Enbridge’s Risk Management Foundation

We build on our foundation of operating excellence by adhering to a strong set of core values that reflect what is important to us as a company: Integrity, Safety and Respect in support of our communities, the environment and each other. These values guide our decisions, actions and behaviors.

We recognize that if we fail to meet our safety and environmental protection goals, we won’t be able to deliver on any of our other strategic priorities. For that reason, the safety of our systems, people, communities and environment is our number one priority, and public safety and environmental incidents are among our top risks. We also monitor other CSR and sustainability-related risks, including challenges associated with climate change, water, reputation and stakeholder trust, changing regulatory frameworks, and relationships with Indigenous groups and cybersecurity.

How We Manage Risk

Our Board of Directors oversees all of our risks—both those that relate to CSR and sustainability and those that don’t—with the ultimate goal of ensuring that we can achieve our long-term strategic priorities. Board committees are responsible for overseeing specific risk categories:

• Our Board’s Audit, Finance & Risk Committee (AFRC) is responsible for reviewing specific risk categories under its oversight, including financial, commercial, and strategic and legal risks.
• Our Board’s Safety & Reliability Committee oversees risks related to workforce and public safety, environment, and security (both cyber and physical). This includes our risk and safety culture and risk management guidelines, our policies directed at preventing injury and adverse environmental impacts, and our guidelines, policies, procedures and practices regarding significant safety incidents.
• Our Board’s CSR Committee oversees our guidelines, policies, procedures and performance related to CSR, and reviews our reporting in this area. The CSR Committee is also responsible for oversight on CSR matters such as human rights, environmental stewardship, stakeholder engagement and inclusion, government relations and Indigenous relations, community investment, and reputation.
• Our Board’s Human Resources & Compensation Committee oversees all risks pertaining to human resources.

For more information on our Board, please see Enbridge’s 2018 Management Information Circular on enbridge.com.

Regarding policies, our Corporate Financial Risk Management Policy, updated in November 2017, establishes principles and authority limits to ensure that the earnings and cash flows of Enbridge and our subsidiaries are not materially impacted by unmanaged financial risk. The oversight and implementation of this policy is conducted by a committee of senior management through the Corporate Financial Risk Management Committee. Our Chief Financial Officer chairs this committee and is the principal liaison with our Board and our Board’s AFRC. The key responsibilities of the Corporate Financial Risk Management Committee include:

• monitoring and reviewing financial risks to ensure compliance with policies approved by the Board;
• oversight of the Corporate Financial Risk Management Policy, market price risk limits and credit risk limits, as well as delegated authority and transaction limits;
• approval of the risk procedures, which give effect to the Policy and provide further guidance and direction;
• annual review of the Policy, approval of non-material changes to the Policy and approval of material additions or amendments as required for consideration by the AFRC or Board;
• approval of changes to the risk policies in place for each of the publicly traded entities within the Enbridge corporate family;
• monitoring to ensure compliance with the corporate and publicly traded entities’ risk policies and procedures; and
• assessment of the impact of proposed new business activities or corporate acquisitions on consolidated financial risk.

Our Executive Leadership Team (ELT) and our Operations and Integrity Committee (OIC) are responsible for overseeing the management of our most significant operational risks. Risk owners and specialists throughout our company are responsible for managing risks within their respective areas.

Overall, operational risk management is guided by our Safety & Reliability Management System Framework, which covers programs for integrity management, safety management, emergency management, security management (both cyber and physical), environmental protection, and damage prevention. These programs are supported by joint business unit councils for integrity, safety, crisis and emergency response, and enterprise risk.

Cybersecurity has been identified as a top risk for the corporation. Primary treatment measures include: threat intelligence and monitoring; collaboration with industry and government agencies; and enhancing awareness and training throughout the organization. We have also established a Security Operations Center and Cybersecurity Response Team.

In addition, each year we present to our Board a Corporate Risk Assessment (CRA), in which we consistently and rigorously assess Enbridge’s enterprise-wide risks, highlighting top risks and trends in our risk profile. The CRA’s objective is to protect Enbridge through the assessment and prioritization of our major risks, including our treatment efforts and corresponding resource allocations.

Where possible, we use quantitative methods to assess our risks and to monitor the effects of our risk treatments. For example, we use leading and lagging metrics to assess the effectiveness of treatments pertaining to safety, the maintenance of the fitness of our systems and leak detection. To assess our financial risk treatment, we use metrics such as Cash Flow at Risk to give us insights into our market risk exposures and into the effectiveness of our derivative hedging activities. We also conduct correlation analyses on our market price risks, including interest rates, foreign exchange and commodities prices, to ensure that we fully understand the interrelationships between these risks.

Enbridge’s Risk and Safety Culture

It is fundamentally important for us to have a strong risk and safety culture—which we define as shared attitudes, values, norms, beliefs and practices with respect to risk, risk management and safety—that aligns with our core values. As such, as part of our performance management system, we include risk management criteria that address not only what was achieved, but also how it was achieved. We also use scorecards that focus on metrics such as safety, environmental protection and employee development. And our incentive programs include metrics for both quantitative performance such as total recordable injury frequency, and leading activity-based metrics such as safety leadership, safety observations, incident investigations, and health and safety training.

In addition, we provide training on risk and safety topics such as hazard management, lifesaving rules, incident prevention, and emergency preparedness and response.

We empower our leaders to: act quickly to enhance or modify any infrastructure, systems or processes that pose safety violations; champion the creation of best-in-class health and safety programs; define and coach disciplined safety leadership behaviors; and recognize and clearly communicate the impact health and safety issues have on our employees, as well as the company’s profitability and reputation.

We have established our safety culture framework to align us with Canada’s National Energy Board (NEB) Statement on Safety Culture, the American Petroleum Institute (API) Recommended Practice 1173, as well as safety culture frameworks from other high-hazard industries such as nuclear.

The four guiding traits identified in our Safety Culture Framework are Leadership, Ownership, Vigilance and Resilience. These four traits are underpinned by 22 attributes that more succinctly describe the activities, behaviors and expectations that are present in a healthy safety culture. Below is an example of some of the attributes within the framework:

Leadership

• Leader Commitment to Safety – How leaders set an example for safety being a core value; includes involvement in safety activities, time in the field and recognition of safety activities.
• Conservative Bias in Decision Making – Diligent safety management exceeds compliance. Operations must be determined to be safe in order to proceed, rather than unsafe in order to stop.

Ownership

• Workforce commitment – Workforce’s voluntary activity promotes safety, e.g. safety moments, observations, off the job safety.
• Safe work behaviors – Not committing unsafe acts; operational discipline to practice safe work procedures.

Vigilance

• Risk detection and situational awareness – Often referred to as Sensitivity to Operations. Situational awareness around safety risks affecting workforce personnel and the assets. Knowledge of hazards.
• Preoccupation with failure – Demonstrated action and concern over both known and unknown threats.

Resilience

• Competence – The organization plans and assures itself that the workforce has sufficient knowledge and skill to operate safely, particularly in safety-critical positions.
• Asset and equipment health – Assets are built and kept safe and fit for purpose. Quality management, condition inspection and maintenance are performed for assets that could impact the safety of workforce personnel, the public, property or the environment.

By regularly assessing our risks and our safety culture through employee surveys and other risk and culture specific assessment methods, we can quickly identify and address strengths, weaknesses and opportunities to continuously improve.