Risk Management

Balancing ambition with efficient risk management and navigating uncertainties safely

ACWA Power is a dynamic company with highly ambitious targets locally and internationally. In pursuit of success of these targets, we have implemented a robust risk management system and have embedded risk management throughout our operations and corporate activities. This strategic approach not only safeguards our sustainability but also fosters an environment in which ambition can thrive.

Enterprise Risk Management (ERM)

At ACWA Power, ERM is a core, primary business function which enables us to proactively identify, assess, and mitigate risks across our business lines. The areas of risk include strategy, safety, environment, operations, legal and compliance, Operational Technology (OT)/digital, human capital and financial and includes those risks relating to climate change.

Risk management reporting

In this report, we present the overarching approach and framework that underpin ACWA Power’s risk management practices. We outline the risks we identify as being materially significant to our organisation.

For climate risk management information and reference to the Task Force on ClimateRelated Financial Disclosures (TCFD), refer to the Sustainability review. ACWA Power is committed to reducing the greenhouse gas (GHG) emission intensity of our electricity generation by 50% by 2030 as compared to 2020, and to achieving an overall portfolio level of net zero by 2050.

Effective risk management is central to our decision-making at both corporate and operational levels and we have proven systems in place to channel our innovation and ambition in a disciplined and structured manner.
Abdulaziz Alateeq Head of Risk Management

Oversight and management of risks

The vast scope of our business, which involves developing, investing in, and operating capital intensive and high‑value, long‑term, critical infrastructure assets in multiple geographies, exposes us to a wide range of safety, operational, financial, legal and compliance and market risks that need to be meticulously managed to ensure reliability of supply of life‑essential water and electricity, and to achieve our business objectives.

ACWA Power’s ERM is designed to safeguard the interests of all ACWA Power stakeholders, including our customers, vendors, contractors, financial partners, employees, and shareholders. It also supports our role as a developer, investor and operator of critical power generation, water desalination and green hydrogen assets.

We are committed to implementing risk management best practice by adopting sound ERM principles. This commitment has been formalised in the Group’s ERM policy, which has been endorsed by the management and approved by the Board. The Group’s robust and dynamic risk management framework, presented in the summary chart below, aims to continuously identify, assess, mitigate, manage and communicate risks.

The Group’s overall risk management programme continuously monitors and reviews the principal risks relating to the Group’s business performance that could materially affect our business, financial performance, and reputation. Risk management practices are embedded throughout the Group to reduce potential risk exposure to an acceptable risk appetite level. These risks are collated in risk profiles and are reported at regional and Group levels.

As part of our risk management culture, we started a process by which the Risk Management Committee (RMC) invites the risk owners at C‑suite level to highlight and elaborate on the risks in their areas of scope and how they are managing and mitigating those risks.

Business development

All business development projects go through a gated approval process by the Management Investment Committee and the Board Executive Committee. Project‑related market, technical, legal and financial risks are reviewed for the required risk‑adjusted return.

The risk management team independently reviews the evaluated risks, as an additional step being introduced in the approval process for peer risk review. Residual risks are summarised in the form of a risk matrix with potential mitigations. Sensitivities are analysed for critical bid assumptions and related risks. All key risks are quantified, where feasible, in terms of rate of returns and graphically presented, including potential upsides as well. This provides reasonable assurance on the project’s risk profile and ensures informed decision‑making by management, the Board Risk Management Committee and the Board. This process covers all investments (greenfield and acquisitions), divestments and changes in Offtake agreements, if and when applicable.

Construction phase

The Group focuses on developing scalable investment platforms and maintaining a portfolio with a technologically and geographically diversified asset base. As our portfolio risk landscape continues to evolve, the risk management function is involved to ensure business identifies, assesses and constantly monitors potential threats and opportunities that we could face so that we remain resilient on projects under construction as well as assets in operation. For our projects under construction, we remain actively engaged with our EPC contractors and encourage them to assess risks financially (by quantifying the potential risk), potential delays in the schedule, issues with quality of workmanship, health and safety, and reputation. This gives more insight to the portfolio team to understand and act accordingly.

