During the COVID period, the Group also considers the well-being of staff with a decrease in the staff travelling and complying with local quarantine measures and restrictions issued by local governments. Flexible working arrangement has been rolled out for staff and no material operational disruption has been encountered with the adoption of effective communication platforms for workplace discussion and videoconferencing. ESR also recognises that human capital is key to the business and has put in place measures to manage the attraction and talent management, including succession planning, periodic benchmarking of staff remuneration, performance-based rewards, among others. An Integration Committee, consisting of Senior Management of both organisations (ESR and ARA), has been set up to consider all implications of the merger and acquisition including strategic restructuring, integration of people, process and systems and alignment of group-wide governance and policies. Compliance Risk The Group is committed to comply with the applicable laws and jurisdictions in its day-to-day business processes and does not tolerate any breaches in regulatory compliance. Non-compliance may result in litigation, penalties, fines or revocation of business licenses which have potential reputational and financial impact. The Group has established a compliance framework that covers training, monitoring, reporting for any non-compliance including screening, investigations, enforcement and disciplinary actions. New and impending changes to regulations are closely monitored to ensure that the Group is adhering to regulatory requirements with material non-compliance or regulatory breaches escalated to the Board and management for follow-up. A comprehensive corporate governance framework has been established to maintain responsible and transparent business practices and adopt a zero-tolerance approach to fraud, bribery and corruption of any form in the conduct of business. All employees are committed to acting professionally, transparently and fairly with integrity in all business dealings and relationships with our stakeholders. The framework includes policies on whistle blowing, anti-money laundering and counter terrorist financing and prohibition of bribery, acceptance or offer of gifts and entertainment to ensure that all business activities are conducted with honesty, fairness and high ethical standards. Compliance with policies and procedures is required at all times. In addition, there are mandatory annual ethics training and attestation & code of conduct declarations by employees. Through the Company’s Code of Conduct, employees are encouraged to report control deficiencies or suspicions of impropriety to the local Compliance Officer or the Group Compliance Officer, when applicable. ESR treats all misconduct and dishonesty seriously and seeks to conduct independent investigation and take appropriate disciplinary action on concerns raised, including termination of employment. Technology Risk The Group acknowledges the rising threats posed by cyber-attacks which have become increasingly more prevalent and sophisticated. ESR is continuously assessing the adequacy of the computer systems and implement improvements to the platforms due to the increased reliance on technology to improve operational efficiency and provides high quality internal governance. ESR has put in measures to protect itself against technology-related risks which may arise from both internal and external sources. In addition, ESR has in place comprehensive information technology policies and procedures governing information availability, confidentiality and security. Training on IT security awareness is conducted regularly to keep the staff abreast of any potential security breaches and phishing scams. On top of the constant monitoring of internet gateways to detect potential security events, network vulnerability assessment and penetration testing are also conducted regularly to identify any potential security gaps. An information technology disaster recovery plan is in place and tested annually with the objective to recover and protect a business information technology infrastructure in the event of a disaster including ensuring the information proprietary is kept safe and secured. E S R C A Y M A N L I M I T E D A N N U A L R E P O R T 2 0 2 1 63
RkJQdWJsaXNoZXIy ODIwNTc=