CYBER-READINESS AND DATA PRIVACY
As at 31 December 2022, there were zero incidents of corruption, fraud, and money laundering activity across CDL’s business operations wholly-owned and directly-managed by CDL’s headquarters in Singapore.
Data Privacy
The privacy and protection of our stakeholders’ personal data is of paramount importance to us. CDL has established standard operating procedures, policies and guidelines governing the management of personal data in compliance with the Singapore Personal Data Protection Act (No. 26 of 2012), while information security materials are made available to better educate stakeholders on prevailing risks, especially in the handling of sensitive corporate data. Customers and business partners can get in touch with our Data Protection Officer by mail, email and phone on matters concerning their personal data with CDL. The Data Privacy Policy is available to the public on our corporate website.
Our processes are regularly reviewed and enhanced based on regulatory developments and stakeholder feedback, in consultation with our Legal department to ensure ongoing adherence to applicable data protection laws. Annually, our employees are also required to complete training on data protection.
CDL’s Social Media Guidelines advocate employees’ responsibility on the use of social media, including taking precautions for the protection of information privacy. In 2022, there were no substantiated complaints concerning breaches of customer privacy, theft, leak and loss of customer data or critical information.
External Engagement and Due Diligence
With the Anti-Money Laundering and Counter Financing of Terrorism Policy introduced in July 2016 to our employees in frontline sales and compliance job functions, we worked on aligning our policies and guidelines with the external marketing agents for CDL’s properties. This ensures that our business is reasonably guarded against the risk of property transactions being used to finance terrorism or launder illicit funds.
As part of our due diligence, all direct suppliers of CDL’s core operations in Property Development and Asset Management are required to endorse their acceptance of and compliance with the ethical standards as outlined in our Supplier Code of Conduct.
Our Enterprise Risk Management team embarked on a new initiative to provide mandatory training for all new joiners from July 2022 on key risk management related topics (namely Anti-Money Laundering and Counter-Financing of Terrorism, Data Privacy, and Incident Escalation). These training sessions are conducted once every two months. Additionally, Anti-Money Laundering and Counter Financing of Terrorism refresher trainings are conducted annually. Business Units that are at higher risk, such as Sales and Marketing, Accounts Receivable and Fund Management, are recommended to register for the annual training.
Cybersecurity
With cyber-attacks becoming more prevalent, targeted, and complex, we are adopting industry best practices and moving beyond technology defense towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to threats.
Using proven security solutions, we ensure sensitive data is encrypted to safeguard critical information. Data recovery strategies and measures, such as data backup, are in place to minimise downtime and ensure critical information can be made available quickly for business continuity.
CDL established a Cybersecurity Framework in 2020 to detect, protect against and respond to cyber-attacks and crimes, and the CDL Computer Security Policies and Standards were updated in 2022 on cybersecurity compliance. To ensure our Cyber Incident Response Team is well-prepared to handle cyber security incidents, CDL engaged a professional cyber security facilitator to run through various desktop exercises with the team in 2021 and 2022. On the protection front, besides embracing the Next Generation Anti-Virus software, Advanced Email Security Protection solution, Enterprise-Class Firewalls and Intrusion Protection System to protect our information assets, our Information Technology (IT) department has also deployed the User Behavior Analytical solution to enable the identification of abnormal user computing behaviours or activities. At the same time, we have also rolled out an EndPoint and Network Detection and Response solution to enable the detection and containment of advanced persistent cybersecurity attack threats. CDL also recently migrated our backup system to a ransomware immutable backup platform to guard against the heightened global ransomware attacks.
CDL has also engaged a reputable Managed Security Operation Center (MSOC) service provider to provide 24/7 security monitoring and incident response services. To increase our employees’ IT security awareness and vigilance, a series of online cybersecurity trainings and periodic phishing attack simulations were conducted.
Employee Training and Communication
Annually, all our full- and part-time employees are required to complete a compulsory online declaration to acknowledge that they are aware of, have read, and are in compliance with CDL’s corporate policies and guidelines before the start of the calendar year. Awareness bulletins are published on CDL’s intranet for a quick refresher at any time on key elements of CDL’s stance against corruption. Fraud risk awareness training and assessments covering topics such as bribery and conflicts of interest were also conducted for selected front-line business units.
New hires, as part of their orientation programme, are required to learn about CDL’s Code of Business Conduct and Ethics, as well as other related corporate policies including Anti-Corruption, Fraud, Competition, and Whistleblowing. They are also required to complete a self-paced, interactive e-learning module (accessible for all employees as well) that provides information and guidance to recognise, address, resolve, avoid, and prevent instances of corruption. In 2022, 100% of our new hires were educated with anti-corruption knowledge.
To increase employees’ vigilance against cybercrime, which is exacerbated by the adoption of online working environments and operations, data protection and cybersecurity awareness training sessions were conducted in 2022.