Disclosure on risks

Risk and uncertainties

The ERG Group started implementing an integrated risk management model, based on a systematic approach to identify the foremost risks and to assess their potential negative effects and appropriate mitigation actions to be taken.
Within this context, the main risks identified, monitored and managed by ERG were:

  • Market risks
    Transactions in derivatives for speculative purposes are not allowed in the ERG Group, and this rule is set out in the Group Risk Policy. The strategies for mitigating such risks are implemented in accordance with company policies.
    • Exchange rate risk
    Exchange rate risk is the risk related to fluctuations in the exchange rate of various currencies versus the euro reference currency. Specifically, such fluctuations can have considerable impacts:
    -  on profits from the effect of the different significance of costs and revenues denominated in a foreign currency compared to the time when the price conditions were defined (economic risk);
    -  on profits, as a result of the conversion of trade or financial receivables/payables denominated in a foreign currency (transaction risk);
    -  on the consolidated balance sheet (profit and net assets) through the effect of the conversion of assets and liabilities of companies that prepare their Financial Statements in another currency (translation risk).
     
    The ERG Group has adopted a prudential strategy on exposure to the exchange rate risk, reducing the possible economic impacts tied to the volatility of exchange rates on the financial market. Use of derivative instruments is authorised only if there is an underlying asset to reduce the economic impacts linked to the volatility of exchange rates on the financial market and it is monitored by the Risk
    Committee.
    Transactions in derivatives for speculative purposes are not allowed in the ERG Group, and this rule is set out in the Group Risk Policy.
    The strategies for mitigating such risks are implemented in accordance with company policies.
     
    • Interest rate risk
    Interest rate risk identifies the change in the level of interest rates that may entail a change in the value of financial positions and the related costs. In this sense, changes in market interest rates can have negative impacts on the level of financial costs such as might compromise the Group's financial stability and its capital adequacy.

    The ERG Group uses different forms of financing to cover the requirements of its industrial activities, in particular with regard to the thermoelectric and renewable energies businesses. Any changes in
    interest rates can cause unfavourable changes in the cost of financing.
    The interest rate risk management policy has the objective of limiting such volatility by identifying a balanced mix of fixed rate and variable rate financing and the use of derivative hedge instruments which limit the effects of interest rate fluctuations. To analyse the risks, an internal model has been developed to determine risk exposure by evaluating the impact of variations in interest rates on future
    financial flows.

    Consistent with its market risk management policies, the ERG Group uses contracts such as Interest Rate Swaps. The use of derivative instruments is authorised only if there is an underlying asset to
    reduce the economic impacts linked to the volatility of exchange rates on the financial market and it is monitored by the Risk Committe. 
    Transactions in derivatives for speculative purposes are not allowed in the ERG Group, and this rule is set out in the Group Risk Policy.
    The strategies for mitigating such risks are implemented in accordance with company policies.
     
