ESR Group AR2022 eBook EN

ESR Group Limited Annual Report 2022 69 established a compliance framework that covers training, monitoring, reporting for any non-compliance including screening, investigations, enforcement and disciplinary actions. New and impending changes to regulations are closely monitored to ensure that the Group is adhering to regulatory requirements with material non-compliance or regulatory breaches escalated to the Board and management for follow-up. A comprehensive corporate governance framework has been established to maintain responsible and transparent business practices and adopt a zero-tolerance approach to fraud, bribery and corruption of any form in the conduct of business. All employees are committed to acting professionally, transparently and fairly with integrity in all business dealings and relationships with our stakeholders at all times. The framework includes policies on code of conduct & business ethics, conflict of interest, whistle blowing, anti-money laundering and counter terrorist financing, prohibition of bribery, acceptance or offer of gifts and entertainment and employee trading & handling of insider information to ensure that all business activities are conducted with honesty, fairness and high ethical standards. Compliance with policies and procedures is required at all times. Group Internal Audit will conduct a review of compliance such policies, including ethical standards, once every three years. In addition, there are mandatory annual ethics and compliance training, employee trading and code of conduct attestation by employees, including contract staff who has at least 12- months employment contract. Ethics training include completing mandatory courses on topics such as awareness on anti-money laundering, anti-bribery and anti-corruption via third party training platform whereby employees are required to pass an assessment in order to complete the course. The training will help new joiners and existing staff to understand the compliance policies and procedures which guide employees’ behaviour to meet the required standards and requirement, and also reinforce the employees' compliance knowledge and related protocols, as part of their ongoing business activities to minimize the compliance risks. Through the Company’s Code of Conduct and whistle blowing policy, employees are encouraged to report control deficiencies, ethical issues or suspicions of impropriety to the local Compliance Officer, Group Compliance Officer or Group General Counsel, when applicable, through various whistle blowing channels. All reported cases will be preliminary reviewed to understand the circumstances surrounding the allegation based on the information provided by the whistle blower. The Management treats all misconduct and dishonesty seriously and seeks to conduct independent investigation and take appropriate disciplinary action on concerns raised, including termination of employment, if required. All independent investigations will be reported to the Audit Committee accordingly. Separately, a grievance, which vary in complexity and severity, can be brought up by an employee to his/her manager, Head of Department or directly to the Human Resources Department. In situations where the matter involves disciplinary action being taken against an employee, the Human Resources Department will proceed with the necessary measures leading to the required action in accordance with the Disciplinary Action provision with the Management’s approval. Technology Risk The Group acknowledges the rising threats posed by cyberattacks which have become increasingly more prevalent and sophisticated. ESR is continuously assessing the adequacy of the computer systems and implement improvements to the platforms due to the increased reliance on technology to improve operational efficiency and provides high quality internal governance. ESR has put in measures to protect itself against technology-related risks which may arise from both internal and external sources. In addition, ESR has in place a comprehensive set of information technology policies and procedures governing information availability, confidentiality and security to prevent any leakages of confidential information. Training on IT security awareness is conducted regularly to remind employees to keep abreast of any potential security breaches and phishing scams. On top of the constant monitoring of internet gateways to detect potential security events, network vulnerability assessment and penetration testing are also conducted regularly to identify any potential security gaps because weak IT security within the Company may result in adverse reputation image and lead to loss of stakeholder confidence. A Security Operations Centre ("SOC") has been established and monitored by a third-party service provider, together with Group IT, to observe external events which may have an impact on ESR's network and data. The SOC continuously monitors and improves ESR's security posture while preventing, detecting, analysing and responding to any potential cybersecurity incidents. An information technology disaster recovery plan is in place and tested annually to ensure that ESR’s business recovery objectives are met in the event of a disaster including ensuring the information proprietary is kept safe and secured. STRATEGIC REPORT CORPORATE GOVERNANCE FINANCIAL STATEMENT

RkJQdWJsaXNoZXIy MTIwODcxMw==