Risk management

The Red Eléctrica Group has a risk policy that sets out the directives and guidelines for ensuring that material risks, which could affect the objectives and activities of the Red Eléctrica Group, are systematically identified, analysed and controlled with uniform criteria and within the established risk limits.

To this end, it has a risk management system covering both the risks of internal processes and those related to the environment in which the Company's activities are carried out. The system complies with the ISO 31000 Standard on the principles and guidelines regarding risk management. Additionally, Red Eléctrica has in place two specific systems, one for internal control over financial reporting (based on the US Sarbanes-Oxley) and another for internal control over operational activities (based on the SSAE 16 standard). These systems are subject to periodic internal and external audits.

The most relevant risks to which the Red Eléctrica Group is subject and that are integrated into the risk management system are the following:

  1. Regulatory: due to the fact that the core activities of the Group are subject to regulation.
  2. Operational: derived fundamentally from the activities entrusted to it as operator of the Spanish electricity system, including those related to cybersecurity. The critical nature of the functions carried out by Company means that if this type of risk were to occur, it could have widespread social and economic impact.

In addition to the specific risks indicated above, the Red Eléctrica Group faces other risks that are commonly associated to carrying out economic and business activities, and which include:

  1. Financial and counterparty risks. These are financial risk, market risk and those related to the non-fulfilment of counterparties of their contractual obligations. This risk category also encompasses the following: the increased cost of equipment and raw materials, the increased interest rate and changes in the currency exchange rate, the conditions of access to financial markets and the coverage of claims and accidents.
  2. Other risks. These are risks arising from the relevance of other businesses conducted by the Red Eléctrica Group. This risk category encompasses risks related to the telecommunications business and which are associated with the management, operation and leasing of dark fibre networks, as well as those risks related to its international business, specifically those activities carried out by the Group through its subsidiaries abroad.


Comprehensive Risk Management Policy

The Board of Directors is responsible for the approval of the comprehensive risk management policy as well as for having full knowledge of the internal control, prevention and information systems and for the regular monitoring of these systems. Twice a year, the Board proceeds to review material risks and the risk control system, independent of the information that it regularly receives from the Audit Committee as part of the monitoring framework the Committee continually performs.