Operations and maintenance

The Group uses centralised expertise via NOMAC, a 100%‑owned O&M subsidiary of ACWA Power, to optimise the operation and maintenance of our fleet of assets, which are diversified in technology and geography, and this ensures effective management and mitigation of risks associated with operational safety and reliability of supply.

Contractual risks are managed through an effective contract compliance and tracking mechanism.

Operational risks are managed through robust operational and maintenance procedures including digitalised condition monitoring and prediction. Supply and price risk is managed by a comprehensive and efficient global supply chain management. In addition, the Group also plays a direct role in selecting its partners, contractors and technology for its projects to ensure an optimal solution for the project while reducing the overall exposure (directly or indirectly) to identified risks.

Health and safety

Safety is our first and foremost priority. We have comprehensive HSSE procedures for construction, operations and corporate offices. We have procedures for comprehensive analyses of potential hazards, regular safety audits, and strict adherence to local and industry laws and regulations. We prioritise ongoing employee training, conduct periodic reviews of safety protocols, and leverage incident reporting systems and mechanisms to address emerging risks proactively. Our commitment to maintaining a safe working environment extends to continuous improvement initiatives and collaboration with regulatory bodies to ensure compliance with evolving standards.

Supply chain

ACWA Power has robust procedures to identify and manage potential sustainability risks in the supply chain.

We conduct thorough supplier assessments, regular audits, Know Your Customer (KYC) procedures, supplier engagement and management, third‑party due diligence reviews, and integrate sustainability criteria into procurement decisions. This proactive approach helps mitigate risks, enhance transparency, and aligns our supply chain practices with our commitment to sustainability.

Enterprise Risk Management – fundamentals

Risk appetite

Our company’s risk appetite emphasises prudent management while allowing us to take strategic opportunities globally. Acknowledging complexities in energy and infrastructure, we address risks such as safety, market shifts, regulations, geopolitics, financial volatility, supply chain, and cyber security. We have a balanced approach, guided by our commitment to creating value for our stakeholders. Our Board‑approved risk appetite embraces innovation, aligns with our long‑term goals, and balances ambition with safeguarding against threats to financial stability, operational resilience, and reputation. Transparently articulating our risk appetite reinforces responsible governance and sustainable practice, fosters stakeholder confidence and is critical to continuing our success.

The Company is developing a comprehensive Risk Appetite Framework (RAF) to follow a robust approach in monitoring & applying risk appetite statements (RAS), which is structured to promote and ensure ACWA Power’s strategy and business plan are on a Board‑approved risk adjusted basis. The RAF provides guidelines to manage, comply and monitor risk appetite statements and associated limits that the Company must follow in the pursuit of its vision and objectives. Key risk indicators are defined for each risk appetite statement and serve as an early warning to trigger corrective actions proactively. This prevents potential breaches and assurance to comply with RAF.

Risk Management policy and framework:

The Company has developed a robust Enterprise Risk Management (ERM) policy and framework, based on the risk appetite statements approved by our Board, that aligns with the principles delineated in ISO 31000:2018 Risk Management Guidelines. This holistic approach to risk management ensures the systematic identification, assessment, treatment, and monitoring of risks across all tiers of our organisation. Our ERM policy epitomises our dedication to integrating risk management into our strategic decision‑making processes, operational procedures, and corporate culture.

The ERM policy provides guidance and sets the tone from the Board regarding the management of risks, to support the achievement of company’s targets, objectives, the protection of staff and assets, and ensures financial sustainability.

Central to our ERM framework is the delineation of clear roles, responsibilities, and accountability structures, fostering effective risk management throughout the organisation. This includes designating risk owners and establishing communication channels to ensure timely and coordinated risk response.

ERM infrastructure

We have developed a robust infrastructure to support effective risk management practices across our organisation. This infrastructure encompasses various elements, including a Governance, Risk and Compliance (GRC) system as a tool for risk management, collaboration with other second lines of defence, and the establishment of clear policies and procedures.

