving risk management, control and corporate governanceprocesses
External Audit
Regulation / Supervision
Rational
Those who benefit most from risk-taking are those who should be held accountable for their risks
Given the tendency to encourage business risk-taking, it is advantageous to have a specialised and independent risk function
It is advantageous to have an independent entityresponsible for verifying and evaluating the risk management and control processes
Involved areas (not exhaustive)
  • Platforms and Regions
  • Business Enablement Functions (with decision responsibilities)
  • Risk
  • Ethics & Compliance
  • Investor Relations & ESG
  • Safety, Security & Business Continuity
  • Internal Audit
 
Operative Commitees
Risk Commitee
 
 
EBD
 
 
GSB via FMC

Risk management is embodied both by the Risk Business Enablement Function (RISK), encompassed by overarching Centres of Excellence (CoE) and Platform Business Partners (BP), ensuring fluid articulation and communication throughout EDP Group regarding the main sources of exposure and risk mitigation measures.

EBD

RISK Leadership

CoE Corporate

CoE Counterparty

CoE Financial

Region Focal Points

Global Risk Committee

Risk Monitoring Committee

Financial Risk Committee

MT RGA

BP RISK RGA

MT Networks

BP RISK Net

MT CS

BP RISK CS

MT GEM

BP RISK GEM

MT GBS

Insurance

BP RISK RGA

BP RISK Net

BP RISK CS

BP RISK GEM

Insurance

MT RGA

MT Networks

MT CS

MT GEM

MT GBS

Hierarchical reportingSimple reportingDouble reporting

CoE Centre of ExcelenceBP Business PartnerMT Management Team

Download the PDF below for a detailed description of EDP Group’s competent bodies, as well as their respective responsibilities.

The EDP Group's risk taxonomy aggregates, from an integrated perspective and in a common language, the various risk mappings existing at the level of the Group's various Business Units and is structured around four large families: strategic and ESG, business, financial and operational.

  • 1.

    Strategic & ESG

    Strategic

    ESG

  • 2.

    Business

    Energy markets

    Regulation

  • 3.

    Financial

    Financial markets

    Credit

    Liquidity / Solvability

    Social liabilites

  • 4.

    Operational

    Physical assets

    Execution of Processes

    Systems

    Legal & Compliance

Strategic and ESG Risks

The EDP Group closely monitors and reports risks of a strategic and ESG nature, since it believes that, if they materialise, they could have a significant impact, mainly in the medium and long term. Strategic and ESG risks can be broken down into two distinct natures: 

  • Strategic 
  • ESG 

Business Risks 

Business risks include all the risk factors intrinsically linked to the remuneration of the EDP Group's core business of generating, trading, distributing and supplying energy in the various geographies and markets where it operates. Business risks can be broken down into two distinct types: 

  • Energy markets 
  • Regulation 

Financial Risks 

Financial risks include market risk factors complementary to those of the EDP Group's energy business (non-operational) in the various geographies and markets where it operates. Financial risks can be broken down into four different types: 

  • Financial markets 
  • Credit and counterparty 
  • Liquidity/solvability 
  • Social liabilities 

Operational Risks 

Operational risks aggregate the risk factors complementary to those of the EDP Group's energy and financial business in the various geographies and markets where it operates, associated with the planning, construction and operation of physical assets, execution of processes, legal systems and litigation and compliance. Operational risks can be broken down into four different types: 

  • Physical assets 
  • Systems 
  • Execution of processes 
  • Legal & Compliance

Given the size of the EDP Group and its geographical diversity, it is important to define a transversal and consistent process at the level of the various Business Units, which at the same time recognises the heterogeneity of the businesses and activities in which the Group operates. In this way, risk management in the EDP Group is structured around five main phases (identification, analysis, evaluation, treatment, and monitoring), complemented by a prior phase of establishing the context, and by adequate levels of communication between the various stakeholders:

graphic
 
 
 
 
 
 
 
Fundamental phasesPreliminary/continuos phases

1Establishing the context

  • Asessment of the external and internal environment
  • Defining the fundamentals for risk management

2Identification

  • Comprehensive mapping of key risks (and representation in structured taxonomy)

3Analysis

  • Establishment of risk criteria
  • Risk Materiality Analysis (qualitative and quantitative)

4Assessment

  • Exposure Assessement in light of risk appetite
  • Definition of treatment strategies to implement

5Treatment

  • Implementation and execution of the established treatment plan

6Monitoring

  • Monitoring and reporting the evolution of risk indicators, materialization of events and progress of treatment measures

7Communication

  • Continuous and bidirectional communication between relevant stakeholders
Related content