Nustar Energy (NS) Risk Analysis

Climate change laws or regulations enacted by the United States and other political bodies that increase costs, reduce demand or otherwise impede our operations, could, directly or indirectly, have an adverse effect on our business. Legislative and regulatory initiatives in the United States, as well as international efforts, have attempted to and will continue to address climate change and control or limit emissions of greenhouse gases. For example, the United States is now a party to the Paris Agreement and has established an economy-wide target of reducing its net greenhouse gas emissions by 50-52 percent below 2005 levels in 2030 and achieving net zero greenhouse gas emissions economy-wide by no later than 2050. The United States has also established a goal to reach 100 percent carbon emissions-free electricity by 2035. Furthermore, many state and local leaders have stated their intent to increase efforts to control or limit emissions of greenhouse gases. Specifically, certain regulatory changes have restricted, and future changes could restrict, our ability to expand our operations and have increased, and in the future could increase, our costs to operate and maintain our existing facilities by requiring that we measure and report our emissions, install new emission controls on our facilities, acquire allowances to authorize our emissions, pay taxes or fees related to our emissions or administer and manage an emissions program, among other things. The passage of climate change legislation and interpretation and action of federal and state regulatory bodies that result in a reduction in the demand for hydrocarbon products that are deemed to contribute to greenhouse gases, or restrictions on their use, may reduce volumes available to us for transportation and storage. These developments could have adverse effects on our business, financial position, results of operations and prospects. In addition, certain of our blending operations subject us to potential requirements to purchase renewable fuels credits. Even though we attempt to mitigate such lost revenues or increased costs through the contracts we sign with our customers, we sometimes are not able to recover those revenues or mitigate the increased costs, and any such recovery depends on events beyond our control, including the outcome of future rate proceedings before the Federal Energy Regulatory Commission (FERC) or other regulators and the provisions of any final legislation or regulations. Reductions in our revenues or increases in our expenses as a result of climate change legislation or other regulatory initiatives could have adverse effects on our business, financial position, results of operations and prospects. Finally, increasing concentrations of greenhouse gases in the Earth's atmosphere may produce climate changes that have significant physical effects, such as increased frequency and severity of storms, floods and other climatic events. Such events have had and may in the future have an adverse effect on our assets and operations, especially those located in coastal regions.

We face competition in all aspects of our business and can give no assurances that we will be able to compete effectively against our competitors. Our competitors include major energy and chemical companies, some of which have greater financial resources, more pipelines or storage terminals, greater capacity pipelines or storage terminals and greater access to supply than we do. Certain of our competitors also have advantages in competing for acquisitions or other new business opportunities because of their financial resources and synergies in operations. As a consequence of increased competition in the industry or market conditions, some customers are and others may be in the future reluctant to renew or enter into long-term contracts or contracts that provide for minimum throughput amounts. Our inability to renew or replace a significant portion of our current contracts as they expire, to enter into contracts for newly acquired, constructed or expanded assets and to respond appropriately to changing market conditions would have a negative effect on our revenue, cash flows and ability to make quarterly distributions to our unitholders.

Weak and volatile economic conditions and widespread financial stress may reduce the liquidity of our customers, vendors or other counterparties, making it more difficult for them to meet their obligations to us. We are therefore subject to risks of loss resulting from nonpayment or nonperformance by our customers to whom we extend credit. Financial problems encountered by our customers limit our ability to collect amounts owed to us, or to enforce the performance of obligations owed to us under contractual arrangements. In addition, nonperformance by vendors or their subcontractors, who have committed to provide us with critical products or services, increases our costs and could result in significant disruptions or interfere with our ability to successfully conduct our business. Although we attempt to mitigate our risk through warehouseman's liens and other security protections, we cannot fully eliminate counterparty credit risks. Any substantial increase in the nonpayment or nonperformance by our customers, vendors or other counterparties, or our inability to enforce our liens and other security protections, could have a material adverse effect on our results of operations, cash flows and ability to make distributions to our unitholders.

