We maintain an anti-bribery and anti-money-laundering (ABC/AML) 
programme with adequate resources, a comprehensive governance structure 
and established reporting lines. Staff receive clear guidance which 
includes requirements in Shell's Ethics and Compliance Manual, an 
ABC/AML-specific website, training modules where completion is monitored 
and regular messages from Shell leaders on the importance of managing 
ABC/AML risks. As regards OPL 245, the 2011 settlement was a fully legal 
transaction with Eni and the Federal Government of Nigeria, represented 
by the most senior officials of the relevant ministries. We maintain our 
view that there is no basis to convict Shell, or any of our former 
employees who are also on trial in Milan. In response to the COVID-19 
pandemic, we have set up fast-track processes to deal with relief 
donation requests. These processes include counterparty due diligence 
and are supported by Shell's Ethics and Compliance Office. 
 
   Risk description: 
 
   Violations of data protection laws carry fines and expose us and/or our 
employees to criminal sanctions and civil suits. 
 
   Data protection laws apply to Shell and its joint arrangements and 
associates in the vast majority of countries where we do business. Most 
of the countries we operate in have data protection laws and 
regulations. In some countries that are key to Shell's business 
operations, legislation continues to be amended or introduced. Shell 
must be able to adapt dynamically to such legislative changes and be 
capable of updating our internal programmes if necessary. The EU General 
Data Protection Regulation (GDPR), which came into effect in May 2018, 
imposed increased financial penalties of up to a maximum of 4% of global 
annual turnover. It requires mandatory breach notification in certain 
situations, the standard which is also followed outside the EU 
(particularly in Asia). Non-compliance with data protection laws could 
expose us to regulatory investigations, which could result in fines, 
penalties and harm to our reputation. With regard to data breaches, we 
have breached the GDPR in the past and some investigations are still 
ongoing with European regulators. To date, no material fines have been 
imposed, but no assurance can be provided that future breaches would 
have similar outcomes. In addition to imposing fines, regulators may 
also issue orders to stop processing personal data, which could disrupt 
operations. We could also be subject to litigation from persons or 
entities allegedly affected by data protection violations. 
 
   With data privacy legislation now in force in the USA, the risk of class 
actions is increased. Class actions after large-scale data breaches are 
increasingly common in the UK. 
 
   The COVID-19 pandemic has increased the level of processing of personal 
data to track employees, suppliers or other visitors to our premises. 
Some governments require immediate disclosure of information, including 
sensitive personal data, to identify infected individuals, with some 
mandating technologies such as tracing applications on all devices, 
including corporate mobile phones. 
 
   Violation of data protection laws is a criminal offence in some 
countries, and individuals can be imprisoned or fined. Any violation of 
these laws or harm to our reputation could have a material adverse 
effect on our earnings, cash flows and financial condition. 
 
   See "Other Regulatory and Statutory Information" on page 182. 
 
   How this risk is managed: 
 
   We maintain a data privacy programme with adequate resources, a 
comprehensive governance structure and established reporting lines. 
Shell has had Binding Corporate Rules in place for the last 10 years. 
These rules are part of a group wide global programme to ensure 
consistent levels of data protection across the group. Staff receive 
clear guidance which includes requirements in Shell's Ethics and 
Compliance Manual, a website focusing on data privacy, training modules 
where completion is monitored, and regular messages from Shell leaders 
on the importance of managing data privacy risks. 
 
   We have revised the requirements for incident management that are set 
out in our Binding Corporate Rules, in order to comply with GDPR 
reporting requirements. We have revised our approach to privacy impact 
assessments, also to comply with GDPR reporting requirements. We use our 
Privacy by Design programme to enhance our controls in this area. We 
continue to address challenges with compliance in data-heavy companies 
controlled by Shell but not fully integrated into our systems. IT 
remediation work remains a priority in such companies, as does the 
strengthening of programmes to support data privacy compliance. 
 
   To respond to the increased risk resulting from the pandemic, we have 
developed policies on temperature screening and published a guidance 
note on "Privacy Best Practices for COVID-19". 
 
   Risk description: 
 
   Violations of trade compliance laws and regulations, including sanctions, 
carry fines and expose us and our employees to criminal sanctions and 
civil suits. 
 
