Sustainability Governance

Integrated Governance Structure
The Board
Sustainability Committee
Audit Committee
Governance Working Group
Sustainability Working Group
Security Committee
Business Units
Internal Audit Assurance
Risk Management

Reporting on What Matters Business Practices Social Environmental Sustainable Business Model and Innovation Sustainability Polices and Report Sustainability-related Enquiries

Integrated Governance Structure

The Group has established a comprehensive and robust governance structure, which includes the Board, specialised Board-level committees, and management-level working groups. This structure encompasses the Sustainability Committee, Audit Committee, Remuneration Committee, Nomination Committee, Security Committee, Sustainability Working Group, Governance Working Group, and various business units, all tasked with effectively addressing emerging trends, risks and opportunities.

The Group has embedded sustainability principles into its governance framework. A Board-level Sustainability Committee, supported by a management-level Sustainability Working Group, is responsible for executing and overseeing sustainability initiatives as well as climate-related risks across the Group reporting directly to the Board.

Each committee and working group hold regular meetings to discuss and monitor the latest trends, developments, and performance related to the Group's objectives. Additionally, bi-annual self-assessment reviews are conducted across business units, in conjunction with internal audit assurance, with findings reported to multiple specialised functions within the Group. The Group has adopted and implemented corporate governance principles and practices that prioritise a high-quality Board, effective risk management and internal control systems, rigorous disclosure practices, transparency and accountability.

The Board

The Board is responsible for overseeing the Group’s business operations, risk management frameworks, internal control systems, and sustainability-related matters. With the support of the Sustainability and Audit Committees, the Board conducts through reviews and evaluations of the Group's risks and opportunities, including those related to climate change and cyber risk, as well as the corresponding strategic management measures.

The Board considers and reviews reports from various committees and working groups, approving the annual report, interim report and sustainability report. Additionally, it evaluates the effectiveness of risk management structures and internal control systems through the Audit Committee. By cultivating a risk-aware culture among employees, the Board ensures that appropriate measures and policies are effectively implemented across the Group’s operations.

Furthermore, the Board considers the results of sustainability assessments and stakeholder feedback, integrating these insights into its daily management practices.

Board ESG training

To effectively oversee sustainability strategies and understand the impacts of climate change, Board members are receiving regular training to ensure they have sufficient sustainability knowledge. Upon appointment, Directors are provided with comprehensive orientation materials comprising information on the Group, duties as a director and board committee member, as well as internal governance and sustainability policies of the Group.

Additionally, the Group arranges and provides Continuous Professional Development (“CPD”) training to Directors in the form of formal training programmes, seminars, workshops, expert briefings, webcasts and selected reading materials. This training keeps Directors informed about current trends and issues, including those relating to sustainability and climate-related reporting. For further details please refer to the “Corporate Governance Report” of this Annual Report.

Board Diversity

The Group acknowledges the significant benefits that diversity brings to the Board, enhancing its effectiveness and decision-making capabilities. To support this, the Group has established a Director Nomination Policy and a Board Diversity Policy. These policies ensure that a range of factors including gender, age, culture, ethnicity, educational background, professional experience, and other pertinent criteria are considered when nominating candidates for the Board. The Nomination Committee is responsible for reviewing the structure, size and composition of the Board, ensuring that it has sound diversity and a balanced composition of skills and experience appropriate for the requirements of the businesses of the Group. Additionally, the Committee conducts regular evaluations of the Board Diversity Policy to ensure its ongoing effectiveness.

Sustainability Committee

The Board-level Sustainability Committee serves as a fundamental component of the Group's sustainability strategy and impact management. The Sustainability Committee was formed in 2020, and is chaired Non-executive Director with an Executive Director and Chief Executive Officer, and an Independent Non-executive Director as members. The Sustainability Committee holds meetings bi-annually. Its responsibilities include overseeing, reviewing, and evaluating the measures and actions undertaken by the Group to advance its sustainability priorities and goals. Additionally, it provides recommendations to the Board regarding sustainability objectives, strategies and targets. The Sustainability Committee further evaluates and monitors emerging sustainability trends and issues that may impact the Group's operations and performance, reviewing and reporting on climate-related risks and opportunities to the Board. Furthermore, it considers the impact of the Group’s sustainability initiatives on stakeholders and provides the Board with value-accretive advice on external communication, disclosure and publications related to sustainability performance.

Audit Committee

The Audit Committee currently comprises three independent non-executive directors. It is responsible for supervising and ensuring the effectiveness and sufficiency of the Group’s risk management and internal control systems (including cyber risks). This oversight includes financial, operational and compliance aspects, ensuring comprehensive coverage across these key areas.

Governance Working Group

The Governance Working Group is chaired by a non-executive director and includes representatives from key business functions of the Group. It supports the Audit Committee by providing timely updates on emerging matters of compliance.

Sustainability Working Group

The Sustainability Working Group is a management-level group that supports the Sustainability Committee in its mission to implement the Group's sustainability management. It is co-chaired by the Chief Executive Officer and the Chief Financial Officer, and includes experienced senior executives from key business functions that have a significant influence on the Group's material sustainability topics. The primary role of the Sustainability Working Group is to support the Sustainability Committee to evaluate the latest sustainability-related trends, assess the Group's sustainability performance and targets, and provide insights on emerging sustainability risks and opportunities.

Sustainability Working Group Structure

Security Committee

The Security Committee is led by the Vice President - Digital Innovations & IT Development, and includes technical specialists from the Information Technology department and experts from the Corporate Security & Fraud Management function.

Its primary responsibility is to oversee the Group's defences against cybersecurity risks, fraud, and bribery risks, ensuring their effectiveness, coherence and coordination. The committee monitors the cyber threat landscape to gain valuable insights into existing and emerging security attacks and their implications through monthly cyber-as-a-service reports by third party experts, which include details of security alerts and prevented attacks, and meets regularly with senior management to discuss such threats and assess their potential impact on the Group’s operations.

Internal Audit Assurance

Internal Audit, reporting directly to the Audit Committee, delivers independent assurance on the effectiveness of the Group’s risk management activities and controls, including those associated with sustainability and cyber risk matters.

Each year, Internal Audit develops the audit strategy by assessing various business units, taking into account both internal and external factors, such as regulatory requirements, emerging trends in sustainability and cyber risk, and changes in business operations.

Risk Management

The Group’s risk management framework is based on the Committee of Sponsoring Organisations of the Treadway Commission (“COSO”) model to systematically manage risk. This model comprises five essential steps, which require each business unit to perform a comprehensive self-assessment to evaluate the effectiveness of its risk management practices.

The Group evaluates identified risks across four dimensions - strategic, financial, operational and compliance. This comprehensive assessment involves analysing the likelihood and potential impact of each risk, developing targeted risk mitigation measures, and assessing the likelihood and impact of any residual risks. Findings are compiled into a report for review and approval by both the Board and the Audit Committee, and this collaborative approach ensures that risk management practices align with the Group's overall strategic objectives and regulatory requirements. Relevant results are also shared with the external auditor to ensure transparency and accountability.

In addition, the Group’s Crisis Management Team, which includes the Chief Executive Officer, Chief Financial Officer, Chief Technology Officer, and representatives from business units conduct annual crisis drills, simulating various hypothetical scenarios to enhance the preparedness of each team in effectively managing crises and mitigating their impact.

(Updated to 14 March 2025)