Risk management and internal control

Corporate Risk Management System principles

Through risk management, the Company prevents the occurrence of risk events, which affect the achievement of strategic and operational goals, and mitigates their impact if they occur. Risk management is an integral part of the Company’s strategic planning, corporate governance and financial stability.

KMG has integrated the Corporate Risk Management System (CRMS) into its key business and management processes. The purpose of the CRMS is to ensure an optimal balance between the Company’s growth in value, its profitability and risks. The CRMS is a key element of the corporate governance framework, supporting timely identification, assessment and monitoring of all material risks, as well as application of timely and adequate mitigation measures. The CRMS established at KMG and its subsidiaries and associates covers all business areas.

The Company’s Risk Management Policy relies on the following principles:

The CRMS has the following goals:

  • to ensure an optimal balance between the Company’s growth in value, its profitability and risks;
  • to define key tools and procedures used by the Company to manage production/non-production risks;
  • to define areas of responsibility of goal owners, risk owners, and risk factor owners in managing production/non-production risks;
  • to define internal documents on risk management process.

The CRMS has the following objectives:

  • to determine the Company’s risk appetite in line with its Development Strategy;
  • to improve decision-making in responding to emerging risks / risk factors;
  • to make sure that the capital is used efficiently;
  • to prevent the occurrence of risk events that threaten the achievement of strategic and operational goals;
  • to integrate the risk management process into key business and management processes;
  • to build a top-down risk management approach, with risk management embedded across all management levels from top (KMG) to the line level (CODAP). This reflects an essential principle of the risk management process approach: risks are best managed locally, which helps to avoid the dilution of responsibility ;
  • to create a risk management framework that will enable goal owners, risk owners, and risk factor owners to identify and assess risks by themselves, leverage standard risk management approaches and use them to develop risk management measures (controls);
  • to provide a reasonable assurance to stakeholders that the Company manages risks effectively.

Risk management process

The CRMS is designed to provide a consistent and clear framework for managing the risks associated with KMG’s operations. The Company has a vertical risk management process and risk management system in place at all governance levels. Each officer is responsible for ensuring that risks are properly assessed during decision-making. Risk assessment involves a range of qualitative and quantitative tools factoring in risk probability and potential impact.

The CRMS relies on seven interrelated CRMS processes:
Goal setting
Identification of risks / risk factors
Assessment and analysis of risks / risk factors
Risk management
Monitoring and reporting
Information and communication
Creation of an internal environment

The above risk management components foster a group-wide risk culture driven by the appropriate “tone at the top”, strong risk awareness and knowledge, and the accountability of risk owners / risk factor owners, as well as active risk management and timely reporting.

Risk appetite

The Company’s risk appetite represents its level of risk retention at which the Company is able to achieve its strategic goals and operational targets. It also caps the level of critical risks / risk factors that the Company is willing to accept.

Selected excerpts from KMG’s risk appetite statement
Financial activities Operations Investment activities
  • Compliance with covenants in debt instruments.
  • Ensuring that the Company’s credit ratings are not downgraded.
  • Maintaining sufficient liquidity and positive consolidated free cash flow.
  • Ensuring that the targeted dividend flow from subsidiaries and associates to the Company does not go down.
  • Minimising tax risks.
  • Preventing the misstatement of business transactions in accounting and tax accounting and financial statements.
  • Zero tolerance of negative impact on reputation, health, safety and environment.
  • Ensuring social stability in the regions of operation. Respecting the rights of employees, avoiding discrimination or unequal working and employment conditions.
  • No transactions leading to violation of sanctions.
  • In managing its information security and cyber risks, the Company ensures service availability, integrity of information resources, software and hardware, and prevents unauthorised disclosure of confidential information.
  • Zero tolerance towards any form of corruption and fraud, as well as violations of business ethics.
  • Zero tolerance towards losses and harm caused by environmental pollution.
  • Ensuring that the carbon footprint reduction targets are met.
  • Compliance with Samruk-Kazyna’s investment policy.
  • Financing of investment projects primarily with borrowings, provided that the Group’s financial stability is not undermined.
  • When implementing large investment projects, involving strategic partners in order to share risks.
  • Implementation of subsoil use projects with strategic partners primarily under carry financing.
  • Considering new investment projects with due regard to their compliance with the required profitability index, as well as their impact on:
  • the Company’s shareholder value;
  • reducing carbon footprint and carbon intensity of products.

Improving risk management

Initiatives to develop and improve the CRMS

KMG has been continuously improving its CRMS and consistently enhancing its risk management framework. To reaffirm its commitment to the continuous development and improvement of CRMS, the Company took a number of measures and steps in 2022:

  • the Company’s Board of Directors approved the market risk hedging policy of KMG and its subsidiaries and associates;
  • credit limits for foreign banks and Kazakhstani commercial banks were updated;
  • the Company’s risk management documents and risk / financial risk reports were approved, with risks linked to adjusted 2022 KPIs, as well as updated quantitative risk appetite;
  • the format of the risk register for production programmes of oil companies was updated and sections on the risks of production programmes for the forecast year 2023 were elaborated;
  • a working group was established to analyse the impact of the sanctions on the Company’s operations. Daily and eventually weekly monitoring of sanctions risks was ensured. The Company’s Board of Directors, the Fund, the Ministry of National Economy of Kazakhstan, and the Company’s stakeholders regularly receive consolidated information on the impact of sanctions;
  • the Company’s Management Board and Board of Directors are informed in a timely manner on key risks; the risk register, risk map, quarterly risk reports and risk appetite are reviewed. In 2022, the Audit Committee held eight meetings and reviewed 23 matters;
  • international certification in sustainability and climate risks was obtained to improve the risk assessment of investment projects;
  • KMG-Security provided training on the risk management system for its managers and employees (with all regional branches covered).

Plans to develop the risk management system

  • Developing the CRMS (updating the CRMS Policy and standard rules for establishing a risk management process, regulatory and methodological documents).
  • Implementing an action plan for corporate governance improvement in 2022–2023 in terms of CRMS, ICS, and BCMS following an independent corporate governance review.
  • Launching and rolling out an updated version of the automated risk management system across subsidiaries and associates: organising trainings for KMG’s risk coordinators and risk managers of subsidiaries and associates in the use of the updated system, and ensuring its technical support.
  • Fostering the risk culture.