ERM culture:

ACWA Power fosters a strong risk management culture among employees through various initiatives and practices. This includes:

  • Conducting a thorough risk orientation programme as part of the onboarding process for new employees, ensuring they understand the importance of risk management from the outset of their tenure.
  • Regular risk management training sessions for risk owners and risk champions, promoting open communication about potential risks and encouraging proactive risk identification.
  • Establishing a risk champions domain, with regular gatherings to recognise their contributions, share best practice, and promote a collaborative approach to risk management across the organisation.
  • Integrating risk management into decision‑making processes and daily operations, ensuring that risks are considered at all levels of the organisation.
Figure 1: ERM Framework

Risk governance model

Risks are proactively identified and managed at each level of the organisation (from project companies up to corporate functions) with the appropriate level of granularity.

They are reported on a regular basis to the appropriate management levels and the Board’s Risk Management Committee and the Board. The Risk Management Committee advises the Board on the Company’s risk appetite, monitors the Company’s principal strategic, financial, operational, business, and reputational risks or exposures, advises and recommends actions to minimise such risks, future risk strategy, and provide oversight and guidance as to the overall risk management functions within the Company.

Risks and mitigating actions are reviewed on a regular basis to ensure that risk management is a continuous and iterative process, providing an up‑to‑date and accurate picture of the risks and mitigating actions of the Group.

Fraud Risk Management (FRM)

All organisations are subject to the risks of fraud, corruption, misconduct, and other illegal acts. Such risks can have a severe impact leading to harming the reputation and leading to financial losses or even legal actions. The Group understands this and aims to effectively address fraud risks similar to how they address other types of risks by creating a tailored and robust programme.

The Group maintains a zero‑tolerance approach to fraud and promotes a culture of integrity at every level of the Company and established control procedures to control the risk of fraud. While fraud risks are already addressed in various policies and processes within the Group, the Group intends to embrace a more comprehensive process (in line with leading practice) to manage the Group’s fraud risks as part of a broader Fraud Risk Management (FRM) programme. The FRM programme supports fraud risk governance, fraud risk assessment, fraud control, investigations, and a monitoring system.

Risk universe

The chart below shows how risks are approached and managed within the Group. The risk management function assesses risks across the Group and clusters them logically before reporting to support risk‑informed decision‑making processes. ACWA Power’s risk universe identifies internal (inner circle) and external (outer circle) risks which are categorised into four main risk areas (operational, strategic, financial and political/regulatory) as depicted by the chart. Each risk is marked by its current trend represented by arrows to denote increasing, decreasing or stable risk.

ACWA Power risk universe

The ACWA Power risk universe, shown above, identifies internal and external risks that are categorised into four main risk areas (operational, strategic, financial and political/regulatory). The trend of each risk is marked by an arrow to denote increasing, decreasing or stable risk.

MAIN RISK AREAS KEY RISKS MITIGANTS
COUNTRY AND GEOPOLITICAL
  1. Novel regulatory regimes and commercial environments
  2. Geopolitical tensions in any of the jurisdictions where Group has presence or seeks prospects

Careful selection of new markets, diversified portfolio in 12 countries is a strong mitigating factor which spreads such risk against individual country or regional economic risks.

Further, we undertake initial due diligence to identify, analyse broad spectrum of risks at local, regional and Group level to promptly manage its exposure and related compliances.

Systematic security assessments and continuous monitoring of geopolitical developments at countries where we operate to ensure Group is well placed to respond to changes in political environments.

Business Continuity and Crisis Management framework.

Insurance coverage wherever available and feasible.

PROJECT DEVELOPMENT
  1. Business Expansion/Growth
  2. New technologies – Green H2
  3. Competition and pricing
  4. Integrity and creditworthiness of equity partners
  5. Poor performance of main suppliers (EPC, OEM)

Identify and limit key risks during the project selection and bid development process.

Regionalised construction supervision and asset management activities providing management bandwidth to integrate new projects.

Allocation of management resources with responsibilities to successfully manage unforeseen challenges and associated risks.

