Risks reported to the company’s Board of Directors

One of the company’s biggest risks, and the biggest risk where society is concerned, is a severe disturbance related to the functioning of the power system, leading to a regional or Finland-wide loss of electricity supply. Extensive disturbances to the power system can be caused by a technical malfunction, an extreme weather event, human error, an accident or vandalism. The consequences of a major disturbance are the paralysis of society’s functions and major damage to Finnish business and industry. For Fingrid, a prolonged major disturbance may result in revenue losses or direct costs amounting to several million euros. The harm to the national economy may even be as high as several billion euros.

Major disturbances are prepared for through grid investments and reserve power plants and by keeping information systems up-to-date. In accordance with the N-1 planning principle, the main grid is prepared in every situation to withstand any individual fault without significant regional impacts on electricity transmission. Alternative methods for restoring the grid voltage are continuously developed. The real-time control of the power system, the clear responsibilities of the company’s employees in the event of a major disturbance, personnel’s competence, and deputy systems are an important part of disturbance management. Expedited disturbance clearing is prepared for by means of regular major disturbance training exercises – most recently in the ‘Jäätyvä’ training exercises organised in the cities of Kuopio, Lappeenranta, Turku, Oulu and Seinäjoki, and the surrounding regions; more than 1,000 people took part in the exercises. Fingrid has participated in the training exercises on an operational level and has also played a key planning and leadership role. Fingrid limits its financial claims liability in all cases of disturbances through contracts and insurance policies.

Grid operations are a regulated business that is overseen by the Finnish Energy Authority. Regulation may develop unfavourably due to changes in the EU’s network codes, significant tightening of financial or other regulation, an official decision that prevents Fingrid from reaching its goals, or gross negligence on the company’s part. Financial regulation directly impacts shareholder value, financing and credit ratings. Negative regulation related to the environment, the company’s operations or technology may hamper the company’s operations or prevent investments. Significantly stricter regulation of electromagnetic fields, for example, may entail major costs in building and maintaining the transmission grid.

Fingrid actively monitors the development of regulation that concerns the company and broadly collaborates with stakeholders. Fingrid proactively participates in regulatory reporting and working groups while simultaneously promoting stakeholders’ and decision-makers’ understanding of grid operations. Through proactive and open stakeholder co-operation and communication, the company can influence the development of regulation in a positive direction.

The company’s status as a monopoly in capital-intensive grid operations may create conditions in which the level of sustainability and ethics of the operations begins to deteriorate. This may emerge in the form of disregard for sustainability requirements, arrogance and other unprofessional behaviour, for instance in procurements, and may therefore also impact the company’s external operations.

Responsibility is one of the company’s values, and developing sustainable operations and managing Environmental Social and Governance (ESG) matters have been integrated in the company’s strategy and its operational implementation, including risk management. With that as the starting point, stakeholders are also informed of the company’s sustainability targets and results in accordance with the Global Reporting Initiative (GRI)  practices adopted over the years. Sustainability is promoted, for instance, as follows:

• every Fingrid employee makes a commitment to work in compliance with the company’s Code of Conduct, which is approved by the Board of Directors and reviewed annually and is based on the United Nations’ Global Compact initiative and principles guiding business operations and human rights,
• as a company, Fingrid is committed to the UN Global Compact initiative’s principles on human rights, labour, the environment and anti-corruption,
• managers and the entire work community ensure that behaviour is in line with the Code of Conduct, and this is supported through online induction to the Code of Conduct,
• a confidential reporting channel managed by an independent third party is available if a breach of the Code of Conduct is suspected,
• we also require all contractors to comply with Fingrid’s Supplier Code of Conduct, and we monitor their compliance based on risk assessments.

In concordance with the Code of Conduct, employees are required to take separately specified perspectives into account in order to ensure that there is no bias or conflict of interest in commitments and in preparing other matters; this applies equally to individuals who are directly involved in such preparations and related parties.

When representing the company, entertaining and giving or receiving business gifts, employees exercise reasonableness and take the company’s interests into account. The company does not accept or give gifts or special recognition that may lead to a co-dependent relationship or the expectation of a favour in return. A reasonable amount of hospitality is part of normal business practices. Business gifts given to or received from representatives of stakeholders must be of conventional value.

In the multi-year coaching programmes aimed at the entire organisation, fostering a healthy corporate culture and operating responsibly in line with the Code of Conduct in everything the company is involved in is an important part of the overall programme. The trust that personnel and stakeholders feel towards the company is measured annually.

Fingrid’s Corporate Social Responsibility (CSR)-compliant operations and targets are described more broadly in the Sustainability section of the Annual Report and summarised in the Report of the Board of Directors.

Serious accidents are linked to the electrical safety of the transmission grid, especially in connection with construction and maintenance work. Causes that can result in a realised risk include human error or an accident close to live components, an error in construction work, damage or vandalism to live structures, and carelessness. Accidents can result in bodily injuries or, in the worst-case scenario, death. Workplace accidents may cause local interruptions of electricity supply or interruptions of work.