CRMS participants

CRMS structure
Functions and responsibility of CRMS participants
Board of Directors (BoD)
  • approves the Risk Management Policy;
  • reviews risk reports;
  • reviews reports on risk management efficiency.
Audit Committee (AC)
  • develops recommendations for the BoD on monitoring the reliability and effectiveness of internal controls and risk management;
  • approves the Company’s risk register and map, as well as risk management action plan;
  • approves the overall risk appetite, tolerance for each of the Company’s key risks and risk limits;
  • approves risk reports;
  • approves the business continuity plan;
  • analyses external and internal auditors’ reports on internal controls and risk management;
  • assesses the level of assurance over risk management and internal controls, including internal financial controls, and their sufficiency for the BoD’s approval of their effectiveness;
  • analyses the effectiveness of internal controls and risk management;
  • monitors and instructs the responsible business unit on the timeliness of submitting key risk management documentation;
  • holds regular meetings with the management to provide feedback on risk reports and review material risks and control issues, as well as respective plans for the Company’s risk management and internal controls.
Management Board
  • is responsible for the organisation and effective functioning of CRMS, and timely submission of quarterly risk reports to the Fund, AC and the BoD;
  • ensures implementation of the CRMS Policy and improvement of internal documents on risk management of the Company and its subsidiaries and associates;
  • approves registers of KMG’s risk owners, risk factor owners, and risk coordinators;
  • reviews quarterly risk reports and takes appropriate measures.
Risk Committee
  • approves the risk appetite, risk register, risk map, risk management action plan, key risk indicators, risk tolerance levels, and quarterly risk reports submitted to the AC for approval;
  • reviews the Company’s risks and the effectiveness of risk management measures. Methodological documents on risk management, proposals to develop risk management policies, procedures, and structure; new approaches to risk management, action plans to improve CRMS.
Internal Audit Service
  • assesses risk management effectiveness, notifies the AC of material weaknesses in CRMS, and develops recommendations to improve the process;
  • assesses the effectiveness of preventive measures against the risk / risk factor (controls) and prepares recommendations to eliminate identified deficiencies;
  • notifies the responsible unit of new risk factors identified in the course of audits but not included in the register.
Responsible unit
  • ensures the operation of CRMS, development and update of relevant methodological documents;
  • provides advisory support to units on CRMS, holds training events;
  • analyses the context (internal and external environment), monitors internal/external factors that may have a significant impact on the Company’s risks;
  • reviews and approves risk registers, consolidates risks for KMG Group and analyses information, is responsible for timely preparation of the Company’s risk register, risk map, risk management action plan, prepares quarterly reports on the Company’s risks for the Management Board, AC, and BoD;
  • exercises control over risk management measures, conducts timely monitoring of compliance with risk tolerance levels and key risk indicators;
  • interacts with the IAS, KMG’s units, external consultants, and other stakeholders on risk management within its competence;
  • organises the interviewing of KMG’s risk and risk factor owners and provides for methodological support in the application of expert methods of risk identification and assessment.
Goal owners
  • are responsible for the coordination of risk values in quantitative / qualitative terms affecting the achievement of the established KPIs (targets), and risk management action plan;
  • oversee timely implementation of the approved risk management action plan.
Risk owners / risk factor owners
  • are responsible for proper management and control of the risks associated with the processes overseen by the risk owner, for providing timely and complete information on the status of risks and performance of risk management measures;
  • develop and implement business continuity plans;
  • ensure the development of mechanisms for managing certain types of risks and controls associated with the processes overseen by the risk owner / risk factor owner (corporate standards, regulations, policies for managing certain types of risks) aimed at mitigating risk exposure.
Subsidiaries and associates
  • ensure timely risk identification and assessment in line with CRMS methodological documents;
  • are responsible for proper management and control of risks associated with the processes of subsidiaries and associates, timely risk reporting, as well as providing complete information on the status of production/non-production risks and performance of measures for their management, reporting on materialised risk events;
  • develop and implement business continuity plans for subsidiaries and associates.
Every employee of KMG / subsidiaries and associates
  • is responsible for performing their risk management duties in line with their job descriptions;
  • notifies in a timely manner the responsible unit of KMG / subsidiaries and associates, their direct supervisor of any committed or possible errors, deficiencies that have led or may lead to potential losses, of potential and materialised risk events in the manner and within the time frames established by CRMS internal documents;
  • receives risk management training under the approved training programme.

Internal Control System

The Internal Control System (ICS) is an integral part of CRMS. The COSO-based system includes five interrelated elements – control environment, risk assessment, controls, information and communication, and monitoring procedures. It is designed to achieve reasonable assurance that KMG will reach its goals across three key areas:

  • improving operational efficiency;
  • preparing complete and reliable financial statements;
  • complying with Kazakhstan’s laws and KMG’s internal documents.

The ICS focuses on analysing business processes, timely identifying and analysing process-level risks inherent in KMG’s operations, as well as defining and analysing controls for managing these risks.

The ICS is integrated into KMG’s core and supporting business processes and includes procedures for promptly notifying the appropriate governance level of any material weaknesses and control bottlenecks, together with details of corrective actions that have been or should be taken.

The ICS is organised in line with the Internal Control System Policy, which sets out the goals, operating principles and components of the ICS and the Control System Guidelines, which define powers and responsibilities, operating procedures, internal control structure, performance criteria and forms of records.

KMG annually approves the ICS operation schedule based on the criticality ranking of business processes as well as recommendations by external and internal auditors. The schedule specifies when business processes will be formalised/updated and controls design analysed. Formalisation means the design and update of the existing risk flowcharts and matrices, along with business process controls. Improvement recommendations and areas for improvement are defined following the analysis of controls design performance. Similar activities are performed by subsidiaries and associates. The results of these ICS activities are from time to time communicated to business process owners, IAS, the external auditor, Management Board, and the Board of Directors of KMG.

ICS-related meetings and training sessions for employees of KMG and its subsidiaries and associates, which feature workshops, experience sharing, discussions of issues and their solutions, take place annually.

