Risk management within the Iberdrola group is based on foresight, independence, commitment to the group’s business objectives and the engagement of senior management and the Board.
Commitment of the Board of Directors and of senior management
Iberdrola’s Board of Directors and senior management is strongly committed to and engaged in the management of the group’s risks:
- Ex-ante: acceptable levels of risk tolerance are reviewed and approved on an annual basis through risk policies and limits that establish the qualitative and quantitative risk appetite at the group level and at each of the main businesses and corporate functions.
- Ex-post: periodic monitoring of significant risks (key risk maps) and threats and the various exposures of the group, as well as of compliance with the approved risk policies, limits and indicators.
By way of supplement, the group has a Compliance System, linked to the Board’s Sustainable Development Committee, with elements that include the Code of Ethics and the Compliance Unit.
Comprehensive Risk Control and Management System
The General Risk Control and Management Policy of the group approved by the Board of Directors establishes the mechanisms and basic principles for appropriate management of the risk / opportunity ratio, at a risk level that makes it possible to:
- Attain strategic goals with controlled volatility.
- Ensure the group’s corporate stability, financial strength and reputation (Stakeholders).
- Contribute to meeting the SDGs, with a special focus on goals seven and thirteen.
- Imbue a risk culture.
At the operational level, the Comprehensive Risk Control and Management System is structured around a Risk Committee and an independent specialised Risk Management and Internal Assurance Division, functionally reporting to the Audit and Risk Supervision Committee, that analyses and quantifies the risks within the main businesses and corporate functions of the group.
|Duties of the Risk Division|
|Enterprise Risk Management (ERM) focus|
Ensure, under the internationally recognised three lines model, that there are mechanisms for all significant risks of the group to be adequately identified, measured, managed and controlled at all times and that they are regularly reported to the various committees and externally.
Instruments and reports:
|Operational risk is centrally managed through the group’s corporate Insurance, Information Technology, Security and Cybersecurity, and Occupational Safety and Health units.|
Risk policies and limits of the Iberdrola group
The General Risk Control and Management Policy is further developed and supplemented with the following specific policies established in relation to certain risks, corporate functions or businesses of the group, which are also annually approved by the Board of Directors at the head of the group, and which include limits and indicators that are subsequently monitored:
Specific risk policies of the businesses:
- Liberalised Businesses of the Iberdrola group.
- Renewable Energy Businesses of the Iberdrola group.
- Networks Businesses of the Iberdrola group.
- Real Estate Business.
Corporate risk policies:
- Corporate Credit Risk Policy.
- Corporate Market Risk Policy.
- Operational Risk in Market Transactions Policy.
- Insurance Policy.
- Investment Policy.
- Financing and Financial Risk Policy.
- Treasury Share Policy.
- Risk Policy for Equity Interests in Listed Companies.
- Reputational Risk Framework Policy.
- Purchasing Policy.
- Information Technologies Policy.
- Cybersecurity Risk Policy.
- Occupational Safety and Health Risk Policy.
The country subholding companies adopt the group’s risk policies and specify the application thereof, approving the guidelines on specific risk limits, based on the nature and particularities of the businesses in each country. The listed country subholding companies, and companies with significant interests held by other shareholders, approve their own policies under their own special framework of strengthened autonomy.
Principal risk factors of the Iberdrola group
The group is exposed to various risks inherent in the different countries, industries and markets in which it operates, and which may prevent it from achieving its objectives and implementing its strategies. These risks are grouped into:
Corporate governance risks: those that endanger the corporate interest and the strategy of the company.
Market risks: exposure to volatility in variables like prices of electricity and other energy commodities, emission rights, exchange rate, interest rate, etc.
Credit risks: possibility of contractual breach by a counterparty, causing economic or financial losses, including liquidation and replacement cost risks.
Business risks: deriving from uncertainty as to the behaviour of variables intrinsic to the business (characteristics of demand, hydraulic resources, wind, solar, etc.).
