We maintain an anti-bribery and anti-money-laundering (ABC/AML) programme with adequate resources, a comprehensive governance structure and established reporting lines. Staff receive clear guidance which includes requirements in Shell's Ethics and Compliance Manual, an ABC/AML-specific website, training modules where completion is monitored and regular messages from Shell leaders on the importance of managing ABC/AML risks. As regards OPL 245, the 2011 settlement was a fully legal transaction with Eni and the Federal Government of Nigeria, represented by the most senior officials of the relevant ministries. We maintain our view that there is no basis to convict Shell, or any of our former employees who are also on trial in Milan. In response to the COVID-19 pandemic, we have set up fast-track processes to deal with relief donation requests. These processes include counterparty due diligence and are supported by Shell's Ethics and Compliance Office. Risk description: Violations of data protection laws carry fines and expose us and/or our employees to criminal sanctions and civil suits. Data protection laws apply to Shell and its joint arrangements and associates in the vast majority of countries where we do business. Most of the countries we operate in have data protection laws and regulations. In some countries that are key to Shell's business operations, legislation continues to be amended or introduced. Shell must be able to adapt dynamically to such legislative changes and be capable of updating our internal programmes if necessary. The EU General Data Protection Regulation (GDPR), which came into effect in May 2018, imposed increased financial penalties of up to a maximum of 4% of global annual turnover. It requires mandatory breach notification in certain situations, the standard which is also followed outside the EU (particularly in Asia). Non-compliance with data protection laws could expose us to regulatory investigations, which could result in fines, penalties and harm to our reputation. With regard to data breaches, we have breached the GDPR in the past and some investigations are still ongoing with European regulators. To date, no material fines have been imposed, but no assurance can be provided that future breaches would have similar outcomes. In addition to imposing fines, regulators may also issue orders to stop processing personal data, which could disrupt operations. We could also be subject to litigation from persons or entities allegedly affected by data protection violations. With data privacy legislation now in force in the USA, the risk of class actions is increased. Class actions after large-scale data breaches are increasingly common in the UK. The COVID-19 pandemic has increased the level of processing of personal data to track employees, suppliers or other visitors to our premises. Some governments require immediate disclosure of information, including sensitive personal data, to identify infected individuals, with some mandating technologies such as tracing applications on all devices, including corporate mobile phones. Violation of data protection laws is a criminal offence in some countries, and individuals can be imprisoned or fined. Any violation of these laws or harm to our reputation could have a material adverse effect on our earnings, cash flows and financial condition. See "Other Regulatory and Statutory Information" on page 182. How this risk is managed: We maintain a data privacy programme with adequate resources, a comprehensive governance structure and established reporting lines. Shell has had Binding Corporate Rules in place for the last 10 years. These rules are part of a group wide global programme to ensure consistent levels of data protection across the group. Staff receive clear guidance which includes requirements in Shell's Ethics and Compliance Manual, a website focusing on data privacy, training modules where completion is monitored, and regular messages from Shell leaders on the importance of managing data privacy risks. We have revised the requirements for incident management that are set out in our Binding Corporate Rules, in order to comply with GDPR reporting requirements. We have revised our approach to privacy impact assessments, also to comply with GDPR reporting requirements. We use our Privacy by Design programme to enhance our controls in this area. We continue to address challenges with compliance in data-heavy companies controlled by Shell but not fully integrated into our systems. IT remediation work remains a priority in such companies, as does the strengthening of programmes to support data privacy compliance. To respond to the increased risk resulting from the pandemic, we have developed policies on temperature screening and published a guidance note on "Privacy Best Practices for COVID-19". Risk description: Violations of trade compliance laws and regulations, including sanctions, carry fines and expose us and our employees to criminal sanctions and civil suits. We use "trade compliance" as an umbrella term for various national and international laws designed to regulate the movement of items across national boundaries and restrict or prohibit trade and other dealings with certain parties. The number and breadth of such laws continue to expand. For example, the EU and the USA continue to impose restrictions and prohibitions on certain transactions involving countries such as Syria, Venezuela, Russia and Cuba. The USA continues to impose comprehensive sanctions against Iran, while the EU and other nations continue to maintain targeted sanctions. The EU and the USA imposed restrictions and controls on defined oil and gas activities in Russia in 2014, and these remain in force. The USA introduced further restrictions regarding Russia in 2017, expanding them in 2018. The EU and the USA introduced sectoral sanctions against Venezuela in 2017, with the USA expanding them in 2018 and 2019. The US sanctions primarily target the government of Venezuela and the oil industry. Many other nations are also adopting trade-control programmes similar to those administered by the EU and the USA. The expansion of sanctions, the frequent additions of prohibited parties, the number of markets in which we operate and the large number of transactions we process, make compliance with all sanctions complex and sometimes challenging. Shell has voluntarily self-disclosed potential violations of sanctions in the past. The COVID-19 pandemic has increased trade compliance risks, due to factors such as growing state involvement in business dealings, the need to maintain and develop business opportunities and cross-border movement of goods and technologies, and the increasing likelihood that counterparties will change ownership as the economic crisis continues. Any violation of sanctions could lead to loss of import or export privileges and significant penalties on or prosecution of Shell or its employees. This could harm our reputation and have a material adverse effect on our earnings, cash flows and financial condition See "Other Regulatory and Statutory Information" on page 182. How this risk is managed: We continue to develop and maintain a trade compliance programme with adequate resources, a comprehensive governance structure and established reporting lines. Staff receive clear guidance, which includes requirements in Shell's Ethics and Compliance Manual, a specific website for trade compliance, training modules where completion is monitored and regular messages from Shell leaders on the importance of managing trade compliance risks. The effectiveness of the trade compliance programme is assessed annually (or more frequently if necessary). In response to the COVID-19 pandemic, we have promoted an increased focus on compliance and assurance. For example, in Trading and Supply we have promoted a particular focus on compliance with trade controls in high-risk areas such as port agency, inspections and terminal operations. Investors should also consider the following, which could limit shareholder remedies. The Company's Articles of Association determine the jurisdiction for shareholder disputes. This could limit shareholder remedies. Our Articles of Association generally require that all disputes between our shareholders in such capacity and the Company or our subsidiaries (or our Directors or former Directors), or between the Company and our Directors or former Directors, be exclusively resolved by arbitration in The Hague, the Netherlands, under the Rules of Arbitration of the International Chamber of Commerce. Our Articles of Association also provide that, if this provision is to be determined invalid or unenforceable for any reason, the dispute could only be brought before the courts of England and Wales. Accordingly, the ability of shareholders to obtain monetary or other relief, including in respect of securities law claims, could be determined in accordance with these provisions. RELATED PARTY TRANSACTIONS Disclosures in relation to the related party transactions are set out on page 185 of the 2020 Annual Report and Accounts. The following is extracted in full and unedited text from the 2020 Annual Report and Accounts: Save as set out below and other than disclosures given in Notes 9 and 27 to the "Consolidated Financial Statements" on pages 238 and 262, there were no transactions or proposed transactions that were material to either the Company or any related party. Nor were there any transactions with any related party that were unusual in their nature or conditions. On February 27, 2020 the fully-consolidated Shell Midstream Partners, L.P. (SHLX) signed an agreement with its Shell-controlled general partner to eliminate all incentive distribution rights and economic general partner interest in SHLX and convert the general partner's two
(MORE TO FOLLOW) Dow Jones Newswires
03-11-21 0220ET