Risk Management at Vale

by Andrea Almeida, Head of Global Risk Management, Vale

Vale has been showing strong growth through its big pipeline of projects and some acquisitions. In 2004, the company decided to implement a risk management strategy that should encompass the integrated view of risks for the company including market, credit and operational risks. The decision to implement such strategy was in line with the goal to become one of the top leaders in the diversified mining business.

Vale is exposed to all possible kinds of risk. All the changes in the portfolio of assets over time and in the market place environment brought more volatility to its cash flow and this was one important driver to the development of the risk management practice and culture at Vale. Besides that, compliance and increased transparency on corporate governance were the other objectives to implement the risk management strategy.

The changes in governance

In 2005, the process of building the risk management governance to support the risk management activities started. The bylaws of the company were changed to incorporate as a responsibility of the board of directors the approval of risk management policies, and the Executive Risk Management Committee was created to support the Executive Board (Executive Management Team) on decision-making. The risk management policy was approved and as part of the responsibility guidelines, the Board of Directors delegated the power of decision-making on risk management to the Executive Board. Continuing this process, the market risk management norm and a credit risk management norm (policy and procedure) were designed and approved by the board of directors. Some years later the operational risk management norm was also approved. These are the governance documents that support the risk management process, defining responsibilities between the risk management area and the other business processes at Vale.

Development of market risk stream

Market risk was the first focus of the risk management area, and the idea was to create a framework that would support decision-making in the company. The first important decision was the choice of the objective function of risk management, and there were three alternatives at the time: cash flow, earnings or value. The decision was made for cash flow, in line with the idea that the worst possible problem a company could face is the lack of cash to perform its obligations and invest in growth projects. Besides that, most of the decision-making in finance was linked to cash flow such as: the amount of funding needed to support the investment plan and the minimum dividend policy that Vale designed were based on cash flow, so this was somehow a natural choice.

Market risk was the first focus of the risk management area, and the idea was to create a framework that would support decision-making in the company.

Considering that cash flow was the objective function, the long-term cash flow model was built for Vale together with Strategic Planning and Finance areas. Information flow was crucial to this step, and strong interfaces were built with the areas that could provide us the best possible information to better plan the future actions. The second important step was to decide which risk factors would be covered under the risk management framework. It was impossible to consider all market risk factors, then there was a need to prioritise the ones that affected our cash flow the most. Sensitivity analyses were performed to see what would be the impact on cash flow of potential movements on each risk factor. After that the most important market risk factors were chosen and it was possible to build the cash flow at risk model for Vale.

To build the cash flow at risk model, the deterministic model was converted into a probabilistic one. Alternatives to generate the probability distributions for the risk factors were evaluated and at the end the use of historical volatility applied to Vale’s macroeconomic forecast was the best choice, considering also the correlation matrix of all market risk factors chosen in the model. The model was built and it was time to start using it to support decisions at the company. However, it was necessary to define what would be considered the risk appetite for Vale. Since 2000 Vale has oriented its financial strategy on actions that would support the company to achieve the investment grade level attributed by the international credit rating agencies. Considering that, risk management should propose the risk appetite for the company aligned with this goal. The decision was to use some financial ratios used by the rating agencies on their analyses to define the limits that we should observe on risk management. So the levels that were acceptable for those ratios were defined considering the rating agencies’ methodology for the mining sector credit analysis.[[[PAGE]]]

After that, decision-making, combining the market risk management model with the risk appetite for the company, started to take place.

Finance was one important interface area that conducted the decision-making process considering the risk management recommendations. The most important ones were focused in the debt risk profile, including the currency and interest rate mix that the company should look for and the average life of the portfolio of debt from a risk management perspective. Another important insight was the amount of committed bank facilities that Vale should put in place to face liquidity and refinancing risk.

A relevant change implemented was the decision on mitigation using derivatives or other kinds of financial structures considering the natural hedges in the portfolio due to the correlations between all the risk factors and the reduction on the cash flow at risk that those strategies could generate.

The next step: incorporating credit risk into enterprise risk management

The credit function was already set under the treasury department. After the implementation of the process, governance and methodology for the market risk function, the risk management team integrated the credit risk activities with the goal of building the enterprise risk management approach.

On the credit risk stream, the focus of the work is to evaluate the impact of a defaulting counterparty on Vale’s cash flow. There are two groups of exposures to be evaluated: credit risk exposure arising from our sales and from the financial instruments traded in the market. 

