Our Strategy
At Hindustan Zinc, the risk identification process includes identification and listing of plausible uncertainties or risks that may impact the achievement
of functional and business objectives or threaten the business continuity of the Company. Identified risks are classified as internal and/or external and categorised based on their nature or primary causes to enable effective evaluation and risk response.
The organisation is also driven by the firm belief that identification and evaluation of emerging risks too is crucial in the context of strategic planning, as critical assumptions taken into account during this phase may become invalid if such emerging risks materialises. To determine the relevant emerging risks, the organisation encourages employees to submit possible risks for review to the unit risk officers or the Chief Risk Officer (CRO), stay updated on industry
trends with leading industry publications, participate in sector-specific events and engage continually with the senior management to identify sectoral trends that may impact the organisation.
Our Approach
As per the requirements of the Companies Act, 2013 and SEBI (LODR), the Board has established an Audit and Risk Management Committee to oversee the implementation of the organisation’s Enterprise Risk Management (ERM) programme. The Company’s risk management framework has been developed in accordance with leading standards and guidelines: ISO 31000:2018 - Risk Management – Guidelines, Committee of Sponsoring Organisations (COSO): Enterprise Risk Management – Integrating with Strategy and Performance (2017), and aligned with the requirements of various regulations applicable in India.
Hindustan Zinc’s comprehensive risk management programme integrates enterprise risk, risk appraisal for capital expenditure besides mergers and acquisitions, project risks and crisis management. This programme ensures holistic and consistent risk management practices across the Company’s business activities. Hindustan Zinc’s risk management system is certified as per ISO 31000:2018.
Risk Governance
To ensure transparency and rigour in the monitoring of risks, the Company has established a three-tiered governance structure that covers risk oversight, risk
infrastructure and management, and risk ownership. The risk management governance structure has been established with reference to the Company’s organisational structure to ensure integration of the ERM process with management decision-making.
Hindustan Zinc’s risk function stands independent of other business processes and operations and serves to address risks throughout the organisation. The structural independence ensures objective and impartial monitoring and control of various risks, in the best interest of the entire organisation, free from the pressure of a potential conflict of interest arising from other business priorities.
All risk management initiatives are driven by the CRO who advises the Board and the Audit and Risk Management (ARM) Committee on existing and emerging risks.
The Board of Directors is responsible for overseeing the implementation of risk management protocols. They are also responsible for approving policies that address high-risk areas and ensure that these policies are consistent with the Company’s risk appetite. The ARM Committee is the highest responsible Committee for the review of risk management practices and apprises the Board of risk management in the Company. The Committee comprises three Independent/Executive Directors with risk management experience.
The Management Committee (ManCom) includes risk management matters in its agenda and ensures that identified risks are adequately mitigated in a timely manner.
The CRO is responsible for:
- Translating the strategic direction set by the Board into appropriate policies and procedures and establishing an effective means of executing and implementing these policies
- Communication of serious risk management matters and presentation of enterprise-level critical risks to the ManCom for its review followed by a review by the ARM Committee
The CRO is also responsible for overseeing risk management activities at the operational level. Each unit has an assigned unit risk officer who undertakes
responsibility for the reporting of unit-level risks to the CRO. Unit risk councils are convened every quarter by the unit risk officer to review unit-level risks and response plans.
The head of internal audit undertakes the responsibility for monitoring and auditing of risk management performance in the organisation. He also provides an independent assurance that practices are consistent with the Company’s risk strategies and policies. The head of internal audit provides a report to the management assurance system head at the corporate level.
Risk Management Framework
The risk management framework provides a rationalised approach to identify, discuss, measure and manage vital opportunities and risks that the enterprise faces. It details the guidelines to enable business units and corporate functions across the Company to manage risks, while pursuing the Company’s strategy.
