At Vale, we are committed proactive and effective risk management to ensure the safety of our employees, partners, communities, and the environment, in line with our values, Code of Conduct, internal policies, and governance rules.
In our operations, we use industry best practices to assess and monitor key risks and opportunities and the effectiveness of our methodologies and tools. We use some of the most important global standards as references, such as ISO 31000, ISO 55000, COSO-ERM and, for operational safety, the Risk Based Process Safety (RBPS) operational safety management system. We have adopted the Three Lines of Defense model, which defines the roles and responsibilities for risk management throughout the organization, ensuring integrated governance and the adoption of the risk vision in our key macro processes.
In 2022, we revised our Risk Management Policy to further clarify risk management roles and responsibilities, enhance synergies across our lines of defense, and simplify processes. We also revised our Integrated Risk Map, a list of priority risk topics, and our Management Standard to incorporate new and modified risk management tools, including new business concepts and emerging risks, priority risk topics, and risk appetite definitions
We also drew guidance from key international standards such as ISO 31000, ISO 55000, COSO-ERM and, for operational safety, the Risk Based Process Safety (RBPS) framework.
Click on the buttons below to navigate the page:
The Board of Directors is responsible for periodically monitoring risks and controls and ensuring that systematic action is taken accordingly, including both preventive and mitigation measures. The Board is advised by an Audit & Risk Committee in assessing and monitoring the effectiveness and adequacy of our risk management system. Within the Executive Committee, five supporting committees (Executive Risk Committees) assist in risk management as applicable to their scope of activity.
Vale’s integrated governance model is based on the Lines of Defense approach, which helps to optimize communications for decision-making and enhance alignment across strategy, performance and risk management.
Phtographer: Vale's Archive
The Three Lines of Defense Model
ERM: this function develops and assists in implementing risk management policies, methods and tools, promotes integrated communications, and works to disseminate a risk management culture within the Company.
Specialists: responsible for developing methods, technical standards, technology, minimum management requirements, and risk and asset reliability indicators used by the 1st Line of Defense, and for monitoring compliance with established guidelines.
The Internal Audit is responsible for independently evaluating the effectiveness of internal controls and risk management practices within the Company, while the Whistleblower Channel is responsible for receiving, documenting and investigating whistleblower reports, with whistleblowers kept anonymous and protected from retaliation.
Governance bodies that are fully independent from the Board of Directors—namely the internal audit and the whistleblowing channel—perform independent assessments and audits as applicable within their mandates, including assessments on the effectiveness of risk management and prevention, internal controls and compliance.
Risk Management Organizational Structure
Our risk management strategy considers the impact on our business of market risk factors (market risk), risks associated with dams, slopes and ore piles collapses (geotechnical risk), risks associated with inadequate or failed internal processes, people, systems or external events (operational risk), risks that may suspend or materially affect the performance of our operations (production planning and continuity risk), risks associated with our business model, ESG, political and regulatory conditions in countries in which we operate (strategic risk), risks associated with social and human rights, climate change (sustainability risk), risks from exposure to legal penalties, fines or reputational losses associated with failure to act in accordance with applicable laws and regulations, internal policies or best practices (compliance risk), risk associated to information security (cyber risk), risk associated to credit from trade receivables, derivative transactions, guarantees, down payment for suppliers and cash investments (financial risk), among others.
Further information on risk factors can be found in our Form 20F report.
Photographer: Vale's Archive
We work to continuously refine and enhance our risk management processes for aspects such as dam management and operational safety. Dam safety is a major challenge for the mining industry and especially for Vale, following the Brumadinho dam breach, with growing public concern about the risks associated with mining dams and the sense of insecurity in downstream communities. Since 2019, we have made it our top priority to implement internationally recognized best practices, including the new Global Industry Standard on Tailings Management (GISTM), and have committed to decommission all upstream-raised dams. We also apply the Hazard Identification and Risk Assessment (HIRA) approach in mapping and assessing high-consequence or high-hazard safety risks, defining key performance indicators, and establishing appropriate controls and mitigation plans.
Emerging risks are either newly identified risks or known risks occurring under different conditions and/or circumstances, which are surrounded by a high degree of uncertainty regarding their trends, severity, and likelihood of occurrence. They are typically influenced by external factors and, therefore, challenging to predict.
In 2022, we established an ongoing process for mapping and monitoring emerging risks. As part of this, we:
Established an Emerging Risks Intelligence Center (NIRE), consisting of a multidisciplinary team of professionals from various parts of the company;
Periodic NIRE discussions based on market research, specialized risk management reports, and other technical consultation sources to identify new risks and review those already mapped;
Registered risks in a collaborative tool to formalize and periodically update emerging risks. The monitoring sheets contain a detailed description of the risk, trends, mitigation and monitoring actions, a news feed with sources of support and advice, and monitoring indicators;
Presented a list of prioritized emerging risks to senior management.
|Emerging risks||Types||Strategies for prevention/mitigation|
Transition to a low carbon economy
Technological: product obsolescence due to new technologies and processes;
Market: changes in demand in favor of low-carbon products; increased costs for adaptation; revenue increases or decreases; negative impact on market value and credit ratings;
Regulatory and legal: policy changes, including carbon taxation; and climate-related litigation;
Reputational: consumer and investor perceptions and negative reputational impacts.
Read more in Climate.
Geopolitical tensions and economic sanctions
The most common causes of geopolitical tensions are related to historical context, ethnic-religious rivalries, disputes over economically valuable natural resources, and territorial disputes.
Polarization has created uncertainties in the business and diplomatic environments of major mining countries, which require continuous monitoring.
These risks could lead to economic sanctions, including export bans; supply chain disruptions; heightened inflationary pressures; and a potential increase in cyber attacks.