Commercial credit exposure
To deal with the first group of exposures we evaluate the industry, sector and each credit with which Vale might deal, in this case focused on clients and suppliers. At the end of the year, considering the annual sales forecast from the businesses, the maximum commercial exposure is calculated and submitted for the approval of the Executive Board, after the recommendation of the Executive Risk Committee, and will be valid for trades executed during the next year. This process allows budgeting for the maximum annual working capital costs due to credit concession.

Limits are set by sector and counterparty based on Vale’s rating methodology which takes into consideration the default probability, credit rating information, financial statements and historical payment records. When there is a need for more capacity than we can absorb, we might use mitigation instruments to transfer part of the risk to third parties. The most common instruments used at Vale are letters of credit standard and confirmed, credit insurance, mortgage and forfeiting with no recourse.

This process is supported by a credit risk system integrated with all marketing systems in order to guarantee that no credit sales orders are done without a prior limit approval and under the set of limits defined for the counterparties and sectors.[[[PAGE]]]

Financial credit exposure
This is considered the exposure Vale has with financial institutions whenever we enter into a cash investment or a derivative. This exposure is evaluated considering four elements: default probability, credit default swap spreads, credit ratings attributed by rating agencies and tier 1 and other financial ratios. 

To control and mitigate the exposure with financial institutions a credit limit is set for each counterparty, there is an exposure concentration index defined by risk management that must be observed and the weighted average of the portfolio of exposures have to be kept at a minimum investment grade default probability.

Figure 2  shows one of the reporting figures that risk management is responsible to issue to deal with financial credit exposures.

The last move: incorporating operational risk

The implementation of operational risk process was the last move on the goal of implementing enterprise risk management at Vale.

Operational risk process, like all risk management processes, was designed considering the guidelines of ISO 31000. 

Operational risk management for Vale encompasses the consistent and systematic process of assessing  and managing risks that could prevent the company from reaching its objectives. For the corporate areas, besides the general concept, we focus on the objective that is to guarantee that Vale will be able to release its financial statements and information to the market without any material weakness. This activity in the past was named internal controls and has a strong compliance focus. For the strategic planning and operations the process is broad and one of the most important objectives is to support Vale’s vision of becoming the biggest diversified mining company with excellence in its operations.

The process is focused on some building blocks:

• Perform risk assessment: this process is implemented through workshops with a multidisciplinary team where the methodology called ‘bow-tie’ is applied. This methodology demands that whenever a material uncertain event is identified, it must also identify the possible causes for its materialisation and the possible outcomes from this event. As example of  possible impacts from operational risk events, we have: business interruption, material damage, reputational damage, damage to the society, damage to health, injury or environmental damage. 
  On the analysis phase, we calculate the maximum foreseeable loss (MFL) – the worst plausible case scenario with no controls in place - and identify the controls in place that can reduce the impact and/or likelihood of each identified event. Considering the controls functioning as designed, the next step is to qualify the residual risk using a standardised risk measure based on Vale´s Risk Matrix described in the Operational Risk Global Norm.

 

• Define the risk management plans: if a certain event has a still high residual risk, during the workshop some action plans are considered to address the risk, and after some cost benefit analysis allied with decision matrixes, risk management action plans are set

 

• Monitor control effectiveness and follow up on the action plans: these activities are the most important ones. Sometimes management just looks at residual risk considering the controls in place working as designed, but if they are not properly executed we might have a higher risk than reported. Besides that, the action plans defined must be followed up to guarantee the risks at acceptable level.

 

• Testing: for the corporate areas, with the objective of reporting without material weakness, we do the testing to make sure that the controls are executed properly.

 

• Reporting: the top most important risks for Vale are reported to the Executive Risk Committee together with the action plans proposed to reduce their impact or probability.

[[[PAGE]]]

Vale believes that a standardised operational risk management helps increase the value of the company by better planning the future, reducing the likelihood and impact of some risk events, avoiding losses, transferring risk to third parties, setting aside provision for the residual risk retained by the company and supporting the benchmarking processes between the different business units. 

Building the future

As the processes of market, credit and operational risk management get more stable, we see the next steps for Vale in the direction of integrating the different risk dimensions analysis and supporting the decision-making process with constantly improving information. Considering the strong focus from the regulators and the whole corporate industry on risk management, Vale has been investing in this journey with the goal of improving its integrated approach to risk management and become the benchmark in this area. There are many next steps in this journey to the future, but Vale certainly will do its best to be recognised as one of the best actors in the marketplace.