Risk Appetite and Tolerance
Risk appetite and tolerance limits are defined for the Company to objectively evaluate its risk-taking ability and thereby assess and measure the identified risks. The Board determines the risk appetite for the enterprise. Risk appetite describes the risk the Company is willing to take to pursue its business strategy, while risk tolerance represents the practical application of risk appetite and operationalises it using quantitative metrics. The impact scales, based on a numerical representation, helps to assess the impact of any risk across a 5-point scale. A risk impact of >10% on projected EBITDA (breach of risk tolerance) corresponds to the maximum risk impact score of ‘Very High’ or ‘5’.
Risk Categories
Alignment of the risks based on World Economic Forum assessment categories:
Cyber, Information and Technology
Risk Assessment
To effectively assess risks, risk owners first detail the causes, and the associated impact of each risk. Based on the identified impact, the potential value at risk in qualitative and quantitative terms is assessed and mapped against the impact assessment scales developed for the organisation. The impact, likelihood, and velocity of each risk is calculated based on potential future impact and historical occurrence of similar incidents and rated on a 5-point scale. Based on the scores defined, the risk score is calculated to identify the criticality of the risk and ensure prioritisation of the risks.
We identify and assess the strategic and financial impact of all risks through a formal monitoring process at the unit and corporate levels. This helps to recognise and classify the existing and emerging risks and opportunities into different categories. These risks are prioritised based on the frequency of occurrence or recurrence, and the degree of their impact on revenue and cost, including the potential of a risk to disrupt our primary operations.
Risk Identification
The risk identification process includes recognition and listing of plausible uncertainties or risks that may impact the successful achievement of functional, organisational and business objectives or threaten the continuity of the Company’s business.
Emerging risks may be known, but the probability or potential impact of any new or unforeseen risks may not be fully known. Emerging risks are those that have a limited response plan given the nature of the risk. Such risks may become a part of the risk register in future.
Active participation of employees within the Company is encouraged in the risk management process to enable early identification and understanding of emerging risks.
Further, discussions with key stakeholders such as customers and suppliers may also provide important insights into the risks they face, that may ultimately
create risks for the Company. These discussions are supplemented through periodic surveys and risk assessment. A careful understanding of regulatory
and legal requirements helps in anticipating potential risks and the events that typically precede the emergence of such risks.
Risk Analysis, Evaluation and Prioritisation
Risk analysis or risk assessment involves the understanding of causes, the positive and negative impacts of such causes, the likelihood of occurrence, the potential impact and velocity or the time taken for impact since occurrence of the risk. The impact likelihood and velocity are rated on a 5-point scale and basis the ratings, the risk score is calculated. Risk analysis provides an input to the management to prioritise risks based on the risk score and apply appropriate response strategies to manage risks.
Monitoring and Review
Risks must be monitored and tracked periodically so as to comprehend the risk dynamics based on any changes in the Company’s strategy or environment. Continual monitoring would ensure the Company’s agility to respond to any change in circumstances and promptly implement the necessary controls and actions within time.
Hindustan Zinc has implemented SAP’s Governance, Risk and Compliance (GRC) risk management module.
The SAP risk management module has various features to enhance the risk management process:
- Workflow-based process for risk submission, assessment and mitigation planning to ensure employees can submit risks for approval at senior levels
- Automated assessment of risks based on inputs relating to ‘value at risk’ and ‘profitability’ of occurrence
- Stress testing and sensitivity analysis conducted using scenario modelling and simulations through a ‘what-if’ analysis and techniques like Monte Carlo simulation – to predict a range of possibilities and outcomes for an uncertain event
- Automated key risk indicator (KRI) monitoring
- Automated notifications for triggering of assessments, breach of KRI and pending activities along with relevant escalations
SAP risk management will be used for all risk management processes to ensure greater control over the monitoring of risks, implementation of mitigation strategies, occurrence of risk events and reporting to senior management and the Board.
