Risk and Crisis Management

 

Risk and Crisis Management (GRI 3-3)

Importance and Mission of Risk Management

The Company recognizes the importance of risk management and preparedness for potential crises that may arise from business operations, including changes in economic conditions, government policies, volatility in energy prices, and rapid technological advancements, as well as environmental, social, and governance (ESG) risks. These efforts aim to ensure the stability and long-term sustainability of the Company’s business operations.

In addition, the Company has established a Crisis Management Plan and a Business Continuity Plan (BCP) to enhance preparedness for emergencies or unexpected situations in a systematic and timely manner. The objective is to minimize potential impacts and damages, while supporting recovery and enabling operations to return to normal effectively. Risk and crisis management therefore serve as key mechanisms in building confidence among shareholders, investors, suppliers, employees, and all stakeholders, and form an essential foundation for supporting the Company’s stable and sustainable long-term business growth.

and Referenced Standards

The Company places importance on establishing a systematic risk management framework by integrating it with international standards such as ISO 14001:2025 and COSO-ERM. This framework covers the identification, analysis, assessment, and monitoring of risks across all dimensions, including strategic risks, operational risks, financial risks, legal and compliance risks, etc. At the same time, the Company establishes appropriate control measures and mitigation plans to limit and reduce potential impacts on the Company’s operational performance, reputation, and stakeholders.

Governance Structure and Organizational Culture

The Company also places importance on promoting a risk management culture throughout the organization, aiming to establish a systematic risk management framework for both short term and long term. The Board of Directors holds the highest responsibility for overseeing the Company’s risk management system and requires that the effectiveness of the risk management process be reviewed at least once a year to ensure that the system remains appropriate, aligned with the Company’s strategies, and capable of effectively responding to changes in the business environment. In addition, the Company promotes risk management awareness among executives and employees at all levels, while creating an environment and culture that support effective risk management practices. This approach encourages awareness and practical implementation, contributing to the achievement of the Company’s sustainable development Targets, as follows:

  • The Company conducts annual risk monitoring and reviews across all departments within the organization. Risk Management Department consolidates the risk reviews from all departments, analyzes and evaluates them, and prepares a risk management report for submission to the Risk Management Committee (RMC) for consideration and screening. The report is then submitted to the Board of Directors on an annual basis for acknowledgment and joint review of the adequacy and effectiveness of the risk management process, ensuring alignment with the Company’s strategy, business environment, and principles of good corporate governance.
  • The Company has appointed a Senior Executive responsible for Risk Management to regularly report operational results directly to Chief Executive Officer (CEO) and Risk Management Committee (RMC). Risk Management Unit and Risk Management Committee (RMC) operate under an independent structure, clearly separated from the Internal Audit function and the Audit Committee.
  • The Company provides systematic training and knowledge dissemination on risk and risk management to personnel at all levels, including directors, senior executives, and employees, through the “Risk Management in Organizations” training program at least twice a year.

Performance Results

            The Company has established short-term and long-term risk management targets under the organizational risk management framework and the close oversight of the Board of Directors, ensuring that operational plans align with the Company’s business direction, sustainability strategy, and the organization’s risk appetite, as follows :

 

Management guidelines

            The Company conducts risk management and risk reviews by considering changing environmental factors in parallel with business operations, based on sustainable development principles across economic, social, and environmental dimensions (ESG). The Company has established a written risk management policy under the oversight of the Board of Directors, which serves as the Risk Management Framework for the entire organization. The key details are as follows :

  • Establish processes, guidelines, and measures for risk management that are appropriate and aligned with international standards. These include the identification, analysis, assessment, prioritization, management, control, monitoring, reporting, evaluation, and communication of risk information on a continuous and consistent basis across the Company. The results are reported to the Risk Management Committee and the Board of Directors at least once a year.
  • Require risk measurement in both qualitative terms, such as corporate reputation and corporate image, and quantitative terms, such as financial losses, revenue decline, and increased expenses. These are assessed based on the likelihood of occurrence and potential impacts, including impacts related to sustainability issues (ESG Risks).
  • Establish Risk Appetite and Risk Limits to ensure that potential losses remain within levels acceptable to the Company. In addition, Key Risk Indicators (KRI) and warning signs are defined so that responsible personnel can take any action to prevent risks from exceeding the established risk limits.
  • Prepare written manuals and operational procedures for executives and employees to follow, serving as a mechanism to control risks arising from operational activities.
  • Build a risk management culture throughout the organization to enhance understanding, awareness, and shared responsibility regarding risk management, control measures, and risk impacts. This is implemented through coordinated efforts between all risk owner departments and Risk Management Department to monitor, review, and assess significant risks that may arise.

 

Board Role in Assessing the Risk Management System

The Board of Directors places importance on overseeing risk management. The effectiveness of the risk management process is reviewed and evaluated annually through the consideration of reports from Risk Management Committee. The Board also provides recommendations and directs improvements where necessary to ensure that the Company’s risk management process remains effective and aligned with the evolving business environment.

The Board of Directors has direct responsibility for overseeing sustainability-related risks and plays a role in reviewing and approving the Environmental, Social, and Governance (ESG) risk management framework as well as key risk response measures. These cover major risk and opportunity issues as follows:

  • Environmental: Consideration of climate change risks (in line with TCFD recommendations), water management, and waste management.
  • Social: Consideration of human rights, occupational health and safety, and human resource management.
  • Governance: Consideration of anti-corruption, legal and regulatory risks, and cybersecurity.

