Risk management is an important factor Banpu Power has used for operating its businesses to grow stably and sustainably in both investments and project constructions as well as productions to meet the targets set. Currently, emerging risks relating to changes in business, environment, society, corporate governance, and stakeholder expectations are arising very quickly. Therefore, the Company needs to be vigilant in order to adapt itself to the risks arisen.
The risk management of Banpu Power is under supervision of the Board of Directors through the Audit Committee. The Risk Management Committee (RMC) has been set up with the roles to manage stakeholders and improve the risk management responsibilities at operational levels. The RMC consists of the chief executive officer (CEO) and senior management whose duties are as follow:
- Assessing and managing risks to mitigate any risk effects on the operational performance of Banpu Power
- Lending supports relating to policies in order to help mitigate risks efficiently and to create awareness on any risks arisen from the activities implemented by Banpu Power
- Supporting internal and external resources necessary for managing risks efficiently.
Banpu Power has declared the risk management policy with regular updates. A direct responsibility unit was established to coordinate with all departments to drive the effective risk management throughout the organization. A mechanism for finding and identifying key business risks covering the areas of environment, social, and corporate governance has been used in the annual corporate strategy development procedure. This is in line with the strategic direction of Banpu Power and related to the context of corporate sustainability management. The likelihoods and impacts on stakeholders have been assessed in order to consider priorities prior to defining them as a list of organizational risks and assigning the responsible persons to mitigate risks to be at the level accepted by the organization. Moreover, a progress of risks management has been regularly monitored while risk issues have been continuously reviewed. Additionally, Banpu Power has integrated risk management principles into various procedures within the organization so as to raise awareness on business uncertainty and promote risk management as part of its operations in preparation for the events arisen in the future.
As for managing risks relating to business interruptions, the RMC meetings have been convened to monitor such risks and risks management results according to the risk mitigation plan. The risk management system review has been reported to the Internal Audit Committee and the Board of Directors on a quarterly basis.
To maximize the efficiency of risk management, Banpu Power has integrated risk management into its business plan, giving high attention to value creation for the company and its stakeholders. Consequently, the risk correlation principle has been used to analyze correlations of each risk in both positive and negative aspects. The risk management process of Banpu Power starts with defining objectives according to the business plan and allocating them into the business units, departments, and sections. The likelihood and impacts of such risks have been assessed along with preparing practice guidelines to mitigate risks possibly arisen. The risk management process also includes reporting the results to commander-in -chief and supervisors as well as monitoring the progress on an ongoing basis.
Over the past several years, the results of integrating risk management with the business plan of Banpu Power have been able to further enhance the company’s operational strategies. Besides other committees involved with risk management such as the financial management committee meeting to monitor financial risks has been convened every month, etc.
- Deploying a risk management system covering all business units equivalent to 100%.
- Coverage ratio of risk management system associated with ESG issues was 94%.
Key Activities and Projects
According to BPP’s risk assessment, it was found that there are emerging risks or existing risks having significant changes in three categories as follows:
Climate Change Risks
Climate change is an environmental issue on which the international community has placed great concerns as can be seen in various activities organized. In the 26th session of the United Nations Framework Convention on Climate Change (COP26) meeting, the measures to reduce greenhouse gas (GHG) emissions have been set. In addition, investors and financial institutions consider managing risks and opportunities resulted from climate change as one of their investment factors. BPP, therefore, has implemented measures to control and reduce the impacts caused by climate change as following:
- Operating businesses under Banpu Group’s Greener & Smarter strategy by focusing on utilizing advanced technology for a power generation process.
- Reducing GHG emissions in all business units, targeting to have GHG emission intensity not exceeding 0.676 tonnes CO2e/MWh.
- Increasing investment proportions in renewable power plants and energy technology through an investment in Banpu NEXT.
- Raising investment proportions in thermal power plants using clean and environmentally-friendly technology with low GHG emissions intensity, such as the power plants employing the ultra-supercritical technology, the integrated gasification combined cycle (IGCC) and the combined cycle gas turbines (CCGT), etc.
