Risk Management
Risk Management is an institutional process present in every Business Unit and in every corporate function.
Risk management at Aleatica is a continuous improvement process that allows us to adapt and respond better to business challenges and changes. The Business Units and corporate functions, in close collaboration with Risk Management, are responsible for identifying and assessing risks, defining controls, developing additional mitigation plans, and monitoring and reporting on the progress of their implementation.
In addition, there is an Executive Risk Committee, headed by the Global Chief Compliance and Risk Officer (CCRO), and comprised of members of the Steering Committee, which reviews the organization’s main risks and the actions to mitigate them.
Aleatica’s Executive Management, combined with the functions of the Board and its Committees, provides adequate leadership to ensure effective risk supervision.
The most senior person with responsibility for risk management at the operations level, other than the CEO, is Marco Antonio Padilla Mérigo, Global Chief Compliance and Risk Officer (CCRO), who reports to the CEO and the Audit Committee.
The most senior person with responsibility for monitoring and auditing risk management performance at the operations level, other than the CEO, is Jesús Pinelo, Global Chief Audit Executive who reports to the CEO, the Audit Committee, the Board of Directors and the ESG Committee.
Non-executive members of board of directors with expertise in (enterprise) risk management.
Mr. Vilatela was appointed independent director of the Company in the Assembly held on April 29, 2013.
He is currently the General Director of Valora Consultores México. He was General Manager of HSBC Bank PLC, Branch in Spain, being responsible for the operation of HSBC in Spain and Portugal.
He previously served as Deputy General Director of Corporate Banking at Grupo Financiero HSBC México and before that as General Director of HSBC Bank, México.
Mr. Soní is a Director and Chairman of the Company’s Audit Committee. He is a Certified Public Accountant in Mexico with more than 45 years of experience in the fields of auditing, consulting, and tax services.
He worked for more than 40 years at PricewaterhouseCoopers (PwC) in Mexico, where he oversaw multiple departments and finally became the general managing partner. Mr. Soní, later at PwC, was Executive Vice President and Chief Compliance Officer of Walmart de México y Centroamérica, where he was a member of the Executive, Financial, and Ethics and Compliance Committees, as well as the Board of Directors of the Walmart Foundation.
His primary responsibility was to strengthen Walmart’s compliance and corruption prevention measures through the implementation and enforcement of Foreign Corrupt Practices Act (FCPA) guidelines. He currently serves as a member of the Board of Directors and Chairman of the Audit Committee of Fibrashop and Farmacias del Ahorro, member of the Board and Audit Committee of Grupo Quiero Casa and of the Board of Alpha Hardin.
From 2012 to September 2021, he was a member of the Board and Chairman of the Audit Committee of Grupo Actinver (a major Mexican financial services company). He is a member of the Board of Directors and Treasurer of Fundación All Hearts and Hands – Mexico, a non-profit organization focused on rebuilding schools in areas affected by natural disasters.
Mr. Soni was president in 2020 and 2021 of the Financial Research Foundation of the Institute of Finance Executives, which aims to promote, encourage, and disseminate research in the Financial, Administrative, Fiscal, Economic and Security Areas. Business in general. As of January 2022, he is an independent member of the Audit Committee of Banco de México.
Mr. Cárdenas is currently an independent member of the Company’s Board of Directors and a member of the Audit Committee.
Among others, he participates in the Boards of Directors and Audit Committees (some of which he chairs) of important Mexican companies and institutions, including among others: Grupo Aeroportuario del Pacífico (GAP), Grupo Farmacias del Ahorro, Reaseguradora Patria, Anteris Capital Venture Lending Fund, Berkley International México Seguros, Berkley International México Fianzas, Funds administered by Banco de México, and The American British Cowdray Medical Center, IAP (Medical Center, ABC), where he had the responsibility of the Presidency of its Board of Trustees and where he continues to be part of its Executive Committee.
He is also a member of various business and professional associations, highlighting, among others, his responsibility as former President of the Mexican Institute of Public Accountants, A.C. (IMCP) and the Academy of Fiscal Studies of Public Accounting, A.C. (AEF).