The safety of the transmission grid is systematically improved by promoting safe ways of working and by developing technical solutions, work methods, skills and communications, and by increasing risk awareness. A multi-year occupational safety development project with a vision of zero accidents is currently in progress. The project is made up of several sub-projects, such as renewal of the safety management system, further developing the existing occupational safety mobile reporting, clarifying the contractual terms and conditions pertaining to safe operations and imposing sanctions on deviations. The financial impacts of accidents are limited by means of non-life and liability insurance policies.

Fingrid’s assets may be subject to significant damage, for instance, equipment or power lines may fail beyond repair. The permanent technical failure of the main grid, a reserve power plant or a submarine cable may result in considerable financial losses. Damage may also be the result of extreme natural phenomena or vandalism. Asset damage may cause direct or indirect electricity transmission disruptions, or hamper or prevent maintenance management. This could result in significant disruption to the electricity markets.

Asset damage risks are managed through grid safety planning, geographical diversification, preventive maintenance management, detailed specifications for and quality control of projects and maintenance management, and by using proven technology and suppliers with extensive expertise. Risks are also managed by procuring the appropriate insurance policies for key grid components, power lines, transformers, submarine cables and reserve power plants.

Network security and cyber-attacks against the company are the most difficult information security risks to manage. Cyber-attacks may consist of denial-of-service, the use of malware, stealing or destroying data or, in the worst-case scenario, paralysing or misusing IT systems or their components. Such events may partially or completely paralyse Fingrid’s operations. If a critical information system is inoperable, this may lead to the long-term loss of the data transmission or monitoring systems required to manage the electricity system and, as a result, disrupt the operations of the main grid or the electricity markets, or hamper or entirely prevent the management of the disturbance.

Risks are managed by maintaining sufficient and solid in-house ICT expertise. The ICT environment has been assured with respect to equipment, systems, hardware facilities and data transmission paths. The critical systems have dedicated continuity plans, instructions and assurance procedures to ensure continued operations in exceptional circumstances. The impact of network security threats on the company’s operations is monitored regularly. Preparedness and the development of technical solutions are assessed jointly with information security authorities, educational institutions, service providers, Nordic TSOs and to an increasing degree also the European Network of Transmission System Operators for Electricity (ENTSO-E). The management of cyber-attack situations is rehearsed and reviewed regularly, including carrying out Red Team attacks. Fingrid continuously measures the entire personnel’s vigilance with simulated email attacks.

Reasons for a technically incompatible, unnecessary or poorly timed investment may be, for example, unforeseen changes in energy policy targets, in social acceptance, in the general economic situation and in electricity consumption and production structures. Further causes include delays in the permit process, lack of resources, or a long-term strike. Poor capex timing may significantly increase the company’s costs incurred from grid projects and the management of transmission operations. Capex programme delays also have adverse impacts on system security management and climate goals.

Investment risk is managed through a long-term project programme, in which individual projects aim for comprehensive transmission capacity, electricity market, technology, maintenance and operational benefits, which reduces the impact of a single risk factor. The grid vision for Finland, covering roughly two decades, serves as the foundation for the investment programme’s and the company’s financial planning. The programme has additionally been built such that permit matters that have a decisive effect on the implementation of the projects, for instance environmental impact assessments, are frontloaded before the actual investment decision is made. Grid planning draws on planning co-operation with customers and the TSOs of neighbouring countries, and the objective is to create the most sustainable estimates of both future transmission needs and any related uncertainties. Promoting grid investments on the EU-level and advocacy in grid planning in the Baltic Sea area also affect national grid investment decisions. The risks related to individual investments are addressed in connection with investment decisions.

A planning or service error or technical inoperability in Fingrid’s business operations may have considerable adverse impacts on customers and, in the worst-case scenario, may place Fingrid in a position of being liable for damages.

The risk is managed through excellent and reliable customer service and through a well-functioning contract system and insurance policies. Developing a customer operating model and measuring its results, close interactive co-operation with customers and the company’s published Code of Conduct are means of ensuring successful co-operation.

A poorly functioning electricity market is a significant risk for Fingrid and society; such a risk may be a consequence of, for example, a disturbance in the calculation of market prices or a long-term shortage in electricity transmission capacity. The reasons that may lead to the materialisation of this risk also include inconsistencies in regional energy policy and market-distorting state subsidies. Poorly functioning electricity markets directly reflect on Fingrid’s operations by making it increasingly difficult to balance demand and supply. Direct costs may result from complications in procuring loss power on market terms or from such procurements being prevented altogether.

The risk is mitigated by long-term development of the transmission grid according to the electricity markets’ needs and by ensuring the continuous operational efficiency of the grid through effective maintenance management, operation control and transmission management. Other means for managing this risk include the development of market rules and operational practices in international co-operation.

Fingrid always strives to give the electricity markets as much transmission capacity as possible. Disturbances, restrictions and outages in transmission connections may cause regional price differences in the electricity markets and, in turn, financial harm to customers and society. Short-term bottlenecks in transmission capacity are balanced or removed entirely through countertrades, i.e. typically by trading to decrease production on the surplus side of the bottleneck and by matching trading to increase production on the deficit side. Countertrades can take place either within the country or across borders with Sweden and Estonia. Annual variations in the volume and price of countertrades are considerable and depend largely on the Nordic power production situation and the grid’s operational situation, as well as on the volume and duration of disturbances.

