According to BPP’s risk assessment, it was found that there are emerging risks or existing risks having significant changes in three categories as follows:

Climate Change Risks

Climate change is an environmental issue on which the international community has placed great concerns as can be seen in various activities organized.  In the 26^th session of the United Nations Framework Convention on Climate Change (COP26) meeting, the measures to reduce greenhouse gas (GHG) emissions have been set. In addition, investors and financial institutions consider managing risks and opportunities resulted from climate change as one of their investment factors.  BPP, therefore, has implemented measures to control and reduce the impacts caused by climate change as following:

• Operating businesses under Banpu Group’s Greener & Smarter strategy by focusing on utilizing advanced technology for a power generation process.
• Reducing GHG emissions in all business units, targeting to have GHG emission intensity not exceeding 0.676 tonnes CO₂e/MWh.
• Increasing investment proportions in renewable power plants and energy technology through an investment in Banpu NEXT.
• Raising investment proportions in thermal power plants using clean and environmentally-friendly technology with low GHG emissions intensity, such as the power plants employing the ultra-supercritical technology, the integrated gasification combined cycle (IGCC) and the combined cycle gas turbines (CCGT), etc.
• Conducting a study on developing plans and disclosing financial information following the Task Force on Climate-related Financial Disclosures (TCFD) to assess climate change impacts and risks management, expected to implement and disclose information by the year Currently, BPP is assessing the financial impacts and opportunities in the power plants generating core incomes to the company as the first priority, including the three CHP plants in China, BLCP Power Plant, and HPC Power Plant. The study found that these power plants have marginal financial impacts because they were designed to accommodate physical changes possibly arisen from a rise of sea levels. More importantly, they can manage the coal prices specified in a long-term power purchase agreement and control the GHG emission intensity in a level specifed by laws. However, there may be the financial implications raising their costs, such as changes in legislation related to climate change, an increase in insurance costs and water prices, etc.

Risks Related to Cyber Security and Personal Data Protection

Cyber ​​threats are on the rise. They are made in various forms and causing widespread impacts. BPP is well aware of and recognizes the importance of preventive actions and impacts reductions.  The company, therefore, has carried out major activities as follows:

• Defining the information and cyber ​​security policies with references to the ISO 27001 and ISO 27701 standards. Moreover, a global information security officer (GISO) has been appointed to oversee relevant operations and implementation in accordance to improvement plans.
• Setting up a data privacy policy, announcing a privacy notice, and appointing a data protection officer (DPO) to supervise related operations.
• Raising employees’ awareness about the cyber threats, including practical and preventive measures such as communicating to employees at the meetings, and through phishing emails to raise their awareness, etc.
• Annually conducting the exercise to practice dealing with the cyberattack threats and to recover the information system in order to cope with the event in a timely manner and reduce the impacts and damage possibly affecting BPP’s operations.
• Conducting a crisis communication exercise by simulating scenarios associated with critical data leakages resulted from cybersecurity threats.
• Endorsed by the ISO 27001 Information Security Management Systems (ISMS) certification, inclusion of countermeasures and action plans in the event of a cyberattacks.

Technology Disruption Risk

A transition in energy technology such as micro grid system, renewable energy system, energy storage system, and big data system, etc., has resulted in the consumer’s energy consumption behaviors, including related regulations focusing more on clean energy technologies and a reduction of their dependency on the centralized transmission systems. This has caused changes in the nature of electricity demand in many countries, including Thailand. In response to such risks, BPP is collaborating with Banpu Group to increase business opportunities in renewable energy and energy technology, including the separation and grouping of businesses under Banpu Group to be clear and agile. The objective is to research data for developing into products in the future in addition to building upon a development of existing projects. This includes considering the possibility to restructure the organization to be aligned with business strategies, and to enhance the future competitive advantages through an investment in Banpu NEXT, focusing on renewable energy generation, energy technology, and smart energy utilization.

BPP has placed great importance on and aimed to create an understanding about the effective management of risks related to climate change. The company, therefore, has set a strategic direction to create the sustainable growth and improve the risks and opportunities associated with climate change, aligned with the Financial Disclosure Framework relevant to the Task Force on Climate-related Financial Disclosures (TCFD) conditions.  The online forum entitled Enterprise Risk Management Forum 2021: Energy Transition to Net Zero was organized by inviting speakers from the leading international consulting firm to provide knowledge to participants who were the Board of Directors and involved employees.

In October last year, BPP organized the board retreat with an aim to plan and determine the company’s strategic directions, including opportunities and risks involved with emerging technologies.  In addition, a lecture was given to the Board of Directors on the topic of Pathway to Net Zero emissions by 2050 with the following contents:

• Outcomes of the Paris Agreement
• Upcoming discussions at the 26^th COP, a net zero emissions commitment from foreign countries and leading companies worldwide, energy supply and transformation by the year 2050, according to the IEA report.
• A current status and a future of the company

In addition, a training session on Cybersecurity Update and Awareness was held to the Board of Directors in November last year. The lecture’s contents were as follows.

• Cybersecurity technology trends
• Emerging risks management in the year 2022
• A progress of data security and privacy protection operations
• The company’s overall readiness to fight against cyber ​​threats and a compliance to cyber regulations.
• Lessons learned from the “Colonial Pipeline Cyber-attack” case.