In 2022, KMG Risk Management and Internal Control Service continued its work to further implement and improve internal controls. Efforts were made jointly with business process owners to formalise internal controls for eleven business processes. Areas for improvement were identified and recommendations for the improvement of controls were prepared. Work is underway in line with the action plan to improve the ICS and BCMS at subsidiaries and associates. Subsidiaries receive assistance and methodological support in developing ICS documents (development of business process classifier, identification of business processes for the ICS schedule, analysis and comments/recommendations on draft flowcharts and risk and control matrices). KMG subsidiaries performed a self-assessment survey on ICS maturity (over 200 criteria) with respect to the following ICS components:

  • control environment;
  • risk assessment;
  • controls;
  • information and communications;
  • a monitoring procedure.

A preliminary analysis was made of the internal control activities required for horizontal tax monitoring, including across subsidiaries. Employees responsible for risk management at subsidiaries received online training in ICS. The ICS was enhanced, with a Joint Internal Control Improvement Plan for KMG developed jointly by the IAS and the Risk Management and Internal Control Service (RMICS) to improve ICS at KMG and its subsidiaries.

In 2023, KMG’s Risk Management and Internal Control Service will continue to improve the ICS. The Company plans to continue formalising and analysing the controls design, providing recommendations on control procedures, carrying out internal control in line with the SAP S4/HANA project, conducting training for CEOs and heads of departments of KMG subsidiaries, strengthening its risk culture, and organising joint audits of IAS and RMICS (as agreed) at subsidiaries and associates subject to availability of risk matrices and controls for the respective business processes. In addition, RMICS specialists are engaged in the audit of financial and economic activities of subsidiaries and associates in order to verify self-assessment of internal controls.

KMG is aware of the importance of internal controls for the preparation and review of financial statements. This process involves providing reasonable assurance as to the reliability of financial statements and their conformity with applicable accounting standards. To this end, in addition to methodological documents defining the approach to the accounting of transactions and the preparation of financial statements, KMG group companies formalised and implemented an internal control process, including a risk matrix and controls over financial reporting. The effectiveness of internal controls over financial reporting is subject to regular review by independent auditors. On top of that, the following measures to prevent potential risks in preparing financial statements are in effect:

  • annual approval of KMG’s consolidated financial reporting calendar;
  • quarterly development and communication of the schedule for closing and preparation of financial statements across KMG Group;
  • quarterly analysis of questionnaires for non-routine situations submitted by KMG group companies;
  • quarterly assessment of the chief accountants at KMG Group (in terms of timely and correct presentation of financial statements).

Business Continuity Management System

The Business Continuity Management System (BCMS) is a set of processes and procedures aimed at identifying potential threats/risks and assessing their impact on the activities of KMG and its subsidiaries and associates, which provides the basis for improving the Company’s resilience to incidents by implementing effective responses capable of restoring its operations and protecting stakeholders’ interests, the Company’s business reputation, brand and value-adding operations.

The Company recognises the importance of having the BCMS in place and manages business continuity by identifying the necessary conditions and resources to develop and improve measures and tools to ensure business continuity in the context of threats and risks leading to business interruption.

The BCMS is organised in line with KMG’s Business Continuity Management System Policy and the Guidelines for the Business Continuity Management Process. The BCMS Policy defines the scope, objectives, basic principles, and model of the business continuity management system, taking into account the recommendations of the international standard in business continuity management. The Rules for the Business Continuity Management Process define the procedures for determining BCMS’ scope of application, business impact analysis, developing and approving the Business Continuity Plan (the “BCP”), BCP testing, monitoring and improvement of the BCMS, training and raising awareness of employees.

In 2022, the Risk Management and Internal Control Service analysed the impact of KMG’s critical business processes on its operations and updated them. It also made efforts to describe possible scenarios for the shutdown/suspension of critical business processes, among other things due to external factors, in the following six areas: 1) unavailability of staff; 2) unavailability of premises; 3) unavailability of IT systems; 4) unavailability of documents; 5) unavailability of key suppliers; 6) unavailability of specific equipment. In addition, the service outlined preventive and corrective actions to manage relevant incidents, while also making and updating the list of employees responsible for business process recovery, required equipment, IT applications and systems, as well as of suppliers and stakeholders.

In 2023, the Risk Management and Internal Control Service will continue to improve the BCMS. Efforts will be made to update the Business Continuity Plan, and similar work will be done at subsidiaries. The Risk Management and Internal Control Service will also continue to coordinate BCMS rollout across subsidiaries, provide methodological assistance, and conduct training for employees in charge and the management.

Corporate insurance

Insurance is central to ensuring robust risk control and financial management across KMG Group as it serves to protect the property interests of the Company and its shareholders against unexpected losses that may result from operations, including due to external factors.

The Group’s insurance function is centralised in order to enforce the unified corporate standard for insurance, which enables the Company to apply a comprehensive approach to managing continuous coverage. Independent appraisal of reproduction cost / replacement cost new (RCN) and risk assessments are also coordinated through risk surveys conducted by independent risk engineers across KMG Group.

KMG’s Corporate Insurance Programme includes the following key types of insurance coverage:

  • insurance of core operating assets of the Company;
  • public liability insurance;
  • energy risk insurance;

A reinsurance company is only considered for reinsurance when holding a financial credit rating of at least A– on the S & P scale. The Company employs best industry practices in negotiating the optimal insurance and risk coverage terms.

Key risks

KMG operates in a constantly changing environment. Some risks can evolve over time, while their potential impact and likelihood can change in response to internal and external factors. KMG manages, tracks and reports key risks and uncertainties that can affect its strategy implementation.

During the reporting period, a number of risks materialised, but their negative impact was managed and minimised through risk mitigation measures.

Key risks of the Company
Risk has reduced
Risk has increased
Risk does not change

Trend
(over  the year) 		Risk description and likely impacts Mitigation and management
Production decline risk
The main external risk factors are power outages, failures of external electricity supply (for example, supply failures on the part of KEGOC, Mangistau Atomic Energy Complex and Mangistau Regional Electricity Network), and severe weather conditions.

Key reasons behind power outages and supply restrictions:

  • emergency shutdown of power-generating units at the TPP of Mangistau Atomic Energy Complex;
  • shortage of power capacities in the Mangistau and Atyrau regions.
An additional risk factor that affected the key projects’ production volumes in March was a drop in oil shipments through the CPC network (transportation restrictions / accident; for more details, see the risk of lower export transportation volumes below).
Declines in production from mature fields is KMG’s key operational risk.
For more details, see the Upstream section.