Regulatory and political risks: coming from regulatory changes made by the regulators that can affect remuneration of the regulated businesses, environmental or tax provisions, etc.
Operational, technological, environmental, social and legal risks: losses resulting from external events, inadequate internal procedures, technical failures, human error, pandemics, climate change, technological obsolescence, cybersecurity, fraud and corruption, litigation, etc.
Reputational risks: potential negative impacts on the company’s reputation arising from situations or events that fail to meet the expectations of its Stakeholders.
Given the multidimensional nature of the risks, the taxonomy defined in the system contemplates additional classification variables for better monitoring, control and reporting of such risks. These additional categories include the classification of risks into Structural Risks, Hot Topics and Emerging Risks, the latter being understood as potential new threats, the impact of which is as yet uncertain and the probability of which undefined, but which are growing and could become significant for the group.
Risk factors and mitigation measures
<15 €M 15-50 €M >50€M of annual impact
|Price and demand risks|
|Changes in the price of electricity||
The main variable affecting the results of the group’s Wholesale and Retail Businesses as regards market prices is the price of electricity, which relatively corresponds to the price of fuel and applicable emission rights, required to produce such electricity.
The group’s Renewables Businesses preferentially sell their energy at: i) regulated rates; or ii) fixed prices via PPAs. The remaining market exposure of the Renewables Businesses of Spain, the United Kingdom, Brazil and Mexico is transferred to the Wholesale and Retail Business of such countries to be managed.
Offsetting at-risk positions between wholesale and retail activities allows for a large reduction in the group’s market risk; the remaining risk is mitigated via diversification of purchase / sale agreements, and by trading in derivatives.
|Possible impact of a 5% change in the price of electricity and / or of energy commodities and CO2||Spain: Integrated Wholesale, Renewables and Retail risk
United Kingdom: Integrated Retail and Renewables (power from wind farms with ROCs) risk
Mexico: The PPAs with the CFE do not have a market risk
Brazil: Integrated Wholesale, Renewables and Retail risk
United States: For windfarms exposed to the market
International: For windfarms exposed to the market
|Change in demand||
Wholesale, Retail and Renewables: moderate short-term impact, given the nature of the group’s generation facilities and the structure of the long-term power purchase agreements.
Networks: no impact, except for the Brazilian subsidiaries in between tariff periods.
|Possible impact of 1% reduction in demand for each country|
|Change in hydroelectric resources - Spain||
||Lower hydroelectric production - Spain||Renewables Business - Spain|
|Change in wind resources - group||
||Lower wind output - group||Renewables Business - group|
|Change in interest rate||The Iberdrola group maintains a fixed-rate and variable-rate debt structure, based on the structure of its revenues and the sensitivity thereof to changes in interest rates.||Possible impact on financial cost of +25 bps increase||Group financial cost|
|Change in exchange rate||This risk is mitigated by taking on debt and realising all its financial flows in the functional currency corresponding to each company, whenever possible and economically efficient, and managing its open positions with derivatives. The risk associated with the translation of results from subsidiaries is closed out annually.||Possible impact on financial cost of 5% increase in currency||Group financial cost|
|Operational risk||These risks are mitigated by making the necessary investments, applying operation and maintenance procedures and programmes (supported by quality systems), planning appropriate training and skills development for staff, and finally by obtaining appropriate casualty and civil liability insurance.|
|Regulatory and political risk||The group is subject to laws and regulations on tariffs and other regulatory aspects of its activities in the countries in which it does business. The introduction of new laws / regulations or amendments to existing ones could adversely affect operations, annual results and the financial value of the businesses of the group (including risks relating to commercial trade between the EU and the United Kingdom).|
Includes the risks of transition (regulatory or market associated with emissions reduction goals) and physical risks (deriving from potential impacts of an increase in extreme climate phenomena, increase in temperatures, increase in sea level, changes in rain patterns, etc.).
Iberdrola believes that it is well positioned with respect to this risk, given the nature of its current businesses and its main goals for growth.