Our aim is to provide greater certainty and confidence in the achievement of Company objectives to shareholders, customers, employees and other stakeholders, through the anticipation, management, and control, as far as practicable, of the risks to which the Group is exposed, with an overall vision.
- Implementing an Enterprise Risk Management System in line with international reference standards and guided by the following principles:
- Leadership of Management, who will provide the necessary resources and ensure that the organization works in accordance with these principles.
- Integration in management processes, especially those related to strategy and planning.
- Differentiated responsibility for the units and bodies involved, based on the model of “three lines of defence”.
- Comprehensive and harmonized management, so that all risks are managed through a common process for identification, evaluation and treatment, as defined in norm ISO 31000, in order to maintain them at levels tolerated by the Company.
- Continuous improvement through periodic reviews of the management framework.
- Maintaining a risk profile in line with a medium-low risk tolerance appropriate for the business model of a global and integrated energy company, present throughout the value chain and that carries out its operations in a diversified fashion. This commitment combines both quantitative and qualitative elements and is based on the following criteria and principles, inherent to its strategy, culture, and values:
- Actively managing most strategic, operational, and financial risks inherent to our activity, maintaining them within the tolerance thresholds and objectives defined. These include, among others, financial risks related to liquidity, markets, rating, and counterparties. Specifically, for risks of a tax nature, reconciling responsible compliance with tax obligations with the commitment of creating value for shareholders through the efficient management of tax costs and benefits.
- Avoiding, transferring, and/or mitigating risks related to health, safety, environment, security, ethics and conduct, compliance (including tax compliance), and reputation and image, which the Group unequivocally rejects, minimizing in any case and by all means the probability of their occurrence and/or associated impact through the necessary procedures, resources and tools implemented for this purpose.
- Informing transparently of the risk control systems, the main risks faced by the Group or that could affect the achievement of its Business targets, as well as of the tolerance levels.
- Retaining high-probability low-impact risks and transferring them to third parties through the adoption of a framework for retention and transfer that shall materialize by means of insurance contracts or other coverage measures.
All Repsol employees are responsible for complying with this policy.
This policy was approved by the Board of Directors of Repsol, S. A. on March 29th, 2017, and subsequently amended on February 17th, 2021.