Risk Management
Enel Brasil and its subsidiaries (“Companies”) follow the guidelines of the Internal Control and Risk Management System (‘SCIGR’) defined within Enel SpA (“Enel Group”), which establishes standards for internal control and risk management through specific policies, procedures, systems, and methodologies. These guidelines are applied at different levels within the Companies, covering the processes of identification, analysis, assessment, treatment, monitoring, and communication of the risks that businesses face on an ongoing basis.
The Risk Control Brazil area is responsible for the Companies' risk management process and follows the guidelines of ISO 31000:2018 - Risk Management to identify, analyze, assess, and support risk treatment. Although risk management is decentralized, Risk Control Brazil consolidates and monitors the overall risk profile, in line with the Group's governance principles. The companies adopt the Enel Group's risk governance model.
This model is based on a series of “pillars” and a uniform risk taxonomy, also known as the “Risk Catalog,” which facilitates risk management and consistent representation across all geographic regions and lines of business. The Risk Catalog groups risks into six macro-categories—strategic, financial, operational, compliance, governance and culture, and digital technology—and 38 sub-categories, in line with the Enel Group standard.
The Risk Governance Model
The Enel Group's risk governance model is aligned with national and international best practices in risk management and is based on the following pillars:
 |
1. Lines of defense: the model is structured in three lines of defense for risk management, monitoring, and control activities, in accordance with the principle of segregation of duties. The first line (business and corporate areas – Risk Officers) identifies and manages risks in daily operations and maintains effective internal controls; the second line (Risk Control and other control functions) defines methodologies, monitors limits, and supports mitigation plans; and the third line (Internal Audit) independently assesses the effectiveness of the SCIGR and reports directly to the Boards.
2. Enel Group Risk Committee: created at the executive level and chaired by the Chief Executive Officer of the Enel Group, it is responsible for strategic guidance and oversight of risk management through: (i) analysis of key exposures and risks; (ii) adopting risk policies that define roles and responsibilities for risk management, monitoring, and control, respecting the organizational separation between operational and control functions; (iii) approving operational risk limits and authorizing exceptions when necessary; and (iv) defining risk mitigation strategies and actions.
3. Local Risk Committees: Enel Brasil has a Local Risk Committee, chaired by senior management, responsible for approving and implementing risk policies, analyzing key exposures, monitoring compliance with risk appetite limits and thresholds, and overseeing key mitigation actions. The Committee ensures adequate oversight of the most relevant risks at the local level and meets at least twice a year. Coordination with the Group Risk Committee allows for the timely sharing of information and mitigation strategies with the Group's senior management, as well as the local implementation of Group guidelines.
4. Risk Appetite Framework: defines the tolerable level of risk through an integrated and formalized system of elements that allows for a unified approach to the management, measurement, and control of each risk. It is summarized in the Risk Appetite Statement, which describes the risk strategies and indicators and/or limits applicable to each risk.
5. Risk policies: organizational policies and procedures defined in accordance with specific approval processes involving the relevant commercial and corporate structures, specifying the assignment of responsibilities, coordination mechanisms, and key risk control activities.
6. Reporting system: specific and regular information flows on exposures and risk metrics enable senior management and governing bodies of the Enel Group, Enel Brasil, and its companies to maintain an integrated view of key current and future risk exposures by business line and geographic region. At the Group level, Enel Brasil and its companies use Enel's e-Risk Landscape© data visualization tool, which consolidates risk assessments from different geographic regions and business lines.
Enel Group Risk Catalog
Companies use the Enel Group Risk Catalog as a reference point for all areas involved in risk management and monitoring processes. The adoption of a common language facilitates the mapping and comprehensive representation of risks, allowing the identification of those that affect the processes and functions of the commercial and corporate areas involved in their management.
Risk Control and Management Policy
The Companies' Risk Control and Management Policy establishes the basic principles and general framework for controlling and managing risks that may affect the achievement of business objectives, ensuring that risks are identified, analyzed, assessed, managed, communicated, and controlled within established risk levels. This Policy, reviewed and approved annually by the Companies' Board of Directors, represents the set of decisions that determine the acceptable structure for the risk levels inherent in the lines of business in which the Companies operate and applies to all employees, regardless of the nature of their duties. It also applies to companies in which Enel Brasil directly or indirectly holds 100% of the share capital.
In addition, the Companies have organizational procedures that comprehensively address risk management, complementing other specific policies established for certain risks in corporate functions or business lines. These include limits and indicators that are subsequently monitored, such as the collateral management policy, commodity risk control policy, credit and counterparty risk control policy, financial risk control policy, hedge policy (exchange rate and interest rate), climate change policy, among others.