RISK MANAGEMENT Data Privacy We identify opportunities and improvements by: • Staying updated on regulatory changes, monitoring compliance, enforcing policies, and enhancing compliance capabilities. The Group recognises that data privacy breaches may undermine customer confidence and result in litigation from customers and/ or fines and penalties from regulators. We manage this risk by: a) Continuously strengthening our infrastructure and systems for maximum resilience, while digitalising data privacy and enhancing cybersecurity measures, where applicable. b) Adopting a risk-based approach to data protection. c) Conducting awareness training to ensure that employees who directly and/or indirectly handle personal data in the course of their work are cognisant of data protection principles, and are equipped with skills and knowledge to carry out good data protection practices in their day-to-day activities. d) Ensuring compliance with data protection requirements by our data processors. For more information on how we manage personal data, please refer to our data privacy policy on our websites. Group Data Privacy Policy https://www.cdl.com.sg/index.php/privacy-policy Compliance The Group operates in many jurisdictions and is subjected to applicable laws and regulations of the markets in which we operate, such as anti-bribery, corruption, money laundering, terrorism financing, competition and data privacy, along with all other relevant laws and regulations applicable to licensing and conducting of sales, leasing, construction, property development, asset management and hotel operations. In addition, various aspects of hotel operations are required to achieve compliance with the Payment Card Industry Data Security Standards (“PCIDSS”), and failure to do so could result in penalties and/ or withdrawal of credit card payment facilities. We manage this risk by: a) Maintaining a zero-tolerance policy and ‘tone from the top’ towards compliance, including that of fraud, bribery and corruption. The Group currently benchmarks our practices against SS ISO 37001 to ensure that gaps are minimised, and our practices are in accordance with industry standards. b) Conducting training sessions and adopting e-learning modules to raise awareness and train employees on ways to avoid or prevent noncompliant behaviour. An annual e-declaration exercise is to be completed by all employees, to acknowledge that they have read and understood, and agree to abide by, the Group’s policies. c) Maintaining effective whistleblowing reporting and communication channels for employees, contractors, customers and stakeholders of the Group to report any unethical, fraudulent or corrupt practices, in good faith, without fear of retaliation, for investigation and action subject to applicable laws. d) Establishing platforms and channels to proactively monitor and identify applicable laws and regulatory obligations and embed compliance into policies and operating procedures. e) Aligning our policies and procedures as reasonably possible and practical with the requirements of best practice accredited framework, systems and industry standards. CORPORATE GOVERNANCE CITY DEVELOPMENTS LIMITED 42
RkJQdWJsaXNoZXIy ODIwNTc=