   We use "trade compliance" as an umbrella term for various national and 
international laws designed to regulate the movement of items across 
national boundaries and restrict or prohibit trade and other dealings 
with certain parties. The number and breadth of such laws continue to 
expand. For example, the EU and the USA continue to impose restrictions 
and prohibitions on certain transactions involving countries such as 
Syria, Venezuela, Russia and Cuba. The USA continues to impose 
comprehensive sanctions against Iran, while the EU and other nations 
continue to maintain targeted sanctions. The EU and the USA imposed 
restrictions and controls on defined oil and gas activities in Russia in 
2014, and these remain in force. The USA introduced further restrictions 
regarding Russia in 2017, expanding them in 2018. The EU and the USA 
introduced sectoral sanctions against Venezuela in 2017, with the USA 
expanding them in 2018 and 2019. The US sanctions primarily target the 
government of Venezuela and the oil industry. Many other nations are 
also adopting trade-control programmes similar to those administered by 
the EU and the USA. The expansion of sanctions, the frequent additions 
of prohibited parties, the number of markets in which we operate and the 
large number of transactions we process, make compliance with all 
sanctions complex and sometimes challenging. Shell has voluntarily 
self-disclosed potential violations of sanctions in the past. The 
COVID-19 pandemic has increased trade compliance risks, due to factors 
such as growing state involvement in business dealings, the need to 
maintain and develop business opportunities and cross-border movement of 
goods and technologies, and the increasing likelihood that 
counterparties will change ownership as the economic crisis continues. 
 
   Any violation of sanctions could lead to loss of import or export 
privileges and significant penalties on or prosecution of Shell or its 
employees. This could harm our reputation and have a material adverse 
effect on our earnings, cash flows and financial condition 
 
   See "Other Regulatory and Statutory Information" on page 182. 
 
   How this risk is managed: 
 
   We continue to develop and maintain a trade compliance programme with 
adequate resources, a comprehensive governance structure and established 
reporting lines. Staff receive clear guidance, which includes 
requirements in Shell's Ethics and Compliance Manual, a specific website 
for trade compliance, training modules where completion is monitored and 
regular messages from Shell leaders on the importance of managing trade 
compliance risks. The effectiveness of the trade compliance programme is 
assessed annually (or more frequently if necessary). In response to the 
COVID-19 pandemic, we have promoted an increased focus on compliance and 
assurance. For example, in Trading and Supply we have promoted a 
particular focus on compliance with trade controls in high-risk areas 
such as port agency, inspections and terminal operations. 
 
   Investors should also consider the following, which could limit 
shareholder remedies. 
 
   The Company's Articles of Association determine the jurisdiction for 
shareholder disputes. This could limit shareholder remedies. 
 
   Our Articles of Association generally require that all disputes between 
our shareholders in such capacity and the Company or our subsidiaries 
(or our Directors or former Directors), or between the Company and our 
Directors or former Directors, be exclusively resolved by arbitration in 
The Hague, the Netherlands, under the Rules of Arbitration of the 
International Chamber of Commerce. Our Articles of Association also 
provide that, if this provision is to be determined invalid or 
unenforceable for any reason, the dispute could only be brought before 
the courts of England and Wales. Accordingly, the ability of 
shareholders to obtain monetary or other relief, including in respect of 
securities law claims, could be determined in accordance with these 
provisions. 
 
   RELATED PARTY TRANSACTIONS 
 
   Disclosures in relation to the related party transactions are set out on 
page 185 of the 2020 Annual Report and Accounts. The following is 
extracted in full and unedited text from the 2020 Annual Report and 
Accounts: 
 
   Save as set out below and other than disclosures given in Notes 9 and 27 
to the "Consolidated Financial Statements" on pages 238 and 262, there 
were no transactions or proposed transactions that were material to 
either the Company or any related party. Nor were there any transactions 
with any related party that were unusual in their nature or conditions. 
 
   On February 27, 2020 the fully-consolidated Shell Midstream Partners, 
L.P. (SHLX) signed an agreement with its Shell-controlled general 
partner to eliminate all incentive distribution rights and economic 
general partner interest in SHLX and convert the general partner's two

(MORE TO FOLLOW) Dow Jones Newswires

03-11-21 0220ET