An external audit was conducted by a certification body for getting the Company’s risk management certified as per ISO 31000:2018. For continuation of this certificate, an external surveillance audit will also be conducted on an annual basis. An internal audit of the risk management process was conducted during the year.
Risk Culture
We believe it is important for an organisation to be imbued with a culture of proactive risk management. At Hindustan Zinc, we foster such a culture through continual and sustained initiatives aimed at creating awareness, discussing risk mitigation and encouraging risk-focussed discussions across our hierarchy.
Some of the key elements and policies that further propagate risk-awareness include:
Financial Incentives
- Risk management and mitigation linked to key performance indicators (KPIs) of senior management. Other employees encouraged to commit to and participate in risk management activities
- Annual financial incentives related to the outcome of KPIs and active participation in risk management activities
Risk Education and Training
- Regular training and education sessions on identification, resilience planning and mitigation of various risks that the Board may deem necessary for attention, conducted for senior management. The ARM Committee members who are a part of the Board have been familiarised with the risk management process through individual training sessions
- Workshops conducted with directors to provide an overview of risk management practices and seek inputs on areas that could be enhanced
- Regular meetings and workshops held on risk management topics at various levels (specific teams, units, corporate) to strengthen risk intelligence across
the organisation
- Circulation of emails on specific risks to generate awareness
HR Review Process
- Employee’s individual performance linked to KPIs such as those related to sustainability factors, safety, risk and compliance including proactive reporting
of risks and timely completion of risk management/action plans based on timelines defined on the digital portal, etc.
- Risk recognition based on innovative risk management solutions; identified and implemented
Risk Identification and Disclosure
- Risk reporting is considered a responsibility of all employees
- Unit/corporate risk officers assessing risk at each unit/location, have been designated as a single point of contact for employees to report risks
- Risks are uploaded onto a digital platform through which proactive monitoring and reporting of risk indicators/risks is done
Vendor and Supplier Related Risk Identification
- Robust process in place to identify and mitigate vendor and supplier-related risks, to ensure that the production process is not impacted
- Regular review of KPIs and regular vendor/supplier engagements undertaken to discuss emerging or potential risks
Periodic Improvements in Risk Management Practice
- Progressive enhancement in risk management processes and response action plans
- Quarterly risk review meetings convened by unit risk officers to review existing risks and deliberate on new risks identified with unit level stakeholders
- Teams across hierarchies are encouraged to report any type/category of risk through online reporting platforms (including escalation windows) accessible to them
Risk Appraisal for Capital Projects
- The 3-step process for capital expenditure risk assessment is performed prior to approval of both payback and non-payback projects. These include projects for new product development
- Capex projects undergo a mandatory risk assessment by the project team to highlight critical project risks
- All growth projects, unbudgeted capex for non-payback projects and sustenance payback projects above a certain threshold undergo a mandatory risk assessment by the central risk team
To ensure the continual strengthening of our risk mitigation and management framework, we clearly define risk management targets and indicators as part of our risk scorecard. Further, performance evaluation is undertaken at the management and higher levels on a regular basis.
Principal and Emerging Risks
Fire incidences at operational site may endanger life and damage property and equipment on site.
Mitigation Plans
- Fire extinguishers and suppression systems have been installed at different locations; fire fighters and rescue teams are available 24x7
- Barriers and protection equipment including multipurpose tender, hydrant points, sprinkler systems, CO2 flooding systems, foam pouring systems, liquefied petroleum gas (LPG) sensors are in place to avoid aggravation of fire incidents
- Continual exploration of solutions is underway such as new-age fire fighting vehicles, powder-based and foam-based auto fire suppression system, fire hydrant line, early fire detection system for conveyor, fire banks, fire walls in existing equipment, conveyor belts in mills and underground diesel handling stations and sub-stations in underground mines
- Planned enhancements of fire safety mechanisms such as alarms, sensors and nitrogen purging systems to prevent fire-related accidents in smelters
- Fire safety training and awareness programmes, standard operating procedures (SOPs) and fatality and serious injury prevention plan (FSIPP) in place for all workers at all locations
Structure or equipment failures (acid tank collapse, smelting furnace failure, roaster dome collapse, and shaft failure) due to high wear and tear, ageing of asset and improper/inadequate maintenance may lead to injuries, fatalities, and operational disruptions.
