Ethics, compliance, & risk management

At PG&E, we are committed to complying with both the letter and the spirit of the law. Coworkers are expected to know and follow our Codes of Conduct and all compliance requirements, and to speak up about safety issues or other concerns. We work daily to protect the safety of our workforce and the public, while also striving to meet our environmental compliance obligations.

Our approach

Delivering gas and electric service is inherently risky. However, risk can be managed, and we strive to embed risk management in every critical business process—making data-driven decisions to support safe, reliable, and affordable electric and gas service.

Ethics and compliance

The PG&E Corporation Executive Vice President, General Counsel, and Chief Ethics and Compliance Officer (CECO) leads ethics and compliance. The CECO reports to the PG&E Corporation CEO and has additional reporting responsibility to the Audit Committees and Safety and Nuclear Oversight Committees of the PG&E Corporation and Utility Boards of Directors (Boards).

PG&E’s ethics and compliance program serves as a foundation to enable the company to operate within legal and ethical boundaries, including compliance with laws, regulations, and industry standards. Promoting a culture that encourages ethical conduct and compliance minimizes risks caused by noncompliance. The ethics and compliance program is modeled after the U.S. sentencing guidelines requirements for an effective program.

Management-level governance bodies help drive and coordinate our ethics and compliance activities:

• Commitments Information Center: A forum that enables PG&E’s leadership to drive improved compliance performance by providing visibility into PG&E’s internal and external obligations.
• Ethics and Compliance Expert Advisory Board: A cross-functional, non-officer team that strives to improve the effectiveness of PG&E’s ethics and compliance program by sharing best practices and coordinating strategies, goals, and programs across the enterprise.
• Risk and Compliance Committees: Forums in each part of the organization with officers and senior leaders that provide strategic guidance and oversight for ethics and compliance programs and operational risk management.
• Ethics Council: A cross-functional group of coworkers and leaders that explores the role that business ethics plays in our operations and relationships with coworkers, customers, and all other stakeholders. Council members serve as ethics and compliance ambassadors among their teams. 

PG&E also engages with numerous independent third parties, who provide external oversight and feedback on different aspects of our operations and performance and further our efforts at continuous improvement.

To provide guidance on conduct requirements, PG&E maintains codes of conduct for:

• Coworkers
• Boards of Directors
• Contractors, Consultants, and Suppliers

Risk management

Within PG&E, risk management is organized into two types of risk:

• Enterprise and operational risk 
• Financial risk

Enterprise and operational risk:

PG&E’s Enterprise and Operational Risk Management (EORM) program facilitates risk reduction by systematically identifying, evaluating, mitigating, and monitoring risks.

The Chief Risk Officer (CRO) oversees the EORM program and is responsible for safety and operational risk compliance. The CRO is accountable to the PG&E Corporation CEO and the Boards of Directors.

Senior management categorizes enterprise risks and recommends the most serious risks for Board-level review at least once every 12 months. The program, including enterprise risks, is overseen by senior management and the Boards.

PG&E maintains a risk register of event-based and cross-cutting risks. We follow a consistent enterprise-wide approach to identify, evaluate, respond to, and monitor risks. With our evaluation methodology, PG&E calculates risk values and evaluates different mitigation strategies to reduce these values.

Additionally, senior management provides risk oversight through bi-annual risk deep dives, risk and compliance committee meetings, and quarterly operating reviews as part of the Lean operating system. These forums focus on metrics for each risk that indicate whether risk reduction activities meet objectives, engage executive leadership across risk areas, and consistently drive risk management best practices across the enterprise.

To enhance risk management, the CRO has regular insight into, and feedback from, operational activities. The operational risk validation function, overseen by the CRO, leads this effort.

Financial risk:

Financial risk is further broken down into two categories—Consolidated Liquidity Risk and Market and Credit Risk. Liquidity risk is one of PG&E’s top financial risks and is defined as the inability to meet financial obligations as they come due. PG&E assesses and evaluates market, credit, and liquidity risk for energy procurement, financial derivatives, and other related risk activities.

Market, credit, and liquidity risk management is implemented through our Risk Policy Committee and Risk Management Committee, which provide oversight and approval of energy procurement risk exposure, including energy commodities and derivatives prices, interest rates, currency, credit, and other risks. The Vice President of Enterprise Financial Risk Management is responsible for overseeing insurance, market and credit risk management, third party risk management, and finance compliance and controls functions. 

Environmental compliance

Our Environmental Policy requires strict adherence to all applicable environmental laws and regulations. These requirements relate to a broad range of activities, including preventing the discharge of pollutants; safely transporting, handling, and storing hazardous materials; properly managing hazardous wastes; protecting threatened and endangered species; and reporting and reducing emissions of air pollutants and greenhouse gases such as carbon dioxide, methane, and sulfur hexafluoride.

To meet these requirements, PG&E employs an Environmental Management System (EMS) modeled after the ISO 14001 environmental management standard and consistent with the ISO standard’s “Plan, Do, Check, Act” model for continuous improvement. In addition, we align our EMS and environmental operations to PG&E’s Ethics and Compliance Maturity Model. This allows us to integrate our compliance activities with the rest of PG&E, and to use common compliance performance measurements.