The Board of Directors has designated Environmental, Social, and Governance (ESG) risks as a standing agenda item, requiring reporting and review of the adequacy of the internal control system at least once a year. This ensures that the risk management approach remains robust, aligned with the Company’s core business strategy, and capable of adapting to changes in the global environment.

To translate the policy into concrete implementation, the Company has established a Sustainability Development Committee, operating under the oversight of the Board of Directors. The Committee is responsible for formulating policies, strategies, and operational frameworks for sustainability across the economic, social, and environmental dimensions, as well as overseeing the implementation of the Company’s climate change strategy. The Committee submits proposals to Chief Executive Officer (CEO) for consideration and approval and reports progress to senior management on an ongoing basis. Sustainability Development Committee works in close coordination with Risk Management Unit to systematically identify and assess key ESG issues and integrate them into the Enterprise Risk Management (ERM) process.

Regarding the Risk Management Committee, in addition to overseeing, formulating policies, and managing the Company's overall risks appropriately, effectively, and in alignment with the corporate strategy, as well as reporting operational performance to the Board of Directors annually, the Committee also has the authority and responsibilities as assigned by the Board of Directors as follows:

  1. Review and propose the risk management policy and framework to the Board of Directors for consideration and approval.
  2. Review and endorse the acceptable risk level (Risk Appetite) and propose it to the Board of Directors for consideration and approval.
  3. Have oversight of risk management by continuously overseeing the development and implementation of the risk management policy and framework to ensure that the Group has an effective enterprise-wide risk management system that is consistently adhered to.
  4. Review risk management reports to monitor material risks and emerging risks, and take action to ensure that the organization manages risks adequately and appropriately.
  5. Coordinate with the Audit Committee regarding significant risks, and have the Internal Audit department conduct reviews to ensure that the Company has a suitable internal control system for risk management, including the appropriate implementation and organization-wide compliance of the risk management system.
  6. Report to the Board of Directors regarding significant risks and risk management on a regular basis, at least once a year or as appropriate.
  7. Provide advice and recommendations to the Sub Risk-Management Committee and/or relevant departments and/or working groups involved in risk management, including considering appropriate approaches to address issues related to the development of the risk management system.
  8. Consider the appointment of additional or replacement subcommittee members and/or personnel in the Sub Risk-Management Committee, and/or relevant departments and/or working groups related to risk management as appropriate, including defining their roles and responsibilities to support the achievement of the designated objectives.
  9. Perform other duties related to risk management as assigned by the Board of Directors.
  10. Assess organizational risks, including climate change-related risks and opportunities, in collaboration with Sustainability Development Committee.
  11. Review the effectiveness of the risk management process and systems to ensure they remain appropriate and up-to-date with the business environment. Monitor the progress of correcting deficiencies in the risk management system, and ensure that personnel at all levels are aware of and participate in identifying and reporting risks, so that the Company can achieve its business Targets and handle potential risks effectively.

 

 

 

Risk Assessment Process

            The Company has established a systematic risk management process that covers the entire organization. This process operates under the Company’s policies and is integrated with relevant international standards to ensure that business operations achieve the Company’s sustainable development objectives. The Company adopts the Enterprise Risk Management framework of the Committee of Sponsoring Organizations of the Treadway Commission – Enterprise Risk Management (COSO-ERM) as the primary framework for risk assessment, together with the application of relevant standards and specific best practices, including:

  • ISO 45001: Occupational Health and Safety Management System
  • ISO 14001: Environmental Management System
  • ISO 50001: Energy Management System
  • TCFD (Task Force on Climate-related Financial Disclosures): Guidelines for the disclosure of climate-related financial risks and opportunities

            Under the COSO-ERM Enterprise Risk Management framework, the risk management structure consists of eight components, as follows :

  1. Internal Environment: Establishing an organizational culture that recognizes the risk, along with clearly defined governance structures and Code of Conduct.
  2. Objective Setting: Establishing the organization’s strategic objectives in alignment with its vision and defining the Risk Appetite.
  3. Event Identification: Identifying and compiling potential risk factors or events arising from both internal and external environments, including ESG issues and emerging risks, that may affect the achievement of the Company’s objectives.
  4. Risk Assessment: Analyzing and evaluating the severity of impacts and the likelihood of occurrence in order to prioritize risks.
  5. Risk Response: Establishing risk management measures to keep risks within acceptable levels, including Avoid, Reduce, Share, or Accept.
  6. Control Activities: Establishing policies, procedures, and internal control processes to ensure that risk response measures are implemented effectively.
  7. Information & Communication: Providing timely and accurate information systems and communicating risk-related information to personnel at all levels and stakeholders comprehensively.
  8. Monitoring: Monitoring and reviewing the effectiveness of risk management on a regular basis by Risk Management Committee and Internal Audit Department in order to improve the process in line with changing circumstances.

 

 

            

               Given that climate change represents an emerging risk that is complex and materially significant to the sustainability of the Company’s business, the Company has integrated the TCFD (Task Force on Climate-related Financial Disclosures) framework into its processes for event identification and risk assessment. This integration aligns with the Enterprise Risk Management structure (COSO-ERM) to systematically define climate-related strategies and response measures.

