Main risk types

Due to the nature of its business and the associated distribution of countries and regions, the Enel Group is exposed to various types of Environmental, Social and Governance risk (ESG). In identifying potential risks the results of the priority analysis were considered together with the risk assessments carried out in the framework of the human rights due diligence process carried out by Enel, and the recommendations of external bodies such as the World Economic Forum (WEF) Global Risk Report 2020 and the results of several highly accredited international ESG rating agencies. The analysis takes account of the assessment of the risk perceived by the main external stakeholders, in the absence of checks. Mapping of the risks in question is in line with the approach adopted to identify the main company risks (financial, strategic, governance, operating, digital and compliance), in relation to which continual monitoring is carried out through the Company’s internal auditing process.
In particular, the main ESG risks identified are as follows.


Environmental dimension:

Climate risks

Physical risks arising from climate change could cause damage to assets and infrastructure resulting in their enduring unavailability. Moreover, the transition towards a zero-emissions energy model could involve risks arising from normative/regulatory, political, legal, technological and market changes associated with the fight against climate change;

Environmental risks

More restrictive regulations concerning environmental protection require companies to implement specific actions to minimise their environmental impact. The rising population and economic growth generate impacts correlated with the scarcity of resources and management of water. There are also existing risks connected to water crises, due to climate change and the level of water resource exploitation.


Social dimension:

Risks linked to human capital

Radical transformations of the energy sector call for the presence of new professional profiles and skills. Organisations need to move into line with new agile and flexible business models, and policies affirming diversity and for management and promotion of talent become key elements for companies that are negotiating the transition and have a widespread presence in countries and regions;

Risks linked to occupational healt and safety

These risks are due to the execution of operating activities on the Group’s sites through its assets, the identification of which was carried out by analysing the main events that have occurred in the past three years;

Risks linked to local communities engagement

Presence in such a vast perimeter of countries and regions necessarily calls for the evaluation of very different scenarios and radical knowledge of each area and the needs of the various stakeholders. In this context, the development of infrastructural projects could result in criticism or situations of partial acceptance, exposing the Group to reputational and operational risks linked, for example, to delays in execution or even closure of projects.


Business and governance dimension:

Risks linked to business continuity

Partial or total interruption of operating and/or sales activities could result in exposure to the risk of penalties, losses and reputational damage;

Risks connected with cyber attacks

The digitalization and technological innovation era results in a growing level of exposure of company assets to ever more frequent and sophisticated cyber attacks;

Risks connected with digitalization, IT effectiveness and service continuity

The Enel Group is performing a complete digital transformation of the entire value chain, which makes it more exposed to risks associated with operation of IT systems and which could lead to service interruptions or loss of data.

Risks connected with the protection of personal data

The Group’s growth on a global scale in terms of the number of customers and countries and regions implies a natural exposure to risks associated with personal data protection, also in consideration of the increasingly voluminous legal regulations concerning data protection, non-compliance with which can lead to an economic/financial and reputational damage;

Compliance risks

Possible infringements of laws and regulations and the principles set down in the Company’s Compliance Programs could result in exposure to the risk of judicial or administrative penalties, economic or financial losses and reputational damage. 

Information concerning the specific contexts addressed by Legislative Decree no. 254/16 concerning human rights and the fight against corruption is given in the dedicated sections of the Sustainability Report.

The “Principal ESG risks” table of the “Sound governance” chapter shows the Group’s methods of management and mitigation actions, together with a more detailed description of ESG risks.