Mr. Cárdenas Guzmán is a Certified Public Accountant, graduated from the Autonomous University of Guadalajara and has a master’s degree from the Pan-American University (IPADE).
To promote proper risk management throughout Aleatica, we provide education and training (face-to-face and digital) at all levels of the organization, including new hires, with the aim of informing about our approach, standards, methodology and the role it plays each of them within risk management. During FY2022, Aleatica provided risk management and business continuity training through classroom courses and our corporate training tool. Specifically, the trained employees were:
received Risk Management trainings in 2022. 39 employees in classroom courses (2,340 hours) and 25 employees through the corporate training application (1,500 hours).
received Business continuity trainings through the corporate training application (3,720 hours).
In addition, internal communication channels are used, including e-mails and fixed screens to disseminate messages related to risk management, as well as a fixed section in the monthly newsletter One Aleatica, which is distributed to all employees. Specifically, in 2022, six articles on risk management were disseminated in our internal Aleatica magazine and three knowledge clips on ESG risks.
Through our Integrated Risk Management Framework, the company identifies, assesses, controls, monitors and reports on an ongoing basis the full spectrum of strategic, financial, operational and compliance risks and opportunities to which the organization is exposed:
Our organization faces risks and uncertainties. The following is a description of some of the risks that we believe are most important to the business and our performance at this time, although other risks that we are not aware of today or risks that are not material today may arise in the future that could impact our finances and performance. This list is not intended to be exhaustive:
Sociopolitical | Description Political and social events as well as changes in regulation that may occur in some of the regions where we operate could adversely affect our business, financial model, results of operations and projections. | Mitigation measures
|
Insecure environment | Description In recent years, insecurity in some regions where we operate has experienced a period of increasing crime. This situation could worsen and negatively affect vehicle traffic on the highways, as the perception of insecurity around our infrastructure could generate a change in routes (use of alternate routes) and thus a reduction in traffic, affecting our business and financial results. Likewise, toll evasion continued throughout 2022. | Mitigation measures
|
Cyberattacks | Description Aleatica’s business depends to a large extent on the proper functioning of the cybersecurity controls implemented in the information technology and automated systems in place to administer and manage operations. Since these systems are critical to our business, any significant disruption to our systems or theft of information can affect our financial condition, disrupt operations or damage our reputation. | Mitigation measures
|
Natural Disasters | Description Some regions and regions where we operate experience torrential rains, floods, strong winds and earthquakes. Natural disasters could disrupt our operations, damage our infrastructure and adversely affect our operating results and financial conditions. | Mitigation measures
|
Health and Safety | Description The nature of our activities may cause injuries to our personnel and contractors. Workplace accidents within our concessions could have legal and regulatory consequences in addition to causing reputational damage. | Mitigation measures
|
Ethics and Fraud | Description Given the large number of relationships and stakeholders in the different regions in which we operate, we are exposed to the risk that our companies, employees, managers, suppliers, partners, etc., may be involved in violations of the Code of Ethics (e.g., acts of corruption). Failure to comply with the laws and regulations that apply to us could result in fines and penalties affecting our reputation, business continuity and results of operations. | Mitigation measures
|
Legal Proceedings | Description Aleatica’s operations have been and may continue to be subject to legal proceedings, the resolution of which could have an adverse effect on our business, financial condition, and reputation. | Mitigation measures
|
Infectious Diseases | Description The pandemic caused by SARS-CoV-2 (COVID-19) has had and could continue to have an impact in terms of vehicle traffic on the highways and its consequent negative impact in terms of revenue, as well as administrative and operational management. | Mitigation measures
|
Environmental and Social Sustainability | Description Aleatica’s operational continuity is mainly subject to the link existing between the company and the communities where we operate, as well as our commitment to protecting the environment.
