ESR ESG 2020 - EN

Building for the New Economy 28 Environmental, Social and Governance Report 2020 At ESR, we take our ethical obligations seriously and expect our stakeholders to do the same. Rules governing ethical business conduct are complex and becoming more demanding over time. ESR Group policies and guidelines set the tone and direction for a unified approach to governance, while providing flexibility for our regional offices to adapt and amend the implementation of corporate governance standards in accordance with local circumstances, laws and regulations. We provide training on all core policies for new employees via an e-learning course to ensure that they are aware of personal obligations. CORE POLICIES CODE OF CONDUCT AND ETHICS ANTI-BRIBERY & ANTI-CORRUPTION (ABAC) AND THE HANDLING OF GIFTS, TRAVEL & ENTERTAINMENT ANTI-MONEY LAUNDERING (AML) & COUNTER-TERRORIST FINANCING (CTF) WHISTLEBLOWING Objectives • Establish fundamental principles covering all business practices • Achieve discipline, professionalism, loyalty, integrity and cohesiveness • Comply with law, including United States Foreign Corrupt Practices Act • Procedural defence against prosecution • Compliance with AML and CTF regulations in all jurisdictions • Implement Recommendations from the Financial Action Task Force • Prevent and deter breach of legal requirements and violations of our Code of Conduct and Ethics and other corporate policies Mechanisms • Annual requirement for all employees to sign the Code of Conduct and Business Ethics Attestation Form • Clear identification of prohibited acts • Specific requirements in applicable jurisdictions • Establishing the true and full identity of each client • Transaction monitoring • Screening of high-risk clients • Mechanism for making reports • Protection of whistleblowers • Procedures for investigation and disciplinary action OTHER POLICIES INFORMATION SECURITY COMMUNICATIONS GUIDELINE PRIVACY (ESR Australia) MODERN SLAVERY (ESR Australia) Objectives • Preserve the confidentiality, integrity and availability of information • Comply with disclosure requirements in accordance with prevailing best practices • Comply with the Privacy Act (including the Australian Privacy Principles) • Comply with applicable legislation, including the Modern Slavery Act 2018 (Commonwealth Act) Mechanisms • Information Security Management Committee led by the IT director • Information security framework and management system • Procedures for critical communications, media enquiries, internal communications and use of social media • Measures to protect information from misuse, interference, loss and unauthorised access, modification and disclosure • ASO ISO 31000:2018 risk management system • Annual public disclosure In 2020, our Board formally endorsed three corporate policies to complement the suite of core policies and other policies already in place.