Multi‑technology capability and track record for successfully managing diversified portfolio. The Group co‑invests in all its projects with a view to maintaining technical and operational control over the project performance.

In‑house technology department with strong expertise and reference for main equipment, tested in successful commercial operation with certification from third‑party.

The Company carries out a thorough vetting process for all its equity partners.

The Company seeks to employ experienced and leading original equipment manufacturers (OEMs), as well as reputable EPC contractors which provides turnkey solutions.

Build out of a strong development team around the new market of green hydrogen.

PROJECT FINANCING
  1. Material delays in achieving, or achieving at all, the financial close of a given project
  2. Exposure of development bond and any initial development costs, costs for early works in case of not achieving financial close
  3. Increased costs (commodities)
  4. Existing and future leverage

Comprehensive project finance expertise, supported by strong relationships with lenders and financial institutions (including regional, European, U.S. and Chinese institutions) together with access to competitive cost debt and equity capital.

All projects/transactions are financed on non‑recourse or limited recourse basis in a manner to make projects bankable.

A large part of costs is shared with co‑investors and the development cost (both internal and external) is reimbursed at financial close from the project.

FINANCIAL (MARKET RISKS AND OTHER MACROECONOMIC FACTORS)
  1. Exposure to interest rate volatility
  2. Inflation
  3. Currency movements
  4. Liquidity to meet liabilities
  5. Insurance rate volatility

Interest rates of a large part of the project finance loans are fixed through long tenor hedges at the outset. The Company continuously monitors unhedged portion (financial liabilities) to ensure the exposure remains within acceptable limits to mitigate all asset‑liability mismatch risk where possible.

Embedded inflation protection in the long‑term Offtake contracts.

Contracts and equity return predominantly indexed to USD or ‘hard’ currencies which provides us with a natural hedge against currency movements.

Multiple sources of funding facilities have been arranged through bank loans, revolving corporate facilities, bonds, sukuks and private placements to help ensure that the Group is able to manage liquidity requirements.

Leverage ratios are assessed for various growth scenarios to ensure close monitoring of such ratios and to manage funding gaps.

CONSTRUCTION
  1. Project delays, cost overruns and quality of workmanship issues
  2. Unforeseen site or commissioning issues and associated risks
  3. Financial difficulties or bankruptcy of EPC or its sub‑contractor
  4. Underperformance of asset vs. warrantied specifications

Construction is systematically contracted on a lump sum turnkey basis (fixed price and scope) and date‑certain contracting approach with EPC contractor.

Maximum amount of risk passed on to EPC contractor through back‑to‑back contracts implying payment of liquidated damages by the EPC for any under‑performance (i.e., delays, technology: quality, function, fit‑for‑purpose – reliability, dispatch capacity and fuel consumption).

Investment‑grade EPC and its consortium partners with joint and several liability to considerably reduce the EPC default risk.

Force majeure protection in Offtake agreements and comprehensive insurance policies to manage time and cost adjustment.

Robust EPC oversight, plant commissioning and handover processes and procedures are in place to ensure quality and performance of the plants.

HEALTH AND SAFETY
  1. Health and safety hazards
  2. Violations of health, safety and security standards
  3. Breaches may lead to regulatory actions, legal liabilities, increased cost, disruptions to business, harm to reputation

The Board, its committees, and senior management are fully committed to creating a safety culture throughout the Group.

Stringent health and safety standards, guidelines, audits, and investigations in place to implement measures aimed at eliminating future incidents on assets under operations and projects under construction, enforced by dedicated in‑house HSE department.

Continually reviewing environmental regulatory risks.

NOMAC’s integrated HSE and quality management system have been independently certified under the ISO 9001:2015 and ISO 45001:2018.

ENVIRONMENTAL
  1. Exceedance of environmental limits
  2. New legislation tackling climate change
  3. Breaches may lead to regulatory actions, legal liabilities, increased cost, disruptions to business, harm to reputation

Strong social and environmental impact mitigation and management, as part of sustainability framework and strategy.

