Risk Management - ESG
Risk Management
Governance
Lines of Defense
Risk Governance
1st Line of Defense
- Manage risks, identifying, assessing, treating, preventing, and monitoring them in an integrated manner;
- Manage the preventive and mitigating controls under their responsibilities, ensuring the accuracy and timeliness of information; the process safety in compliance with external regulations, internal policies, and norms; the indicators monitoring, when applicable and seek the improvement of controls, in case of detection of any deficiency.
Risk owners primarily responsible
Control owners primarily responsible
2nd Line of Defense (Enterprise Risk Management (ERM)
Main responsibilities
2nd Line of Defense – Specialists
Check the responsibilities of the Executive Vice President Technical
3rd Line of Defense
Internal Audit
Whistleblower Channel
Emerging Risks
- Establishment of an Emerging Risk Intelligence Group (ERIG) composed of a multidisciplinary team with professionals from the most diverse areas of the company;
- Periodic discussions of the ERIG based on market research, specialized reports on risk management, and other technical consultation sources;
- Preparation of a collaborative tool for formalization and periodic updating of the emerging risks mapped, containing detailed description of the risk, mitigation and monitoring actions, a source for tracking trend and monitoring indicators; and
- Presentation of the list of priority emerging risks to senior management.
We keep an updated list of these risks, validated with top management, and below are some examples:
- Transition risks for a low carbon economy
- Geopolitical Tensions and International Sanction
Transition risks for a low carbon economy
- Risks related to product substitution due to new technologies and/or processes
- Changes in supply and demand , specifically for low carbon products;
- Changes in policies, including carbon tax;
- Climate-related litigations and reputational impacts;
Root cause |
Transition risks are related to aspects:
|
---|---|
Impact |
Potencial impacts:
|
Prevention/Mitigation |
The main tools and initiatives that address these challenges are: - Monitoring process of regulatory and policy trends related to the decarbonization theme on a global scale, using the technical precepts present in the Task Force on Climate-Related Financial Disclosures (TCFD) as a guideline;
- Monitoring of scope 1, 2 and 3 emissions with standardized metrics; - Management of decarbonization initiatives, through Mac curve tools - Marginal Abatement Cost Curve, using the internal carbon price as a reference, to order and prioritize emission reduction projects; |
Comments |
In 2020, the company conducted an analysis of the business resilience to climate change scenarios, based on International Energy Agency (IEA) scenarios, as suggested by the TCFD. |
Geopolitical Tensions and International Sanctions
Root cause |
The most common causes of geopolitical tensions are related to historical context, ethnic-religious rivalries, disputes over economically valuable natural resources, and territorial disputes. |
---|---|
Impact |
Potencial impacts:
|
Prevention/Mitigation |
Several measures have been adopted by Vale in recent years to prevent or mitigate the risk impacts, among them are:
|
Comments |
Geopolitical contexts have the potential to impact key markets, operations, and investments. Uncertainties in the business environment derived from geopolitical tensions may impact the company in several ways, such as the ability to sell/deliver products and restrictions on jurisdictions where the company can operate, maintain or establish new partnerships and/or supply chains. |
Epidemics and Pandemics
Risk Priority: High Collective manifestation of a disease that quickly spreads, by direct or indirect contagion, until reaching a large number of people in a given territory (e.g. COVID-19, Ebola, Avian Influenza) |
Root causePresence of viruses, bacteria and protozoa, carried by vectors or not, and that spread quickly reaching a large number of people, aggravated by the absence of control and mitigation measures and sanitary / public health deficiency. |
ImpactResults:
|
Prevention / MitigationIn controlling of an infectious disease epidemic, it is important that cases are reported to the public health agency so that measures can be taken to prevent the spread of the disease to other locations.