We rely on our information technology systems and our operational technology systems to process, transmit and store information, such as employee, customer and vendor data, and to conduct almost all aspects of our business, including safely operating our pipelines and storage facilities, recording and reporting commercial and financial transactions and receiving and making payments. We also rely on systems hosted by third parties, with respect to which we have limited visibility and control, and that have access to or store certain of our employee, customer and vendor data. The security of these networks and systems is critical to our operations and business strategy. Although we take proactive steps to protect us, our systems and our data from cyberattacks, such as implementing multiple layers of security, segregated systems and user access, antivirus tools, vulnerability scanning, monitoring and patch management, regular employee training, phishing tests, penetration tests, internal risk assessments, independent third-party assessments, tabletop exercises to test our incident response plan, enhanced cyber diligence of vendors and physical security measures, all companies are at risk of a cyberattack. The number and sophistication of reported cyberattacks by both state-sponsored and criminal organizations continue to increase, across industries and around the world, including attacks on operators of critical infrastructure assets, such as pipelines, as well as the third parties that provide technology services for critical infrastructure, in some cases with considerable negative impact on targeted companies' ability to conduct business. Like other companies, we recognize that, despite our security measures, we remain subject to cybersecurity incidents due to attacks from a variety of external threat actors, internal employee error or malfeasance and cybersecurity incidents suffered by our service providers, vendors or customers. In addition, some of our employees and those of our service providers, vendors and customers may travel or work from home or other remote-work locations, where cybersecurity protections may be less robust and cybersecurity procedures and safeguards may be less effective. Moreover, certain attacker techniques and goals, such as surveillance, intelligence gathering or extended reconnaissance, may remain undetected for an extended period of time, which can increase the breadth and negative impact of an incident. A significant failure, compromise, breach or interruption in our systems or those of third parties critical to our operations could result in a disruption of our operations; physical damage to our assets or the environment; physical, financial, or other harm to employees or others; safety incidents; damage to our reputation; loss of customers or revenues; increased costs for remedial actions; and potential litigation or regulatory fines. Failures, interruptions and similar events that result in the loss or improper disclosure of information maintained in our systems and networks or those of our vendors, including personnel, customer and vendor information, have in the past and may in the future require reporting under relevant contractual obligations and laws and regulations protecting personal data and privacy and could also subject us to litigation or other liability under relevant contractual obligations, laws and regulations. Our financial results could also be adversely affected if our systems are breached or an employee, vendor or customer causes our systems to fail, either as a result of inadvertent error or deliberate tampering with or manipulation of our systems. Due to the continued acceleration of cyberattacks, generally and against our industry, regulatory actions by federal, state and local governmental agencies in the United States and in Mexico have increased. Evolving laws and regulations governing cybersecurity and data privacy and protection pose increasingly complex compliance challenges. Although we believe that we have robust cybersecurity procedures and other safeguards in place, we cannot guarantee their effectiveness, and a significant failure, compromise, breach or interruption in our systems or those of our customers or vendors could have a material effect on our operations and the operations of our customers and vendors. As threats continue to evolve and cybersecurity and data privacy and protection laws and regulations continue to develop, we have spent and expect to continue spending additional resources to continue to enhance our cybersecurity, data protection, business continuity and incident response measures, to investigate and remediate any vulnerabilities to, or consequences of, cyber incidents, as well as on regulatory compliance.

Our business plans are based upon the assumption that public sentiment and the regulatory environment will continue to enable the future development, transportation and use of carbon-based fuels. Negative public perception of the industry in which we operate and the influence of environmental activists and initiatives aimed at limiting climate change could interfere with our business activities, operations and access to capital. Activists concerned about the potential effects of climate change have directed their attention towards sources of funding for fossil fuel energy companies, which has resulted in certain financial institutions, funds and other sources of capital reducing or ceasing lending to or investing in companies in the fossil fuel energy industry, such as us. Having a more limited pool of lenders and investors has resulted in an increase in costs to raise capital, a decrease in the availability of new funding and a diminished ability to refinance existing debt at favorable rates for businesses such as ours, which could have a material adverse effect on our ability to meet our future capital needs, satisfy our debt obligations or pay distributions to our unitholders. Members of the lending and investment communities are also increasing their focus on sustainability practices, including practices related to greenhouse gas emissions and climate change, in the energy industry. Additionally, some members of the lending and investment communities screen companies such as ours for sustainability performance before lending to us or investing in our units. In response to the increasing pressure regarding sustainability disclosures and practices, we and other companies in our industry publish sustainability reports that are made available to lenders and investors. Such reports are used by some lenders and investors to inform their lending, investment and voting decisions, and we may continue to face increasing pressure regarding sustainability practices and disclosures. Unfavorable sustainability ratings by organizations that provide such information to investors may lead to increased negative lender and investor sentiment toward us or our customers and to the diversion of capital to other industries, which would have a negative impact on our unit price and/or our access to and costs of capital. Such negative sentiment regarding our industry could influence consumer preference and decrease demand for the products we transport and store and may result in increased regulatory scrutiny, which could then result in additional laws, regulations, guidelines and enforcement interpretations, at the federal, state or local level. These actions may cause operational delays or restrictions, increased operating costs, additional regulatory burdens and increased risk of litigation.