 

Climate Change Risk and Opportunity Management Framework (TCFD Framework)

The Company has adopted the framework for climate-related data disclosure in accordance with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) as a guideline to systematically enhance governance and manage climate change–related risks. The Company integrates these considerations into its governance structure, business strategy, and operational processes in order to strengthen its capability for long-term sustainable growth. In this regard, the Company’s implementation approach under the TCFD framework covers four key components as follows :

  1. Governance

The Board of Directors plays a key role in overseeing climate change–related matters. It regularly reviews and approves reports on climate-related risks and opportunities through the Company’s enterprise risk management mechanisms. This also includes monitoring the progress of climate-related plans and measures to ensure that the Company’s policy and strategic decisions are aligned with the transition toward a low-carbon economy and sustainable development Targets.

  1. Strategy

The Company considers the potential impacts of climate change–related risks and opportunities on its business operations, investments, and financial planning in short term, medium term, and long term through scenario analysis/scenario planning. The Company places importance on both physical risks, such as extreme weather events, and transition risks, such as changes in regulations, technologies, and stakeholder behaviors. The results of these assessments are incorporated into the Company’s strategic planning, particularly in energy strategy, improving resource efficiency, and developing projects that support the reduction of greenhouse gas emissions.

  1. Risk Management

The Company has integrated climate change–related risks into its enterprise risk management process by systematically identifying, assessing, and prioritizing relevant risks. Appropriate control measures and response plans have been established to address potential crisis situations, covering prevention, impact mitigation, and adaptation measures. This approach ensures that climate-related risk management is conducted effectively and in alignment with TPIPP’s business context.

  1. Metrics and Targets

The Company has established climate change–related metrics and targets to continuously monitor and evaluate its performance, such as indicators on energy consumption, production efficiency, and greenhouse gas emissions. The Company also reports progress against the targets that have been set. Disclosure in accordance with the TCFD criteria helps enhance transparency and strengthen stakeholders’ confidence in the Company’s climate-related performance.

  

Follow-up and Review

In 2025, the Company reviewed significant risk topics by classifying them into 7 types as follows :

Type of Risk

Overall Risk Assessment Results

Risk Control Measures

1. Strategic Risk

is the risk that arises from the inability to operate the business according to established plans, in compliance with internal and external factors.

Medium

(1) Risk management of using waste fuel to replace coal for reducing production costs involves managing the quantity and cost of waste procurement, including factors such as the moisture properties of the garbage, etc.

(2) Investment in environmentally friendly projects Managing the use of waste fuel for electricity production to increase according to the target.

(3) Monitoring and analyzing changes in government policy and technological progress. Including business competition conditions that may have an impact on the business, regularly.

(4) Plan operations development and management in the organization To increase the potential and efficiency of operations Leads to success according to the stated objectives and Targets.

 

2. Operational Risk

is the risk rekated to operations caused by internal operating processes or external factors that impact revenue and operating costs.

Medium

 

The Company has controlled risks from internal or external factors that affect business operations to a level acceptable to the organization, such as

(1) Managing supply chain risks associated with utilizing waste fuel to replace coal in order to reduce production costs. This involves managing the quantity and cost of waste procurement, as well as waste properties such as moisture content.

(2) Procuring sufficient key production inputs and establishing a Business Continuity Plan (BCP) to prevent business interruptions.

(3) Controlling document operations and ensuring data is recorded in the system accurately and efficiently.

(4) Elevating cybersecurity management to prevent information technology threats that may affect operating systems.

3. Financial Risk

is the risk arising from a lack of liquidity or available funds for conducting business or investing in various projects.

Medium

(1)           Carefully implementing financial policies within the specified budget to ensure appropriate remuneration and sufficient cash flow for effective business operations.

(2)           Monitoring and managing financial risks, such as risks from exchange rate fluctuations, interest rate.

(3)          Managing liquidity or funding sources to be sufficient for business operations, such as securing revolving credit facilities, long-term loans, and issuing debentures, in alignment with the changing trends in foreign exchange, money, and capital markets, including considering opportunities to access sustainable funding sources (Green Finance).

4. Compliance Risk

is the risk of not being able to comply with laws and rules, regulations, or policies of Company.

Medium

(1) The Company has established a dedicated unit to oversee compliance with government regulations and policies.

(2) Supervise and control operations to ensure compliance with the regulations of the Securities and Exchange Commission (SEC) and the Stock Exchange of Thailand (SET).

(3) Monitor and comply with laws related to fundamental rights, such as the Personal Data Protection Act (PDPA). 

5. Environment Risk

is the risk arising from pollutant emissions during the production process, leading to adverse impacts on the environment.

Medium

(1) The Company implements a Net Zero Greenhouse Gas Emission policy, ensuring that the production process does not generate dust, chemical residues, or wastewater that could adversely affect the community's environment.

(2) The Company has prioritized managing climate change risks, with its main goal being to replace coal with 100% waste fuel in the production process by 2025 and achieve carbon neutrality by 2037.

6. Social Risk

is the risk in managing human resources, labor, occupational health and safety in the work environment violation of human rights Including public health risks such as epidemics, contagious diseases, etc.

Medium

    (1) The Company has provided all employees with a Business Continuity Plan (BCP) and a safety operating manual, both in accordance with industry standards.