    • Commodity price risk
    Commodity price risk is identified as the possibility that fluctuations in the price of purchases and sales may cause significant changes in Group EBITDA, with an impact on income such as might compromise the achievement of the objectives defined in the strategic plan. In the exercise of its activity, the ERG Group is exposed to the risk of fluctuations in the prices of electricity, petroleum commodities, gas and CO2.. Exposure to electricity price risk derives essentially from selling on spot markets (commodity exchange) of electricity generated and not the subject of "forward" agreements (physical bilateral agreements. The ERG Group minimises the potential impact of fluctuations in the sale and purchase price of electricity on open positions through specific hedging of the long and short positions deriving from its own activities as a producer and supplier of electricity, all in compliance with the approved profit at risk limits. Exposure to gas price risk lies in the volatility of gas purchase and sale prices on open positions. The ERG Group pursues the goal of hedging open positions through balancing price formulas in natural gas marketing and transformation activities, in compliance with approved profit at risk limits. Lastly, the ERG Group is exposed to CO2 price risk. This risk identifies the possibility that the ERG Group may incur economic losses deriving from fluctuations in the CO2 market.
    To mitigate this risk, ERG operates in such a way as to keep the purchase formula balanced with the charge-back formula for the quotas of CO2 tied to commercial agreements, whilst for the quotas tied to sales of electricity to the market, ERG operates within the risk limits approved by the CEO with an advisory opinion of the Risk Committee. From an operational point of view, net exposures are calculated for the entire asset and contracts portfolio of the Group (so-called industrial portfolio), i.e. the residual exposure after taking advantage of the possibility of vertical and horizontal integration of the various branches of the business.
    Based on the net exposure, an overall level of the associated economic risk capital is calculated (expressed in millions of euros) measured by the profit at risk method. Profit at risk limits are defined annually, consistent with the Risk Policy applied by the ERG Group, and compliance with these limits is monitored, defining, where necessary, hedge strategies aimed at bringing the risk within the defined limits.
    The risk is managed by constant monitoring of the total net exposure of the Group portfolio and acting on the factors which have the greatest impact on its activity. The objective of stabilising cash flows generated by the asset portfolio and existing contracts is achieved through the use of derivative financial instruments, thus contributing to ensuring the economic and financial equilibrium of the Group.
    From an organizational point of view, the governance model adopted by the Group provides for the separation of risk control and management functions relating to hedging operations. Use of derivative instruments is authorised only if there is an underlying asset to reduce the economic impacts linked to the volatility of exchange rates on the financial market and it is monitored by the Risk Committee. Transactions in derivatives for speculative purposes are not allowed in the ERG Group, and this rule is set out in the Group Risk Policy.
  • Regulatory risk
    This is defined as the risk related to the evolution of the local, national and/or international regulatory framework.
    This evolution, in consideration of the high level of regulation of the business areas in which the ERG Group operates, may cause negative economic impacts on active and/or potential business areas.
    The ERG Group operates in a highly regulated sector. The risk factors in the activity of management are thus considered to be the constant, and not always predictable, changes in the relevant legislative and regulatory framework.

    The Group continuously monitors changes in the relevant legislative framework, in order to prevent and/or mitigate as far as possible the effects on various business areas, through integrated management at several levels. This envisages collaboration and dialogue with institutions and government and regulatory bodies in the sector through active participation in industry associations and working groups established in these bodies, as well as the study of legislative changes and official measures in the sector.

    For this purpose, the Group has established specific organisational units dedicated to the continuous monitoring of the evolution of the relevant national and international regulations.

    Future changes in regulatory policies adopted by the European Union or at national level, which might have unforeseen repercussions on the relevant legislative framework and, consequently, the activities and results of the ERG Group, cannot be ruled out.
  • New investments risk
    This risk refers to the set of uncertain events originating from different factors, for example the scenario (micro/macro-economic, political, regulatory, Business), technical, operative, financial, organisational, etc. that can impact on the decision of a New Investment Initiative and on its success, for which it is not possible to develop an absolute forecast of its course during the duration of the Project, with consequent economic or asset losses, or the worsening of the Group's image.

    The ERG Group has defined a specific structured process for investment selection, which, depending on the type of amount and features of the operation must pass a series of successive levels of examination and approval by the Investment Committee, the Strategic Committee and the Board of Directors, before they can be implemented, on the basis, amongst other factors, of internal and external support studies, benchmark analyses, legal-regulatory analyses, sustainability models and financial evaluation.

    The Group manages the possible risks associated to the new investments by evaluating, for all Significant projects, the potential associated risks (technical, stakeholders, scenario, etc.) .
    The ERG group monitors and manages risk through analyses and tools to support the formal evaluation and approval procedure for Investment Projects; the most important are given below:
    • technical, legal, commercial, economic and organisational feasibility analysis;
    • assessment of risk/uncertainty drivers (at 360°) t hat might influence the Project, with relative
    • mitigation plan;
    • calculation of Project economics with the use where necessary of forecast and final balance
    • probabilistic models;
    • estimate of Project contingency (cost/time);
    • ex-post evaluation of investment performance (Re-appraisal).
  • Human Capital risk

    This risk is defined as the risk that ERG Group's Human Capital (defined as the sum of expertise, knowledge, education, information and technical capacity that result in the human capacity to produce corporate value) might be quantitatively and qualitatively inadequate compared to the evolution of strategic business needs.

