CITY DEVELOPMENTS LIMITED ANNUAL REPORT 2022 CORPORATE GOVERNANCE 60 61 MANAGING RISKS TO REDUCE UNCERTAINTIES AND MAXIMISE OPPORTUNITIES Managing risk is an integral part of the Group’s business and it continually strives towards best risk management practices. The Board, supported by the Audit & Risk Committee (ARC) and other Board committees, maintain an overall responsibility and oversight of the key risks to the Group’s business. Relevant and material risk issues are surfaced for discussion with the ARC and the Board on a quarterly basis at a minimum, to keep them informed in a timely manner. The ARC considers the nature and extent of significant risks which the Group may undertake in achieving its strategic objectives and guides management in the formulation and implementation of the risk management framework, policies and processes. This ensures that significant risks are effectively identified, evaluated and mitigated, to safeguard shareholders’ interests and the Group’s assets, furthering corporate sustainability. The ARC also reports to the Board on critical risk issues, material matters, findings and recommendations. The Group’s risk management framework provides the principles and guidance for the Group’s risk management activities. The above five (5) key pillars serve as the foundation of ERM execution and implementation Strategic External environment as well as emerging or evolving threats on business execution Operational and Compliance People, Processes, Systems Treasury and Financial Market concentration, liquidity, interest rate, foreign exchange and internal financial management and control Information and Technology Loss of information, data security, and service disruption of critical IT systems RISK MANAGEMENT Clear objectives, focus and guiding principles Risk Strategy A desired risk culture and mindset Defined risk appetite statements and tolerance limits Effective risk governance structure A fit for purpose process for managing, monitoring and reporting risks During the year, the Group’s Enterprise Risk Management (ERM) function implemented several initiatives targeted at strengthening various aspects of people and processes which are key elements of its risk management framework. Some of the notable initiatives include: • Conducting a risk culture survey and benchmarking studies to introduce right initiatives to target at-risk areas with the aim to support and reinforce a desired risk culture and mindset. • Delivering customised training programmes covering trends in anti-money laundering/counter-terrorism financing, cyber threat and data privacy compliance requirements to raise the level of awareness and understanding, as well as to improve the capabilities of our first line of defence against such risks. • Enhancing the Group’s data privacy handling and management protocols to ensure strong and robust data security and compliance. The Group’s ERM Framework and initiatives are also rolled out to subsidiary companies and affiliates to ensure that risk management practices are aligned, and all material risk factors are duly considered and adequately addressed. The Group’s ERM function facilitates the alignment process and provides guidance through training and knowledge-sharing sessions to raise employees’ risk awareness and embrace the Group’s risk culture. RISK STRATEGY The Group’s risk strategy is based on the belief that risk management is the responsibility of all employees and that it must be integrated into strategy formulation, capital allocation, decision-making and day-to-day operations. The fostering of strong and sustainable ‘self-driven’ risk culture is guided by defined principles that underpin the ERM operating model. Guiding Principles • Line managers are to own risks and be accountable • Risk management activities are to hinge not only on processes and systems, but equally on a right mindset and attitude • Risk management is to be benchmarked against global best practices RISK CULTURE With the belief that mindsets and attitudes are fundamental to effective risk management, the Group advocates a strong ‘risk aware’ culture to reinforce ‘doing the right thing’ naturally. Management is fully committed to fostering a strong riskcentric culture through setting the appropriate tone at the top and demonstrating strong support for risk management. Risk awareness and accountability are embedded in our culture through our governance structure that ensures appropriate oversight and accountability for effective management of risks throughout the Group, further supported by risk management principles that are embedded in all our decision-making and business processes. RISK APPETITE The risk appetite was set to define the extent of risks the Group is able and willing to take on to achieve our strategic and business objectives. The purpose of establishing a risk appetite framework is not to limit risk-taking but to ensure that the Group’s risk profile remains within tolerable boundaries as opportunities are maximised. The risk appetite statements, along with the accompanying risk tolerance limits in both quantitative and/or qualitative terms, are reviewed annually. The Board has approved the following risk appetite statements: • The Group will continue to focus on business activities in identified core markets. Apart from the core markets, the Group shall otherwise not be overly exposed to any other single country. • The Group is prepared to undertake new investment and innovation initiatives commensurate to expected returns and/or are in line with the Group’s core strength and strategic objectives. From acquisition to divestment, all investments undertaken should not have potential loss exposure that could significantly threaten the Group’s ability to continue as a going concern. • The Group will avoid any situations and/or actions that may result in negative impact on our reputation and branding. Should such situations arise, they will be managed aggressively to preserve our reputation and brand image. • The Group will maintain adequate liquid assets to cover planned cash outflows and shall not take speculative positions on interest rates and foreign exchange. • The Group maintains a ‘zero-tolerance’ position in relation to EHS breaches or lapses, non-compliance with laws and regulations, as well as criminally dishonest acts such as fraud, corruption, bribery and extortion. • The Group will minimise operational and IT risk, subject to the cost-benefit trade-off. The Management Risk Committee monitors the Group’s risk profiles and regulatory compliance status on a quarterly basis. • Strengthening the Group’s Cyber Security infrastructure and systems by identifying, prioritising and closing out the highrisk gaps within our subsidiaries. • Intensifying efforts in Environmental, Health and Safety (EHS) management by reviewing the Group’s sustainability goals and efforts with a focus on emerging climate and Environmental, Social and Governance (ESG) risks. • Partnering with risk consultancies to model Probable Maximum Loss exposure scenarios to validate the Group’s risk transfer strategy. • Calibrating Group-wide risk transfer strategy to optimise the balance between risk retention and risk transfer. • Implemented first loss e-notification system across all Singapore properties, with plans to roll it out globally. • Updating the Control Self-Assessment (CSA) programme, with the assessment targeting drivers of identified key risks, to facilitate early identification of control gaps and areas for improvement. • Performing climate change scenario analysis, focused on 1.5°C and 2°C warmer scenario in 2030.
RkJQdWJsaXNoZXIy ODIwNTc=