    (2) The Company has established a policy to respect human rights principles (in accordance with Announcement No. 006/2559 on International Human Rights Policy), ensuring fairness and equality while preventing human rights violations within the organization.

    (3) The Company provides a complaint channel and ensures protection for complainants, maintaining confidentiality throughout the process.

     In 2025, the Company had no incidents of human rights violations, no use of child labor, and no cases of involuntary or forced labor.

7. Governance Risk

is the risk related to image, reputation, corporate governance and business ethics.  and corruption

Medium

(1)  The Company has a policy to oversee the operations of all units to ensure compliance with corporate governance principles, its ethics and code of conduct. Additionally, it strictly enforces anti-corruption measures within the organization by formally announcing the following policy:

-          Announcement No. 001/2559 on Anti-Corruption Policy

-          Announcement No. 013/2559 on the Company's Code of Conduct

-          Announcement No. 015/2559 on Corporate Governance Policy

    (2)   The Company has established whistleblowing and complaint channels for cases of corruption related to its activities that violate its policies. These channels allow employees and external parties involved in the business to report misconduct or file complaints.

 

 

 

Emerging Risk

            The Company has assessed and identified emerging risks for 2026 that may affect its long-term business operations. These risks were analyzed based on global change trends and the context of the energy industry, with systematic management measures established as follows :

  • Risk from sudden shifts in stakeholder behavior and expectations regarding environmental stewardship (Shifting Stakeholder Expectations on Climate Action)
  • Risk Type : Strategic and Reputational Risk

- Source of Risk: The growing global awareness of climate change and increasing pressure from investors, customers, and suppliers throughout the value chain to transition toward a low-carbon society.

- Drivers and Business Impacts : At present, the global community and investors are placing serious attention on the climate change crisis. Industrial customers are increasingly setting targets for 100% renewable energy use (RE100) and are facing pressure from environmental trade measures, resulting in a significant surge in demand for clean energy. If the Company is unable to adapt in a timely manner to meet expectations as a provider of clean energy or effectively manage environmental impacts in accordance with the Circular Economy approach, it may affect stakeholder confidence, the Company’s ability to attract investors, opportunities for new business expansion, and may ultimately lead to a loss of long-term competitiveness.

  • Mitigation Measures as follows :

- Emphasize business operations in line with the sustainability vision by increasing the proportion of electricity generation from clean energy and concretely promoting a Zero Waste production process through the management and utilization of refuse-derived fuel in electricity generation.

- Enhance efficiency across all production processes to reduce the consumption of resources and energy.

- Continuously adopt innovation and expand investments in renewable energy projects, such as installing solar rooftop power generation systems within factory premises.

- Communicate and collaborate transparently with all stakeholder groups to strengthen trust and maintain the Company’s image as a leading provider of environmentally friendly alternative energy.

  • Risk of Increased Costs from Investment in Clean Energy (Green-Based) Electricity Generation Technologies in Accordance with Government Policy Measures
  • Risk Type: Transition and Financial Risk
  • Source of Risk : Changes in national energy policies and targets toward achieving carbon neutrality and net zero emissions.
  • Drivers and Business Impacts : In 2025, the government has clearly emphasized increasing the share of clean energy through the draft of the new Power Development Plan of Thailand (PDP2025), which aims to reduce the proportion of natural gas usage and increase the share of clean energy to 51% by 2037. This direction serves as an accelerating factor requiring electricity producers to adapt and invest in green-based energy technologies, such as battery energy storage systems (BESS), solar power panels, or wind energy. Such developments may lead to higher investment cost burdens and may affect liquidity if the Company is unable to effectively manage costs or access funding sources with appropriate financing costs.
  • Mitigation Measures as follows :

- Adopt a proactive policy for investment in clean energy. The Company is currently developing an 80-megawatt solar power plant project and wind power plant projects to align with the country’s energy direction and enhance competitiveness.

- Conduct rigorous feasibility studies and sensitivity analyses of project returns prior to making investment decisions for every project.

- Efficiently manage the financial structure and seek opportunities to access environmental financing sources (Green Finance / Green Bonds) to control financial costs.

 

  • Rapid Technological Disruption and Advanced Tech Risk
  • Risk Type : Technological and Operational Risk
  • Source of Risk: Rapid advancement of digital and industrial technologies, as well as increasingly sophisticated cyber threats.
  • Drivers and Business Impacts : Advancements in energy technologies, such as high-efficiency solar panels, together with digital technologies, artificial intelligence (AI), and big data analytics, create opportunities to enhance power plant efficiency. However, such rapid changes may render existing business models or infrastructure obsolete. In addition, the integration of operational technology systems within power plants with information technology systems further increases the risk of cyberattacks, which could potentially disrupt power plant operations. There are also ethical challenges related to the use of data and AI.
  • Mitigation Measures as follows :

- Enhance innovation management by adopting modern technologies to develop the plants into Smart Plants, thereby increasing competitiveness and reducing production costs.

- Strengthen cybersecurity standards in alignment with international standards across the entire system, covering both information technology and operational technology systems. This includes conducting penetration testing and regularly assessing system vulnerabilities.

- Invest in workforce capability development to ensure employees are prepared to utilize new technologies and to raise data security awareness among employees at all levels.

