RISK MANAGEMENT Compliance Non-compliance may lead to regulatory sanctions, financial penalties, reputational damage, and operational disruptions, affecting the Group’s performance and stakeholder trust. • Maintain a zero-tolerance policy and ‘tone from the top’ towards compliance, including fraud, bribery, and corruption. The Group’s practices are aligned to SS ISO 37001 to minimise gaps. • Provide training and e-learning to raise employee awareness of compliance obligations. This is complemented by an annual e-declaration. • Maintain effective whistleblowing channels that allow internal and external stakeholders to report concerns in a protected manner. • Establish platforms to monitor laws, regulatory obligations, and industry best practices, and embedding compliance into policies and procedures. Legal The Group is exposed to legal and reputational damage arising from regulatory breaches or civil suits. • Consult in-house lawyers and external counsel on major transactions, take action to protect the Group against actual or threatened litigation, and monitor and report significant disputes to the ExCo and Board. • Review and maintain the necessary liability insurance coverage. Investment and Divestment Risk Underperformance of capital deployment or delayed value realisation due to strategic misalignments, inadequate due diligence, or shifts in external conditions could prevent targeted returns from being achieved. • Conduct comprehensive analysis, including due diligence and feasibility studies. • Review and update investment thresholds and parameters in line with changing strategies and business environment. • Closely monitor portfolio performance to ensure that it is on track to meet set targets. INFORMATION AND TECHNOLOGY RISK Material Risks Key Mitigations and Controls Cyber Threat Failure to address evolving cyber threats and system exploits could result in unauthorised access, data breaches, operational disruptions, financial loss, and reputational damage. • Maintain an IT security framework to address evolving IT security threats such as hacking, malware, mobile threats and loss of data. Measures and considerations have also been taken to safeguard against loss of information, data security, and prolonged service disruption of critical IT systems. • Conduct vulnerability and penetration testing (VAPT), guided self-assessments, and training exercises to identify IT security gaps and educate users on cyber threats. • Dedicate IT expertise to monitor technological developments and threats to assess business impact. • Leverage threat intelligence and advanced security analytics to detect and mitigate potential breaches. • Maintain a cyber threat incident response protocol and disaster recovery plan. The Group also conducts disaster recovery plan testing at least once annually. 68 | CITY DEVELOPMENTS LIMITED
RkJQdWJsaXNoZXIy ODIwNTc=