Since 2002, CDL has established an Enterprise Risk Management (ERM) framework to realise the value of risk management by providing an enterprise-wide view of the risks involved in property investment, development and management activities, and institutionalizing a systematic risk assessment methodology for the identification, assessment, management and reporting of risks on a consistent and reliable basis.
The ERM function provides the Risk Management Committee (RMC) and the Senior Management Team (SMT) with regular updates on key strategic risks, global trends, assessment of key risk exposures from operations and any new emerging risks that may require management focus and coordination. It also assists the RMC on quarterly reports to the board-level Audit and Risk Committee (ARC) on the overall strategic and operationalrisks positions, including mitigating measures, treatment plans and the occurrence or potential occurrence of significant risk events. In addition, ERM monitors and works closely with front-line operations to manage enterprise-wide regulatory compliance requirements. These compliance requirements include, but are not limited to, policies and practices on Personal Data Protection Act and Anti-Money Laundering and Counter Financing Terrorism Act, which took effect in 2014 and 2015 respectively.
The RMC and ERM functions regularly review the framework against international standards and best practices in risk management to establish a holistic, structured, and consistent process for the identification, assessment, evaluation, monitoring, and reporting of risks. Continuous training to build risk awareness and competencies, as well as systems and tools to operationalise the risk management framework are put in place to support this critical function.
The framework has categorised CDL’s strategic business risks into the following main types. For full details on each risk type, please refer to the Risk Management Report in CDL Annual Report 2016.
- Crisis Risks
- EHS Risks
- Human Resource Risks
- Investment and Portfolio Risks
- IT and Cyber Security Risks
- Market Risks
- M&C Risks
- Operational Risks
- Strategic Risks
- Treasury and Financial Risks
Through stakeholder engagement and materiality assessment, we have also identified a list of material Environmental, Social and Governance (ESG) risks and opportunities to complement our strategic business risks under the ERM framework. Our material ESG risks and opportunities can be found here.
Reviews and Improvements
The Group strives to detect, beyond our immediate horizon, strategic risks and emerging threats that may impact the execution and outcome of our strategy. In the Group’s annual risk assessment, we have identified Global Terrorism and Extremism, Cyber Security, Geopolitical and Macroeconomics, and Emerging Global Trends as top strategic risks that will have long term impact on our global business portfolio.
1. Global Terrorism and Extremism
In view of the heightened threat and to mitigate potential severe consequences from a terrorism event, the Group has initiated a global insurance programme for special risk insurance coverage on its global property assets against property damages, liabilities and business interruption arising from a terrorism or extremism event. To better prepare ourselves for any eventuality, the Group practised crisis management and communication protocols at our corporate HQ in a mock terrorism event. The SMT was put through a crisis simulation exercise that featured a series of crisis scenarios to test crisis management and emergency response procedures. The exercise culminated in a mock press conference and one-on-one interview with the CEO to simulate the rigour and demand required of our management team during and after a major crisis.
2. Cyber Security
With cyber-attacks becoming more prevalent and complex, the Group is adopting industry best practices and moving beyond technology defence towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to the relevant threats. Data recovery exercises are also carried out to ensure critical information can be made available quickly and business recovery objectives are met. Information security materials are also made available to better educate employees of prevailing risks, especially in the handling of sensitive corporate data.
Risk management must be an ongoing process. Our RMC and ERM functions continue to look into global best practices and ways to sharpen our awareness of global trends, new threats and emerging technologies to mitigate long-term risks that may have a profound impact on our business sustainability.
CDL strongly believes that the most senior executive in the company sets the “tone from the top” towards risk management and instils an effective risk culture. This is crucial for the success of risk management at both operational and strategic levels. To reinforce the desired culture and to promote accountability and ownership at all levels, our management and employees are engaged regularly on risk management related activities such as risk identification and assessment workshops and topical talks by external consultants.
The Group recognises that risks cannot be completely eliminated and has taken effort to effectively and efficiently reduce them to acceptable levels. The Group’s domestic and overseas operating environments are affected by shifts in geopolitical undercurrents, which slow global economic growth. To manage these risks and others risks from emerging global trends in the form of rapid digitalisation, technology disruptions and demographics shift, the Group will continue to refine and improve our risk management framework, systems and processes to ensure both inherent risks and risks arising from these emerging trends are being monitored and managed efficiently. In that way, we hope to strike a good balance between risks and returns in the increasingly dynamic business environment of the future.
Click here to access the full Risk Management Report in CDL’s 2016 Annual Report.