  • Risk from Adaptation to Natural Disaster Crises
  • Risk Type: Physical and Operational Risk
  • Source of Risk: Climate change leading to extreme weather events that are increasingly severe and unpredictable.
  • Drivers and Business Impacts : Global warming has intensified the severity and frequency of natural disasters, such as severe flooding, prolonged droughts, or thunderstorms. These factors directly affect the supply chain, for example, causing delays in the delivery of refuse-derived fuel to the plant. In addition, such disasters may damage the Company’s infrastructure, machinery, and assets. In cases of severe drought, the availability of cooling water required for electricity generation may become insufficient. These physical risks may ultimately lead to business interruption and potential revenue losses.
  • Mitigation Measures as follows :

- Apply the TCFD (Task Force on Climate-related Financial Disclosures) framework as a key tool for assessing physical risks and conducting scenario analysis in both short term and long term to support advanced planning.

- Prepare, review, and regularly conduct drills for the Business Continuity Plan (BCP), including plant-level and corporate-level emergency response plans, to ensure that personnel at all levels are prepared to respond effectively and restore operations promptly.

- Design and enhance plant infrastructure to be flexible, resilient, and capable of adapting to climate change (Climate Resilience). This includes integrating highly efficient water management systems to prevent risks and support operations during crisis situations including droughts and floods.

 

Crisis Management and Business Continuity Plan

As the Company operates a power generation and distribution business, which is considered critical infrastructure, any disruption to operations may directly affect energy security, obligations under power purchase agreements, and stakeholder confidence. The Company has therefore established a Business Continuity Plan (BCP) and an integrated crisis management approach as key mechanisms to maintain the stability of electricity generation and mitigate the impacts of emergency situations. The plan has been designed to address potential threats across four key dimensions, as follows :

  1. Natural disasters and climate change, such as floods and windstorms.
  2. Major operational incidents, such as fires, chemical leaks, and accidents in the production process.
  3. Security and technological threats, such as cyberattacks targeting operational technology systems within power plants and information technology systems, as well as terrorism and civil unrest.
  4. Public health crises, such as pandemics and severe infectious diseases that may affect workforce availability for operations.

To ensure that responses to crisis situations are effective and can be evaluated, the Company has established a business continuity management process, in which the central working team and relevant departments jointly carry out the following actions :

  1. Business Impact Analysis (BIA)

The Company identifies Critical Business Functions, such as the power generation control system and the fuel management system. It also establishes Recovery Time Objectives and Recovery Point Objectives to serve as standard criteria for decision-making in resource allocation and system recovery. This ensures that operations can be restored within the specified timeframe and prevents damage from exceeding the level acceptable to the organization.

  1. Risk Assessment & Mitigation Strategies

Information obtained from the Business Impact Assessment is analyzed together with scenario planning to determine proactive response measures. These measures cover supply chain management, such as preparing alternative transportation routes for refuse-derived fuel and maintaining critical spare parts inventories, to ensure that the production process can continue even when logistics constraints or supplier disruptions occur.

  1. Incident Command & Crisis Communication

An Emergency Response Management Team has been established with the authority to make decisions and issue directives to address immediate situations. Communication channels and protocols have also been defined to ensure that incidents are reported accurately and promptly to regulatory authorities, such as EGAT, ERC, surrounding communities and investors. This approach helps prevent the escalation of a confidence crisis and reduces public panic.

  1. Testing, Reviewing, and Lessons Learned

The central working team and relevant departments are responsible for conducting regular annual drills of the Business Continuity Plan (BCP), including both scenario-based simulations and practical exercises. Following each drill, or in the event of an actual emergency, the Company requires a post-incident review process to capture lessons learned, identify operational gaps, and incorporate the findings into improvements of the Business Continuity Plan (BCP) procedures to ensure greater robustness. This systematic review process helps ensure that the Company’s crisis management system remains aligned with emerging threats and is well prepared to safeguard the organization’s long-term interests.

Sensitivity Analysis and Scenario Planning

The Company places importance on preparedness for major ESG catastrophic events that may occur. It has integrated sensitivity analysis and scenario planning into its crisis management system to assess both quantitative and qualitative impacts under worst-case scenarios. In addition, the Company has systematically developed response plans to address potential crisis situations, as follows :

Scenario 1 : Environmental Catastrophe - Extreme Weather and Water Crisis

  • Scenario

Severe flash flooding that disrupts major transportation routes, or prolonged and extreme drought conditions in the areas where the power plants are located. This also includes situations where external raw water sources become contaminated, rendering them unusable for normal production processes.

  • Sensitivity & Business Impact Analysis

Water resources are considered one of the critical factors for the cooling system and boilers of the power plants. The Company has therefore conducted a sensitivity assessment of water resources in relation to business continuity, with the following findings:

    • Moderate Impact Level (25% reduction in water supply)

In the event that external municipal water or surface raw water sources decrease by 25%, the Company is still able to manage electricity generation operations as normal through the internal water recycling system within the plant, without affecting generation capacity.

    • Critical Impact Level (water supply reduction of more than 50% or severe contamination of water sources)

If a severe drought causes raw water supply to decrease by more than 50%, or if flooding carries suspended solids that result in excessively high turbidity and salinity levels in raw water sources beyond standard limits, this would directly affect the efficiency of the pure water production system and the cooling system. Such a situation is highly sensitive and may lead to reduced generation capacity or the shutdown of machinery, resulting in revenue losses from electricity sales, potential defaults under the Power Purchase Agreement (PPA) with EGAT, and a sudden increase in the costs of securing alternative water resources.