    The Company is running the Power Supply Reliability Improvement Plan, which sets out measures designed to reduce the number of emergency power outages and to mitigate the risk of production well shutdowns, while also describing mid- and long-term initiatives implemented jointly with power-generating companies and KEGOC, Kazakhstan’s system operator for power transmission.

    To maintain production rates at its fields, KMG:

  • implements upgrade programmes for obsolete equipment;
  • deploys new technologies to maintain production at mature fields;
  • improves production efficiency (waterflood management, removal of restrictions on surface infrastructure, increase in oil recovery, commissioning of facilities for further exploration at production assets);
  • introduces automation.

    • In addition, the Company is developing field reclamation projects and is planning to approve a roadmap for their implementation. The projects seek to introduce MET exemptions for any given period of time, promote site reclamation initiatives and drive up production volumes using the released capital.

Risk of lower transportation and sales volumes in the segment of oil exports
Key risk factors:
  1. Strong dependence on Caspian Pipeline Consortium (CPC) – TCO, Kashagan and KPO transport all their volumes through the CPC network;
  2. Oil transportation and shipment issues:
    • accident, technical disruptions in the CPC network (in case of technical shutdown, the Company will need to reduce its production and reroute sales streams);
    • the issues of oversupply in Transneft’s oil pipeline system (due to challenges associated with selling Russian oil);
    • transportation restrictions in the CPC network (in case of increasing sanction pressure, counter-sanctions adopted by Russia and other geopolitical conflicts).
  3. Acts of subversion, terrorism, or sabotage, nationalisation.
Impact
Oil transportation restrictions, curtailment or suspension of production at the TCO, Kashagan and KPO fields and the Company’s operating assets, insufficiency of the tank farm capacities to meet the increasing supply.
  1. The Company is considering a variety of alternative options/routes for transporting oil exports.
  2. The Company holds discussions with suppliers on railway fleet expansion and transportation alternatives.
  3. The Company is negotiating with CPC to find solutions to the potential situation where partial and/or full operating limitations are introduced for the sea terminal.
  4. The Company stays in touch and holds consultations with the Ministry of Energy of the Republic of Kazakhstan.
  5. Arrangements have been made to introduce KEBCO (Kazakhstan Export Blend Crude Oil, Kazakhstan’s own oil grade) and ensure its official use in export contracts (for reference: this will contribute to the promotion of Kazakhstan’s oil in all sales markets, facilitate the identification of alternative transportation routes and the procurement of permits, and help raise awareness about the re-branding through the joint efforts of international information platforms and key stakeholders).
Work-related injury risk
Employees’ non-compliance with the established health and safety rules, and breaches of operational discipline may pose a threat to their life and health.
Impact
Violations of operational health and safety rules may lead to injuries, as well as production disruptions, financial losses, and reputational damage.
In 2022, the Company registered 35 lost-time accidents and 36 employees who suffered injuries, including one fatal accident. 		To prevent workplace accidents, KMG implements a number of organisational and technical measures that ensure:
  • a safe working environment and prevention of work-related injuries and occupational diseases;
  • timely training and knowledge testing;
  • internal health and safety controls;
  • deployment of new technologies and mechanised techniques;
  • improvement of industrial safety for production facilities.
The Company is implementing a near miss reporting programme through the Korgau Card project and behaviour-based working and driving safety cards. The use of the Korgau Card is aimed at identifying and reporting an unsafe condition, unsafe behaviour, unsafe action, hazardous event or hazardous factor, as well as good practice and suggestions (initiatives).
Implementation of the Behaviour-Based Safety Programme and Behaviour-Based Driving Safety Programme in subsidiaries and associates continues.
The Company has codes, policies, regulations, and corporate standards in place:
  • Policy on Safe Operation of Land Vehicles;
  • Life-Saving Rules corporate standard;
  • Corporate Wellness Programme;
  • KMG Group’s Corporate Standard for Engaging Contractors on HSE;
  • KMG Group’s Corporate Standard for Building HSE Capabilities;
  • KMG Group’s Corporate Standard for Occupational Health;
  • Rules for Identifying Occupational Health, Safety, and Environmental Threats and Risks in Hazardous Operations;
  • Occupational Health, Safety, and Environmental Awareness Programme;
  • Regulations on Safe Operation of Land Vehicles.
Risk of emergencies or man-made disasters at production facilities
The Company’s operations are potentially hazardous. KMG is exposed to the risk of damage to property, third parties or the environment caused by accidents, emergencies, or man-made disasters at production facilities.
There were no major accidents in the reporting period. 		To mitigate its production risks, the Company:
  • holds briefings on safe operation of equipment (technical devices);
  • trains personnel in safe operation regulations and tests their knowledge with the subsequent assignment of qualification certificates (permits);
  • ensures timely maintenance and repair of equipment as required by relevant regulations;
  • controls safety review activities with respect to life-expired equipment;
  • performs timely equipment retrofits and upgrades;
  • performs timely diagnostics and identification of potential hazards, as well as industrial safety assessments of production facilities;
  • improves the technical expertise and qualifications of operating personnel.
The Company is phasing in advanced protection, safety and security technology and solutions. Annual voluntary property insurance contracts are executed (against the risk of accidental destruction, loss or damage) for insured events.
Environmental risk
The Company is exposed to the risk of adverse environmental impact and the risk of tougher responsibility for non-compliance with environmental laws.
Impact
Environmental risk materialisation may entail financial expenses in the form of fines, excess emissions charges, environmental remediation costs, as well as legal liability and escalating social and environmental tensions. 		The Company’s priorities in environmental protection:
  • atmospheric emissions management and reduction of routine flaring;
  • water management;
  • production waste management;
  • land reclamation;
  • energy efficiency improvement.
To mitigate the environmental risk, the Company:
  • ensures preventive management of significant environmental aspects, based on project management and a risk-based approach, to improve environmental performance;
  • assesses and analyses on a quarterly basis the flaring rate in the upstream sector under IOGP requirements;
  • engages stakeholders on environmental issues;
  • implements the Memorandum of Cooperation in Environmental Protection signed with a competent authority to dispose of and recycle waste from its subsidiaries and associates;
  • comprehensively develops the corporate environmental function and aligns KMG’s activities with green economy principles;
  • implements the automated environmental monitoring information system (AEMIS) in subsidiaries and associates for the quarterly monitoring of pollutant emissions/effluents;
  • assisted the subsidiaries and associates in procuring a unified environmental permit for 2023 (as required by Kazakhstan’s new Environmental Code, including contractor data) by providing relevant consultations.
The Company continues to actively participate in working groups with competent government bodies to develop by-laws for the Environmental Code, while also contributing to the technical working groups charged with drafting best available techniques (BAT) handbooks. Work is underway to ensure timely implementation of the AEMIS in the Company’s subsidiaries and associates.
Climate risks and low-carbon development
In its operations, the Company faces risk factors related to energy transition and climate change, including:
  1. Energy transition risks:
    • carbon unit trade restrictions imposed on the quasi-public sector;
    • significant CAPEX required to deliver on the planned initiatives;
    • modest profitability of most low-carbon projects due to low carbon prices;
    • limited options due to the obsolescence of available technologies;
    • lack of legislative and authorisation regulations for low-carbon projects;
    • higher electricity tariffs;
    • market risks associated with changes in demand and consumer patterns;
    • political, legal, and regulatory risks associated with tighter GHG emissions requirements amid the transition to low-carbon development;
    • reputational risks associated with the climate change perceptions of the Company’s stakeholders.
  2. Physical impact of climate change on the Company:
    • short-term risks arising from extreme weather conditions (floods, landslides, mudflows, droughts, fires, tornadoes);