Mitigation Plans
- Defined SOPs for permissible limits and usage of plant equipment
- Planned maintenance shutdown for repair and replacement of ageing/malfunctioning parts
- Upgradation, repair and redesigning of existing equipment in mining and smelting sights
- Replacement of older equipment with latest and more robust equipment – design and material of construction (MOC) enhancements, safety enhancements and corrosion resistance
- Planned implementation of remote-controlled operations to reduce manual intervention in structures such as acid tanks
- Use of digital initiatives for real-time analysis of indicators for degradation of equipment and use of distributed control systems for process parameter monitoring
Non-adherence to safety protocols and errors in judgement by employees/contract workers (man-machine or machine-machine interactions, electrocution, fall from height, explosives handling) may lead to injuries and fatalities.
Mitigation Plans
- Implemented critical control management i.e., FSIPP across all sites to identify high risk hazards; hazard identification and risk assessment framework in place to identify work-related hazards and assess risks on a routine basis
- Investment in digital technologies such as proximity sensors for heavy earth moving machinery (HEMM), CCTV surveillance, automation and remote operations in mines, mills and smelters, and installation of proximity warning and anti-collision system to prevent machine-machine and man-machine
interactions
- Upgradation and replacement of outdated systems and equipment
- Implementation of critical risk management (CRM) across all operations
- Equipment and machinery trainings conducted for business partners. Safety trainings conducted on a monthly basis and lifesaving rules (LSR) in place
Fall of ground (FOG) due to poor geotech conditions or heightened seismicity may lead to fatalities, loss of assets (damage to shaft and equipment) and operational disruptions.
Mitigation Plans
- Micro-seismic monitoring established at mines for monitoring of underground seismicity
- Critical control management plans such as FSIPP implemented across all sites to identify high risk hazards; safety trainings conducted on a monthly basis
- Adherence to ground control management plan (GCMP) to ensure structural stability of mines while continuing mine development
- Regular inspection, damage mapping, timely rehabilitation and advance footwall drive cable bottling conducted in mines
- Annual structural stability review and implementation of recommendations as per structural stability report (SSR)
- Planned implementation of new-age solutions such as tele-remote operations of the loaders and drill machine for production and development
- Upgrading of skills of geotech engineers to be initiated
Collapse of tailings dam due to overtopping of tailings, accumulation of water during excessive rainfall, increased tailings with failing ore grade from mines and land acquisition issues to increase tailings dam height.
Mitigation Plans
- Implementation of dry tailings technology and engagement with expert agencies for suggestions on the same
- Conducting tailings dam structural stability study every two years
- Continual geotech monitoring to identify abnormal pressure in embankments
- Regular reclamation and evaporation of water from tailings dam
- Construction of additional reservoirs to hold excess water and free tailings dam from water; procuring new land for installing tailings dam
Exposure to sulphuric acid fumes and hazardous gases such as CO, Pb dust, metal dust, SO2, chlorine, propane.
Mitigation Plans
- Inspection of structures with internal and external structural integrity audits
- Installation of online monitoring sensors for hazardous gases like chlorine, LPG, SO2, etc. in all smelters, work zone monitoring (cameras) and personal monitoring (sensors) to monitor leaks
- Installation of air filters in all the equipment which has the potential to cause harmful emissions exposure, and implementation of mechanisms like tail gas treatment (TGT) to reduce emissions of poisonous gases
- Use of personal protective equipment (PPE) by employees including gas masks, eye protection and gloves during operations
- Investments in new technology such as powered air purifying respirators (PAPR); equipment for manpower and auto cut-off system for chlorine tonner leakage
Non-compliance with regulatory norms on emissions (SOx, NOx, PM), waste management (hazardous waste, jarofix) and effluents.