The Vice President of Land, Environmental, and Permitting Services at Pacific Gas and Electric Company oversees our commitment to meeting environmental requirements, including reviewing monthly compliance performance. An annual environmental compliance summary is presented to the Sustainability and Governance Committee of the PG&E Corporation Board of Directors.

We review and audit environmental performance in various ways:

• Comprehensive Assessments: A team of cross-functional environmental personnel performs an extensive assessment at selected facilities to evaluate compliance with environmental regulations.
• Internal Audits: The Internal Audit department conducts systemic and programmatic controls-based audits to independently analyze the effectiveness of our environmental compliance management systems.
• Compliance Testing and Risk Reviews: These reviews, designed to assess the adequacy of controls and risk mitigations as well as compliance work processes, are conducted by the Risk and Compliance function.
• Project or Environment Construction Inspections: These inspections are designed to assess construction practices and confirm that work is performed in compliance with all environmental guidance and regulations. 

Board governance

Certain committees of the Boards have specific oversight responsibility for compliance and risk management in their respective substantive areas. For a full description of Board committee oversight responsibilities, please see the webpages of the Boards of Directors of PG&E Corporation and Pacific Gas and Electric Company, as well as our 2025 Joint Proxy Statement.

2024 milestones

Ethics and compliance

• Leveraged our Commitments Information Center to bring transparency to and drive improvement in PG&E’s compliance performance.
• Improved integration of risk and compliance management by introducing guidance and tools to enhance how we prioritize compliance risks.
• Implemented an Information Governance Maturity Program in alignment with PSEMS, while also enhancing our communications and training, governance, tools, and remediation of records-related risks.
• Partnered with our Ethics Council to reach about 1,200 coworkers per month on ethics and compliance.
• Launched company-wide required training on time and expense reporting procedures to prevent fraud.
• Implemented workplace ethics committee to provide oversight and feedback on discipline and other corrective actions. 

Environmental compliance

• Secured Valley Elderberry Longhorn Beetle Habitat Conservation Plan, enhancing habitat while enabling PG&E to maintain our infrastructure with a 30-year permit.
• Secured environmental and land use permits, enabling efforts to underground electric distribution lines.
• Leveraged our EMS to improve environmental compliance and performance by scoring the impacts of more than 200 aspects of our operations. We are using this analysis to identify significant environmental impacts and risks across our operations and to help prioritize areas of compliance.
• Strengthened our focus on environmental and social justice, including engaging with external stakeholders and assisting with internal capacity building as part of a broader companywide effort to better address the needs of disadvantaged and vulnerable communities.
• Developed an environmental review and permit requirement generative AI tool using predictive modeling that assigns project-specific measures to achieve resource efficiencies.
• Created standardized avoidance and minimization measures to deliver more consistent compliance outcomes during construction.

Risk management

• Engaged PG&E leadership in risk drivers and consequences to enhance understanding of risk trade-offs in our annual business planning process.
• Actively participated in the CPUC’s Risk-Based Decision-Making Framework proceeding, which explored issues such as reporting, risk tolerance, consistent templates, and other aspects of how utilities approach risk management.
• Validated Wildfire Mitigation Plan commitments, identified and resolved corrective actions, and provided guidance and support to enhance program maturity.

Measuring progress

Ethics and compliance

Our annual all-coworker ethics and compliance training incorporates video vignettes based on real-world issues that coworkers might face. The training emphasizes the importance of ethical decision-making and safety. In addition, we require all employees to complete Code of Conduct training annually and certify they have read, understand, and will comply with the PG&E Code of Conduct. In 2024, we also measured the effectiveness of these trainings and improved training completion timeliness.

PG&E received 1,224 allegations of misconduct in 2024. This was a 12% increase compared to 2023. We attribute the increase in allegations to continued communications encouraging coworkers to speak up about concerns, and additional detection controls related to the use of company assets and expense reports. PG&E’s Ethics and Compliance department also received 398 requests for guidance from employees in 2024, a 35% increase from the prior year. 

Environmental compliance

PG&E tracks and reports a wide range of annual environmental compliance performance indicators.

Environmental compliance data

1. We categorize all written enforcement actions issued by a regulatory agency as minor or critical. In doing so, we consider the level of impact to the environment, potential or actual monetary damages including restoration costs, and the number of repeat incidences. The environmental leadership team reviews all enforcement actions monthly.
2. This measure includes an unintentional discharge of a regulated substance that required notification to the State of California or exceeded thresholds allowed in applicable permits. Unintentional releases mainly result from equipment failure due to severe weather, utility pole vehicle strikes, or vandalism, and unintentional spills of small volumes of mineral oil from overhead transformers. Spilled material is cleaned up by PG&E first responders or environmental clean-up crews.
3. This data has been updated and represents penalties paid for environmental compliance violations. Due to processing times, penalties paid in a given year may include violations received in prior years..
4. The majority of these inspections were performed by Certified Unified Program Agencies, such as city and county environmental health departments and fire departments.
5. Includes internal audits performed by PG&E Internal Audit team.
6. This new metric includes work within electric, gas, power generation, remediation, and vegetation management portfolios as part of PG&E’s compliance program.
7. Includes self-assessments performed under PG&E’s compliance program for company facilities, including hydroelectric facilities.