Risks are managed by developing the transmission network and cross-border transmission connections for the long term and by means of good operational planning with the TSOs of neighbouring countries. Effective utilisation of technical best practices and building a third cross-border transmission connection to Sweden will mitigate transmission capacity problems. In recent years, Fingrid has also targeted efforts in risk-based maintenance for the current cross-border transmission connections and the entire grid, which reduces the number of outages that increase the counterparty risk.

Reserves procured for the purpose of power system management represent one of the company’s most significant cost items. The procurement of various types of reserves is linked to both market risks and uncertainty caused by a change in the production structure. As a consequence of the changes in the production structure, there will be increasing pressures on the amount and cost of reserve procurements in the coming years.

The reserves needed to control costs will be procured on market terms to the extent possible. The company actively participates in the development of the Nordic reserve markets and monitors their operations.

For transmission losses, the company must procure a corresponding volume of loss power from the markets. The required volume of loss power varies hour to hour, and its price is market-based.

Fingrid hedges its loss power purchases against price risk through electricity futures. The service provider chosen by the company implements price hedging in line with Fingrid’s instructions. The purpose of price hedging is to reduce the effect of volatility in market prices on the loss power procurement costs and to provide adequate predictability in order to keep the pressures to change transmission fees moderate. The price-hedging instructions are not tied to the underlying market situation. Fingrid’s loss power risks and other commodity risks are described in more detail in the consolidated financial statements.

The development of long-term interest rates on the money markets is considered to be the most significant interest rate risk and exposes the company to a so-called regulatory interest rate risk. This arises from the interest on Finland’s 10-year government bond, which is included in the average return on capital (WACC) defined by the regulatory model for the company and determines the risk-free interest rate used to calculate the return rate for the next calendar year. As the bond interest rate falls, the rate of return defined by the regulatory model and next year’s allowed return consequently decrease. As the interest rate rises, the allowed return grows.

Fingrid is exposed to liquidity and refinancing risks arising from the upcoming loan maturities, payments and fluctuations in cash flow from operating activities. A risk is considered to be a situation where the company cannot obtain debt financing or the price of debt financing increases substantially on the debt and money markets due to an extended disruption. Financing risks also include sudden interruptions in payment transactions.

The refinancing risk is offset by efforts to keep the company’s credit rating high and by creating an even maturity profile for the debt programme. Fingrid obtains debt capital diversely and from various sources. Liquidity is managed by maintaining a sufficient amount of low-risk financial assets and through short-term financing, for example, by issuing commercial papers, and through overdraft facilities. Solvency is secured with long-term committed credit lines and revolving credit facilities.

Counterparty risks may arise, for example, if a customer defaults on a payment or if the financial situation of the company’s service or equipment supplier deteriorates. Derivative or investment counterparties also form part of the business’s counterparty risks.

The counterparty risk related to the obligations of parties that have a contractual relationship with Fingrid is limited contractually, through security arrangements, by defining limits and by regularly monitoring the financial position of the counterparties. For all significant commitments, a formal process is used to

• verify the eligibility of the participants,
• review the contractual distribution of risks,
• verify the counterparty’s financial position and ability to meet its contractual obligations, including the responsibility obligations set by the company,
• ensure that the counterparty is not on a sanctions list that prohibits entering into a contract with Fingrid and
• ensure that the counterparty is not subject to or imminently subject to legal proceedings or regulatory procedures that may prohibit entering into a contract with Fingrid.

Non-compliance may be the result of ignorance of or disregard for the applicable legislation or other regulations, operating principles or standards that the company or its personnel are bound to. There is also a risk that as regulation changes, the company’s operations no longer comply with the changed requirements. In terms of repercussions, the most significant recognised risks are related to non-compliance with the Regulation on Wholesale Energy Market Integrity and Transparency (REMIT), the Market Abuse Regulation (MAR), and the General Data Protection Regulation (GDPR), as well as obligations related to debt programmes, such as sanctions, money laundering and corruption, and public procurement legislation. In addition to financial losses, the consequence may be a loss of reputation or a loss of trust, either internally or externally, towards the company.

Fingrid complies with market regulations and other regulations, Nasdaq Helsinki Oy’s insider guidelines, and the UK’s Financial Conduct Authority’s (FCA) and the Financial Supervisory Authority’s (FIN-FSA) up-to-date guidelines on the governance and management of insider information. Fingrid has in place the company’s Board-approved insider guidelines and related party principles. In addition, company-level guidelines are maintained to ensure that there is no bias or conflict of interest in commitments and in preparing other matters. The development of regulation that concerns the company is actively monitored. Employees are given guidance and training, and the relevant supervision practices and reporting are specified as required by the changes. Sustainability reviews and monitoring of the supply chain are systematically developed. Sustainability and other good governance requirements and objectives are an integral part of developing the corporate culture.