 

    • Supply Chain Impacts

In the event of severe flooding, in addition to water quality issues, transportation routes may be disrupted, resulting in the interruption of refuse-derived fuel (RDF) deliveries to the plant.

  • Crisis Response Plan
    • Proactive Water Management Plan

The Company drives its water management policy in accordance with the circular economy principles by integrating adequate backup water sources capable of supporting plant operations during emergency situations. This is implemented alongside the enhancement of wastewater treatment systems for efficient water reuse, in order to minimize dependence on natural raw water sources as much as possible.

    • Water Scarcity & Contamination Response Plan

In the event that raw water becomes contaminated, the Company has implemented high-efficiency water quality improvement and filtration systems (Water Treatment / RO System) capable of treating low-quality raw water to meet the required standards before it is supplied to the boiler and cooling systems, thereby preventing potential damage to machinery.

    • Fuel Supply Business Continuity Plan (BCP - Fuel Supply)

The Company maintains reserve storage facilities for refuse-derived fuel within the plant premises, ensuring that sufficient fuel is available to sustain continuous operations in situations where external transportation is disrupted.

    • Plant-Level Infrastructure Resilience Plan

This includes constructing flood barriers and high-efficiency drainage systems around the power plant area. The Company also coordinates with government agencies to monitor weather forecasts and early warning systems, enabling timely activation of emergency response plans when necessary.

Scenario 2 : Social/Operational Catastrophe - Major Industrial Incident

  • Scenario

A large-scale fire occurring in the refuse-derived fuel storage area, or a boiler explosion that escalates beyond the control of the initial fire suppression system.

  • Sensitivity & Business Impact Analysis

The Company places the highest priority on the safety, occupational health, and lives of its employees. It has assessed the sensitivity of operational incidents in the production process and their potential impacts on business continuity and surrounding communities, categorizing them into three impact levels, as follows :

1) Minor Impact Level (Local Incident)

            Abnormal events or small-scale fires that can be immediately controlled using initial fire suppression equipment, without affecting machinery operations, causing no injuries resulting in work stoppage, and no impact on surrounding communities.

2) Moderate Impact Level (Major Incident)

   A fire or incident that requires the Company’s emergency response team and personnel trained in advanced firefighting to control the situation. This may result in a partial shutdown of machinery or a temporary reduction in production capacity, but the incident remains contained within the plant premises and does not spread beyond the facility.

3) Critical Impact Level (Catastrophic Incident – Scenario-Based)

   In the event of a large-scale fire in the refuse-derived fuel storage area or a severe boiler explosion that escalates beyond the control capacity of the internal fire suppression system and emergency response teams, the incident would represent the highest level of sensitivity. Such an event may result in serious injuries and air pollution (e.g., toxic smoke, chemical leaks) affecting surrounding communities. It may also lead to temporary suspension of operations by regulatory authorities, significant damage to assets, business interruption, and a crisis of public confidence.

  • Crisis Response Plan
    • Emergency Response Plan (ERP)

Implemented immediately in accordance with international standards when an incident occurs. This includes evacuating employees to designated safe assembly points and establishing an Incident Command Center to coordinate incident control together with local rescue and firefighting units.

    • Crisis Communication Plan

Accurate, transparent, and timely information is communicated to communities, government authorities, and the media to reduce panic and manage stakeholder expectations.

    • Risk Transfer Plan

The Company maintains Property All Risks Insurance and Business Interruption Insurance policies to mitigate financial impacts, enabling the organization to restore operations within the targeted Recovery Time Objective (RTO).

 

Scenario 3 : Cyber Threats to Critical Infrastructure (Governance Catastrophe – Cyber Attack)

  •  Scenario

A ransomware attack or a hacker intrusion into the “Operational Technology (OT) system” used to control power plant operations, or penetration into the “Information Technology (IT) system”, which contains the organization’s critical databases.

  • Sensitivity & Business Impact Analysis

The Company recognizes the importance of information technology systems as the core driver of its business operations. It has therefore assessed the sensitivity of cyber threats in relation to business continuity and organizational credibility, categorizing them into three impact levels, as follows :

1) Low Impact Level (Low Impact - Isolated Threat)

   General threats, such as phishing emails or malware, that can be immediately detected and blocked automatically by the Company’s security systems (Firewall / Endpoint Security), without affecting operational systems or data.

2) Medium Impact Level (Medium Impact - Partial IT Disruption)

   Malware infections occurring at the end-user device level or within a subsection of the IT network, cause temporary disruption to office operations. However, the security team can quickly disconnect and restore data from backup systems, without impacting the power plant operational control systems (OT) or the organization’s critical data.

3) Critical Impact Level (Critical Impact - Scenario-Based)

   This scenario represents the highest level of sensitivity to energy security. If the Operational Technology (OT) system is compromised and taken over by hackers, the Company may lose control over power generation operations, resulting in a power outage (blackout) or severe damage to machinery, leading to business interruption. At the same time, if the attack targets the Information Technology (IT) system, it may result in the leakage of personal data and trade secret data, leading to violations of the Personal Data Protection Act (PDPA), legal actions and regulatory penalties, as well as a severe loss of organizational credibility.

