Enterprise Risk Management

The Company recognizes that risks are inherent in every business or commercial undertaking. Given the interest of the public in the services that the Company provides and its duties and responsibilities to its shareholders and investors, there is an imperative need for the Company to prevent and minimize the risks in every transaction or business venture that it will be engaging in to.

The Company shall recognize, track, monitor, assess, and manage every form of risk in its operations and business dealings. The employees shall strictly adhere to every policy that the Company shall enforce which is intended to recognize, anticipate, monitor, and address the risks in its operations.

Risk Management and Business Continuity

Our sustainability journey helped us refine our risk management program, including enterprise risk management and plans for business continuity. In particular, our risk management framework provides guidelines in dealing with:

1. operational risks;
2. cybersecurity risks;
3. risks from new technologies;
4. risks from competition;
5. regulatory risks;
6. reputational risks; and
7. climate-related risks.

It has been informed by intelligence on new markets, government policies, and climate change impacts and is regularly updated to ensure that these risks are constantly examined and addressed to minimize possible financial impacts.

Part of our risk management strategies is our Business Continuity Plan (BCP) which identifies potential risks and impacts of various types of business and operational disruptions on the company’s operations and outlines actions needed to be implemented to mitigate those risks. The plan aims to facilitate immediate recovery and continuity of business operations as well as the protection of personnel and assets, so they are able to function in the event of any possible operational and climate-related risks. Implementation of this strategy is headed by our Board Risk Oversight Committee (BROC), and assisted by the Head of the Legal Department, Corporate Secretary, Financial Controller, Audit and Risk Officer, Vice-President for Network Engineering and Operations Management.

Other actions contained in our BCP that we have started implementing are the formation of a Crisis Management Plan in light of climate-related risks, provision of incidental expenses associated with such risks, conduct of regular emergency drills, and continuation of providing medical insurance to its employees. For incident management, we have equipped contingency vehicles and business continuity responders.

Board Risk Oversight Committee

The Board Risk Oversight Committee shall be composed of three (3) members, the majority of whom shall be Independent Directors. An Independent Director shall chair the Committee. In the exercise of its functions, the Committee shall be assisted by the Head of the Legal Department, Corporate Secretary, Financial Controller,

Audit and Risk Officer, Vice-President for Network Engineering and Operations Management, and other officers as may be deemed necessary by the Committee. One of its tasks is to develop a formal enterprise risk management plan which contains the following information: (i) registry of risks, (ii) well-defined risk management goals, objectives, and oversight, (iii) uniform processes of assessing risks and developing strategies to manage prioritized risks, (iv) designing and implementing risk management strategies, and (v) continuing assessments to improve risk management strategies, processes, and measures.