    As Human Capital is a key factor of its business model, the ERG Group monitors and manages such risk through the Human Capital Committee and specific Human Capital organisational units that guarantee the planning process for Human Capital, its promotion and constant alignment to the business objectives and to predefined strategies and the development of ERG's managerial culture, through:

    • An innovative model for managing competence, measured with an "human capital return" index
    • Processes and tool to develop and train personnel';
    • Succession plans, career plans, and personnel internal mobility plans;
    • Recruitement and selection processes;
    • Processes to analyse potential, develop managerial behaviour and develop talents;
    • Analysis of the training needs of Human resources and relative remedial interventions;
    • Institutional and managerial training plan.

    Furthermore, the Human Capital Committee defines and monitors the main programs and activities to develop human resources and supports the Executive Vice President and the CEO in the decision relating to personnel management and to the management of variable remuneration systems and mid-long term incentives, as well as the proposal to present to the Nomination and Compensation Committee.
    The mitigation strategies for such risks are conducted in accordance with what established in the corporate policies.

  • Liquidity risk

    Liquidity risk is the risk deriving from the lack of financial resources to fulfil both short and medium/long term commercial and financial commitments. This type of risk considers the possibility that the entity is unable to fulfil payment commitments because of difficulty in obtaining funds (funding liquidity risk), in liquidating assets on the market (asset liquidity risk), or because of inadequate management of the entity's own liquidity.

    The consequence may be a deterioration of the entity's reputation with stakeholders, downgrading of the company's financial rating1 and consequent difficulties in accessing credit, a negative impact on the profit in terms of increased costs, interest expenses and/or higher taxes or, as an extreme consequence, an insolvency situation that jeopardises the entity's viability as a going concern.
    Risk management aims to define, within the planning process, a financial structure that, consistently with the business targets and with the limits defined by the Board of Directors, assures an adequate liquidity level for ERG, minimising the related opportunity cost and maintaining a balance in terms of debt maturity and composition.

    The ERG Group assures adequate coverage of its financial requirements through cash flow generation and the availability of diversified financing sources.

    Specifically, ERG manages the liquidity risk through the systematic generation of cash by its own activities and implementing specific structured processes for planning and monitoring a financial structure that is balanced in terms of duration and composition.
    Risk mitigation strategies are implemented in accordance with company policies.

  • Credit Risk
    Credit risk consists of the deterioration in the creditworthiness of a counterparty with respect to which there is an exposure as to cause an unpredictable change in the value of the credit position, with negative consequences for the Group's economic and financial stability; in addition to the possibility of default, reference is also made to the possibility of deterioration of a counterparty's credit rating.

    The ERG Group manages credit risk with the objective of optimising the risk profile in pursuing commercial and business targets, through structured processes in which specific organisational units and the Credit Committee assess the creditworthiness, constantly monitor the total exposure level for each individual counterparty and define and implement any corrective actions.

    Moreover, within the sale processes, the Group assigns to each counterparty a specific level of credit that can never be exceeded or, alternatively, it carries out sale transactions upon presentation of a suitable guarantee (e.g. letter of credit).

    Risk mitigation strategies are implemented in accordance with company policies.
  • Default and covenant-related risk

    This risk pertains to the possibility that stipulated loan agreements contain provisions that, upon the occurrence of certain events, entitle the counterparties to demand that the debtor immediately repay the amounts loaned, consequently engendering a liquidity risk.

    The ERG Group, to finance its own development initiatives, makes use of medium/long term debt, mainly through project financing operations, i.e. long-term loan techniques in which repayment of the loan is guaranteed by the projected cash flows from the operation of the works built with the project. We are not currently aware of any situation of breach of financial covenant or default by ERG Group companies.

  • Volume risk

    Output volumes are subject to variability, both because of the natural variability of renewable energy sources, and because of possible unavailability of the plants.
    The risk related to the natural variability in the availability of wind power sources, which are known to vary according to the weather conditions at the sites where the plants are located, is mitigated through the geographic diversification of the generating plants.

    The risk related to possible malfunctions of the plants, or to adverse accidental events that temporarily compromise their functionality, is mitigated by the ERG Group relying on the best prevention and protection strategies, including preventive and predictive maintenance methods, and applying the best practices in this field. The residual risk is managed through specific insurance agreements, directed at hedging a broad range of operational risks, including losses of revenue as a result of lost output.