 

  • Proactive Prevention & Response Plan
  • Proactive Cyber Defense and Infrastructure Management

Implement strict network segmentation between IT and OT systems to prevent threats from spreading across systems. This is complemented by the deployment of advanced network security systems and compliance with international information security standards (ISO/IEC 27001).

  • IT Disaster Recovery Plan (DRP)

Maintain data backup systems on servers that are securely separated from the main network. The Company can restore critical operating systems and databases in accordance with the defined Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

  • Incident Response Measures

When abnormalities are detected, the IT/OT Security specialist team will immediately isolate the infected systems to contain potential damage. This is followed by in-depth investigation to identify root causes, remediation of vulnerabilities, and reporting to the relevant regulatory authorities.

  • Vulnerability & Penetration Testing

Conduct vulnerability assessments and penetration testing by third-party experts on an annual basis to identify and remediate system weaknesses before they can be exploited.

  • Awareness & Training

The Company places emphasis on creating a cybersecurity culture by providing Cyber Security and PDPA training for executives and all employees. It also regularly conducts cyber threat response drills and phishing email simulations to reduce risks arising from human error.

Scenario 4: Governance/Economic Catastrophe - Severe Liquidity Crisis and Macroeconomic Shock

  • Scenario

A national or global economic crisis (Global Recession / Credit Crunch) that causes sudden disruption in the capital and financial markets, or a situation in which the Company faces force majeure or a severe disaster requiring the shutdown of machinery for an extended period. This results in revenue interruption while fixed expenses and debt obligations continue.

  • Sensitivity & Business Impact Analysis

Cash flow is a critical factor in driving business operations and investments in clean energy projects. The Company has therefore assessed the sensitivity of financial liquidity risks, categorizing them into three impact levels, as follows :

1) Low Impact Level (Short-term Fluctuation)

   Short-term fluctuations in economic factors, such as a slight increase in policy interest rates or delays in payments from certain small customers. The Company can manage these situations through its normal operating cash flow, without affecting its debt repayment capability and business operations.

2) Medium Impact Level (Capital Market Tightening)

   A tightening in the financial market or a rapid increase in the cost of funds, combined with the need for emergency investment in machinery maintenance, will cause a mismatch between cash inflows and outflows. This situation will affect the Company’s new investment plans, which may need to be postponed. However, the Company can still maintain liquidity through its available standby credit facilities.

3) Critical Impact Level

   If a crisis causes the power plant to cease operations for several months, combined with a credit market freeze, the Company will be unable to issue bonds or obtain new loans to refinance existing debt (rollover risk). This represents the highest level of sensitivity, as it may lead to debt default risk, breaches of financial covenants, and severe impacts on investor confidence. It may also cause ongoing clean energy power plant construction projects to be suspended.

 

  • Proactive Prevention & Response Plan
  • Cash Flow Monitoring & Projection

The Company has established a close and continuous cash flow monitoring and review mechanism by preparing cash inflows and outflows analyses for short term, medium term, and long term. This enables the Executive Committee to assess the Company’s financial position in advance and ensure that sufficient liquidity is maintained to support business operations and meet financial obligations accurately.

  • Liquidity Buffer & Credit Facilities Plan

The Company adopts a prudent financial policy by maintaining cash reserves at a safe level, while also securing standby credit facilities (Credit Facilities / Revolving Credit) from multiple financial institutions. This approach ensures preparedness for emergency situations and reduces reliance on a single source of funding.

  • Cost Optimization & CapEx Reprioritization

In times of crisis, the Company has response plans that include strict control of operating expenses and mechanisms to review, postpone, or reduce capital expenditures for projects that are not urgently required, in order to preserve cash flow for maintaining core business operations.

  • Green Finance Resilience Strategy

Even during periods of volatility in the general capital market, the Company leverages its strong ESG performance to access specialized funding sources, such as Sustainability-Linked Loans or the issuance of Green Bonds. These financing instruments typically offer appropriate financing costs and continue to receive strong support from institutional investors.

Audit Transparency Governance

The Company places importance on managing financial statement audit risks in order to enhance transparency and ensure compliance with the principles of good corporate governance. The Company has therefore established a policy and commitment to the regular rotation of the audit partner to maintain independence and reduce the familiarity threat. Under this policy, an audit partner who has performed audit or review services of the Company’s financial statements for a total of seven fiscal years (whether consecutively or not) must be rotated off the engagement and observe a cooling-off period of at least five consecutive fiscal years before being eligible to resume the role. This requirement is in accordance with the Notification of the Office of the Securities and Exchange Commission (SEC) and the Capital Market Supervisory Board, No. ThorJor. 75/2561.

The Audit Committee considers the appropriateness of the audit firm’s remuneration and proposes it to the Board of Directors for approval, as well as seeking approval from the Shareholders’ Meeting at least once a year.

