Risk Management Policy

ESG Policies and Commitments

(Oriental InfraTrust)

Risk Management Policy

Purpose

OIT operates in an interconnected ecosystem with a wide range of regulatory compliance on ESG requirements, changing geopolitical risks, and fast-paced technological disruptions that can have a material impact across the value chain. Owing to this, OIT’s Risk Management Policy aims to identify and mitigate the existing and emerging risks in its business operations in a timely manner. It ensures a systematic and structured approach to the risk management process, enabling a well-informed decision-making process to achieve its business objectives.

Scope

This Policy is applicable to OIT and SPVs business activities and operations.

Policy Statement

OIT shall adopt a proactive approach to risk management which is based on the following underlying principles:

  • OIT shall set up a framework for risk identification, assessment, prioritization, mitigation and resolution.
  • OIT shall proactively identify risks from both external and internal environments. The risks may include, but not be limited to financial risks, legal risks, political risks, ESG related risks, quality assurance, contractual compliance and risks related to revenue concentration.
  • OIT shall strive to anticipate and take preventive action to manage or mitigate risks and deal with the residual risk.  OIT shall develop, implement, review and monitor a uniform risk management policy, framework and plan across all business units, functions and locations.
  • OIT shall develop relevant capability for concerned employees and relevant stakeholders to ensure effective risk management.
  • OIT shall endeavor to create a culture of informed decision-making at all levels of the organization. All employees of OIT shall take responsibility for the effective management of risks in all aspects of the business.

Governance Management

Managing risks at OIT is seen as a collective responsibility of all employees in general and of Key Management Personnel (KMPs) in particular. To monitor this, the KMPs work with advice from the Compliance Officer who acts as the Chief Risk Manager.

Review

The Chief Risk Manager/Compliance Officer shall review this Policy periodically to ensure effectiveness of the policy and recommend appropriate revisions to the Board for consideration and approval.