Risk and Crisis Management
Effective risk and crisis management is essential to protecting long-term value for stakeholders. Valeura has identified Risk and Crisis Management as a material topic supporting the sustainability of its business.
The Company applies a structured approach to identifying, managing and monitoring risks, while continuously evaluating emerging opportunities.
Management Approach
Valeura has established an Enterprise Risk Management (ERM) system to regularly review and update organisational risks. The framework supports the identification and assessment of challenges and opportunities, including those related to emerging sustainability trends and the energy transition. Its objective is to strengthen resilience and maintain long-term competitiveness.
Oversight of Enterprise Risk Management
Valeura’s Board of Directors reviews key risks quarterly and oversees the ERM framework. The Executive Committee monitors the Company’s overall risk profile, evaluates response measures, and reports to the Board. The Chief Operating Officer (COO) and Chief Financial Officer (CFO) oversee the ERM process.
An ERM Coordinator facilitates the process, monitors enterprise risk exposure and response actions, and ensures alignment with international standards. Across the organisation, designated roles support risk management, including Risk Champions responsible for risks within business units, Risk Owners managing day-to-day risk oversight, and Action Owners implementing response measures.
Enterprise Risk Management Process
Business and sustainability risks identified through Valeura’s ERM framework are reviewed regularly to ensure they are effectively managed and mitigated to acceptable levels, supporting the organisation’s ability to achieve its objectives. In 2025, the Company reviewed the ERM process and confirmed that it remains appropriate for current business and sustainability contexts.
The ERM process comprises four key steps:
Valeura’s risk management approach begins by defining the business context, identifying risks across operations, and recording them in a corporate-level enterprise risk register.
Inputs to the ERM process are drawn from three sources: Board-level input, management input, and risks identified through the operational risk management process:
- Board-level Inputs: The Board and executives identify high-level risks from a top-down perspective.
- Management-level Inputs: Risk Champions, Risk Owners, and function heads oversee operational risks and conduct quarterly reviews within their respective areas.
- Operational Risk Management (ORM) Process: Business functions assess operational risks in line with ISO 9001, ISO 14001, and ISO 45001 standards. Identified risks are recorded in the enterprise risk register, which is periodically reviewed and updated. High-risk issues are prioritised and escalated through the ERM process.
Identified risks are consolidated in the enterprise risk register, categorised, and presented to governance bodies overseeing the ERM process.
Sustainability and ESG-related risks are integrated into the Company’s broader risk categories, including strategic, financial, operational, and legal/compliance risks. For example, sustainability trends, stakeholder expectations and regulatory developments are captured under Strategic and Legal/Compliance risks, while environmental and social impacts from operations fall under Operational risks.
This approach embeds ESG risks within the enterprise-wide risk framework, supporting comprehensive oversight and informed decision-making.
Valeura evaluates risks based on their potential impact on the Company’s objectives and likelihood of occurrence to determine overall risk levels.
Risks are categorised as High, Medium, or Low.
- High risks exceed tolerance and require urgent attention
- Medium risks require active management
- Low risks are acceptable and managed through routine controls with periodic monitoring.
All risks, including sustainability risks, are prioritised accordingly, with mitigation efforts focused on high-risk items.
Valeura has established systems and processes to manage identified risks. For risks classified as High, the Risk Champion must implement mitigation measures to reduce the risk to an acceptable level. For Medium risks, the Risk Owner is responsible for implementing appropriate controls and ongoing monitoring. Low risks are monitored to detect early warning indicators.
Where risks remain after mitigation, they are recorded as residual risks and continue to be managed through the ERM process.
Valeura continuously monitors business and sustainability risks, including residual risks, to identify changes in risk levels and ensure mitigation measures remain effective. The ERM register is reviewed regularly by executive management and updated at least quarterly. It is also reported to the Board of Directors to support informed decision-making.
Crisis Management
As part of its risk management approach, Valeura has established a framework to respond to emergency situations or business disruptions, such as oil spills or accidents. The framework follows a three-tier structure with clearly defined roles and responsibilities at each level. These teams work collaboratively to manage incidents and ensure business continuity.
Valeura has developed various emergency response plans to guide the Company’s response to industry-relevant scenarios, including oil spills, typhoon-related evacuations, fires and explosions, and medical emergencies. These efforts are supported with ongoing training for the CRT team, coupled with regular on-site emergency drills and exercises.
Evaluation of Performance
Risk Management
In line with the ERM process, Valeura’s Board conducted four risk review sessions in 2025, consistent with the previous year. All identified risks were recorded in the Company’s Business Intelligence (BI) Dashboard system to monitor changes in risk levels and the effectiveness of mitigation measures. Overall, the Company’s risk profile remained broadly unchanged from the previous year.
Ensuring Readiness
Emergency and Business Continuity Training
To strengthen emergency response and business continuity, all Country Response Team (CRT) members completed focused training covering key readiness areas:
- Role clarity: Understanding individual responsibilities during a crisis.
- Activation protocols: Procedures for initiating CRT response.
- Remote work readiness: Maintaining operational continuity through remote working.
- Business continuity awareness: Supporting organisational stability during disruptive events.
On-Site Emergency Drill and Exercises
To strengthen offshore emergency preparedness, Valeura follows a scenario-based training and exercise programme:
- Field readiness: Site Response Teams (SRTs) are established across facilities to respond rapidly to emergencies.
- Comprehensive planning: Emergency drill plans address key scenarios, including oil spills, extreme weather, fires, explosions, and medical emergencies.
- Offshore coverage: Drills are conducted across all Valeura offshore facilities.
- 2025 performance: 577 drills covering multiple risk scenarios were completed across all offshore operations.
