We are a global operator of essential infrastructure
Redeia has a Comprehensive risk management system in place in order to facilitate the fulfilment of the company’s strategies and objectives, ensuring that the risks that could have an impact on them are identified, analysed, evaluated, managed and controlled in a systematic manner, with uniform criteria and within the level of acceptable risk approved by the Board of Directors.
The management System conforms to the ISO 31000 standard regarding risk management principles and guidelines and is ongoing and comprehensive in nature, consolidating risk management by business unit, subsidiary, and support areas within the corporate scope.
Accordingly, Redeia periodically conducts sensitivity analysis (stress testing) to monitor on certain financial and non-financial risks, with the aim of anticipating the potential impact on the Company of the materialisation of these on the basis of certain future scenarios, and monitoring potential developments of the main variables that could have an impact on the compliance of the strategic plan, both in terms of Financial aspects and interest rates, inflation, etc., as well as other more operational factors.

Redeia has a Comprehensive Risk Management Policy and a general Procedure for comprehensive risk management and control, based on the COSO ERM Enterprise Risk Management-Integrated Framework for Corporate Risk Management.
The Board of Directors is responsible for approving the Comprehensive Risk Management Policy, as well as for awareness and periodic monitoring of internal control, prevention, and reporting systems. Twice a year, the Board reviews the risk control system and relevant risks, without prejudice to the information regularly received from the Audit Committee as part of its ongoing monitoring.
Redeia's Risk Management System also specifically analyses risks considered as emerging, which are either new risks whose origin differs from traditionally managed risks or existing risks that may undergo significant changes in the medium or long term due to their scope or considerable changes in the consequences they generate. These risks are considered to potentially impact the organisation, which given their nature, they are difficult to predict, estimate and assess and their time horizon is uncertain, all due to economic, social, technological, geopolitical and environmental transformation, with possible impacts of special relevance for the organisation.
This risk type also refers to those risks that already exist and have been identified but which in the medium and/or long term may undergo significant changes, either because of their scope or because of a considerable change in their consequences.
The main difference between emerging risks and other risks within the organisation lies in the process of identification, evaluation, and measurement of these risks due to their inherent nature. The impacts of emerging risks are difficult to estimate and quantify, so there is no measurement process in terms of probability and impact. Additionally, the time horizon for emerging risks extends beyond that used for measuring traditional risks or beyond the time horizon of the current strategic plan.
Moreover, Redeia is making progress in identifying and analysing long-term trends and scenarios, conducting various micro-studies focused on identifying potential future risk trends that could impact Redeia. The following are identified as emerging risks:
Shortage of raw materials | ||
---|---|---|
Description | Impact | Action Plan |
The transition to a decarbonized energy system will require the development of new electricity transmission and distribution infrastructure, as well as the reinforcement of existing networks. Since the EU is highly dependent on imports from other countries, particularly in the case of raw materials that are important for energy systems, this could lead to a risk of shortages in the most in-demand raw materials or insufficient processing capacity. There is a risk that suppliers of the equipment required for the development of transmission networks may lack the capacity to meet the growing global demand. In addition to the potential delays in infrastructure development caused by the unavailability or delayed supply of raw materials and equipment, the potential increase in prices due to low supply must also be considered. This includes the impact of global trade policies, which could result in either a decrease in demand and prices or an increase in prices in an inflationary context. | The unavailability (or delay in the supply) of raw materials can cause delays in the development of infrastructure, as well as price increases. At this time, there is no identified risk of shortage of these raw materials. Over a 10-year time frame, independent analysis suggests that, of these three elements, copper presents the greatest risk | • Observation and monitoring of regulatory and tax aspects, evolution of demand and production capacity; in particular, monitoring of specialised studies on production forecasts and raw material consumption. • Research in the development of designs with alternative materials. • Promotion of the use of recycled materials within the EU, which would help increase the availability of elements such as copper, aluminium and steel. |
Application of generative AI | ||
---|---|---|
Description | Impact | Action Plan |
Generative Artificial Intelligence (GAI) represents a breakthrough because of its ease of use and low cost, and it can be applied to any environment, although it adds speed, complexity and additional risks. The use of generative AI in processes and operations can produce risks such as: • Risks associated with trust in information. • Risks associated with business continuity. • Risks associated with intellectual property. • Risks associated with the leakage of sensitive information. • Risks associated with the adequacy of personnel for the use of AI and increasing the Company’s dependence on the key skills of its employees. • Risks associated with lack of coordination between functional areas due to new AI capabilities. • Risks associated with EU-approved AI compliance. Depending o n how AI is ultimately applied to aspects of the electricity sector, it could represent either an opportunity or a risk for Redeia. | • Economic impact of sanctions for non-compliance with regulations. • Operational impact due to failures in the processes carried out with AI or failures in supervision and due to scaling of human resources capacities for AI management. • Reputational impact due to incorrect or unethical decisions. | • Diagnosis of Redeia’s alignment with the European Regulation on Artificial Intelligence. • Definition of an action plan for compliance with the aforementioned Regulation. • Creation of the AI strategy in Redeia. • Preparation of an inventory on the use of AI in Redeia, taking into account the risk level of the AI systems used in accordance with the Regulation. • Development of basic principles of action for Redeia on the responsible use of AI. • Design of a proposal for the IA governance model, taking into consideration what the organisation has implemented in other areas with synergies. • Identification of risks and the complete framework of AI compliance controls. • Development of training and awareness regarding Redeia’s new artificial intelligence system.
|
Climate change risks comprise both physical risks associated with modifications in climate parameters (which can directly affect the facilities or impact the services rendered by Redeia) and transition risks (related to changes stemming from the fight against climate change, including regulatory, technological, market, and reputational).
To enhance the management of risks associated with climate change, in 2018, Redeia started working on implementation of the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). Since then, key actions have been taken to develop and improve this implementation, such as revising the governance model, developing a specific methodology for identification, prioritisation, and economic quantification, considering different scenarios and time horizons, reviewing methodologies, and expanding the analysis to businesses in Latin America and telecommunications.
Our Comprehensive Risk Management System includes relevant tax risks and mechanisms for their mitigation, control, and management.
Awareness, training and sensitization are fundamental elements for the development of a risk culture that adapts to the needs and responsibilities of Redeia's functional areas and affected areas.
The company strengthens the risk culture through the continuous development of dissemination, awareness and training actions on the relevance and strategic nature of the Integrated Risk Management System for the members of the organization, among which the following stand out:
- Inclusion of risk criteria in the development of products and services. Before entering a tender, a risk analysis is performed by Redeia in order to determine whether it is appropriate to proceed with the tendering process.
- Specific training in relevant areas such as occupational risk prevention, environmental, human rights, cybersecurity, ethics and compliance.
- Organization of forums aimed at specific groups of the organization with a special involvement in risk management.
- Publication of informative news on the corporate website and on the intranet.
- Specific sessions for members of the management body on risk management where both financial and non-financial risks are analyzed.
Redeia provides the company's professionals with the necessary tools to manage possible risk situations in the development of their functions and responsibilities, as well as the appropriate means to communicate any issue related to risks.