The Enel Group adopts a risk governance model supported by pillars and a consistent taxonomy of risks for the Company. Enel Americas' risk governance is based on a structured and formalized set of bodies that are periodically defined and updated based on the evolution of their business, the international risk management standard ISO 31000:2018, and best practices in the field.


Risks are defined in a risk catalog that serves as a reference for all areas of the Enel Group and for all units involved in management and monitoring processes. The adoption of a common language facilitates the comprehensive mapping and representation of risks within the Group, allowing for the identification of those that impact the Group's processes and the roles of the organizational units involved in their management.


The categories are:



The subcategories are divided as follows:




Climate Change:

Risk associated with untimely or inadequate strategic and operational initiatives for climate change adaptation and mitigation.


Competitive Environment:

Risk associated with the evolution of market trends that may affect the Group's competitive position in markets, growth, and profitability.



Risk associated with inadequate technological exploration, erroneous or incomplete analysis of uncertainty, complexity, and feasibility of innovative projects.


Legislative and Regulatory Development:

Risk associated with adverse developments in the legislative or regulatory environment that are not promptly identified, assessed, or managed.


Strategic Planning and Capital Allocation:

Risk associated with the deterioration of global economic and geopolitical conditions related to economic, financial, political, social, or macroeconomic crises.


Planejamento estratégico e alocação de capital:

Risk associated with scenarios that do not capture emerging trends, compromising the timely implementation of mitigation actions.



Governance and Culture:


Corporate Culture and Ethics:

Risk associated with the inadequate integration of the Group's ethics, diversity, and equal opportunity principles into business processes and activities.


Corporate Governance:

Risk associated with ineffective corporate governance rules and/or lack of integrity and transparency in decision-making processes.



Risk of ineffective engagement with key stakeholders in Enel's strategic positioning in terms of sustainability and financial objectives, with possible adverse effects on its reputation and competitiveness.



Digital Technology:


IT Effectiveness:

Risk associated with ineffective IT system support for business processes and operational activities.



Risk derived from cyberattacks and theft of sensitive company and customer data attributable to network, operating system, and database security lapses.



Risk of inefficient business processes and higher operational costs associated with a lack of workflow digitization, system integration, and adoption of new technologies.


Service Continuity:

Risk associated with the exposure of IT/OT systems to service interruptions and data loss.





Capital Structure Adequacy and Access to Financing:

Risk that the Group's debt-to-equity ratio or mix of short- and long-term debt is not suitable to support financial flexibility, enable easy access to financing sources, or achieve loan cost targets.


Interest Rate:

Risk associated with adverse fluctuations in interest rates affecting financial expenses or the fair value measurement of sensitive financial assets and liabilities.



Risk associated with adverse trends in commodity markets, price volatility, or a lack of demand for raw materials and natural resources.


Exchange Rate:

Risk associated with adverse fluctuations in exchange rates affecting costs and revenues denominated in foreign currency, fair value measurement of sensitive financial assets and liabilities, and consolidation of subsidiaries with different functional currencies.


Credit and Counterparty:

Risk associated with non-compliance with contractual payment and delivery obligations, deterioration in credit quality, significant exposure to a single counterparty or counterparties operating in the same sector or geographic area.



Potential impact associated with the inability to meet short-term financial commitments promptly, except under unfavorable economic conditions, or the inability to liquidate assets in financial markets in the presence of restrictions on asset disposal.





Asset Protection:

Risk associated with ineffective safeguards for the Group's physical assets (theft, embezzlement, mismanagement) and financial assets (insurance, legal guarantees).


Business Interruption:

Risk associated with partial or total disruption of operations due to technical failures, breakdowns, human error, sabotage, unavailability of raw materials, or adverse weather events.


Customer Needs and Satisfaction:

Risk associated with failing to meet customer expectations and needs in terms of quality, accessibility, sustainability, and innovation.



Risk of significant impacts on environmental quality and ecosystems resulting from non-compliance with environmental standards.


Health and Safety:

Risk of potential impacts on the health and safety of employees and other stakeholders due to non-compliance with health and safety regulations.


Intellectual Property:

Risk associated with the violation or fraudulent use of the Group's intellectual property rights.


People and Organization:

Risk of impacts on organizational structures or internal personnel competencies associated with ineffective recruitment, training, and incentive processes.


Process Efficiency:

Risk associated with inadequate management and monitoring of operational processes and activities.


Procurement, Logistics, and Supply Chain:

Risk of potential effects associated with inadequate procurement or contract management activities.


Service Quality Management:

Risk associated with the inability of third parties/internal service providers to meet agreed-upon service standards.





Accounting Compliance:

Risk of potential impacts associated with violations of national and international accounting laws and regulations resulting from incorrect application and/or interpretation of international accounting standards adopted by the Group.


Compliance with Antitrust and Consumer Rights Laws:

Risk associated with violations of antitrust laws and regulations and consumer rights regulations.



Risk of adverse impacts associated with intentional misconduct or corruption by individuals inside or outside the Group to gain an unfair or illegal advantage.


Personal Data Protection:

Risk associated with non-compliance with applicable data protection and privacy laws.


External Disclosure:

Risk associated with the disclosure of reports, accounting documents, communications, or other notices containing incorrect, inaccurate, or incomplete information.


Financial Regulatory Compliance:

Risk associated with violations of international or national financial laws and regulations.


Compliance with Other Laws and Regulations:

Risk associated with non-compliance with other international, national, or local laws and regulations not described above (e.g., those governing electricity markets, distribution, production, competitions, authorizations, stock exchanges, and golden power, etc.).





Enel Americas' Risk Control and Management Policy establish the basic principles and overall framework for controlling and managing risks that may affect the achievement of business objectives, ensuring that they are systematically identified, analyzed, assessed, managed, communicated, and controlled within established risk levels. This Policy is reviewed and approved annually by the Enel Americas Board of Directors and represents the set of decisions that determine the acceptable framework for inherent risk levels in the business segments in which the Company operates.


The General Policy for Risk Control and Management is developed and complemented by other risk policies established in relation to specific risks, corporate functions, or businesses of Enel Americas.


The main ones are detailed below:


Guarantee Management Policy:

Establishes guidelines and methodologies to be applied for supplier guarantee management and to ensure effective mitigation of counterparty risk related to the supplier's profile and guarantor.


Commodities Risk Control Policy:

Aims to enable the Company to make decisions and minimize the probability of not achieving strategic results affected by commodity uncertainties (prices, volume, exchange rates).


Credit and Counterparty Risk Control Policy:

Designed to minimize the likelihood of expected results being affected by default or a reduction in the credit quality of a counterparty.


Financial Risk Control Policy:

Seeks to minimize the probability of not achieving commercial and financial strategic results by controlling financial market, financial counterparty, liquidity, and operational risks.


Hedging Policy:

Aims to mitigate the risk of fluctuations in exchange rates, maintaining a balance between flows indexed to US dollars or other facilities, if any, and levels of assets and liabilities in the respective currency.


Climate Change Policy:

Establishes a common framework for the Company to ensure efficiency in managing risks and opportunities associated with climate change, integrating them with key processes and decision-making within the company.