74 YINSON HOLDINGS BERHAD STRATEGY & OUTLOOK Yinson provides new employees and contractors with mandatory cybersecurity training as part of job orientation. There is also a training programme for all employees explaining the principles set out in the Data Privacy Policy and involving guidelines for processing of Personal Data. Good corporate governance, pg 145 Information security & cybersecurity In recent years cybercriminals have increased their attacks on Information Technology, Operational Technology and Industrial Control Systems, either through exploiting system vulnerabilities or business email compromises. In response to these trends, Yinson worked actively with all stakeholders in FYE 2022 to ensure that we are well prepared to manage these risks, both now, and in the coming days where we expect such attacks to be even more prolific and sophisticated. During the financial year, Yinson’s cybersecurity team has developed a Cyber Risk Management Roadmap which consists of multiple initiatives to strengthen the cybersecurity system within the Group. Steps taken include actively training our people, updating our processes to be more relevant and putting in relevant technology that can help us reduce our cyber risks. Achieving and maintaining the cybersecurity of our offshore assets has been a continual effort, carried out through a combination of active internal training, updating our processes to be more relevant and putting in applicable technologies that can help us to reduce our cyber risks adequately. Cybersecurity, pg 147 Data & digitalisation We have undertaken various initiatives throughout the year to further digitalise our compliance processes to provide up-todate and accurate information to our stakeholders to enable quick and efficient decision-making processes. For example, we have utilised our LMS to automate compliance-related trainings, which has minimised manual intervention in the learning & development process for employees and opened up a world of training without borders. This virtual approach on compliance trainings was further entrenched due to Covid-19 lockdown restrictions, which limited physical interactions. The LMS allows the mandatory compliance-related learnings to be delivered online, maintaining the employee education process without compromising on Covid-19 safety requirements. We have also continued to transfer manual compliance documentation to online platforms. In FYE 2022, we successfully implemented the GHE online declaration process, which allows our employees to easily declare and obtain appropriate approvals for any GHEs given and received. The declaration is also available via employee mobile devices, which makes it easy to provide the necessary information, including the uploading of the necessary supporting documents. To ensure proper management and governance of GroupLevel policies, procedures and related documents, an EDMS was implemented in September 2021. The EDMS facilitates the standardisation of Group-level policies, procedures and supporting documents, with appropriate review and approval processes incorporated for transparency and audit trail purposes according to our CIMS procedure. EXTERNAL VARIABLES, RISKS & OPPORTUNITIES EXTERNAL ENVIRONMENT • Companies are increasingly focusing on ESG issues and themes, with investors and consumers alike expecting corporate action and accountability in these areas. • Europe’s GDPR has recorded numerous breaches which have led to serious financial penalties. In 2021, two record sum fines of EUR746 million and EUR225 million were issued to two companies for GDPR breaches. • The 2021 Organization for Economic Cooperation and Development Anti-Bribery Recommendation highlights a holistic approach to fight foreign bribery especially on companies facing bribery solicitation risks. This includes among others, to have extensive provisions to protect whistleblowers and encourage countries to incentivise enterprises to develop ethics and compliance programmes to prevent or detect foreign bribery. • The implementation of the European Whistleblowing Directive by the European Union’s 27 member states by 17 December 2021 is expected to cause a ripple effect to the rest of the world in the years to come. • The ESG profiles of third parties are increasingly important for accurate data reporting. This includes compilation of information on GHG emissions as well as HLR practices by third parties. • The fluid situation in Russian-Ukraine conflict means that further sanctions and export controls are to be expected in coming months. • Cybersecurity vulnerabilities that translate into attacks is becoming harder to control, with companies needing to invest large amounts of resources to keep abreast. CORPORATE COMPLIANCE REVIEW
RkJQdWJsaXNoZXIy NDgzMzc=