    • systematic (persistent) risks arising from long-term changes in climate models (prolonged periods of extremely high air temperatures, higher sea levels and flooding of onshore wells, etc.).
    • drop in sea levels.
Impact
These risks may have an adverse impact on operations of the Company as a major producer of fossil fuels and source of greenhouse gases in the form of higher costs, lower profits, and limited opportunities for further development.
An increase in renewable energy generation can be expected in individual partner countries. It may lead to decline in demand for products supplied by the Company. 		To mitigate the climate change risk and its effects, the Company:
  1. Has adopted and put into practice the 2022–2031 Low-Carbon Development Programme (LCDP).
  2. Has signed memoranda of cooperation with Chevron and the EBRD to introduce CCUS (carbon capture, utilisation and storage) technologies, implement projects based on natural solutions, produce low-carbon hydrogen, develop the corporate carbon price, and improve energy efficiency.The International Association of Oil & Gas Producers.
  3. Has built joint working groups with Chevron for sharing low-carbon development experience and developing joint hands-on projects in the realm of carbon footprint reduction.
  4. Continues to implement the hybrid power plant project in the Mangistau Region jointly with Eni.
  5. Has developed technical specifications for an offset forestry project designed to combat climate change.
  6. Stays in contact with government agencies and business associations to discuss carbon regulations, development of low-carbon economy and energy.
  7. Has signed a memorandum of cooperation with the EBRD (the EBRD is to develop a stress-testing model for KMG accounting for different climate scenarios (RCP2.6, RCP4.5 and RCP8.5), while also drafting recommendations on TCFD reporting to be included in the IPО, CDP and sustainability reports and to be used in the improvement of ESG rankings).
  8. Has prepared a study on KMG Group’s energy saving potential based on the energy audit and LCDP results.
  9. Work is underway to develop the concept of internal carbon pricing.
  10. Work is underway to prepare a methodology for monitoring and reporting on GHG emissions in KMG.
  11. Has completed an energy analysis as part of its efforts to develop the Fund’s Energy Efficiency Programme for 2022–2027.
  12. Working groups have been formed with Chevron specialists to exchange experience in the direction of low-carbon development and form joint practical projects to reduce the carbon footprint.
  13. Has redeemed 8.5 mln kWh of electricity consumed by KMG’s headquarters in 2022 through International Renewable Energy Certificates (I-REC).
  14. In the reporting year, developed and adopted:
    • the Energy Policy of KMG, with the subsidiaries and associates updating their policy and internal regulations to bring them in line with KMG’s policy,
    • regulations and operating instruction on energy efficiency management and improvements,
    • the GHG emission monitoring and reporting methodology, which defines key approaches and provides a unified methodological basis for measuring GHG emissions across KMG subsidiaries and associates,
    • the Internal Carbon Pricing Programme designed to assess and minimise the Company’s financial risks associated with the tightening of carbon regulations, as well as to reallocate some investments from carbon-intensive projects to low-carbon ones.
  15. Has calculated specific energy consumption targets.
  16. Has signed a memorandum to build a wind power plant with a total capacity of circa 1 GW; the project is to be implemented in stages and to leverage an energy storage system with a capacity of approximately 300–600 MWh).
  17. Is conducting a screening study to assess the potential of a pilot CCUS (carbon capture, use and storage) project at the Group’s facilities, while also organising CCUS workshops (Shell).
  18. Signed NDAs with Nature First Foundation and China Energy on potential cooperation in the realm of renewable energy.
  19. Is developing business cases for building in-house renewable energy capacities at Embamunaigas, Atyrau Refinery, and KLPE.
  20. Held a workshop on Energy Transition and Management of GHG Emissions at a Production Site hosted by KPMG Caspian on 24–25 November 2022 to develop the practical skills of mid-tier professionals at the Company’s subsidiaries and associates and corporate centre and to educate them about the calculation of GHG emissions, decarbonisation of production processes in oil and gas companies, and settlement of carbon offsets.
  21. On 18–20 October 2022, held a workshop on Carbon Capture, Utilisation and Storage attended by KMG’s employees and Chevron’s professionals.
  22. Tackled the financing issue to pay compensation to a TCFD advisor in accordance with the previously approved technical specifications setting out the scope of respective assignments.
Geological risk
The implementation of new exploration projects is always associated with geological risks arising from the uncertainty of geology: lack of hydrocarbon discoveries; failure to confirm or low recoverable oil/gas reserve estimates.
Impact
The Company’s operations are exposed to the risk that new projects and exploration drilling fail to discover commercially viable oil and gas reserves and/or that the discovered reserves will be lower than originally planned. 		To address this risk, the Company:
  • collects and analyses the geological and geophysical data from the operating area and similar nearby fields;
  • plans geophysical surveys and exploration for hydrocarbons, applies effective study techniques and data processing and interpretation methods.
  • conducts regional basin studies;
  • conducts advanced seismic surveys as part of subsoil exploration efforts to reduce geological risks and obtain new data for the purposes of comprehensive geological, technical and economic analysis;
  • attracts strategic partners for joint exploration and development of new fields, including under carry financing arrangements to reduce the financial impact of geological risks;
  • fosters professional development of personnel (training, experience sharing with international companies).
Social unrest in regions of operation
The Company is exposed to the risk of unauthorised strikes.
Impact
Adverse impact on the Company’s reputation, disruption to operations and higher OPEX and impact on CAPEX and project schedules. Rising commodity prices, accelerated domestic inflation or continued weakening of the national currency may affect negotiations over changes to wages and salaries.
Early in the reporting period, there was a wave of unauthorised strikes called by employees of the Company’s contractors and some of its subsidiaries and associates. The situation only got worse with the onset of the January events (the key demands focused on salary hikes and full-time employment contracts with the Company). The Company held negotiations with the leaders of the trade union committees and met with rank-and-file employees. As a result, KMG took steps to narrow the salary gap between the Company’s workers and contractor employees, and the situation went back to normal. 		To mitigate social risks, the Company pursues a wide variety of initiatives:
  1. To ensure the timely settlement of social and labour conflicts in the Mangistau Region, on 23 June 2022 KMG opened a representative office in Aktau. The key objectives of the representative office are as follows:
    • to stay in touch with the local executive authorities and national government, and engage with the trade union organisations of KMG’s subsidiaries and contractors;
    • to coordinate efforts around employment protection projects;
    • to handle requests submitted by individuals and legal entities with respect to the operations of KMG’s subsidiaries, etc.;
    • to tackle production challenges and assist in the implementation of infrastructure projects.
  2. KMG actively contributes to the unemployment reduction efforts in the Mangistau Region. In 2022, KMG’s subsidiaries and associates are expected to employ 1.679 people (jointly with their respective contractors), including 1.242 people at Ozenmunaigas, 401 people at Mangistaumunaigaz, and 36 people at Karazhanbasmunai. As of 10 October 2022, a total of 1.239 people were employed.
  3. To reduce unemployment rates, KMG and the Akimat of the Mangistau Region are considering options for providing local residents with jobs. A recruitment process is underway to select the most suitable candidates from among the Mangistau Region’s residents for their subsequent employment at Tatneft’s facilities in the Republic of Tatarstan.
  4. To improve the quality of education offered to the young residents of Zhanaozen, the Company launched a programme for financing schoolchildren’s training in the country’s best specialised boarding schools and colleges.
  5. KMG participates in the meetings of the Interdepartmental Headquarters for Addressing Issues of Zhanaozen. All decisions taken by KMG are subject to discussion with the Headquarters.
  6. The Company’s subsidiaries and associates have developed five-year roadmaps for improving employees’ working and recreation conditions, with plans underway to build over 85 social infrastructure facilities (canteens, administrative and production buildings, accommodation camps, etc.) and to repair or overhaul 41 and 11 social infrastructure facilities, respectively.
