FGV Annual Report 2020

88 FGV HOLDINGS BERHAD Annual Integrated Report 2020 Our Risks and Opportunities Governance, Ethics and Integrity Compliance with regulatory requirements and good corporate governance principles (e.g. anti-corruption, sanctions compliance, or tax policy). • Business processes with exposure to corruption, not comprehensively identified. • Inability to provide sound governance advice to the Board. • Non-compliance of company’s policies and procedures/fraud risk. • Exposure to lawsuit if disputes arise. • Non-compliance of requirements set by local authorities & standards. • Appointment of new/replacement governance champion. • Heads of Department/CEO identify business process owners for CRM workshop participation. • Setup CRM risk register through training. • Appoint external Company Secretary from consulting firms as temporary Company Secretary. • Seek advice from legal firm as and when necessary. • Ensure no tolerance for unauthorised transactions. • Regular monitoring of facilities operations. • Ensure all required policies and SOPs are put in place. • Maintain certification with EMS 14001/ISO 45001. Traceability, Responsible Sourcing & Supply Chain Management Establishment of traceability system and procurement process to ensure responsible/ sustainable practices in palm oil value chain. • Pandemic and restrictive orders/ policies by the Government. • EU palm oil ban. • Lack of full traceability of FFB and kernel supply. • Set up of Covid-19 Management Task Force to ensure the Group’s policies and SOPs are aligned to Government’s directives. • Actively engage with relevant external parties. • New agreements for all external FFB suppliers, which include requirements to comply with FGV’s policies and produces. • Strengthen traceability information. • Identify FFB risk elements by doing mapping with the suppliers. • Identify high risk mills by mapping with suppliers. • Establish Traceability and Validation Task Force (TVTF). Data Security & Protection Protection of data/information/ intellectual property belonging to internal and external stakeholders (e.g. customers, suppliers, business partners, etc.) against cyber security breaches. • Cyber threats • Failure to control physical access to data centres/facilities and areas housing critical IT resources. • Ensure channel encryption for web services, server hardening and encryption. • Conduct security penetration test for IT Infrastructure and application. • Educate users with the series of educational email blast to create awareness. • Implement Access Control via appropriate tools such as Access Matrix with full matrix. • Review existing SOP and matrix in Data Center and Data Recovery Center. Sustainability Matters What it Means to FGV Link to Our Key Risks Mitigation Actions