Mitigation Plans
- Mechanisms in place for tracking and monitoring compliances and norms in the mining and smelting industry
- Investment in new technologies to minimise emissions and waste generation from mines and smelters
- Waste management techniques such as stacking of dry tailings in place of wet disposal
- Upgradation and installation of new systems in order to be compliant with statutory licence – new dust extraction system at mills, crusher revamping for mill and installation of additional waste-water treatment facility at locations
Adverse changes in London Metal Exchange (LME) and London Bullion Market Association (LBMA) prices may impact profitability.
Mitigation Plans
- Hedging strategy implemented as per hedge policy to maintain monthly average LME price on shipments
- Drive lower structural costs via focus on efficiency and negotiate with customers for higher premiums
- Implementation of strategy to enhance domestic market share
- Plans to introduce go-to-market changes via e-commerce platform to move 100% sales to online platform
- Treatment plant of minor metals for better metals’ recoveries to be set up
Social discontentment, agitations, public protests and disputes.
Mitigation Plans
- Initiatives in place to actively engage with and develop communities around operational sites such as skilling initiatives, grievance mechanisms, distribution of clean water, etc.
- Established network with law enforcement and local administration
- Monitoring the local ecosystem for potential discontentment in the community
- Established crisis communication protocol and escalation matrix for crisis response
- Augmented security measures at gates and critical/vital installations
Cyber-attacks (malware, phishing, ransomware) and security breaches of IT/OT systems and loss of confidential/sensitive data (UPSI, generation data, PII).
Mitigation Plans
- Incident Response, Security Information and Event Management System (SIEM) implemented to support threat detection, compliance, and security incident management
- Third party risk management controls such as TPRM and cyber insurance in place
- Accredited with ISO 27001/27701/22301/31000
- Compliance with the organisation’s data classification policy; implementation of data loss prevention (DLP) mechanisms such as email DLP, endpoint DLP and monitoring besides cloud proxy solution
- Confidentiality agreements in place with vendors to protect against data leakages
- Ongoing implementation of systems to ensure data protection as well as security of critical systems and applications
- Periodic training/workshops/seminars conducted for employees on organisation policies and measures for IT security protocols
Risk Domain
Cyber, Information
and Technology
Volatility in commodity prices of coal, supply shortages (critical spares, HEMM equipment, explosives, fuel) and supply chain disruptions in availability
of shipping freight, railway rakes, etc. due to geo-political issues, dependency on critical vendors and infrastructure constraints.
Mitigation Plans
- Coal: Very strong vendor base of direct coal miners, long-term and sufficient fuel supply agreement with Coal India subsidiaries to cover 30% coal requirement and safety stocks maintained for six months. Alternate fuels like lignite and biomass are being used and power plants are being modified to increase domestic coal consumption
- Explosives: Long-term contracts with big explosive suppliers are in place and there is growing engagement with alternate vendors for supplies
- Tyres: Development of alternate vendors and R&D projects for optimising the operating life of tyres
- Exploring increasing engagement with new vendors to mitigate shortage of coal and other supplies
Inundation of mines due to excessive rainfall and failure of dewatering equipment.
Mitigation Plans
- Dewatering systems installed at all the mines and dewatering arrangements and stand by pumps installed at all sumps. Spare pumps in place for backup
- Automation of dewatering pump systems to increase efficiency
- Periodic identification done for high-risk surface and underground flooding zones
- Systems being developed for dewatering and proper establishments of curtains around water bodies encountered underground
- Initiatives to undertake hydrology study to identify possible water bodies
Social &
Relationship Capital
Apart from these principal/critical risks mentioned above, we have also identified a total of 155 other risks which fall into categories of severe, moderate and acceptable as per their risk scores. Some of these risks identified are climate change, water management, talent management, etc. which fall in the category of severe to moderate based on the risk impact, likelihood and velocity. We understand that these risks may tend to become critical risks in the future and therefore, we have already started implementing mitigation actions to manage these risks.
