Risk management


The Group’s governance model is in line with best risk management practices and envisages:

In view of the nature of its operations, Enel adopts a six-category classification of the risks to which it is exposed: Strategic, Financial, Operational, Governance & Culture, Digital Technology, and Compliance.
Risks are defined in a risk catalog that serves as a reference for all areas of the Group and for all the units involved in management and monitoring processes. The adoption of a common language facilitates the mapping and comprehensive representation of risks within the Group, thus facilitating the identification of those that impact Group processes and the roles of the organizational units involved in their management.
The most significant categories of risk in relation to the impacts on the Group are described as follows.

Category Risk Definition

Legislative and regulatory developments


Macroeconomic and geopolitical trends


Climate change


Competitive environment

Possible effects from unfavorable legislative/regulatory changes.


Potential effects of a deterioration of global economic and geopolitical conditions as a result of economic, flnancial or political crises.


Possible impacts of slow or inadequate responses to environmental and climate change.


Potential impacts of a weakening of competitive positioning in markets.

Interest rate




Currency risk


Credit and



Potential impact of adverse fluctuations in interest rates.


Impacts due to greater volatility in commodity prices or a lack of demand or availability of raw materials.


Impact of adverse changes in exchange rates.


Effect of a deterioration in creditworthiness, breach of contract or excessively concentrated exposures.


Potential impact of short-term financial tensions.

IT effectiveness


Cyber security





Potential impact of ineffective IT systems support for business processes and operational activities.


Potential impact of cyber attacks and the theft of sensitive company and customer data.


Organizational and operational impact on business processes with potential increase in costs due to inadequate level of digitalization.


Possible impact of exposure of IT/OT systems to service interruptions and data loss.

Health and safety




logistics & supply chain


and Organization

Potential impact on the health and safety of employees and other parties involved as a result a violation of health and safety laws.


Significant impact on the quality of the environment and the ecosystems involved as a result of a violation of environmental laws.


Potential effects of ineffective procurement or contract management activities.


Impact attributable to inadequate organizational structures or lack of internal skills.

Data protection Impact of violations of applicable data protection and privacy laws.

The Group also adopts a Risk Appetite Framework in order to enable the implementation – for each risk and with an integrated approach – the appropriate management and control arrangements, as well as development and updating (metrics and models for measuring risks).
To effectively manage these risks, Enel has adopted an internal control and risk management system (the ICRMS), which is periodically updated. It strengthens the Group’s awareness of its risk profile, identifying any opportunities it may offer, and supports management in the decision-making process to create value in a constantly evolving external environment. This system is the set of rules, procedures, and organizational structures aimed at identifying, measuring, monitoring and managing the main risks applicable to the Group.

In this context, the Board of Directors plays a guiding and coordinating role for risk management, ensuring, at every level of the Group, the adoption of decisions that are informed, structured and consistent with the nature and level of risks. To this end, the Board of Directors includes in its assessments all the risks, including those related to climate change, that may be relevant in any way, comprising opportunities in the context of business sustainability in the medium/long term, thus ensuring the compatibility of company operations with strategic objectives.
The Board draws on the expertise of the Control and Risk Committee, which issues prior opinions on a variety of matters, including the guidelines of the ICRMS.
The Group also has specific internal committees composed of senior management personnel that are responsible for governing and overseeing the identification, management, monitoring and control of the main risks, taking due account of the specific operations of each Business Line and their underlying processes in order to assess the potential impacts and opportunities. Finally, the internal committees ensure that the risk governance policy evolves in line with business dynamics and the applicable regulatory context.
With regard to the COVID-19 pandemic, the actions taken in recent years by the Group to increase its resilience to such a scenario can leverage a sound financial position, geographical diversification and an integrated business model capable of mitigating and addressing unforeseen events and their potential effects with mitigation actions and contingency plans.

The following discusses the main types of risks and opportunities facing the Group.