Integrated O&M HSE and quality management system have been independently certified under ISO 14001:2015 which sets out the requirements for an environmental management system and to enhance its environmental performance.

PEOPLE
  1. Recruitment (volume, adequacy, and quality)
  2. Nationalisation targets
  3. Loss of key personnel
  4. Retention of staff

Dedicated recruitment‑oriented resources to cope with high‑growth demands and nationalisation efforts by the organisation to meet targets.

Talent and leadership development schemes to limit turnover and manage scarce skills.

Succession planning for critical roles in the organisation and key people management processes in place as part of our talent management process.

Performance‑based evaluation process to enhance internal talent growth.

Values‑based organisation culture that promotes respect, inclusiveness, and diversity.

LEGAL AND REGULATORY
  1. Increased number of laws and regulations, including monitoring change in law or new legislation and other evolving practices
  2. Managing obligations of local, regional, and global laws and regulations across different jurisdictions
  3. Legal proceedings (commercial claims or tax disputes)
  4. Event of default or impact on the Company’s reputation

Systematic contractual protection against changes in laws and regulations in most of the assets.

Consolidation on compliance with laws and regulations, and regular monitoring for changes to regulations across its portfolio to ensure that the effect of any changes is minimised, and compliance is continually managed.

Engagement of top law and tax firms to assess our positions and recognising provisions where required.

Strong corporate governance and reinforcing policy and procedures to ensure full compliance with all legal, regulatory and tax requirements.

Establishment of a comprehensive Compliance Framework that protects the Company’s reputation and credibility, serves shareholders’ interests, ensures customer satisfaction and reduces litigation.

REVENUE
  1. Volume and price risk (excluding foreign exchange, covered above)
  2. Assets are exposed to performance risk
  3. Renewable assets are exposed to decrease in supply of solar or wind resources and performance risks

Long‑term Offtake contract to protect us against demand or price risk. The substantial majority of the Offtakers are government‑related entities with direct government credit support or with other contractual protection.

EPC performance guarantees in place to protect newly built facility against any performance shortfall.

O&M has implemented Reliability of supply framework along with in‑house developed plant simulation and optimisation tool to address and enhance reliability of supply in a systematic and proactive way.

Wind and solar resource studies are carried out for renewable assets based on long‑term historical average.

Insurance solutions to protect our assets against unforeseeable risks or unexpected business interruptions with agreed deductible periods and minimum deductible amount.

OPERATIONS AND MAINTENANCE
  1. O&M costs overruns
  2. Plant under‑performance or lack of reliability during the operation period

To minimise the operational risks, the company generally entrusts the O&M, its wholly‑owned and best‑in‑class O&M subsidiary to operate and maintain its assets for the full tenor of the Offtake agreements.

O&M contracts cover the Offtake agreement term and are indexed for inflation and indexation. The applicable penalties are capped in the contracts.

O&M continues to deploy monitoring and prediction digital platforms for critical equipment by using big data and advanced pattern recognition capabilities to enhance overall performance.

O&M has extensive capabilities as an O&M contractor and implements a standardised management and operational model to ensure superior control and understanding of operating assets through the lifecycle, provide stable long‑term income and super senior cash flows.

O&M has a reliable supply framework to ensure high reliability of assets.

O&M’s Maintenance Energy Services (NMES), a 100 percent‑owned subsidiary, provides turnkey and specialised maintenance services, including major overhauls for the entire fleet of steam turbines, combustion turbines, generators, large pumps and other rotating equipment.

FUEL SUPPLY AND CONSUMPTION
  1. A significant increase in the price or the interruption in the provision of fuel
  2. Fuel cost under recovery

Most of our fossil fuel‑based plants are contracted on tolling arrangements whereby fuel supply and cost risks are borne by Offtaker.

Whenever tolling arrangements are not there, the fuel supply and price risk are passed to the Offtaker.

Ongoing plant efficiency optimisation as part of value proposition when needed to reduce or eliminate under recovery exposures.

