FIND THE NEAREST PETRON STATION

Risk Management

The Company’s resilience is manifested in its capacity to anticipate, assess, and mitigate risks effectively. The dynamic nature of the oil industry necessitates agility in both risk management and leveraging on emerging opportunities. The Company is guided by its Enterprise-Wide Risk Management (“ERM”) framework, with programs designed to enable the organization to achieve its corporate objectives while managing risks that may adversely impact the attainment of such objectives. Risk management is integrated into the daily operations and performance of the entire organization.  Identified risks are analyzed and evaluated and major risks are regularly reported and raised to top management level for continuous monitoring and decision-making.  The risk management process is also integrated into the yearly business planning of all major divisions and departments. The ERM framework, which is based on ISO 31000, likewise searches for strategic risks that may present opportunities and create or add value to the Company.

The Company has a designated Chief Risk Officer who supervises the entire enterprise risk management process of the Company and spearheads the development, implementation, and continuous improvement of the Company’s enterprise risk management processes and documentation. He heads the Enterprise-wide Risk Management Group, tasked to lead the enterprise risk management program of the Company. All the Company Division heads are designated owners of the risks emanating from their respective groups and each group is represented in the Risk Management Committee, a working group that regularly monitors the risk management program and ensures alignment of objectives and implementation of processes across the organization and daily operations.

Major Risks

In evaluating risks across each division and the Company as a whole, the organization’s risk appetite and tolerances are considered. Risks with a high probability of occurrence and substantial financial consequences are prioritized, and measures are implemented to eliminate or mitigate them, ensuring that they do not impede the realization of the Company’s business objectives. In 2025, the following risks were given such priority attention.

  1. Operational Risks. These may be caused by unplanned events such as serious process or machine failure, accidents, weather-related events, or human error at the Company’s refinery, terminals, depots and other facilities. These disruptions may result in injury or loss of life, damage to Company property, or damage to other properties in the immediate area where the facility is situated or in financial losses from product run-outs, loss of sales or loss of margins from required spot purchases.

To mitigate these risks, the Company ensures that the Petron Bataan Refinery and the terminals adopt best practices in operations and adhere to a program of planned, preventive and predictive maintenance. The Petron Bataan Refinery, the country’s only oil refining facility, continues to be Integrated Management System (“IMS”)-certified which demonstrates the Company’s continuous adherence to global standards on safety, health, quality and environmental management.  The Company’s IMS certification covers ISO 9001, 14001 and 45001).

28 of the Company’s terminals have been certified under the ISO 9001 (QMS), ISO 14001 (EMS), and ISO 45001 (Occupational Health and Safety Management System) standards. 14 Petron pier facilities are also compliant with the International Ship and Port Facility Security or ISPS Code which is certified by the Office for Transportation Security under the Department of Transportation’s Office of the Transport Security.

The Company likewise maintains insurance which covers property, marine cargo and third-party liability, as well as personal injury, accidental death and dismemberment, sabotage and terrorism, and machinery breakdown.  One of the main insurance policies of the Company, the Industrial All Risk policy, covers the Petron Bataan Refinery for material damages, including machinery breakdown cover. 

  1. Crude and Product Price Volatility Risks. The Company is exposed to uncontrollable price fluctuations in input crude and output finished products. Price movements and volatility are brought about by changes in global supply and demand for crude oil and finished products, international economic conditions, global conflicts and geopolitical issues, and other factors over which the Company has no control. Currently, events such as the war in Iran, Gaza, conflicts at the Red Sea, the Russia-Ukraine war, and US tariff imposition and trade war have resulted in huge oil price swings. Such volatility may result in cash flow variability and increase in financing expenses.

The Company mitigates this risk by entering into commodity hedging for its crude and product exposure. The Company has a Commodity Risk Management Committee that actively evaluates hedging policies and strategies to protect the Company from risks of inventory losses and margin contractions. The Company also regularly assesses refinery utilization considering the latest price outlook and demand forecasts and prudently manages its capital and operating expenses and receivables, particularly during times of high volatility. 

  1. Financial Risks. The Company is capital intensive and spends substantially for the processing and purchase of crude oil and other fuel products, and investments in upgrading and maintaining the Company’s facilities, which requires Petron to incur debt to finance these expenses. With loan levels both in peso and foreign currencies, the Company faces financial risks from increase in interest rates and fluctuations in foreign exchange. An increase in interest rate would mean an increase in interest payments to the lenders, while swings in foreign exchange would impact our foreign-denominated debt and interest payments in peso terms.

To manage these financial risks, the Company maintains an optimum mix of fixed and floating rate loans, and peso and foreign-denominated loans. The Company also engages in hedging activities using forwards and other derivative instruments and generating dollar-denominated sales to reduce foreign exchange exposure. Finally, the Company negotiates for tighter spreads of loan facilities for long-term loans.

Moreover, the Company uses an enterprise resource planning software that monitors financial transactions. This planning tool allows real-time awareness and response to contain losses posed by foreign exchange exposure.

  1. Cyber Security Risks. As the Company becomes more reliant on technology to support operations and enable efficiency and innovation, Petron becomes susceptible to information technology (“IT”) security threats that may impact business continuity, data integrity, and regulatory compliance. These threats may come from inside and outside of the organization, can be intentional, as with cybercriminals, or unintentional, as with employees, contractors or vendors who accidentally click malicious links or download malware. And as these IT security and cybersecurity threats continue to escalate in ferocity and complexity, the Management Information Systems Department of the Company has implemented IT security strategies that combine a range of security systems, framework/programs and technologies to protect Petron’s entire IT infrastructure, including hardware systems, software applications and endpoints, to prevent or mitigate the impact of known and unknown threats.

Since these threats are fast-evolving, the Company has been continuously working on strengthening its foundation and improving the response plan to maintain a confident security posture. The Company also implemented proactive measures to further improve our threat detection, response and prevention capabilities.  As cyberattacks, such as phishing attacks exploit human vulnerabilities, the Company is also focused on user training and empowerment to educate employees to recognize security threats and practice secure workplace habits.