Cromwell European REIT - Annual Report 2021

ENTERPRISE RISK MANAGEMENT Material Risks Details Key Mitigating Actions Governance (aligned with “G” from CEREIT’s ESG framework) Compliance risk • Fraud, bribery and corruption • Regulatory and compliance • Government and policies • Exposure to events such as political leadership uncertainty, inconsistent public policies and social unrest • Changes in property-related regulations and other events • Breaches to laws and regulations may lead to hefty penalties / fines and negative publicity • Any forms of fraud, bribery and corruption that could be perpetuated by employees, third parties or collusion between employees and third parties • Closely monitoring developments in laws and regulations of countries where CEREIT and the Manager operate and implementing appropriate strategies to mitigate the impact • Ensuring that overseas operations are managed by experienced on- the-ground managers and teams familiar with local conditions and cultures • Regularly communicating with regulators and governing bodies (as appropriate, depending on nature of engagement) • Regularly participating in industry forums • Maintaining a zero-tolerance approach towards fraud, corruption, bribery and unethical practices in the conduct of its business Operational risks • Business continuity planning • Property management • Cybersecurity and data protection • Exposure to sudden and major disaster events such as terrorist attacks, pandemics, fires, prolonged power outages or other major infrastructure or equipment failures could cause business interruption which may significantly disrupt operations at the properties • Rapid business digitalisation exposes the business to information technology related threats which may result in compromising the confidentiality, integrity and availability of CEREIT’s information assets and/ or systems. This may have significant negative impact on customer experience, financials and/or regulatory compliance • Ensuring operational resilience with robust BCP that seeks to equip CEREIT with the capability to respond effectively to business disruptions and to safeguard critical business functions from major risks: o In FY 2020, the Manager enacted its BCP and transitioned its global workforce to remote work arrangements. These actions, coupled with CEREIT and the Manager’s prior investment in systems, processes and people has ensured there has been no material interruption to the operations of CEREIT and the Manager’s business due to COVID-19 in FY 2021 • Maintaining processes and procedures that seek to ensure that the buildings operate efficiently and are well-equipped in managing the risk that arises from the operations and management of the buildings in place: o Properties are closely monitored to identify if potential property enhancements / safety modifications are required • Operating within the Sponsor’s IT infrastructure has allowed the Manager to leverage cybersecurity systems which are maintained as guided by the ISO27001 information security management systems certification, which the Sponsor has attained • Data handling practices are aligned to relevant data protection regulations • Disaster recovery plan in place to ensure timely recoverability of business-critical IT systems FOCUS ON STRENGTHS PIVOT TO LOGISTICS 188