Risk Management

Significance

Currently, the business environment and context continue to change rapidly and are filled with uncertainty, such as economic volatility, regulatory changes, technological advancements, and increasing expectations regarding ESG issues, all of which inevitably impact business operations. Therefore, risk management is a crucial component of good corporate governance and serves as a key mechanism that BPP utilizes in its operations to prevent losses and create opportunities for stable growth in areas such as strategy, investment, project development and construction, as well as power generation operations. This is implemented in parallel with supporting the transition to sustainable energy under the concept of Just Energy Transition, aiming to generate sustainable and equitable value for all stakeholders.

2025 Target

Coverage ratio of risks management system is 100%.
Coverage ratio of risks management system associated with ESG issues is 100%

Management Approach

BPP’s risk management structure is divided into two levels: the business unit level and corporate level.

Business Unit Risk Management: To ensure agility and close monitoring of situations, the risk coordinators within each business unit collect and assess risk issues and mitigation measures on a quarterly basis. These findings are reported to the Sustainable Development and Risk Management Department for review before being submitted to the Risk Management Committeet.

Corporate Risk Management: The Risk Management Committee is the key mechanism in corporate risk management. The Committee consists of the Chief Executive Officer (CEO) and senior management from all departments, excluding the Internal Audit Department, to maintain audit independence.

The Committee is entrusted with the following major responsibilities:

Assess and manage risks to ensure that BPP’s key risks are regularly identified and assessed. Implement effective risk mitigation measures or plans to support achieving the Company’s short- and long-term goals.
Provide policy support to ensure efficient risk management from the business unit to the corporate strategy level.
Provide essential internal and external resources to enable efficient risk management.
Promote risk management awareness throughout business units, including joint ventures.
Submit quarterly reports on risk management performance to the Audit Committee and the Board of Directors.
Propose the risk management policy, including risk assessment criteria.

BPP has announced its risk management policy and updated it regularly. The Sustainability and Risk Management Department was established with direct responsibility on coordinating with all departments and driving effective risk management throughout the organization. A mechanism to find out and identify key business risks covering the areas of ESG has been implemented, while the impact likelihoods to stakeholders have been assessed to consider their priorities prior to defining them as an enterprise risks list. The designated individual is tasked with ensuring that risks are maintained within acceptable appetite levels, which involves monitoring the progress of risk mitigation measures and conducting ongoing reviews of risk-related matters.

Moreover, BPP has integrated the principle of risk management into various procedures within the organization to raise awareness on business uncertainties and promote risk management as part of its operations, in preparation for any events arisen in the future. Risk management is also a key factor to review the core materiality and the annual operating plan.

Risk and Crisis Management Mechanisms

For maximum efficiency on risks management, BPP has integrated risk management into its business strategic plan and operations, by applying risk correlation principles to analyze correlations of each risk in both positive and negative aspects. In addition, key risk issues have been used for assessing core sustainability materiality to manage such risks.

BPP’s risk management process begins with defining objectives according to the business plan and allocating them to the business unit level. To identify risks, the operational level employees who have knowledge and expertise in each business unit will determine operational risks under his/her areas in detail. The likelihood and impacts of such risks will be assessed along with preparing practice guidelines to mitigate risks possibly arising. Then, the risk management results will be reported to his/ her supervisors and risk management manager to gather each business unit’s risks before submitting them to the Sustainability and Risk Management Department where all business unit risks are compiled into the enterprise–level risk report. The enterprise risk report will be quarterly presented to the Risk Management Committee, the Audit Committee, and the Executive Committee.

Additionally, the Risk Management Department will report the ESG associated risks to the ESG Committee to acknowledge and govern ESG risks.

BPP has thoroughly assessed risks related to new business investments, both on investment returns and ESG issues of each new project. The risks assessment result and risks mitigation plan will be presented to the Investment Committee to ensure that risks related to BPP’s investments be assessed and managed properly.

Performance

Presently, the risk management systems cover all BPP businesses, including projects under development. The Key Risk Indicators (KRIs) have been identified, while the risk appetite principles have been incorporated into BPP’s risk assessment and management. The results have been reported to the Risk Management Committee and the Audit Committee quarterly to mitigate risks efficiently, covering ESG aspects.

BPP has also employed risk management systems covering all its business units. The risks management operations have risen in alignment with BPP’s increased investments with the following results.