  7. To streamline teamwork amongemployees, nurture team spirit and promote a psychologically healthy working environment, on 8–12 August 2022 KMG held a corporate sports competition in Atyrau for the employees of all its subsidiaries and associates. On 3–7 October 2022, Kazgermunai hosted the Uzdyk Maman professional skills competition.
  8. One of the Company’s key focus areas is the development and implementation of action plans to enhance social stability relying on the results of social stability index measurements. The action plans set out initiatives designed to boost staff satisfaction levels, enhance confidence in the management, put in place feedback channels, and improve working, living and catering conditions, etc. In 1H 2022, the social stability across KMG’s teams was assessed as satisfactory, with the index coming in at 74%. There was a certain decline in staff satisfaction with the compensation levels due to a sharp rise in food and merchandise prices. The survey results were made available to all subsidiaries and associates as they need to make relevant adjustments to their respective action plans.
Liquidity and financial stability risks
Liquidity, financial stability, and credit rating downgrade risks are KMG’s key risks.
Impact
Need to immediately repay current borrowings and Eurobonds.
Inability to raise sufficient funds to finance the Company’s current and investment activities.
In 2022, the Company maintained an appropriate level of liquidity and demonstrated adequate financial stability. 		To overcome these risks, along with debt management activities and efforts to prevent liquidity shortages, the Company is focused on improving operational efficiency, clear prioritisation of capital expenditures, commitment to financial discipline, rationalisation of the Company’s asset and project portfolios, and transition to portfolio-based project management.
The Company takes the following measures to prevent risks:
  • controlling leverage, preventing its growth to maintain financial stability, using free cash flow to repay debt;
  • achieving an optimal balance between debt and internal sources of financing;
  • cost cuts, budget control;
  • repaying existing loans and providing financial aid to subsidiaries and affiliates;
  • preventing deterioration of the Company’s solvency position in order to maintain access to debt capital markets and avoid increases in borrowing costs;
  • deleveraging through early debt repayment.
Compliance risks
Intentional corruption for personal or material gain, including for the benefit of third parties. The Company has zero tolerance towards any fraudulent actions regardless of the amount of monetary damage.
Impact
In 2022, there was no evidence of this risk being materialised. 		The Company consistently implements and reinforces internal controls, embedding group-wide policies to prevent unlawful or wrongful acts of third parties or its employees, and maintaining the procedure for conducting internal investigations of unlawful or wrongful acts of its employees.
The Company has adopted policies and standards in line with best global practices, while also committing itself to:
  • improving and consolidating its internal and compliance controls (in the reporting period, additions were made to:
    • the Anti-Corruption Policy as regards the liability of the Chairman of the Management Board and their deputies for a failure to perform their job duties with respect to the prevention of corruption-related offences by their direct subordinates or for improper performance thereof;
    • the Confidential Informing Policy of KMG as regards the responsibility to submit investigation materials on received reports indicating criminal or administrative offences to authorised law enforcement bodies;
    • the Rules for Planning, Organising and Conducting Procurement of Goods, Works and Services at KMG as regards the feasibility of grounds for the application of single-source procurement pursuant to items 6, 11, 14, paragraph 1, article 59 of Samruk-Kazyna’s Procurement Procedure, as regards the submission of supplier due diligence reports pursuant to KMG’s Counterparty Due Diligence Policy, and as regards the inclusion of anti-corruption clauses in draft contracts except for cases where the draft contract complies with the template approved by KMG);
  • anti-corruption monitoring;
  • analysing corruption risks;
  • promoting an anti-corruption culture, taking preventive steps and informing employees on potential violations and enforcement;
  • establishing an organisational and legal framework to foster accountability and transparency of decision-making procedures;
  • conducting compliance audits (in the reporting period, long-term contracts, single-source procurement deals, and arrangements for the privatisation of economically material assets were reviewed for compliance with anti-corruption requirements);
  • implementing and complying with business ethics standards;
  • holding anti-corruption workshops and trainings;
  • analysing drafts of internal documents to identify corruption factors;
  • preventing conflicts of interest (in the reporting period, the declaration requirements applied to 40 subsidiaries and associates);
  • conducting counterparty due diligence reviews;
  • compiling an insider list and serving limitations, obligations and responsibility notifications on respective insiders;
  • handling whistleblowing reports via the Hotline and submitting respective findings to the Audit Committee and the Board of Directors (in the reporting period, the Company reviewed about 100 whistleblowing reports and conducted onsite inspections at five subsidiaries and associates).
Strong volatility of oil prices
The Company is exposed to the risk of energy price volatility.
Impact
Oil price volatility may lead to significant changes in the Company’s performance, revenues, and cash flow.
Oil price fluctuations in 2022 had no negative impact on the Company’s revenue and cash flow.
For more details, see the Macroeconomics and Global Trends sections.
In the event of high oil price volatility and a drop in demand due to adverse developments in the global markets, the Company will take steps to ensure financial stability, including but not limited to:
  • introducing and taking anti-crisis measures in a timely manner;
  • adjusting the Company’s Development Plan, cutting costs;
  • prioritising and optimising CAPEX and investment projects;
  • developing targeted measures (e.g. obtaining creditors’ waiver, directing volumes to more favourable markets) to mitigate risks that may have an additional negative effect.
KMG continuously monitors and analyses price and demand dynamics for crude oil and oil products and also considers purchasing financial tools to be protected in case of a significant fall in oil prices (e.g. analysis of hedging benefits).
The Company cooperates with competent state bodies on matters related to OPEC+ deal, implementing measures to stabilise the internal market and stimulate oil exports, and has internal reserves to deliver on its commitments.
Country risks and the risk of sanctions
The Company operates overseas. Any significant adverse economic and political developments in a recipient country could affect the Company’s operations. Sanctions against certain countries, including sectoral sanctions, may affect the Company’s operations and its prospective joint projects.
Impact
Tightening of sanction laws may affect the Company’s operating, financial and investment activities, including through secondary sanctions imposed on the Company. 		To prevent relevant risks, the Company:
  1. Has established a working group to analyse the impact of the sanctions on the operations of the Company and its subsidiaries and associates. Sanction risks are being monitored on a weekly basis to mitigate potential adverse effects on the Company’s operating, financial and investment activities.
  2. Has approved the Sanctions Policy setting out a unified interaction procedure and mitigants to minimise sanction risks.
  3. Has made arrangements for information on the impact of sanctions to be provided on a periodic basis to the Company’s Board of Directors, the Fund, the Ministry of National Economy of Kazakhstan, and the Company’s stakeholders.
The Company mitigates country risks by setting country-specific limits based on the analysis of the recipient country (from the economic, political, strategic, social and other perspectives).
Cyber risks
Intentional manipulations with the Company’s ICT system aimed at compromising its integrity, accessibility and security.
Impact
In 1Q 2022, we detected signals of an attack on the server infrastructure of the Company’s foreign assets. A technical quick response force took steps to prevent the attack with the help of relevant cyber security bodies.
The Company protects against cyberattack risks not only the information in its possession and its hardware and software but also information provided to it by government bodies, shareholders, business partners, and personal data subjects. 		To address this risk, the Company:
  • regularly runs tests to check its ICT system for vulnerability to external attacks, analyses IT infrastructure security, audits network elements, monitors operating system security, identifies and blocks attackers;
  • continues to increase the number of subsidiaries and associates connected to the Company’s single data transfer network;
  • prepares cyberattack emergency response plans to reduce the impact of a crisis situation and minimise its consequences;