TERMINATION AND EXTENSION
  1. Early termination of Offtake agreement for a reason attributable to the Offtaker
  2. Early termination of Offtake agreement for a reason attributable to the project company (material under‑performance)
  3. Non‑renewal of Offtake agreements at the end of their term (Asset retirement obligation)

If the cause of termination is attributable to the Offtaker, the project company will receive termination payments which in most projects cover outstanding debt repayment and equity (including a return on equity).

These termination payments by the Offtaker benefit from direct government credit support or other forms of contractual protection.

Selection of the right technology, quality construction and reliable operations to manage performance requirements of the Offtake agreement.

The estimated future costs of decommissioning are reviewed annually and adjusted as appropriate.

Align plants’ existing useful life to its assessed economic life and timely pursue discussions with Offtaker to seek extension for Assets nearing expiry as part of value creation initiatives.

INFORMATION TECHNOLOGY INFRASTRUCTURE
  1. Cyber‑attacks/crimes
  2. Reliability of the Group’s IT infrastructure (to support remote working, uninterrupted operations)

Defence‑in‑depth strategy around IT systems (servers, network, end‑user machines, etc.) to prevent cyber‑attacks, in compliance with the ISO standards at corporate‑level.

Regularly review, update and evaluate all software, applications, systems, infrastructure and security which includes regular vulnerability assessment and penetration testing.

Proven business continuity and disaster (natural or man‑made) recovery plans.

IT security assessments and periodic IT audits conducted by skilled IT auditors to ensure effectiveness of controls on IT systems.

ACWA Power has been certified under the ISO/IEC 27001.

ENVIRONMENTAL, SOCIAL AND CORPORATE GOVERNANCE (ESG)
  1. ESG targets if not met fully, partially, or timely

Establishing a robust framework to evaluate the impact of climate‑related risks.

Set time‑bound interim and end‑state targets based on the reporting principles of the Global Reporting Initiative (GRI) and the Taskforce on Climate‑related Financial Disclosures (TCFD).

Identified, selected, and prioritised material topics to ensure that the effects of climate change, as well as corporate social and governance responsibilities, are routinely considered in our business and investment decisions

No new investment for high carbon emission‑based fossil fuels, such as coal thus increasing the share of our portfolio dedicated to clean and low‑carbon power technologies.

Initiatives put in place on leadership in low‑carbon products, water management, health and safety, and corporate governance.

GOVERNANCE AND MANAGEMENT
  1. Non‑adherence or non‑compliances to prescribed organisation policies and processes or laws and regulations
  2. Improper conduct of employees or business partners
  3. Inappropriate governance and systems

‘Tone at the top’ established by its Board of Directors, Board Committees, and senior management.

Internal controls, systems and procedures in conformity with the relevant sanctions, anti‑bribery, anti‑money laundering and anti‑terrorism laws.

Governance framework supported by ad‑hoc control by Board Committees with significant independent member participation in each Committee.

Independent internal audit function reporting to Board Audit Committee.

Whistleblowing programme and process to by ensure a recognised, industry‑leading ethics and compliance culture.

An integrated and comprehensive, technology‑based governance, risk management, internal control and compliance tool being implemented for better alignment and reporting to reduce risks, costs, and duplication of efforts.

SUPPLY CHAIN & LOGISTICS
  1. Increase of insurance premium
  2. Business interruption

Conduct a comprehensive review of existing insurance coverage to identify areas of potential cost savings or opportunities for more favourable terms.

Implement risk reduction measures to demonstrate proactive steps are being taken to minimize risks, thereby potentially leading to reduced premiums.

Increase the insurance coverage extension duration which will reduce the volatility in the prices.

Robust Business Continuity (BCM) programme is established across the group and includes a BCM Policy, framework and a developing business impact analysis covering the identification of critical processes and dependencies.

Disaster recovery plans to ensure prompt and effective responses to potential disruptions.

Diversified supply chains and established redundancy measures for key resources, such as energy sources or water supply routes, to mitigate the impact of disruptions in one area.

Regarding the management of climate risks, please refer to Climate change.