Our culture of social and environmental sustainability favors Aleatica’s contribution to benefit society and the environment, while at the same time having a positive effect on the sustainability of the business. | Mitigation measures
|
Climate Change | Description Climate change brings with it threats with increased coastal, pluvial and river landslides, heat waves, droughts, extreme temperatures, and fires. Climate change could damage our infrastructure, disrupt our operations, increase maintenance costs, and cause risks to the physical integrity and health of our employees. Likewise, the transition to a low-carbon economy would have other risk factors associated with it that must be managed. They are mainly public policies, technology and the market. | Mitigation measures
|
Financial | Description We are exposed to various financial risks, including interest rate, foreign exchange rate, liquidity, among others. We have fixed financial obligations, the failure to meet which could impact our liquidity, affecting our business, financial condition, and results of operations. | Mitigation measures
|
Sensitivity Analysis and Stress testing
The Entity's finance area carries out and supervises financial risks related to operations through internal risk reports, which analyze exposures by degree and magnitude of risks. These risks include market risk (including price risk, interest rate risk and currency risk), credit risk and liquidity risk.
The Entity's internal control policy establishes that the contracting of credit and the risks involved in the projects requires collegiate analysis by representatives of the finance, legal, administration and operation areas, prior to authorization. Within this analysis, the use of derivatives to cover financing risks is also evaluated. Due to internal control policy, the contracting of derivatives is the responsibility of the finance and administration areas of the Entity once the analysis is concluded.
The Entity seeks to minimize the potential negative effects of the risks on its financial performance through different strategies. Derivative financial instruments are used to hedge certain exposures to the financial risks of operations recognized in the consolidated statement of financial position (recognized assets and liabilities). The derivative financial instruments that are contracted can be designated for hedging or trading accounting purposes, without this deviating from their objective of mitigating the risks to which the Entity is exposed in its projects.
Market risk
The Entity’s activities expose it mainly to financial price, interest rate and exchange rate risks. The sensitivity analyzes presented consider that all variables are kept constant, except for those in which sensitivity is shown.
Audit of the risk management process
Internal Audit carries out its activities in accordance with the mission, organization, functions, competencies, and responsibilities established in the Internal Audit Statute, approved by the Board of Directors. In our operation we are governed by the provisions of the International Framework for the Professional Practice of Internal Audit, issued by the Global Institute of Internal Auditors.
We provide assurance and consulting services in an independent and objective manner, and our mission is to add value and improve Aleatica’s operations by assisting in the improvement of governance, risk management and internal control processes. To this end, we carry out the work specified in the annual plans approved by the Audit Committee. These plans are global in scope, covering all of Aleatica’s processes, business areas and geographies. These plans are focused on the risks identified by Aleatica, and their scope mainly includes the following aspects:
Financial and operational processes
Information Technology and Cybersecurity Processes
Regulatory compliance
En 2022, our holding company, Aleatica, S.A.U., which is a Spanish company based in Madrid, was subjected to an external quality assessment at Global level by the Institute of Internal Auditors of Spain. In this review, our policies and procedures, the reports and working papers for a sample of projects were evaluated and surveys and interviews with members of the Audit Committee, Executive Committee, other Functional and Business Managers and members of the Internal Audit team were conducted.
As a result, we have obtained quality certification from the Institute of Internal Auditors, which demonstrates the commitment of the Internal Audit Activity to comply with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics issued by the Global Institute of Internal Auditing, as well as to continuously improve our performance in terms of quality, professionalism, and the use of best practices.
Emerging risks
Category | Technological |
Description | Aleatica’s business depends to a large extent on the proper functioning of the cybersecurity controls implemented in the information technology and automated systems in place to administer and manage operations. |
Impact | Since these systems are critical to our business, any significant disruption to our systems or theft of information can affect our financial condition, disrupt operations |
Mitigating actions |
|
Category | Environmental |
Description | Climate change brings with it threats with increased coastal, pluvial and river landslides, heat waves, droughts, extreme temperatures, and fires. |
Impact | Climate change could damage our infrastructure, disrupt our operations, increase maintenance costs, and cause risks to the physical integrity and health of our employees. Likewise, the transition to a low-carbon economy would have other risk factors associated with it that must be managed. They are mainly public policies, technology, and the market. |
Mitigating actions |
|
**The data shown on this page corresponds to Aleatica Mexico**