            In addition, the Company commits to conducting a regular audit firm tendering process to evaluate the quality, independence, and appropriateness of remuneration of the audit firm. The Company requires the selection of a new audit firm through a competitive tender process at appropriate intervals, at least once every 10 years, or at any other interval as deemed appropriate by the Board of Directors. To ensure audit quality and independence, the Company has established an Audit Firm Tendering Process at appropriate intervals of at least every 10 years, or at any other period considered appropriate by the Board of Directors. The selection process follows internationally recognized procedures, as outlined below :

  1. Criteria Establishment: Consideration is given to expertise in the energy industry, independence, past performance and experience, international professional standards, and the technological tools used in the audit process.
  2. Request for Proposal: Leading audit firms with the required qualifications are invited to submit technical proposals and fee quotations.
  3. Evaluation and Selection: The Audit Committee reviews the qualifications and conducts the preliminary evaluation. The final selection is subject to the discretion and approval of the Board of Directors, before being proposed to the Shareholders’ Meeting for appointment.

The purpose of this process is to assess the quality, independence, and appropriateness of remuneration, ensuring that stakeholders have confidence in the transparency and reliability of the Company’s financial reports and data.

 

Compliance and Whistleblowing Management

The Company recognizes that violations of the Code of Conduct, the Anti-Corruption Policy, or relevant laws constitute governance risks that may have severe impacts on the Company’s reputation and business operations. The Company has therefore established a management approach covering the entire organization (Corporate-wide Approach) to ensure that its business operations are conducted with transparency and accountability.

  1. Non-compliance Investigation Procedures

To ensure robust governance risk management, the Company has established a standardized complaint handling and investigation process that is transparent, fair to all parties, and maintains the highest level of business confidentiality. The process consists of the following key steps :

  • Receipt and Triage : When a complaint or whistleblowing report is received through designated channels, the responsible independent unit conducts a confidential preliminary assessment to determine whether there are reasonable grounds for misconduct.
  • Independent Investigation : If sufficient grounds are identified, the Company will consider appointing a Fact-Finding Investigation Committee, comprising individuals who have no conflict of interest with the matter. The committee is responsible for collecting evidence and conducting a thorough and fair investigation, while the accused party is given the opportunity to provide explanations and clarifications.
  • Penalties and Follow-up Actions : If misconduct is confirmed, the Investigation Committee will determine and impose disciplinary penalties in accordance with the Company’s regulations. In addition, corrective measures or improvements to work processes will be implemented to prevent similar incidents from recurring.
  • Confidentiality Protection : All investigation processes are conducted under the “Need-to-Know Basis” principle. Information relating to the whistleblower, the accused party, and investigation details will be strictly kept confidential to prevent any impact on the case and the Company’s business operations.
  1. Confidential Whistleblowing Mechanism

The Company has established secure and confidential whistleblowing channels, allowing whistleblowers to remain anonymous if they choose. These channels are available to all stakeholder groups for reporting concerns or complaints related to illegal activities, violations of the Code of Conduct, or corruption, under strict protection measures. The channels are categorized as follows :

  • Internal Channels: These channels are open to personnel at all levels, including employees, contractors, and suppliers working with the Company. Reports can be submitted through the Company’s Intranet system, Suggestion Box, or directly to the Head of Internal Audit Department, Human Resources Department, or Legal Department.
  • External Channels: These channels are open to all stakeholder groups, including external stakeholders and members of the public. Whistleblowing reports can be submitted via email, a direct telephone line to Internal Audit Department, or by registered mail addressed directly to the Audit Committee or senior management.

To strengthen confidence and ensure that this mechanism can be concretely implemented, the Company has established the following Confidentiality Guarantees :

  • Strict Anonymity & No-Tracing: Whistleblowers can choose to remain anonymous and are not required to provide any contact information. The Company enforces a strict no-tracing policy and ensures that the reporting system is designed not to collect or store any identifiable technical data (such as IP addresses) when anonymity is requested.
  • Need-to-Know Basis: Complaint information and details of the whistleblower are stored in a highly secure system, with access strictly limited to the “Audit Committee”, which consists of independent directors, and the designated Internal Audit unit only. Individuals who are not directly involved (including senior executives who may be implicated) are not permitted to access such information.
  • Zero Tolerance for Retaliation: The Company strictly prohibits any supervisor or individual from retaliating, threatening, harassing, or intimidating whistleblowers who report in good faith (Non-retaliation). Any violation of this policy will be considered a serious disciplinary offense and will be subject to the maximum disciplinary penalties.

Further details regarding the contact channels, investigation procedures, and whistleblower protection measures can be found in the Company’s Annual Report (One Report) under the “Corporate Governance” section, Part 4: Whistleblowing.

 

  1. Reporting, Monitoring, and Periodic Review

The Company has established systematic monitoring and reporting mechanisms for governance oversight. The Risk Management Committee is required to regularly report a summary of the number of complaints or incidents of non-compliance, as well as the results of investigations and corrective actions taken, to the Board of Directors and the Audit Committee for acknowledgement.

In addition, the Risk Management Committee has required that the effectiveness of the Code of Conduct, the Anti-Corruption Policy, and the whistleblowing process be reviewed at least once a year. Statistics on complaints, suggestions received, and the results of root cause analyses are used as supporting information in this review in order to improve policies and strengthen the internal control system, ensuring that it remains robust, up-to-date, capable of preventing recurrence, and aligned with the evolving business environment.

            In 2025, the Company did not recognize any provisions for expenses related to disputes concerning Environmental, Social, and Governance (ESG) matters, with a total value of Baht 0. This information has been reviewed and verified through the Company’s internal review process.