Emerging Risks
We define an emerging risk as one that may become a top risk in time but is not expected to materialise in the next five years. Emerging risks that are currently being monitored are:
Emerging Risk 1
Geo-economic constraints imposed on foreign importers such as proposed cross-border climate change regulations
and trends which may impact future sales, profitability and growth
Description
- Increasing focus on climate change abatement regulations globally such as the EU carbon border adjustment mechanism (CBAM) applicable from October
1, 2023 that proposes a tax of 25%-30% w.e.f. 2026 on steel and aluminium imports from foreign suppliers with high carbon intensive production processes
- While EU businesses may choose to pass costs up or down the value chain, the EU CBAM means that many EU importers will be charged a carbon price on their Scope 3 emissions – emissions resulting from theactivity of a different business
- The aim of the tax is to level the playing field between domestic and imported goods from non-EU countries and preventing ‘carbon leakage’ by ensuring that imported goods do not have an unfair advantage due to weaker climate policies in their countries of origin
- The tax is expected to be extended to all other products imported into the EU by 2034. Implementation of similar regulations is being planned by countries such as US, Japan and Canada
Impact
- The export of Indian steel to Europe may be majorly impacted and as zinc is a key product in steel manufacturing (used for galvanisation) this may directly impact the demand for zinc, driving the cost per unit as well as premiums for zinc downwards, and thereby impacting zinc revenue and EBITDA from zinc
exports to the EU
- As zinc is a carbon-intensive industry, these tax mechanisms could be extended to zinc too. Imported zinc may not be as competitive as domestically
produced zinc in the EU (as a tax on foreign zinc will increase price) and this may impact demand for foreign zinc, thereby driving down prices
- Increase in costs for steel/zinc producers outside the EU to maintain compliance with the climate policies set by the EU
- Increase in internal costs for zinc producers that may be pressurised to reduce their carbon footprint in order to be competitive in the market
Mitigating Actions
- Exploring opportunities to export to markets other than countries that have levied these taxes
- Transitioning towards renewable energy in our operations – producing more green products like green zinc – will help Hindustan Zinc meet the growing
emissions targets set by different countries
Emerging Risk 2
Failure to achieve interim target to reduce GHG Emissions by 14% by 2026 and reach net-zero by 2050
Description
- Hindustan Zinc has set a long-term target to reach net-zero emission by 2050, and also an interim target to reduce greenhouse gas (GHG) emissions by 14% by 2026
- To achieve this, the Company will be entering into a long-term captive renewable power development plan, for which a large investment has been planned.
Investments have also been made to turn mining operations environment-friendly
- Cost of implementing new technology and renewable energy on such a large scale is high and requires sustainable funding
Impact
Not meeting the promised targets may have consequences such as:
- Reputational damage to the Company
- Loss of investor confidence due to questions on the Company’s ability to manage its operations effectively
- Regulatory and legal risks such as action against companies that fail to meet their net-zero targets, such as imposition of fines or revocation of licenses
- Potential loss of future business opportunities from environmentally conscious consumers or business partners
- Increased operational costs due to increased carbon taxes or higher energy prices associated with carbon-intensive processes
- Continued physical impact of operations on the environment and overall, on climate change
Mitigating Actions
- Conducting GHG emissions inventory to understand the source and quantum of emissions
- Initiatives for quicker adoption of renewable energy
- Better energy efficiency by increasing operational efficiency, such as using more efficient equipment, optimising production processes and reducing waste
- Engaging with stakeholders including employees, customers and local communities, to raise awareness about environmental commitment and encourage
support for efforts to reduce emissions