|
CommentsThe distinctive character of epidemics lies in their collective and singular manifestation: collective as a phenomenon that affects groups of individuals causing changes in the "way of life” and singular as a unique occurrence in the unit of time and space. Based on information discussed at the World Economic Forum , Infectious Diseases (ID) and survival crisis lead the rank of predicted risks, ahead of other threats such as cybersecurity flaws. Infectious Diseases will represent a critical threat to the world for years to come. As an example, we can mention the COVID-19 Pandemic, which continues to cause devastation with a growing increase in the number of lives lost and impacting very strongly world economies. Taking into account the emergence of new strains of SARS-COV-2, mainly the Omicron variant, with its infectious capacity 3-4 times greater than its predecessor, but with less offensive power (80% lower), it will directly reflect on the overcrowding of primary health care units, impacting on the lack of medical supplies, in addition to causing, according to the current literature, a possible impact of up to 20% on medical absenteeism for companies. |
Cyber Risks
Risk Priority: High Vale's businesses are heavily dependent on technological systems for the operations. In this way, cyber events or attacks can have a significant impact on the business. The cyber risk management discipline deals with situations where the availability, integrity and confidentiality of information and operational technology systems can be compromised. |
Root causeThe growth of cyber threat scenarios has been spread in the world and in 2020 the amount of ransomware attacks has grown significantly. The ever-evolving risks come from a variety of actors in this context, such as “nation-state”, cyber criminals, hacktivists and “insiders”, each with different motivations. It is noted that these cyber criminals have applied more aggressive techniques and continue - and sometimes increase - their activities in times of crisis as in the case of the COVID-19 pandemic. |
Impact
|
Prevention / MitigationDiverse measures are taken to manage this risk in order to protect, detect and respond to cyber events, including information security policies and standards, security protection technologies, threat detection and monitoring, as well as periodic cyber incident simulations to test response and recovery plans. We have been sustained our investments in order to continually evolve our cyber defenses within the risk tolerance levels for enterprise systems layers. As for the layers of industrial systems and operational technologies, we significantly increased investments in order to improve the efficiency of cybersecurity controls in a way that is compatible with the threats aggravation in this area. We constantly maintain initiatives to strengthen the information security awareness culture in the organization. Encouraging vigilance among the employees and associates, we run a recurring training program covering topics such as email phishing, information classification, and other information security best practices. |
CommentsWe experience threats to the security of our technology systems, but none of them impacted our business in 2021. Exposure to cyber risks is expected to increase due to our increasing dependence on technology as well as the increasing sophistication and frequency of cyber attacks. Our cyber risk management committee assists the executive committee to continually oversee the progress of the Information Security program, as well as the effectiveness of our cyber security controls framework. Additionally, the audit committee and other advisory committees assist the board of directors to ensure that the internal controls are robust and sufficient to manage the information security in the company within the limits of tolerance for cyber risk. |
Climate Change
Risk Priority: High Increased sense of urgency to address challenges that threaten not just the mining sector, but the entire society. Low carbon mining is one of our priorities for the coming years. |
Root causePhysical events are considered chronic, such as the increase in the average temperature of the atmosphere, droughts, fires, strong winds, atmospheric discharges, sea level rise and changes in rainfall patterns and/or acute problems, such as extreme weather and maritime conditions. Transition events are related to changes in public policies to restrict emissions, climate-related litigation, demand changes for products and services, and the replacement of products due to new technologies and processes. |
Impact
|
Prevention / MitigationThe main tools used in face of these challenges are:
|
CommentsIn 2020, the company carried out a resilience analysis of its portfolio to climate change scenarios, based on the National Energy Agency (AIE) scenarios. In the challenging context of decarbonization, our commodities will be at the forefront of the challenges and opportunities presented by the climate crisis. Also in 2020, it was developed the Vale Climate Forecast, a methodology that promotes the physical resilience of our operations to climate changes. The methodology makes it possible to identify potential operational and financial impacts due to climate variables, such as changes in rainfall patterns and temperature variation for all the company's operations. |
Russia-Ukraine War
Risk Priority: Very High Escalation of the conflict could lead to disruption of international trade flows, extreme pricing, high volatility in the markets, with particular impact on the energy sector, increased regulatory and contractual uncertainty, and geopolitical tensions around the world. |
Root causeGeopolitical tension between Russia and Ukraine, a NATO partner, has been increasing in recent years. And in Feb/22, Russia started a military operation inside Ukraine, leading to several negative impacts - direct and indirect - on several countries and affecting the world economy. |
ImpactOutcomes:
|
Prevention / MitigationSeveral measures have been adopted by Vale in recent years and others have been reinforced by the conflict, among them are:
|
CommentsVale created a multidisciplinary committee, before the conflict beginning, to assess the possible impacts on the company, as well as possible prevention or mitigation actions. The impact of the conflict on commodity markets is expected to be severe, since Russia is a major producer of several raw materials, such as 40% of the gas consumed by Europe, as well as an important oil supplier to the continent. This scenario may lead to the temporary paralyzation of operations of some stakeholders. The medium-term impacts, such as a possible increase in other geopolitical tensions, are still uncertain. Asia is currently our main consumer market and any impact on its economy could have consequences for the company's results. |