    Risk mitigation strategies are implemented in accordance with company policies.

  • Business interruption risk

    This expression identifies the risk connected to the occurrence of natural, accidental or catastrophic events (i.e. earthquakes, floods, tidal waves, fires, etc.), in the course of the performance of business activities, with negative consequences for the Group in terms of revenues or preservation of corporate assets, such as might place routine operations in severely critical conditions or to undermine the Group's stability and balance in a significant and lasting way.

    Insofar as the risks of unavailability of plants are inherent in the business and cannot be completely eliminated, in relation to risks of accident, the Group puts in place preventive mitigation strategies in every business unit, aimed at reducing the possibility of interruption of the business and action strategies designed to mitigate any impacts. In particular, the ERG Group mitigates such risks through appropriate plant management policies aimed at pursuing high levels of safety and operating excellence, in line with the best industrial practices.

    The safeguarding of Group plants and infrastructure envisages the adoption and constant updating, in line with best practice in the sector, of programmed maintenance procedures, both regular and preventive, aimed at identifying and preventing potential critical situations, including based on specific technical analyses carried out by highly specialised technical staff.

    It is also envisaged to carry out regular inspections of plants and the use of instruments for control and telecontrol instruments of technical parameters for monitoring and prompt detection of any defects and also, where possible, recourse to redundancy of the components necessary to ensure continuity of production processes. The continuous provision of specific training course for technical staff is also guaranteed.

    The progressive adoption of advanced software and sensors to calculate the actual plant output is also planned, so as subsequently to allow a predictive approach, based on past experience, in the programming and execution of maintenance works. The gradual adoption of these measures is also envisaged in cases of acquisition of new production sites to promote alignment with Group standards and best practice in this area.

    As regards production processes, particular attention is paid to the prevention and control of the related risks, through the implementation of risk assessments, business impact analyses and a business continuity management activity, with the aim of ensuring the operational continuity of industrial production plants.

    An aspect of risk which is assuming every increasing importance is that related to sabotage, which could impede the proper conduct of operational activities, with potential repercussions on the safety of operating staff, sites and the surrounding environment, as well as impacts of an economic nature derived from the interruption of production activities. To mitigate this risk, specific procedures are in place to regulate operational means of access to plants, control systems with badge access, surveillance cameras, and security guard services to control the sites mots exposed to intrusions.

    To cover risks of natural and catastrophic character, through transfer of its own industrial risk to third parties and cover residual risks, the ERG Group resorts to the insurance market, thereby providing a high level of protection for its facilities, even in the event of an interruption of activity. The contractual conditions characteristic of such insurance policies have been reviewed in the light of the operating methods of the plants and conditions in the energy market.
    Risk mitigation strategies are implemented in accordance with company policies.
  • Health, Safety and Environment (HSE) risk
    HSE Risk mainly relates to the operation of industrial assets which have an impact on environmental issues and workers' health and safety.
    Health risks are those with potential impact and impairment of the biological equilibrium of personnel tasked with performing operations or work processes, as a result of emission into the environment of environmental risk factors of a chemical, physical and biological nature. Safety risks are connected with the occurrence of accidents or injuries, damage or (more or less severe) physical disablements suffered by the persons assigned to the various work activities.

    The ERG Group is strongly committed to mitigating such risks and has adopted specific health, safety and environment guidelines that require, by all the Group companies, compliance with all legislation, the pursuit of specific performance targets, the continuous training of personnel and the certification of specific integrated HSE management systems. Furthermore, the ERG Group adopts safety standards and operating practices of high quality and reliability in order to assure regulatory compliance, continuous improvement of environmental performance and the effectiveness of actions taken in terms of prevention and containment of potential environmental impacts. In particular, the companies that manage industrial assets, which, by their nature, are more exposed to HSE risk, all have an OHSAS 18001 and ISO 14001 certified management system, as well as EMAS certification of its main plants.

