ESR SR 2019 EN

On a daily basis, our colleagues interact with thousands of third-party vendors, including suppliers, contractors, agents, intermediaries, joint venture partners, representatives or consultants. Management of third-party risk is a truly integral part of our business. In 2019, we hired an independent consultant to help us establish a centralised system for evaluating, managing and mitigating third-party risks across the Group. As part of this process, we completed a company-wide risk assessment with reference to 23 criteria in four risks categories, namely Antitrust & Corruption, Employment & Safety, Environment, and Cyber Security & Business Stability. In the next phase of this project, we will develop and implement a systematic approach to on-boarding and monitoring all business partners, including investment in a third party risk management (3PRM) platform in early 2020. “ To be as transparent as water: This is the standard to which we must hold all of our business relationships in order to establish ourselves as leaders on good governance and compliance. ” Group Compliance Risk Management In 2019, we prioritised harmonisation and strengthening of our approach to compliance across all markets. We are, for example, in the process of migrating to a new online compliance management platform known as ComplySci, which is being rolled out in all offices to fully automate our compliance processes and monitor performance. 3 Key Risk Criteria Highlighted for Our Business 3,716 Third Parties Screened 67 Vendors Flagged for Review and Deeper Investigations by Our Regional Offices Compliance Reboot on Third Party Risk 23 Focused Environmental, Social and Governance Report