Legal compliance is a fundamental principle to which BPP has adhered in operating its businesses. It is also a major challenge for the company since it has operated business in many countries where regulations are different and changing rapidly nowadays. This includes laws and policies relating to climate change and air quality improvement in large cities, which is an important driving force in the rapid change of environmental laws in the power industry. Respectively, if BPP cannot adapt itself promptly, it would affect the company’s business operations.
BPP’s business operations are involved with various laws and regulations the company must fully comply with, such as the environmental and safety laws, the labor laws, the trade and investment laws, the security and exchange regulations as well as various permits, etc. This also includes running businesses by adhering to business ethics, for example, anti-corruption, fair competition, human rights principle, and non-discrimination. Thus, a failure to comply with these laws will affect the company’s sustainable business operations.
To prevent risks possibly having a severe impact on business operations, and to create confidence among all groups of stakeholders that BPP has been operating its businesses in accordance with laws and regulations, the company has established the Internal Audit and Corporate Compliance as a major force to coordinate and monitor legal compliance with two main duties, including:
- The Corporate Compliance is responsible for promoting, monitoring and auditing operational performances in accordance with laws and external regulations.
- The Internal Audit is responsible for assessment of internal control systems including a compliance with policies, regulations and operational practice guidelines within the organization.
Auditing of Internal Control System and Compliance with Policies and Regulations Within the Organization
To ensure that all departments have operated in compliance with policies, laws, regulations and operational practice guidelines, BPP has frequently examined the operational performance and internal control systems within the organization and its subsidiary companies, covering major legal and regulatory compliance. The company’s internal audit has been conducted based on the framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), consisting of five areas. These include internal control, risks assessment, operational control, information and communication technology system, as well as monitoring system.
Additionally, BPP has established the Internal Audit Department as an independent body, with a duty to evaluate adequacy and efficiency of the internal control system as well as corporate compliance. It is reporting directly to the Audit Committee and the Board of Directors.
Monitoring of Environmental Quality, Safety and Labors Required by Laws
BPP has set up a system to monitor environmental qualities required by legislation and has monitored the possibility of changes related to laws in order to adjust itself promptly through a follow up of the central corporate compliance and internal departments among its business units. This is one of the requirements of the quality, safety, and environmental management system. Besides, the operating performances in the areas have also been regularly audited via following methodologies:
- Internal audits conducted through the company’s measurement systems, such as the continuous emission monitoring (CEM) and the water quality monitoring system, etc.
- Inspections by external agencies, such as examining water and air quality by external agencies, auditing the implementation of environmental impact mitigation measures in accordance with the environmental impact assessment (EIA) report, and the audits of environment and workplace safety, etc.
Quality Assurance Review (QAR)
BPP in collaboration with Banpu Group has assigned all supporting units under the supervision of Corporate Services Department, namely Health, Safety, Environment and Community Engagement (HSEC) Department, Information Technology Department, Legal Department, Procurement and General Administration Department as well as Business Process Management Department, to assess operational qualities and legal compliance. The QAR working group from Bangkok Office has been set up to inspect the operational performances of subsidiaries in each country. Meanwhile, the QAR working group of each subsidiary will conduct a regular review on all business units located in that country at least once a year. In the year 2021, the review benchmarks were revised to be in line with the international standards. In addition, remote audits in the form of self-examination and interviews, as well as remote evidence verification were used during the COVID-19 epidemic.
BPP has deployed the standardized criteria for reviewing the legal compliance quality to suit its business operations, covering five dimensions.
Operational Audits by the International Certified Body
BPP has continuously applied the international standards to its operational management in order to improve the operational standards and create confidence among all groups of stakeholders. Thus, the company has implemented the internationally recognized operating standard systems in its business units’ operations in order to create internal control and continual development, namely the ISO 9001 Quality Management System Standard, the ISO 14001 Environmental Management System Standard, the ISO 45001 Occupational Health and Safety Management System, the ISO 22301 Business Continuity Management Standard, and the ISO 27001 Information Security Management System. The legal compliance is part of the requirements for operating in accordance to these systems.
Legal Compliance Audits at Joint Venture Companies
Due to its no direct management control in the joint venture companies, BPP has cooperated with the business partners who have invested in that business to inspect the legal operation and internal management at least once a year. Moreover, the monitoring is required to be run through the risk reports covering legal compliance at least once a month.
Compliance Audits in Key Suppliers
BPP has audited legal compliance of suppliers who sell key products and services to the company, such as maintenance and operation contractors, engineering and construction contractors, by stipulating in the selection and hiring conditions. An inspection on suppliers when operating, has been carried out; and if finding any defects, the company will work with supplies in laying out corrective actions in accordance with the laws and best practices. This is considered as part of the company’s management system standards.
- Operating in accordance with the internal audit and compliance systems covering all business units where the company has management control.
- Conducting the internal audits and compliance assessments among the joint venture companies as well follow up deficiency resolutions in accordance with the common standards with partners.
- No significant incidents involved with non-legal compliance both in the businesses the company has direct management control, joint venture companies, and suppliers operating in the areas.
Key Activities and Projects
Thailand announced the Personal Data Protection Act of 2019 or Personal Data Protection Act (PDPA), which is a central legislation providing personal data protection in accordance with the international standards, and established appropriate remedial measures for data subjects from breaches.
During the 2020 – 2021, Banpu Group has set up a Personal Data Protection Working Group to be responsible for preparing personal data protection standards in accordance with the Thai and international laws. In addition, BPP is planning to scale up the appointment of working groups in countries where personal data protection laws have been promulgated.
The Personal Data Protection Working Group conducts communication to raise awareness and understanding of personal data protection laws and help all employees to operate properly in accordance with the legislation to avoid risks arising in the organization through various channels. On 10 May, 2021, the PDPA Virtual Sharing for All Employees session was organized by inviting speakers who were experts from Tilleke & Gibbins to provide knowledge and answer questions to the Board of Directors, executives and employees.
On 3 – 5 August, 2021, BPP, together with Banpu Group, organized the annual Compliance Summit, with an aim to present, exchange, and review corporate risk management and legal and regulatory risks management so that relevant agencies in every country are able to use knowledge gained from the session to plan for operation implementation. Furthermore, the company has also managed and controlled its internal business risks appropriately, ensuring that the company be operating in accordance with all laws and regulations completely.