    The companies that do not manage industrial assets have an OHSAS 18001 certified management system. During 2015, regular inspections were carried out by the certification bodies which issued and/or confirmed the certification held by the Group companies. Furthermore, the Group pursues the goal of zero injuries, through structured oversight of health and safety issues and the development of numerous programmes for prevention and fostering a "safety culture", directed both at the Group's own personnel and suppliers and vendors. Care for people is also expressed through initiatives directed at personal development, performance assessment at all levels and sharing best practices.

    The adoption of the best available technologies, the application of ever more rigorous and stringent operating practices in terms of prevention and reduction of pollution and the correct management of the waste produced enable the ERG Group to manage its industrial activities and the related environmental issues efficiently. Every year, the ERG Group publishes its own Sustainability Report in which it reports key information and data on HSE and social issues related to the Group's activity. Health, safety and environmental strategies are implemented in accordance with company policies and are set out in the document "Rules of conduct with regard to Health, Safety and Environment".
  • Information & Communication Technology risk

    ICT risk means the risk of the inadequacy of the set of technical and organisational measures aimed at assuring the protection of the integrity, availability, confidentiality of the automated information and of the resources used to acquire, store, process and communicate that information. The growing use of technological solutions in the management of business processes and means of communications and the ever greater spread and penetration of cyber crime have significantly increased the exposure of information to threats and risks related to loss of confidentiality, integrity and availability of confidential data.

    In particular, the following risks related to information systems can be identified:

    • risk of vulnerability of information systems: this risk consists of the possibility that the architecture/framework of IT systems may be vulnerable to internal/external attacks or exposed to accidental events because of defects in their design, implementation, configuration and/or operating management, as well as the lack of awareness of the risks arising from computer attacks by company staff;
    • risk of technological disaster: this risk consists of the possibility that the technological infrastructures serving corporate operations may be dramatically compromised by accidental events;

    The ERG Group's activities are managed through information systems which support the main corporate processes, both operational and administrative and commercial. The inadequacy, fragmentation of existing platforms or the failure to update such information systems to meet the needs of the business, their possible unavailability, inadequate management of aspects of the integrity and confidentiality of information, the lack of a continuous campaign to raise awareness of staff and specific training for technical staff, in particular, are potential risk factors that the Group mitigates by means of appropriate control measures, in line with standard ISO 27001:2013 and the Cobit 5 model.

    The current process of integration and consolidation of information systems within the Group, designed on the basis of changes in the Group structure in previous years, will yield considerable benefits and a consequent reduction in associated ICT risks thanks to a risk management approach. The development and streamlining of the complex of information systems used by the Group are then continued through the design and implementation of a strategic ICT security plan at ERG Group level aimed at ensuring adequate oversight of security in the following areas: security control, security policies, risk management, security awareness and training, supplier and third parties management, compliance, information protection management, business continuity and disaster recovery, incident management, threat and vulnerability management, identity management and access control, network security, system security, and application security.

    To mitigate the potential risks of interruption of the business activities on processes regarded as strategic, the Group has a Disaster Recovery System which ensures continuity of the services and data through an alternative Data Centre the efficiency of which is subject to regular checks.

    Furthermore, in the light of the importance of daily activities on the electricity market, particular attention is paid to supervision of the market interface systems. These systems are subject to specific management and maintenance procedures designed to protect their stability.

    In the framework of data management, information security risk is identified as the possibility that the Group has not implemented suitable security measures to protect the confidentiality, integrity and availability of the information managed with the support of electronic/IT systems (databases, corporate applications, individual and shared folders, company sites exposed to the Internet, corporate intranet, electronic mail system, etc.).

    The ERG Group pursues the objective of constant protection of corporate information and mitigates the risk of failure to protect such information through the implementation and activation of processes and systems for the protection, preservation and recovery of the information available on the IT systems. For this purpose, the ERG Group classifies the information that, in the context of corporate processes, is contained and managed through software applications and electronic documents.

    In addition, confidentiality and security of information are the subject of specific oversight by the Group through segregation tools to restrict access to information, as well as specific contractual agreements with third parties who may have access to information. To further improve the current oversight, the segregation of duties between organizational roles and technical roles is guaranteed by our systems. The Group also carries out regular internal and external vulnerability assessments.
    Risk mitigation strategies are implemented in accordance with company policies.