- Conducting a study on developing plans and disclosing financial information following the Task Force on Climate-related Financial Disclosures (TCFD) to assess climate change impacts and risks management, expected to implement and disclose information by the year Currently, BPP is assessing the financial impacts and opportunities in the power plants generating core incomes to the company as the first priority, including the three CHP plants in China, BLCP Power Plant, and HPC Power Plant. The study found that these power plants have marginal financial impacts because they were designed to accommodate physical changes possibly arisen from a rise of sea levels. More importantly, they can manage the coal prices specified in a long-term power purchase agreement and control the GHG emission intensity in a level specifed by laws. However, there may be the financial implications raising their costs, such as changes in legislation related to climate change, an increase in insurance costs and water prices, etc.
Risks Related to Cyber Security and Personal Data Protection
Cyber threats are on the rise. They are made in various forms and causing widespread impacts. BPP is well aware of and recognizes the importance of preventive actions and impacts reductions. The company, therefore, has carried out major activities as follows:
- Defining the information and cyber security policies with references to the ISO 27001 and ISO 27701 standards. Moreover, a global information security officer (GISO) has been appointed to oversee relevant operations and implementation in accordance to improvement plans.
- Raising employees’ awareness about the cyber threats, including practical and preventive measures such as communicating to employees at the meetings, and through phishing emails to raise their awareness, etc.
- Annually conducting the exercise to practice dealing with the cyberattack threats and to recover the information system in order to cope with the event in a timely manner and reduce the impacts and damage possibly affecting BPP’s operations.
- Conducting a crisis communication exercise by simulating scenarios associated with critical data leakages resulted from cybersecurity threats.
- Endorsed by the ISO 27001 Information Security Management Systems (ISMS) certification, inclusion of countermeasures and action plans in the event of a cyberattacks.
Technology Disruption Risk
A transition in energy technology such as micro grid system, renewable energy system, energy storage system, and big data system, etc., has resulted in the consumer’s energy consumption behaviors, including related regulations focusing more on clean energy technologies and a reduction of their dependency on the centralized transmission systems. This has caused changes in the nature of electricity demand in many countries, including Thailand. In response to such risks, BPP is collaborating with Banpu Group to increase business opportunities in renewable energy and energy technology, including the separation and grouping of businesses under Banpu Group to be clear and agile. The objective is to research data for developing into products in the future in addition to building upon a development of existing projects. This includes considering the possibility to restructure the organization to be aligned with business strategies, and to enhance the future competitive advantages through an investment in Banpu NEXT, focusing on renewable energy generation, energy technology, and smart energy utilization.
BPP has placed great importance on and aimed to create an understanding about the effective management of risks related to climate change. The company, therefore, has set a strategic direction to create the sustainable growth and improve the risks and opportunities associated with climate change, aligned with the Financial Disclosure Framework relevant to the Task Force on Climate-related Financial Disclosures (TCFD) conditions. The online forum entitled Enterprise Risk Management Forum 2021: Energy Transition to Net Zero was organized by inviting speakers from the leading international consulting firm to provide knowledge to participants who were the Board of Directors and involved employees.
In October last year, BPP organized the board retreat with an aim to plan and determine the company’s strategic directions, including opportunities and risks involved with emerging technologies. In addition, a lecture was given to the Board of Directors on the topic of Pathway to Net Zero emissions by 2050 with the following contents:
- Outcomes of the Paris Agreement
- Upcoming discussions at the 26th COP, a net zero emissions commitment from foreign countries and leading companies worldwide, energy supply and transformation by the year 2050, according to the IEA report.
- A current status and a future of the company
In addition, a training session on Cybersecurity Update and Awareness was held to the Board of Directors in November last year. The lecture’s contents were as follows.
- Cybersecurity technology trends
- Emerging risks management in the year 2022
- A progress of data security and privacy protection operations
- The company’s overall readiness to fight against cyber threats and a compliance to cyber regulations.
- Lessons learned from the “Colonial Pipeline Cyber-attack” case.
Information and Cyber Security Policy
Appointment of Banpu Group’s Global Information Security Officer (GISO)