  • maintains compliance of the existing information security management system (ISMS) with international standards;
  • organises training for persons responsible for ISMS in information security units;
  • keeps up cyber security hygiene;
  • monitors the availability of information systems and the adequacy of the required information and computing resources on a daily basis;
  • investigates information security incidents;
  • has developed interaction regulations to be applied in case of an emergency involving the service supplier responsible for the provision of calculation capacities.
Reputational risk
The Company is exposed to reputational risk that affects its business reputation and relationships with investors, counterparties, partners, and other stakeholders.
Impact
In 2022, the Company faced various factors that could cause reputational risk to materialise.
As one example, a group of fraudsters started spreading social media advertisements to raise users’ money for investments on behalf of the Company. These advertisements are misleading and fraudulent. To mitigate the risk, the press offices of KMG and its subsidiaries and affiliates promptly prepared press releases, messages and publications to be disseminated to the public through key national and regional mass media and social networks (Facebook, Instagram, YouTube). The Company also launched targeted advertisements to raise awareness about potential frauds, with fraud updates regularly posted in the news feed. Additionally, fraud reports were submitted to Google and YouTube. 		The Company implements a range of measures to manage this risk, including publications in the media, holding of briefings, press conferences and management presentations highlighting various aspects of the Company’s activities and raising awareness among stakeholders. The Company tracks press mentions of its activities on a daily basis and promptly responses to unreliable information (rumours) published in media and social networks.
In 2022, KMG launched a large-scale PR campaign to promote its IPO, which included:
  • creation of an IPO page on the Company’s website;
  • publication of awareness-raising articles in mass media to offer readers insights into how to start investing, buy shares, avoid fraud, etc.;
  • targeted advertising in social media;
  • contextual advertising through the search engines of Google and Yandex;
  • a hotline;
  • educational training sessions for journalists.
FX risk
Currency risk is a potential negative change in the Company’s financial performance due to exchange rate fluctuations.
Impact
Appreciation of foreign currencies against the tenge may lead to higher KZT-denominated OPEX, lower margins and a negative impact on the Company’s financial results and performance.
In 2022, tenge fluctuation against foreign currencies had no material impact on the Company’s financial results and performance. 		Given the currency mix of its revenues and liabilities, the Company is also exposed to FX risk in its operations. The strategy for managing this risk involves the use of a holistic approach that considers natural (economic) hedging options. KMG ensures the optimal balance of assets and liabilities denominated in foreign currency, and calculates earnings considering the FX risk.
Tax risk
The Company is exposed to the persistent risks of changes in tax laws and lack of clear interpretation, as well as the risk of increased tax burden and loss of entitlement to tax benefits.
Impact
Tax legislation in Kazakhstan is subject to frequent changes and varying interpretations. The tax authorities generally take a more conservative approach in their interpretation of the legislation and in tax audits. As a result, the management’s interpretation of tax laws applicable to the Company’s operations and activities may be challenged by the relevant tax authorities. The Company operates in a number of jurisdictions and is therefore required to follow complex transfer pricing rules, which may give rise to uncertainty and subjective interpretation.
In 2022, this risk materialised, resulting in higher tax expenses, including heavier tax liabilities arising from the widening Urals-Brent spread. 		The Company continuously monitors changes in tax laws, evaluates and forecasts the extent to which they can potentially impact its operations, while also following trends in law enforcement practices and considering the implications of regulatory changes for its operations.
The Company’s specialists regularly take part in various working groups responsible for drafting tax legislation. To mitigate tax risks, the Company improves its tax administration processes and conducts tax audits.
Interest rate and commercial bank liquidity risk
Higher global interest rates and lower financial stability of the banking sector can have a negative impact on the cost of borrowing, as well as the placement of idle cash.
Impact
Events of default of the Company’s counterparties may result in the failure to withdraw funds on their accounts in full or in part, which may adversely affect the Company’s financial results and force KMG to raise additional financial resources to meet its obligations.
In 2022, no defaults, untimely or incomplete performance of financial obligations by second-tier banks were recorded. 		To mitigate these risks, the Company diversifies investments in financial instruments in accordance with the treasury portfolio’s pre-defined limits and regularly monitors how idle cash is placed across KMG Group.
Most of KMG’s earnings are generated in US dollars, while the main source of borrowing is the international lending market. For these reasons, the largest part of KMG’s debt portfolio is denominated in US dollars. The interest rates for servicing a portion of these loans are based on interbank lending rates, and their growth may lead to additional debt servicing costs.
Investment (project) risks
The Company is implementing a number of projects in hydrocarbon exploration, production, transportation and processing, which could be exposed to significant risks associated with external and internal factors. The materialisation of such risks can significantly affect the success of these projects.
Impact
When running investment projects, the Company faces the risks of rising costs, delays in the commissioning of production facilities, and failure to achieve design parameters. 		The Company regularly monitors progress against projects in the regions where it operates, making timely adjustments to project implementation plans as necessary. Where risk can arise affecting the timing, budget or quality of projects, mitigation measures may include negotiations with stakeholders, reduction of operating costs, optimisation of the investment programme, abandonment of unprofitable investment projects.
We introduced a project management and investment decision-making system similar to standards adopted by global companies (Stage Gate Process).
Risk of changes in applicable laws, and litigation and arbitration risks
The Company’s performance can be impacted by changes in applicable laws, including subsoil use, tax, currency, customs regulations, etc., as well as the risk of negative court decisions on court or arbitration disputes involving the Company.
Impact
In 2022, 6 lawsuits worth over USD 1 mln and no arbitration proceedings were initiated. Until the proceedings are completed, it is impossible to fully assess the impact of these events on the Company’s operations. 		The Company continuously monitors changes in laws, while also evaluating and forecasting the extent to which they can potentially impact the operations of KMG entities.
The Company regularly takes part in working groups to develop and discuss draft laws in various areas of legislation.
The Company continuously monitors judicial and law enforcement practices, and actively applies best practices in resolving legal issues and disputes arising in the course of the Company’s operations.
Pandemic risk (COVID-19)
The COVID-19 situation in Kazakhstan is relatively stable for now, with the infection rates on the decline. However, with the onset of the new season of flu and other acute respiratory viral infections, COVID-19 may overlap with these more conventional diseases leading to fairly severe cases of combined viral infection.
The vaccination rates have also gone down. This erodes the herd immunity and makes infection risks more prominent.
Impact
In February 2022, KMG Group registered one pneumonia-induced fatality.
For more details, see the Occupational Health and Safety section.
  1. Permanent monitoring of the epidemiological situation in the KMG group of companies continues, Subsidiaries submit weekly reports on the COVID-19 situation to the KMG Security Control Center (SCC).
  2. Depending on the current epidemiological situation and the zone of epidemiological risk in a particular region, the requirements and recommendations of the current resolutions of the chief state sanitary doctors are implemented in the Corporate Center and Subsidiaries.
  3. Regardless of the virus variant, measures to combat COVID-19 remain the same:
    • preservation of all preventive measures for the non-proliferation of COVID-19;
    • revaccination of the population, including employees of the KMG group in accordance with the revaccination plan;
    • isolation of sick and contact persons;
    • compliance with quarantine measures in accordance with the restrictions adopted and expected to be introduced in the regions of KMG’s presence.

