Vale employee smiling in green landscape. She is wearing a green Vale
uniform, goggles, helmet and ear plugs. Visual wave artifact Vale

At Vale, we are committed proactive and effective risk management to ensure the safety of our employees, partners, communities, and the environment, in line with our values, Code of Conduct, internal policies, and governance rules.  

In our operations, we use industry best practices to assess and monitor key risks and opportunities and the effectiveness of our methodologies and tools.  We use some of the most important global standards as references, such as ISO 31000, ISO 55000, COSO-ERM and, for operational safety, the Risk Based Process Safety (RBPS) operational safety management system. We have adopted the Three Lines of Defense model, which defines the roles and responsibilities for risk management throughout the organization, ensuring integrated governance and the adoption of the risk vision in our key macro processes. ​

 ​In 2022, we revised our Risk Management Policy to further clarify risk management roles and responsibilities, enhance synergies across our lines of defense, and simplify processes. We also revised our Integrated Risk Map, a list of priority risk topics, and our Management Standard to incorporate new and modified risk management tools, including new business concepts and emerging risks, priority risk topics, and risk appetite definitions​

We also drew guidance from key international standards such as ISO 31000, ISO 55000, COSO-ERM and, for operational safety, the Risk Based Process Safety (RBPS) framework. 

Click on the buttons below to navigate the page:

Process governance 

The Board of Directors is responsible for periodically monitoring risks and controls and ensuring that systematic action is taken accordingly, including both preventive and mitigation measures. The Board is advised by an Audit & Risk Committee in assessing and monitoring the effectiveness and adequacy of our risk management system. Within the Executive Committee, five supporting committees (Executive Risk Committees) assist in risk management as applicable to their scope of activity. 

Vale’s integrated governance model is based on the Lines of Defense approach, which helps to optimize communications for decision-making and enhance alignment across strategy, performance and risk management.  

Phtographer: Vale's Archive

The Three Lines of Defense Model  

1st Line 

This line of defense is responsible for identifying, documenting and managing risks, implementing and managing preventive and/or mitigation controls, tracking key performance indicators, and establishing action plans appropriate to the company’s risk appetite. 

2nd Line:

ERM: this function develops and assists in implementing risk management policies, methods and tools, promotes integrated communications, and works to disseminate a risk management culture within the Company. 

Specialists: responsible for developing methods, technical standards, technology, minimum management requirements, and risk and asset reliability indicators used by the 1st Line of Defense, and for monitoring compliance with established guidelines. 

3nd Line:

The Internal Audit is responsible for independently evaluating the effectiveness of internal controls and risk management practices within the Company, while the Whistleblower Channel is responsible for receiving, documenting and investigating whistleblower reports, with whistleblowers kept anonymous and protected from retaliation.  

Governance bodies that are fully independent from the Board of Directors—namely the internal audit and the whistleblowing channel—perform independent assessments and audits as applicable within their mandates, including assessments on the effectiveness of risk management and prevention, internal controls and compliance. 

Autonomy: the Audit & Compliance function is independent of other executive functions, reporting directly to the Board of Directors. This function is overseen by the Audit & Risk Committee.  

Risk Management Organizational Structure 

Key risks 


Our risk management strategy considers the impact on our business of market risk factors (market risk), risks associated with dams, slopes and ore piles collapses (geotechnical risk), risks associated with inadequate or failed internal processes, people, systems or external events (operational risk), risks that may suspend or materially affect the performance of our operations (production planning and continuity risk), risks associated with our business model, ESG, political and regulatory conditions in countries in which we operate (strategic risk), risks associated with social and human rights, climate change (sustainability risk), risks from exposure to legal penalties, fines or reputational losses associated with failure to act in accordance with applicable laws and regulations, internal policies or best practices (compliance risk), risk associated to information security (cyber risk), risk associated to credit from trade receivables, derivative transactions, guarantees, down payment for suppliers and cash investments (financial risk), among others. 


Further information on risk factors can be found in our Form 20F report.

Photographer: Vale's Archive


We work to continuously refine and enhance our risk management processes for aspects such as dam management and operational safety. Dam safety is a major challenge for the mining industry and especially for Vale, following the Brumadinho dam breach, with growing public concern about the risks associated with mining dams and the sense of insecurity in downstream communities. Since 2019, we have made it our top priority to implement internationally recognized best practices, including the new Global Industry Standard on Tailings Management (GISTM), and have committed to decommission all upstream-raised dams. We also apply the Hazard Identification and Risk Assessment (HIRA) approach in mapping and assessing high-consequence or high-hazard safety risks, defining key performance indicators, and establishing appropriate controls and mitigation plans.

Emerging risks 

Emerging risks are either newly identified risks or known risks occurring under different conditions and/or circumstances, which are surrounded by a high degree of uncertainty regarding their trends, severity, and likelihood of occurrence. They are typically influenced by external factors and, therefore, challenging to predict.  

In 2022, we established an ongoing process for mapping and monitoring emerging risks. As part of this, we: 

  • Established an Emerging Risks Intelligence Center (NIRE), consisting of a multidisciplinary team of professionals from various parts of the company;​

  • Periodic NIRE discussions based on market research, specialized risk management reports, and other technical consultation sources to identify new risks and review those already mapped;​

  • Registered risks in a collaborative tool to formalize and periodically update emerging risks. The monitoring sheets contain a detailed description of the risk, trends, mitigation and monitoring actions, a news feed with sources of support and advice, and monitoring indicators;

  • Presented a list of prioritized emerging risks to senior management.   

Fotógrafo: xxxx

The emerging risks we currently monitor include the Transition to a low carbon economy and Geopolitical tensions and international sanctions (as detailed below): 
Emerging risks  Types   Strategies for prevention/mitigation
Transition to a low carbon economy 

Technological: product obsolescence due to new technologies and processes; 

Market: changes in demand in favor of low-carbon products; increased costs for adaptation; revenue increases or decreases; negative impact on market value and credit ratings; 

Regulatory and legal: policy changes, including carbon taxation; and climate-related litigation; 

Reputational: consumer and investor perceptions and negative reputational impacts. 

  • Monitoring regulatory and decarbonization policy trends in line with the recommendations of the Task Force on Climate-Related Financial Disclosures (TCFD); 
  • Emission reduction initiatives and publicly disclosed targets;
  • Monitoring scope 1, 2, and 3 emissions against standardized metrics; 
  • Enhancing transparency through annual disclosures in our Integrated Report, TCFD Report, and third-party questionnaires such as CDP and CA100+; 
  • Developing products and technologies to support our decarbonization efforts. 

Read more in Climate

Geopolitical tensions and economic sanctions 

The most common causes of geopolitical tensions are related to historical context, ethnic-religious rivalries, disputes over economically valuable natural resources, and territorial disputes. 

Polarization has created uncertainties in the business and diplomatic environments of major mining countries, which require continuous monitoring. 

These risks could lead to economic sanctions, including export bans; supply chain disruptions; heightened inflationary pressures; and a potential increase in cyber attacks. 

  • Strengthened Sanctions department and Sanctions Policy, and daily monitoring; 
  • Compliance Program; 
  • Sanctions clauses in contracts; 
  • Training and monitoring; 
  • Automated control and due diligence solutions; 
  • Enhanced monitoring of market risks, especially regarding freight, bunker and diesel; 
  • Close monitoring of exposed counterparties in the event of raw material shortages, sanctions or other developments; 
  • Enhanced cyber risk controls; 
  • Scenario analysis and economic modeling with a focus on geopolitical trends affecting value chains; 
  • Monitoring the political and geopolitical environment in which we operate.