100% implementation of risk management systems across all business units.
98% coverage of risk management systems related to ESG issues.
Organized AI Governance and Risk Management training for BPP management and staff.
The Internal Audit department conducted a review of the risk management system, identifying no significant deficiencies during the audit process. All recommended improvements were completed by 2025.
Organized a training workshop to review the risk management reporting process of the business group in the U.S.
Arranged Just Energy Transition seminar for BPP’s Board of Directors, executives, and employees.
Reviewed the 2025 corruption risk assessment reports from each asset.
Raising awareness related to risks and sustainability by summarizing business news and changes occurring around the world and communicating such news and movements to executives and employees every month.

Key Activities and Projects

1. Emerging Risks

At the end of 2025, an amalgamation plan between Banpu Public Company Limited and BPP was announced. This restructuring is designed to create long-term business opportunities by strengthening the organizational structure, enhancing competitiveness, and maximizing value for all stakeholders. However, the amalgamation also exposes BPP to new and evolving risks i.e.

1. Compliance Risk in the Amalgamation Process

The amalgamation process is inherently complex and involves multiple functions, including legal, financial, regulatory, and disclosure matters. If the process is not managed with transparency and fairness, or if there is any failure to comply with applicable laws, stock exchange rules, and requirements of relevant regulatory authorities, it may result in legal sanctions, delays in the amalgamation process, and a loss of stakeholder confidence. Consequently, BPP places strong emphasis on governance and has established the following measures to prevent and mitigate such risks:

Develop an amalgamation plan and procedures in compliance with applicable laws, stock exchange regulations, and regulatory requirements, and monitor implementation closely.
Review and control disclosure processes to ensure all information is accurate, complete, and timely, in line with good corporate governance principles, and to reinforce stakeholder confidence.
Regularly report on the progress of the amalgamation and key issues to the Board of Directors and senior management to enable effective oversight and timely decision-making.
Maintain consistent and transparent communication with stakeholders to promote understanding and sustain trust.

2. Business Continuity and Transition Management Risk

While the amalgamation strengthens competitiveness and supports long-term sustainable growth, the associated restructuring of organizational processes can pose risks to business continuity. If the transition is not managed seamlessly, it could lead to operational delays or disruptions. To mitigate these risks, BPP has implemented the following measures:

Enhance Business Continuity Plans (BCPs) to specifically address amalgamation-related scenarios, ensuring operational stability and maintaining long-term stakeholder confidence.
Continuously monitor and evaluate the readiness of critical systems and departments for business operations.

3. Human Resources and Corporate Culture Risk

Amalgamations often involve restructuring management structures, roles, responsibilities, reporting lines, and internal governance approaches. These changes may create role ambiguity, overlapping management responsibilities, and cultural differences, potentially affecting employee morale and engagement. Without effective change management, these factors could hinder operational efficiency, knowledge transfer, and the retention of key talent, impacting the Group’s long-term growth and capability. Accordingly, the Company continues to prioritize preparedness and mitigation through the following actions:

Maintain continuous and transparent internal communication to create an understanding of changes in management structures, work processes, and shared organizational goals, both at the corporate level and within affected departments.
Review and design a clear organizational structure to minimize redundancies and align roles with the strategic direction of the post-amalgamation entity.
Foster a corporate culture that prioritizes collaboration, transparency, and employee involvement to strengthen morale and engagement across the newly integrated organization.
Regularly monitor and evaluate management impacts and employee engagement levels to adapt management approaches in line with the evolving organizational context.

4. Risk in Business Value Creation from the Amalgamation

The amalgamation is intended to drive long-term business value by centralizing expertise and optimizing resource allocation across both organizations. However, there is a risk that the transition may not fully realize the anticipated synergies or strategic returns. This could result from higher-than-anticipated amalgamation costs or challenges in realigning management structures, operational systems, and organizational cultures. Any failure to meet these strategic goals or fulfill stakeholder expectations could adversely impact financial performance and diminish investor confidence. Recognizing these potential impacts, BPP has implemented the following measures to mitigate associated risks:

Regularly monitor and evaluate synergy realization and value creation to facilitate timely strategic adjustments.
Rigorously review the investment, operational, and financial risks associated with the amalgamation.
Maintain transparent communication to all stakeholders regarding the progress and outcomes of the amalgamation.

2. Seminar on ESG Risks and Opportunities Related to the Just Energy Transition

Document Download

Banpu’s Group Information and Cybersecurity Policy

Appointment of Banpu Group’s Global Information Security Officer (GISO)

Risk Management Committee Charter

Risk Management Policy

Risk Appetite Policy