As of December 31, 2022: more than 53.8 thousand employees of the KMG group of companies (82%) of the total number received the vaccine with the first component. Of these, more than 52.9 thousand employees (81%) received a full course of vaccination (both components). 18.9 thousand employees or (29%) in the KMG group were revaccinated.

Risk of terrorism
Acts of terrorism and other violence against the Company’s and contractors’ personnel and assets
Impact
The Company operates in a number of countries where acts of terror and other criminal wrongdoings against the Company’s assets are possible.
In 2022, there were no events when this risk materialised within KMG Group. 		The Company takes a set of preventive measures, including:
  • checking the condition of security equipment, alarm systems, up-to-date status of evacuation plans, current status of exits and evacuation routes;
  • training of security and maintenance personnel in counter-terrorist protection of facilities and personal safety in case of emergencies;
  • physical security checks and counter-terrorist security inspections of facilities at subsidiaries and associates;
  • interacting with law enforcement and special agencies on physical security and counter-terrorist security at facilities;
  • screening of contractor employees authorised to work at the Company’s facilities;
  • training sessions for security, service, and technical personnel in the event of emergencies at facilities;
  • control over the maintenance of video surveillance systems and routine maintenance of ISS, ACS, and boom barriers;
  • testing the emergency response skills of the security personnel;
  • regular updates of the access control and on-site security regulations;
  • issuance of IDs for terror vulnerable facilities in line with legal requirements for countering terrorism.